This story appeared in Bank Digest.
The Office of Inspector General for the Consumer Financial Protection Bureau and the Federal Reserve Board has issued an audit of the Bureau's information security program, as required by the Federal Information Security Modernization Act of 2014. The OIG evaluated the program's maturity level (from a possible low of 1 to a possible high of 5) across several areas and concluded that the program is operating at level 3 (consistently implemented), with the Bureau performing several activities indicative of a higher maturity level.
According to the report, the CFPB also has opportunities to mature its program in FISMA domains across all five Cybersecurity Framework security functions--identify, protect, detect, respond, and recover--to ensure that its program is effective. The OIG made four recommendations to strengthen the Bureau's information security program in the areas of configuration management, identity and access management, and data protection and privacy.