Endpoint Protection

The Office of the Inspector General conducted an audit to determine the effectiveness of endpoint protection on Tennessee Valley Authority’s (TVA) desktops and laptops. We found several areas of TVA’s endpoint protection program to be generally effective; however, we identified two issues that should be addressed by TVA management to further increase the effectiveness. Specifically, we found (1) TVA does not require endpoint protection for all network connections and (2) gaps in TVA policy, procedures, and internal controls. TVA management agreed with our recommendations.