Overall, we found that the CFPB has taken several steps to develop, document, and implement an information security program. For example, the CFPB has drafted agency-wide information security and acceptable use policies, as well as procedures for continuous monitoring and risk management…However, we found that additional steps are needed to fully develop, document, and implement an information security program that is consistent with FISMA [Federal Information Security Management Act of 2002].Read the report.
Tuesday, November 20, 2012
OIG Audit of the CFPB's Information Security Program
The Federal Reserve Board’s Office of Inspector General (OIG) has released a report regarding its 2012 audit of the CFPB’s Information Security Program. From the report: