rowid,report_id,rec_number,significant,text,questioned_costs,funds_for_better_use
25,2024-audit-cfpbs-information-security-program,1,No,Complete finalization of an agencywide data classification policy that accounts for the sensitivity of the data maintained by the CFPB.,0,0
26,2024-audit-cfpbs-information-security-program,2,No,Ensure that data classification and sensitivity labels are incorporated into the CFPB’s data loss prevention program.,0,0
27,2024-audit-cfpbs-information-security-program,3,Yes,"Strengthen flaw remediation processes by developing and implementing a process to clearly map identified vulnerabilities to system IP addresses, host names, and remediation owners within the CFPB’s configuration management database.",0,0
28,2024-audit-cfpbs-information-security-program,6,No,Ensure that testing of mission-essential functions identified in the CFPB’s continuity of operations plan is periodically performed.,0,0
29,2024-audit-cfpbs-information-security-program,8,No,"Implement a process that ensures the cyber risk information in the CFPB’s governance, risk, and compliance tool is accurate and maintained.",0,0