The CFPB’s Office of Inspector General found the bureau’s information security program was generally in compliance with the Federal Information Security Management Act, but that further improvements are needed in security training and contingency planning. Nine other areas that received a passing grade from the OIG were information security continuous monitoring (ISCM), configuration management, identity and access management, incident response and reporting, risk management, plan of action and milestones, remote access, contractor systems, and security capital planning. “While we found that the CFPB’s information security program was generally consistent with the requirements for ISCM, configuration management, and incident response, we identified opportunities to strengthen these areas through automation and centralization,” the report stated. This year, the OIG found that the ...