On a scale of one to five, the CFPB’s overall information security program is operating at a level-three (consistently implemented) maturity, with the agency performing several activities indicative of a higher maturity level, according to a recent report from the bureau’s Office of Inspector General. “For instance, the CFPB’s information security continuous monitoring process is effective and operating at level four, with the agency tracking and reporting on performance measures related to supporting activities,” the OIG said. “In addition, the CFPB employs network access controls to detect unauthorized hardware and has implemented automated patch management tools.” These areas are typically associated with a level-four maturity. The CFPB also could mature its information security program to make sure that it is ...