An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Audit of the Office of Justice Programs, Office of Juvenile Justice and Delinquency Prevention Grant Awarded to the New York Agency for Community Affairs
The OIG audited the handling and processing of personally identifiable information (PII) provided to Cartus Corporation, a contractor for TVA. Our audit evaluated the (1) processes used to safeguard data transmitted from TVA to Cartus (2) handling, processing, and security of the data at Cartus, and (3) compliance with security-related contract terms. Generally, we found TVA controls for transmission of data to Cartus and its security controls for TVA data stored on its systems were effective in protecting the data. However, we identified control improvements that, if implemented, would strengthen Cartus' controls over data protection. Summary Only
We reviewed the TVA compliance with the Federal Information Security Management Act (FISMA) of 2002. In summary, we determined that while TVA has made some progress in implementing information technology controls required by FISMA and work on some previously recommended actions continues, additional efforts were needed to strengthen compliance of TVA's security program with existing controls and address additional concerns. We identified opportunities to improve all control areas that we reviewed, except for TVA programs for incident response and reporting and remote access management. In addition, we identified an opportunity for TVA to improve agency-wide security oversight. TVA management agreed with our recommendations. Summary Only
