Skip to main content Homepage


 Newsroom Detail

Salem, OR—Oregon Secretary of State Shemia Fagan today released a cybersecurity audit of the Oregon Department of Consumer and Business Services (DCBS). Auditors found DCBS has yet to fully implement some basic cybersecurity safeguards despite multiple communications about the weaknesses.

“The security of Oregon’s information resources should be a top priority for all state agencies,” said Secretary of State Shemia Fagan. “DCBS should take immediate action to address the findings outlined in this report. I’m glad to see DCBS leadership agrees with all of the recommendations in this audit.”

The Center for Internet Security (CIS) has developed a series of prioritized best practices to help protect and safeguard information, known as controls. Auditors found DCBS has not yet fully implemented cybersecurity controls for all six basic foundational CIS controls reviewed, although some of the controls are partially implemented. This is largely due to a lack of prioritization for addressing these controls, as most of the weaknesses identified had been previously communicated to DCBS in 2016 and 2018, with limited progress.

Auditors also concluded while DCBS has established a security management and compliance program, extensive work remains to ensure agency systems and data are protected against unauthorized use, disclosure, or modification. DCBS management agreed with all the recommendations in the audit.

Read the full report on the Secretary of State's website:

Contact Information

Carla Axtman



Your browser is out-of-date! It has known security flaws and may not display all features of this and other websites. Learn how