The Consumer Financial Protection Bureau (CFPB) performed well on its fiscal year 2019 FISMA audit, reaching a Level 4 and meeting the threshold for effectiveness, according to a report released October 31 by CFPB’s inspector general.
The audit found that while most of the agency’s results matched its FY18 audit, CFPB improved its capabilities in the Identify domain, pushing the maturity level up to Level 4. The improvements came in CFPB’s risk management program, where the bureau developed a plan for insider threat, used automation to track the life cycle of hardware, and conducted an agency-wide risk assessment.
“Since our review last year, the Bureau of Consumer Financial Protection has matured its information security program,” the inspector general states.
However, the audit highlights some area where the bureau still needs to improve. The audit makes seven recommendations to the agency, including an increased focus on high-value assets, ensuring that security incident data is accurate, and completing security assessment and authorization processes for cloud systems prior to deployment. CFPB concurred with all recommendations.