CFPB Delayed in Providing PIV for Access to its Networks, OIG Finds
August 22, 2016
The CFPB is strengthening its identity and access management program and access controls for select systems, but is behind the curve when it comes to supporting the use of personal identity verification (PIV) technology, according to the latest Office of Inspector General review of the bureau’s information security management practices. “[W]hile the CFPB uses multifactor, token-based authentication for remote access to the agency’s network, it has not implemented PIV cards for logical access to the agency’s network and systems,” the OIG report stated. CFPB officials told the OIG that the bureau is making progress in implementing PIV. “However, implementation has been delayed due to the prioritization of competing initiatives and the timing of the agency’s transition from the U.S. Department ...