CFPB Report: 2017-IT-C-008 April 17, 2017
The CFPB's Active Directory, which is used to manage user access to information technology resources, is a key component of the agency's general support system. We evaluated the administration and security of Active Directory's implementation.
The CFPB is effectively administering and protecting its Active Directory implementation through patching and vulnerability scanning processes and activity logging. Yet the agency can strengthen controls in identity and access management and risk management.
Our report includes one recommendation to help ensure effective account management and one issue for management consideration related to risk management documentation.
