U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Third Party Security Controls – BlueCross BlueShield Of Tennessee

Report Information

Date Issued
Report Number
2025-17582
Report Type
Audit
Description
Due to the risk of harm to the Tennessee Valley Authority (TVA) from the loss or breach of private information held by a third party, we performed an audit of BlueCross BlueShield of Tennessee’s (BCBST) security controls.  Our audit objective was to determine if BCBST has controls in place to meet contract requirements for the protection of data held by the vendor on behalf of TVA. We determined that BCBST has controls in place to meet the contract requirements for the protection of data held on behalf of TVA.  However, we identified wording in the contract that could be improved to avoid potential confusion.  TVA management agreed with our finding and incorporated improvements into the contract amendment effective January 1, 2026.
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

No recommendations at this time.