Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2019-IT-C-007R May 22, 2019

Technical Testing Results for the Bureau's SQL Server Environment

available formats

  • Summary:

    PDF | HTML

During work for a previous audit report, we identified weaknesses in security controls for select Bureau SQL Server instances and databases. However, we did not include the specific details of these weaknesses in that public report because of the sensitive nature of the information.

We believe that these weaknesses—along with others previously reported—heighten the risk of a breach of sensitive data maintained in the Bureau's SQL Server environment. Therefore, we are issuing a memorandum with five new recommendations to further help the agency in its ongoing efforts to strengthen controls for its SQL Server instances and databases.

Given the sensitivity of our review, this memorandum is restricted.