Federal Information Security Management Act (FISMA) Evaluation

Our review of TVA's compliance with FISMA of 2002 determined that among improvements made during fiscal year 2007, TVA completed revisions to align the security program with NIST FIPS 199 standards and implemented measures to ensure personnel complete security training. While TVA continues to make progress in implementing information technology controls required by FISMA, we noted additional controls are needed to improve (1)oversight and evaluation of contractor systems, (2)the Privacy Program, and (3)consideration of e-authentication risks at TVA.