Federal Information Security Management Act (FISMA) Evaluation

In comparison to the fiscal year (FY) 2008 FISMA report, we found TVA had generally improved in the area of establishing its inventory of systems requiring certification and accreditation and general security awareness training for network users. However, we identified several areas during this year's audit in which (1) performance had declined, or (2) TVA had not completed actions from the prior year's audits.During our FY 2009 review we noted improvements were needed in the following areas: (1) the oversight and evaluation of contractor systems; (2) the POA&M process; (3) the C&A process; (4) incident reporting; and (5) security awareness training. Summary Only