SharePoint® Access Management

The Office of the Inspector General performed an audit to determine if TVA manages access to nonpublic critical and sensitive information in accordance with TVA information management policy. Our scope was limited to TVA’s SharePoint® sites as of March 19, 2024. We determined TVA’s management of access to nonpublic critical and sensitive information could be improved. In addition, we determined TVA was not providing SharePoint® site owners with appropriate training to properly manage access to TVA nonpublic critical and sensitive information. This report, specifically identifies Microsoft, a nongovernmental organization/business entity. Pursuant to the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, Pub. L. No. 117-263 §5274, any such organization may submit a written response to the report within 30 days, clarifying or providing additional context for each instance within the report in which the organization is specifically identified. Any response provided for that purpose will be appended to the final, published report. If you have any questions about this process, please contact Jeffrey McKenzie at (865) 633-7374 or jtmckenzie@tvaoig.gov within 30 days of publication.