Federal Information Security Management Act (FISMA) Evaluation

The OIG reviewed the TVA's compliance with the Federal Information Security Management Act (FISMA) of 2002. Our review determined TVA made significant improvement in two FISMA control areas in the past year. However, overall progress in implementing information technology controls required by FISMA has slowed, while TVA continues work on previously recommended actions and redesigns some processes. Additional efforts are needed to improve compliance with existing controls and address concerns identified by the OIG in six control areas: (1) the certification and accreditation process, (2) security configuration management, (3) incident response and reporting, (4) security training, (5) remote access, and (6) contingency planning. We provided our results to TVA management for review. Summary Only