Physical and Logical Access for TVA's High Risk Assets

The OIG audited TVA's compliance with the North American Electric Reliability Corporation's (NERC) Critical Infrastructure Protection (CIP) standards for logical and physical access for systems and locations that are considered high risk assets under NERC CIP standards. We found TVA was within the NERC CIP compliance standards for logical and physical access to high risk systems and locations with minor exceptions that were addressed during the audit. In addition, during our testing, we noted discrepancies between initial clearance dates in the hard copy and electronic records that were addressed during the audit.(Summary Only)