CFPB Report: 2019-IT-C-007R May 22, 2019
During work for a previous audit report, we identified weaknesses in security controls for select Bureau SQL Server instances and databases. However, we did not include the specific details of these weaknesses in that public report because of the sensitive nature of the information.
We believe that these weaknesses—along with others previously reported—heighten the risk of a breach of sensitive data maintained in the Bureau's SQL Server environment. Therefore, we are issuing a memorandum with five new recommendations to further help the agency in its ongoing efforts to strengthen controls for its SQL Server instances and databases.
Given the sensitivity of our review, this memorandum is restricted.