Submitting OIG:
Report Description:
The Office of the Inspector General performed an audit to determine if TVA’s security controls were appropriately configured to protect corporate Wi-Fi networks. Our scope was limited to Wi-Fi networks maintained by TVA’s Technology and Innovation organization. We determined TVA’s security controls related to overall architecture design and implementation were generally configured appropriately to protect corporate Wi Fi networks. However, we identified several areas that should be addressed to further improve the security of corporate Wi-Fi networks. Specifically, we identified:
• Internal controls for specific types of attacks were ineffective.
• Wireless software and hardware were unsupported by the manufacturer.
• Data in transit (electronic transmission of information) was not properly secured.
• Primary accounts improperly provided privileged user access.
• Service account usage was not in accordance with TVA policy.
• Baseline configuration management process was not designed or implemented properly.
TVA management agreed with our recommendations.
Date Issued:
Monday, April 29, 2024
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
2023-17434
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
7
Report updated under NDAA 5274:
No
View Document:
Attachment | Size |
---|---|
2023-17434.pdf | 386.46 KB |