Editor’s Note: The Federal Reserve Office of Inspector General’s 2012 Audit of the Consumer Financial Protection Bureau’s Information Security Program is attached here.
Below are key excerpts from the report.
The CFPB has not established a comprehensive information security strategy to guide the implementation of an agency-wide information security program.
Recommendations
We recommend that the Chief Information Officer:
1. Develop and implement a comprehensive information security strategy that identifies specific goals, objectives, milestones, and resources to establish a FISMA-based information security program.
2. Finalize the CFPB’s agency-wide information security policy and develop procedures to facilitate the implementation of the policy.
3. Analyze the CFPB’s contractor oversight processes and information security controls for additional contractor-operated systems and take actions, as necessary, to ensure that FISMA and CFPB information security requirements are met.
Leave a Reply