Government security, Critical Infrastructure Security

Audit finds weakened CFPB cybersecurity program

Glowing red padlocks symbolizing cybersecurity and digital data protection.

(Adobe Stock)

FedScoop reports that the Consumer Financial Protection Bureau had its overall information security program maturity reduced from level 4 to level 2 in fiscal 2025, after the agency failed to sustain authorizations for its various systems, as well as add cybersecurity risk analysis to its risk acceptance memorandums.

Absence of continuous security monitoring and testing support from contractors and the widespread staffing cutbacks under the Trump administration have crippled the CFPB's ability to ensure awareness of vulnerabilities within its environment, rendering its cybersecurity program ineffective, according to an audit by the Federal Reserve's Office of the Inspector General.

Obsolete software also remains in use at the CFPB despite the agency's ongoing efforts to upgrade legacy IT systems, said the OIG. However, remaining CFPB staffers were noted to have been working to bolster the agency's information security program through the creation of a formal process for ransomware response and weekly meetings for managing cyber risks.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds