U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology Contractor Access

Report Information

Date Issued
Report Number
2020-15721
Report Type
Audit
Description
We audited TVA’s onboarding actions completed for all active IT contractors as of March 26, 2020, including background investigations and cybersecurity awareness training requirements to determine if IT contractors are granted logical access in accordance with TVA policy. TVA Information Technology and TVA Police require contractors have various levels of background investigations completed for logical access to different classifications of information. We found that (1) TVA policy does not align between business units, (2) the majority of Tier 1 IT contractor suitability background investigations were not in accordance with TVA policy, and (3) the majority of IT contractor higher level background investigations were not in accordance with TVA policy. TVA management agreed with the recommendations.
Joint Report
Yes
Participating OIG
Tennessee Valley Authority OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

We recommend the Vice President and Chief Information Officer, Information Technology, and the Director, TVA Police and Emergency Management, develop a process to implement requirements for logical access and ensure IT contractors have the required Tier 1 background investigation in a timely manner.

We recommend the Vice President and Chief Information Officer, Information Technology, and the Director, TVA Police and Emergency Management, develop a process to implement requirements for logical access, including administrative access, and ensure IT contractors have the required higher level background investigation in a timely manner.

We recommend the Vice President and Chief Information Officer, Information Technology, and the Director, TVA Police and Emergency Management, review and update TVA policies to clarify background investigation requirements and ensure alignment between business units.