Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2024-IT-C-003R January 24, 2024

Results of Security Control Testing of the CFPB's Microsoft Office 365 System

available formats

  • Summary:

    PDF | HTML

The CFPB uses Microsoft Office 365 to provide its employees with a variety of productivity-oriented applications, such as email and Microsoft Excel, Exchange Online, PowerPoint, SharePoint Online, Teams, and Word.

Selected security controls tested for the MO 365 system are operating effectively. For example, the CFPB ensured that privileged accounts are provisioned, managed, and reviewed in accordance with the principles of least privilege and separation of duties. It also performed system-level risk assessments. However, the CFPB can strengthen specific contingency planning controls for MO 365.

Given the sensitivity of the information in our review, our full report is restricted.