Legal Seminar, Denver, CO

Audits and Compliance: Account and User Reviews

• Review CSBS personnel with NMLS access every six months – Least Privilege – Need to Know

Request

Validate

Authenticate

Review

Modify

NMLS 1.0

Hosted and managed by the  Financial Industry Regulatory  Authority (FINRA)

• Point‐in‐time visibility into vulnerabilities • Single Security Operations Center (SOC)

• Modify patching cycles based on risk‐based decisions • Advisories, monthly vulnerability scans, audits

Patching decisions made as part  of Risk Management Program

Monthly reports to CFPB

Incident response and disaster  recovery capabilities tested  annually