{"database": "openregs", "table": "ig_recommendations", "rows": [[36, "2025-audit-cfpbs-information-security-program", "4", "No", "Perform a review of previously granted risk acceptance memorandums to determine whether they were based on a complete review of the system or common controls (as required by National Institute of Standards and Technology Special Publication 800-37, Revision 2) and perform additional risk analysis and/or compensating controls as needed for affected systems.", 0, 0]], "columns": ["rowid", "report_id", "rec_number", "significant", "text", "questioned_costs", "funds_for_better_use"], "primary_keys": ["rowid"], "primary_key_values": ["36"], "units": {}, "query_ms": 0.489666941575706, "source": "Federal Register API & Regulations.gov API", "source_url": "https://www.federalregister.gov/developers/api/v1", "license": "Public Domain (U.S. Government data)", "license_url": "https://www.regulations.gov/faq"}