| Rec. no. | Report page no. | Recommendation | Responsible office |
|---|---|---|---|
| 1 | 4 | Fully implement the CFPB's selected automated solution for assessing security controls and analyzing and responding to the results of continuous monitoring activities. | Office of the Chief Information Officer |
| 2 | 4 | Assess the information security continuous monitoring implementation options and guidance outlined in the United States Government Concept of Operations for Information Security Continuous Monitoring and update the CFPB's information security continuous monitoring strategy, as necessary. |
Office of the Chief Information Officer |
| 3 | 6 | Strengthen the CFPB's vulnerability management practices by implementing an automated solution and process to periodically assess and manage database and application-level security configurations. | Office of the Chief Information Officer |
