Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2013-IT-C-020 December 2, 2013

2013 Audit of the CFPB's Information Security Program

available formats

Summary of Recommendations, OIG Report No.2013-IT-C-020

Rec. no. Report page no. Recommendation Responsible office
1 5

Strengthen the CFPB's information security continuous monitoring program by 

a. defining and implementing performance measures to facilitate decisionmaking and improve performance of the agency's continuous monitoring program.

b. identifying additional automated tools to assess security controls and analyze and respond to the results of continuous monitoring activities.

Office of the Chief Information Officer
2 7 Develop and implement an organization-wide configuration management plan and a consistent process for patch management. Office of the Chief Information Officer
3 8 Design, develop, and implement a role-based security training program for individuals with significant security responsibilities. Office of the Chief Information Officer
4 10 Ensure that audit logs and security incident information from all relevant sources are centrally tracked, analyzed, and correlated. Office of the Chief Information Officer