The OIG audited the overall effectiveness of the Tennessee Valley Authority's (TVA) patch management process for high-risk, end-user desktops and laptops as they are most vulnerable to spear phishing, a very common tactic used in today's environment to infiltrate computer networks and spread malware. We found (1) TVA is at potential risk for compromise as the patching status was unknown for 12 percent of desktops and laptops in our sample due to desktops and laptops not being managed in patch management tools; (2) 1 of 162 desktops and laptops tested had a missing patch that could lead to remote code execution that has a public exploit available; and (3) the patching process for Mac desktops and laptops is not formally documented. TVA management agreed with our findings and recommendations.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Tennessee Valley Authority | Cyber Security Patch Management of High Risk Desktops and Laptops | Audit | Agency-Wide | View Report | |
| Department of Veterans Affairs | Healthcare Inspection – Quality of Care and Other Concerns Robert J. Dole VA Medical Center, Wichita, Kansas | Inspection / Evaluation |
|
View Report | |
| Department of Veterans Affairs | Clinical Assessment Program Review of the Lexington VA Medical Center, Lexington, Kentucky | Review |
|
View Report | |
| AmeriCorps | Agreed-Upon Procedures for Corporation Grants Awarded to Volunteer Louisiana | Audit |
|
View Report | |
| Environmental Protection Agency | EPA Is Taking Steps to Improve State Drinking Water Program Reviews and Public Water Systems Compliance Data | Audit | Agency-Wide | View Report | |
| Department of Veterans Affairs | Administrative Investigation - Conflicting Interests and Misuse of Government Equipment, Overton Brooks VA Medical Center, Shreveport, Louisiana | Investigation |
|
View Report | |
| U.S. Postal Service | Prohibited Inbound International Mailings | Audit | Agency-Wide | View Report | |
| Department of the Interior | U.S. Fish and Wildlife Service Wildlife and Sport Fish Restoration Program Grants Awarded to the State of Maine, Department of Marine Resources, From July 1, 2013, Through June 30, 2015 | Audit |
|
View Report | |
| Department of the Interior | U.S. Fish and Wildlife Service Wildlife and Sport Fish Restoration Program Grants Awarded to the State of Mississippi; Department of Wildlife, Fisheries, and Parks; From July 1, 2014, Through June 30, 2016 | Audit | Agency-Wide | View Report | |
| Department of Justice | Audit of the Office on Violence Against Women Grants Awarded to the North Carolina Coalition Against Domestic Violence, Durham, North Carolina | Audit |
|
View Report | |
