OIG: Results of Security Control Testing of the CFPB's Microsoft Office 365 System

If you are seeing this message, Javascript is disabled. Disclaimer for all external links found on this page: The Office of Inspector General (OIG) for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau does not necessarily endorse the views expressed or the facts presented on the external sites. The OIG does not endorse any commercial products that may be advertised or on the external sites. The OIG's privacy policy does not apply on the external sites. Please check the site for its privacy notice.

Skip to Navigation

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2024-IT-C-003R January 24, 2024

The CFPB uses Microsoft Office 365 to provide its employees with a variety of productivity-oriented applications, such as email and Microsoft Excel, Exchange Online, PowerPoint, SharePoint Online, Teams, and Word.

Selected security controls tested for the MO 365 system are operating effectively. For example, the CFPB ensured that privileged accounts are provisioned, managed, and reviewed in accordance with the principles of least privilege and separation of duties. It also performed system-level risk assessments. However, the CFPB can strengthen specific contingency planning controls for MO 365.

Given the sensitivity of the information in our review, our full report is restricted.

HOTLINE

IN THIS SECTION

Results of Security Control Testing of the CFPB's Microsoft Office 365 System

available formats

Summary:

LINKS TO THE BOARD AND THE CFPB

HOTLINE

IN THIS SECTION

SHARE THIS PAGE

STAY CONNECTED

Results of Security Control Testing of the CFPB's Microsoft Office 365 System

available formats

Summary:

LINKS TO THE BOARD AND THE CFPB

RELATED SITES AND RESOURCES