Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2017-IT-C-008 April 17, 2017

Security Control Review of the CFPB's Active Directory Implementation

available formats

  • Summary:

    PDF | HTML

The CFPB's Active Directory, which is used to manage user access to information technology resources, is a key component of the agency's general support system. We evaluated the administration and security of Active Directory's implementation.

The CFPB is effectively administering and protecting its Active Directory implementation through patching and vulnerability scanning processes and activity logging. Yet the agency can strengthen controls in identity and access management and risk management.

Our report includes one recommendation to help ensure effective account management and one issue for management consideration related to risk management documentation.