U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Insider Threat Program

Report Information

Date Issued
Report Number
2019-15619
Report Type
Audit
Description
The Office of the Inspector General audited TVA’s Insider Threat Program (ITP) to determine if TVA had a program established to address insider threats that was consistent with best practices. We found several areas where TVA’s ITP was consistent with best practices. Additionally, we found TVA had designated a senior official charged with overseeing classified information sharing and safeguarding efforts of the agency. Although TVA had not yet implemented its planned ITP, we determined TVA’s program will be at a proactive maturity level upon its planned implementation. We identified best practices that were not currently included in the developed ITP related to monitoring and awareness training. TVA management agreed with our recommendations.
Joint Report
Yes
Participating OIG
Tennessee Valley Authority OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

We recommend the Vice President and Chief Information Officer, Information Technology incorporate monitoring into TVA's ITP to include personnel with access to high-risk systems and/or facilities for a period of time when they terminate employment.

We recommend the Director, TVA Police and Emergency Management implement and incorporate a formal positive reward program into TVA's ITP.

We recommend the Vice President and Chief Information Officer, Information Technology incorporate baselining of normal user activity on the network for access to high-risk systems and/or facilities into TVA's ITP.