CFPB Report: 2024-IT-C-019 October 31, 2024
Each year, we audit the CFPB's information security program as required by the Federal Information Security Modernization Act.
The CFPB's information security program remains effective as a whole. In addition, the agency has strengthened its program since our last review, for instance, by adding near-real-time updates to security training. Still, to remain effective, the CFPB's program can be further strengthened in several areas, such as configuration management and data loss prevention.
This report includes eight new recommendations to strengthen the CFPB's information security program and details the agency's progress in addressing our previous recommendations.