The Federal Information Security Modernization Act of 2014 (FISMA) requires each agency’s Inspector General (IG) to conduct an annual independent evaluation to determine the effectiveness of the information security program (ISP) and practices of its respective agency. Our objective was to determine the effectiveness of the Tennessee Valley Authority’s (TVA) ISP and practices as defined by the FY [Fiscal Year] 2023 – 2024 IG FISMA Reporting Metrics. Our audit scope was limited to answering the fiscal year (FY) 2023 IG metrics, which include 20 core IG metrics to be evaluated annually and remaining supplemental IG metrics will be evaluated on a two year cycle (Appendix B). The 20 core IG metrics were chosen based on alignment with Executive Order 14028, Improving the Nation's Cybersecurity, as well as recent OMB guidance to agencies in furtherance of the modernization of federal cybersecurity. The FISMA methodology considers metrics at a level 4 (managed and measurable) or higher to be at an effective level of security. Based on our analysis of the 40 IG metrics and associated maturity models, we found 21 of 40 IG metrics were at a level 1 (ad-hoc), level 2 (defined), or level 3 (consistently implemented); therefore, TVA's information security program was not operating in an effective manner.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Tennessee Valley Authority | Federal Information Security Modernization Act | Audit | Agency-Wide | View Report | |
| Department of Justice | Audit of the Office of Justice Programs Victim Assistance Funds Subawarded by the Oregon Department of Justice to J Bar J Youth Services, Bend, Oregon | Audit |
|
View Report | |
| Department of Justice | Audit of the Department of Justice’s Law Enforcement and Corrections Components’ Use-of-Force Policies | Audit | Agency-Wide | View Report | |
| Department of Labor | Quality Control Review Single Audit of South Carolina Department of Employment and Workforce for the Year Ended June 30, 2021 | Review | Agency-Wide | View Report | |
| U.S. Agency for International Development | Financial Audit of the Higher Education Commission, Merit and Need-Based Scholarship Program (Phase II) in Pakistan, Grant 391-G-00-04-0123-12, July 1, 2021, to June 30, 2022 (5-391-23-029-R) | Other |
|
View Report | |
| U.S. Agency for International Development | Performance Audit Over the Adequacy and Cost Accounting Standards Compliance of Disclosure Statement, Revision 2, for International Aids Vaccine Initiative, Inc. | Other |
|
View Report | |
| U.S. Agency for International Development | Performance Audit of Incurred Costs for Associates in Rural Development for Fiscal Year Ended September 30, 2020 | Other |
|
View Report | |
| U.S. Agency for International Development | Performance Audit of Incurred Costs of The Mitchell Group, Inc., for the Fiscal otherYear Ended December 31, 2020 | Other |
|
View Report | |
| Department of Health & Human Services | Home Health Agencies Rarely Furnished Services Via Telehealth Early in the COVID-19 Public Health Emergency | Audit | Agency-Wide | View Report | |
| Department of Health & Human Services | Many Medicaid Enrollees with Opioid Use Disorder Were Treated with Medication; However, Disparities Present Concerns | Inspection / Evaluation | Agency-Wide | View Report | |
