Federal Information Security Management Act (FISMA) Evaluation

We reviewed the TVA compliance with the Federal Information Security Management Act (FISMA) of 2002. In summary, we determined that while TVA has made some progress in implementing information technology controls required by FISMA and work on some previously recommended actions continues, additional efforts were needed to strengthen compliance of TVA's security program with existing controls and address additional concerns. We identified opportunities to improve all control areas that we reviewed, except for TVA programs for incident response and reporting and remote access management. In addition, we identified an opportunity for TVA to improve agency-wide security oversight. TVA management agreed with our recommendations. Summary Only