Submitting OIG:
Report Description:
The Office of the Inspector General audited TVA’s controls in place to prevent, detect, and respond to ransomware incidents. In summary, we found TVA management generally has appropriate controls in place to prevent, detect, and respond to a ransomware incident. However, for one selected system, we found inappropriate administrative access. To strengthen access controls, TVA currently has an ongoing project to identify, track, and monitor administrative accounts, which is expected to be complete in 2020. In addition, we found improvements were needed in the Ransomware Incident Action Plan. TVA’s Cybersecurity updated the Ransomware Incident Action Plan during our audit.
Date Issued:
Wednesday, November 14, 2018
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
2018-15529
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
2
View Document:
Attachment | Size |
---|---|
![]() | 560.81 KB |