Patching is the process for updating products and systems. Patches correct security and functionality problems in software and firmware. We performed an audit of the Tennessee Valley Authority’s (TVA) patching of Windows® desktops and laptops to determine if high-risk vulnerabilities on desktops and laptops were patched in accordance with TVA policy and best practices. We found (1) TVA policies and procedures aligned with best practices, (2) the majority of Windows® desktops and laptops managed by TVA’s automated patching system were patched for high-risk vulnerabilities in accordance with TVA policy, and (3) TVA had mitigated vulnerabilities for Windows® desktops and laptops that had not received updates. However, although the majority of Windows® workstations were managed by TVA’s automated patching system, we found some desktops and laptops were at potential risk of compromise.
Report File
Date Issued
Submitting OIG
Tennessee Valley Authority OIG
Other Participating OIGs
Tennessee Valley Authority OIG
Agencies Reviewed/Investigated
Tennessee Valley Authority
Report Number
2021-15778
Report Description
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
1
Questioned Costs
$0
Funds for Better Use
$0
