Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2018-IT-C-002R January 25, 2018

Audit of the CFPB’s Encryption of Data on Mobile Devices

available formats

  • Summary:

    PDF | HTML

Mobile devices help CFPB staff carry out their duties, but the portability of these devices heightens the risk of loss or theft of IT equipment and data. We therefore evaluated the CFPB's mobile encryption practices.

The CFPB has an effective process for encrypting the data on its mobile devices. However, the agency has not been able to fully account for all laptops assigned to users since its establishment. While conducting this audit, we notified the CFPB of actions it should take to rectify this issue. Our report also includes a suggestion to help the CFPB better manage risks associated with sensitive data on unaccounted-for laptops by strengthening ongoing efforts to develop and implement an insider threat program and incident containment strategies. The Chief Information Officer concurred with our suggestion, and we will follow up on these matters in our future work.

This report is restricted due to the sensitive nature of this information.