Federal Information Security Management Act of 2002 Evaluation

The Office of the Inspector General's review of TVA's compliance with the Federal Information Security Management Act (FISMA) of 2002 determined that TVA had improved (1) tracking of security weaknesses, remediation actions, and incidents and (2) measures to ensure appropriate personnel complete role-based security training. While TVA continues to make progress in implementing information technology controls required by FISMA, we noted additional controls are needed to improve (1) oversight and evaluation of contractor systems, (2) completing system certifications and accreditations, (3) defining and tracking configuration management metrics, and (4) consideration of e-authentication risks at TVA.