Remote Application and Desktop Virtualization Client

The Office of the Inspector General audited the Tennessee Valley Authority’s (TVA) use of remote application and desktop virtualization client due to the risks of (1) potential system intrusion through misconfigurations and (2) continued elevated remote users during the COVID-19 pandemic. We found the configuration management control for TVA’s remote application desktop virtualization client was ineffective. However, we determined compensating access controls were in place to mitigate the risk to an overall acceptable level.