The OIG analyzed the metrics and associated maturity levels defined within the Fiscal Year (FY) 2016 Inspectors General (IG) Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics and found TVA's maturity levels for the five cybersecurity functional areas ranged from level 1, ad hoc, to level 3, consistently implemented. The Chief Information Officer (CIO), Information Technology ( IT), in consultation with TVA executive management, will continue to be responsible for determining the desired level of maturity to achieve in each of the five functional areas, and actions necessary to reach the desired maturity level, while considering efficiency and budgeting constraints. The OIG will continue to reassess progress and TVA status on an annual basis as prescribed by the Office of Management and Budget and the Department of Homeland Security, utilizing the annual IG metrics and maturity models prescribed by the Council of Inspectors General on Integrity and Efficiency. We recommended the CIO, IT, perform a risk assessment of the FY 2016 IG metrics not met and determine actions necessary to reduce cybersecurity risk to TVA in FY 2017.(Summary Only)
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Tennessee Valley Authority | 2016 Federal Information Security Management Act | Audit | Agency-Wide | View Report | |
| USAID's Kandahar Helmand Power Project: Audit of Costs Incurred by Black and Veatch Special Projects | Other | Agency-Wide | View Report | ||
| Department of Homeland Security | FEMA Should Disallow $577,959 of $2.9 Million Awarded to Puerto Rico Aqueduct and Sewer Authority for Hurricane Irene Damages | Disaster Recovery Report |
|
View Report | |
| Department of Homeland Security, Department of Defense | Oklahoma Farmers Cooperative Has Adequate Policies/Practices to Manage Its FEMA Grant Funds | Disaster Recovery Report |
|
View Report | |
| Department of Health & Human Services | Independent Attestation Review: Indian Health Service Fiscal Year 2016 Detailed Accounting Submission and Performance Summary Report for National Drug Control Activities and Accompanying Required Assertions | Audit | Agency-Wide | View Report | |
| Department of Health & Human Services | Independent Attestation Review: National Institutes of Health Fiscal Year 2016 Detailed Accounting Submissions and Performance Summary Report for National Drug Control Activities and Accompanying Required Assertions | Audit | Agency-Wide | View Report | |
| Department of Health & Human Services | Independent Attestation Review: Substance Abuse and Mental Health Services Administration Fiscal Year 2016 Detailed Accounting Submission and Performance Summary Report for National Drug Control Activities and Accompanying Required Assertions | Audit | Agency-Wide | View Report | |
| Department of Health & Human Services | Independent Attestation Review: Health Resources and Services Administration Fiscal Year 2016 Detailed Accounting Submission and Performance Summary Report for National Drug Control Activities and Accompanying Required Assertions | Audit | Agency-Wide | View Report | |
| National Endowment for the Arts | Fiscal Year 2016 Evaluation of National Endowment for the Arts’ Compliance with the Federal Information Security Modernization Act of 2014* | Review |
|
View Report | |
| Amtrak (National Railroad Passenger Corporation) | Governance: Quality Control Review of Amtrak’s Single Audit for Fiscal Year 2015 | Audit | Agency-Wide | View Report | |
