Submitting OIG:
Report Description:
The OIG audited the overall effectiveness of the Tennessee Valley Authority's (TVA) patch management process for high-risk, end-user desktops and laptops as they are most vulnerable to spear phishing, a very common tactic used in today's environment to infiltrate computer networks and spread malware. We found (1) TVA is at potential risk for compromise as the patching status was unknown for 12 percent of desktops and laptops in our sample due to desktops and laptops not being managed in patch management tools; (2) 1 of 162 desktops and laptops tested had a missing patch that could lead to remote code execution that has a public exploit available; and (3) the patching process for Mac desktops and laptops is not formally documented. TVA management agreed with our findings and recommendations.
Short / Alternative Report Title:
Cyber Security Patch Management of High-Risk Desktops and Laptops
Date Issued:
Wednesday, July 19, 2017
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
2016-15369
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
4
View Document:
Attachment | Size |
---|---|
![]() | 755.62 KB |