The CFPB has taken several steps to develop, document and implement an information security program. However, additional steps are needed if the bureau is to have an information security program that is consistent with the Federal Information Security Management Act of 2002, according to an audit report issued by the Federal Reserve’s Office of Inspector General. “We recommend that the Chief Information Officer develop and implement a comprehensive information security strategy that identifies specific goals...