TSP scores low on information security audit


The Federal Retirement Thrift Investment Board’s security policies might need improvement. An audit performed by consulting firm Williams Adley gave the agency the lowest possible score, based on the Federal Information Security Modernization Act’s Inspector General metrics.

“They found that our policies and procedures were not sufficiently formalized and our activities were overly reactive,” said Kim Weaver, director of external affairs at the Federal Retirement Thrift Investment Board. “It was a disappointment. We have worked hard on our FISMA compliance and we felt that we would be moving up… OMB and DHS for the FY17 year changed the metrics and they put a heavy emphasis on risk evaluation and acceptance.”


However, there is a caveat to this poor grade. Because the audits only reflect the previous fiscal year, these results may not be quite accurate.

“If procedures were finalized, or if say, I.T. upgrades and improvements were put into the place while they were there and they saw them, they still couldn’t give us credit because they weren’t there for the whole year,” Weaver said.

“We are doing things now every day, but if we did something today and the auditors come in the summer, we won’t get credit for the report that comes out next year.

So, whatever we’re talking about today will be in the report two years from now. Agencies will always be in arrears in their FISMA-compliance reporting.”