Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report:  August 12, 2016

OIG Report on the CFPB’s Information Security Management Practices Pursuant to Section 406 of the Cybersecurity Act of 2015


available formats

  • Summary:

  • Full Memorandum:


The Cybersecurity Act contains provisions meant to bolster cybersecurity protections at federal agencies. Because the CFPB deals with personally identifiable information, certain of its systems are covered by the act.

Our report addresses the CFPB’s policies, procedures, and specific information security management practices for systems that provide access to personally identifiable information.

We are not making recommendations. Our annual audit of the CFPB’s information security program, as required by the Federal Information Security Modernization Act of 2014, will include an overall assessment of the CFPB’s identity and access management program and will incorporate information contained in this report.