CFPB Report: August 12, 2016
The Cybersecurity Act contains provisions meant to bolster cybersecurity protections at federal agencies. Because the CFPB deals with personally identifiable information, certain of its systems are covered by the act.
Our report addresses the CFPB’s policies, procedures, and specific information security management practices for systems that provide access to personally identifiable information.
We are not making recommendations. Our annual audit of the CFPB’s information security program, as required by the Federal Information Security Modernization Act of 2014, will include an overall assessment of the CFPB’s identity and access management program and will incorporate information contained in this report.