TSP Found to Have Lowest Information Security Score

Federal agencies are supposed to observe all the set standards when it comes to federal information security.  In a recent audit, it was revealed that TSP recorded the lowest score regarding compliance with information security standards. TSP is a federal agency that is in charge of administering the 401(k)-style retirement program.


Thrift Savings Plan is run by the Federal Retirement Thrift Investment Board which has an information security program that was examined by auditors from Williams Adley. The Federal Information Security Modernization Act requires all Federal Agencies to comply with information security standards entirely and that is why all the information security programs have to be audited.


In 2017, TSP scored Level 1 out of five based on inspector general reporting metrics. The Federal Retirement Thrift Investment Board (FRTIB) had come up with quite a lot of policies and measures to enhance cybersecurity and upgrade IT infrastructure, but the auditors found out that most of the policies were yet to be implemented.


For a federal information security program to be considered to have met the set standards, it must at least have a Level 4 score. A federal agency can only get a Level 4 score after it has put in place the right qualitative and quantitative measures to ensure that its strategy, procedures, and policies are effective. Also, the auditors assess the necessary changes for that specific federal agency.


In their final report, the auditor stated that FRTIB did not have an organization-wide information security program that meets the set standards regarding implementation and efficiency. All the seven IG FISMA metric domains were used to assess the system, and the auditors found out that the agency had control deficiencies when it comes to technology, process, and people.


In an attempt to defend the poor showing, FRTIB officials argued that a policy must remain in operation for a minimum of one fiscal year for it to help the organization enhance its FISMA score. The officials insisted that the audit should not have included policies that were introduced beyond Sep.30, 2016 in the 2017 audit.


In other words, the officials claimed that it was difficult for the score to reflect any change they had introduced because the changes had not been operational for the entire fiscal year. On the other hand, the auditors were of the opinion that the TSP policies were “Ad Hoc,” inadequately defined, and reactionary.


Related Posts

Should You Purchase an Annuity?

A question came across my desk – A FERS employee asked me whether or not they should buy an annuity as they reach their FERS retirement age?

...Read More

New moms put at ease by Air force secretary for maternity leave

Better maternity leave for Air Force employees.

...Read More

Social Security: Important Information on Disability

Social Security: Important Information on Disability Most of us aren’t directly faced with a disability. The truth of the matter is a 20-year-old worker only has a 25% chance of becoming disabled before he attains the age of retirement. This statistic alone makes it pertinent that you know more about Social Security Disability Benefits. The

...Read More