2016 Federal Information Security Management Act

The OIG analyzed the metrics and associated maturity levels defined within the Fiscal Year (FY) 2016 Inspectors General (IG) Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics and found TVA's maturity levels for the five cybersecurity functional areas ranged from level 1, ad hoc, to level 3, consistently implemented. The Chief Information Officer (CIO), Information Technology ( IT), in consultation with TVA executive management, will continue to be responsible for determining the desired level of maturity to achieve in each of the five functional areas, and actions necessary to reach the desired maturity level, while considering efficiency and budgeting constraints. The OIG will continue to reassess progress and TVA status on an annual basis as prescribed by the Office of Management and Budget and the Department of Homeland Security, utilizing the annual IG metrics and maturity models prescribed by the Council of Inspectors General on Integrity and Efficiency. We recommended the CIO, IT, perform a risk assessment of the FY 2016 IG metrics not met and determine actions necessary to reduce cybersecurity risk to TVA in FY 2017.(Summary Only)