U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Windows® Desktop and Laptop Patching

Report Information

Date Issued
Report Number
2021-15778
Report Type
Audit
Description
Patching is the process for updating products and systems. Patches correct security and functionality problems in software and firmware. We performed an audit of the Tennessee Valley Authority’s (TVA) patching of Windows® desktops and laptops to determine if high-risk vulnerabilities on desktops and laptops were patched in accordance with TVA policy and best practices. We found (1) TVA policies and procedures aligned with best practices, (2) the majority of Windows® desktops and laptops managed by TVA’s automated patching system were patched for high-risk vulnerabilities in accordance with TVA policy, and (3) TVA had mitigated vulnerabilities for Windows® desktops and laptops that had not received updates. However, although the majority of Windows® workstations were managed by TVA’s automated patching system, we found some desktops and laptops were at potential risk of compromise.
Joint Report
Yes
Participating OIG
Tennessee Valley Authority OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

We recommend the Vice President and Chief Information and Digital Officer, Technology and Innovation, update processes to identify and address Windows® devices that are not managed by TVA’s automated patching system.