Skip to main content
Report File
Date Issued
Submitting OIG
Federal Reserve Board & CFPB OIG
Other Participating OIGs
Federal Reserve Board & CFPB OIG
Agencies Reviewed/Investigated
Consumer Financial Protection Bureau
Report Number
2024-IT-C-019
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
8
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Open Recommendations

This report has 8 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 No $0 $0

Complete finalization of an agencywide data classification policy that accounts for the sensitivity of the data maintained by the CFPB.

2 No $0 $0

Ensure that data classification and sensitivity labels are incorporated into the CFPB’s data loss prevention program.

3 Yes $0 $0

Strengthen flaw remediation processes by developing and implementing a process to clearly map identified vulnerabilities to system IP addresses, host names, and remediation owners within the CFPB’s configuration management database.

4 No $0 $0

Ensure that adequate resources are allocated to reinvestigate CFPB systems users as required.

5 No $0 $0

Develop and maintain a ransomware strategy and specific procedures that provide a formal, focused, and coordinated approach to responding to ransomware attacks.

6 No $0 $0

Ensure that testing of mission-essential functions identified in the CFPB’s continuity of operations plan is periodically performed.

7 No $0 $0

Renew the authorizations to use for the CFPB’s governance, risk, and compliance tool.

8 No $0 $0

Implement a process that ensures the cyber risk information in the CFPB’s governance, risk, and compliance tool is accurate and maintained.

Federal Reserve Board & CFPB OIG

United States