Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2024-IT-C-019 October 31, 2024

2024 Audit of the CFPB's Information Security Program

available formats

Each year, we audit the CFPB's information security program as required by the Federal Information Security Modernization Act.

The CFPB's information security program remains effective as a whole. In addition, the agency has strengthened its program since our last review, for instance, by adding near-real-time updates to security training. Still, to remain effective, the CFPB's program can be further strengthened in several areas, such as configuration management and data loss prevention.

This report includes eight new recommendations to strengthen the CFPB's information security program and details the agency's progress in addressing our previous recommendations.