Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
1 | No | $0 | $0 | ||
Complete finalization of an agencywide data classification policy that accounts for the sensitivity of the data maintained by the CFPB. | |||||
2 | No | $0 | $0 | ||
Ensure that data classification and sensitivity labels are incorporated into the CFPB’s data loss prevention program. | |||||
3 | Yes | $0 | $0 | ||
Strengthen flaw remediation processes by developing and implementing a process to clearly map identified vulnerabilities to system IP addresses, host names, and remediation owners within the CFPB’s configuration management database. | |||||
4 | No | $0 | $0 | ||
Ensure that adequate resources are allocated to reinvestigate CFPB systems users as required. | |||||
5 | No | $0 | $0 | ||
Develop and maintain a ransomware strategy and specific procedures that provide a formal, focused, and coordinated approach to responding to ransomware attacks. | |||||
6 | No | $0 | $0 | ||
Ensure that testing of mission-essential functions identified in the CFPB’s continuity of operations plan is periodically performed. | |||||
7 | No | $0 | $0 | ||
Renew the authorizations to use for the CFPB’s governance, risk, and compliance tool. | |||||
8 | No | $0 | $0 | ||
Implement a process that ensures the cyber risk information in the CFPB’s governance, risk, and compliance tool is accurate and maintained. |