The Office of the Inspector General OIG audited the Tennessee Valley Authority’s (TVA) use of remote application and desktop virtualization due to the risk of increased remote users during the COVID-19 pandemic and recent publicized remote access vulnerabilities. We found several areas where TVA was consistent with cybersecurity remote access best practices. However, we identified gaps in TVA’s configuration settings, architectural design, and administrative procedures. We recommend the Vice President and Chief Information and Digital Officer, Technology & Information, review the identified gaps and remediate as appropriate. Specifics of the identified issues were omitted from this report due to their sensitive nature in relation to TVA’s cybersecurity but were formally communicated to TVA management in a briefing on November 15, 2021.
Tuesday, January 11, 2022
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
Type of Report:
Funds for Better Use:
Number of Recommendations: