Lowest Possible Score for TSP Security Audit

by | Mar 5, 2018

Last Updated November 8, 2022


The agency that administers the Thrift Savings Plan, the Federal Retirement Thrift Investment Board, received the lowest of 5 possible scores on a recent audit to determine its compliance with federal information security standards.

The consulting firm, Williams Adley, sent auditors who examined the information security program at the FRTIB under the Federal Information Security Modernization Act. The agency scored a Level 1 in accordance with the law’s fiscal 2017 inspector general reporting metrics out of 5, in the first annual study of FRTIB’s policies.

Auditors found some of the IT policies “ad hoc” in nature, despite FRTIB starting several initiatives to upgrade its IT infrastructure and cyber security recently. In comparison, an effective information security program scored at Level 4, which includes the collection of “quantitative and qualitative measures on the effectiveness of policies, procedures, and strategy” at an agency and assessment for needed changes.

“FRTIB has not fully developed and implemented an effective organization-wide information security program,” the auditors said. “Williams Adley identified a number of control deficiencies related to people, process, and technology across all 7 IG FISMA metric domains.”

However, officials at FRTIB explained their poor scoring. For a policy to be considered toward improving an agency’s FISMA score, it must be in place for an entire fiscal year. Otherwise, any changes to their information security policies made after September 30, 2016, wouldn’t be considered in the audit.

TSP Executive Director Ravindra Deo echoed this saying, “Any change needs to be operating for the entire year to show up in the score.”

Auditors listed many factors leading to the “ad hoc” scoring, including a “control-driven” or reactionary information security process, inadequately defined responsibilities and “inappropriate” oversight between FRTIB and its contractors, and efforts that focus on symptoms or problems, rather than root causes.

The audit recommended FRTIB “clearly define an organization-wide risk-based information security program” and also reevaluate its governance structure to ensure better oversight and monitoring of information security issues.

The agency said they are moving forward with plans to implement these recommendations.

Message us & find out if you qualify today!

  • This field is for validation purposes and should be left unchanged.

Recent Articles

Yes, You Can Work after Federal Disability Retirement

Have you looked at your Federal Disability Retirement annuity, a knot of uncertainty coiling in your stomach as you question - will it be enough? Have you ever wondered if you could keep working after being approved for Federal Disability Retirement? You can work...

The 4 Key Benefits of Federal Disability Retirement

Imagine a lifeline, a beacon of hope for your future when you're struggling with an injury or illness that’s impacting your federal job. That lifeline is Federal Disability Retirement. If you can't perform at least one of the essential functions of your role, you...

6 Key Reasons Why Your Disability Retirement Application Was Denied

Have you recently applied for Federal Disability Retirement, only to receive a denial? The Office of Personnel Management (OPM) is denying more initial applications than ever. However, it's important to understand that a denial does not mean the end of the road for...

Federal Employee Resources

Our ever growing library of federal employee resources give you the knowledge you need to make smart choices about your future.


Frequently Asked Questions

Get the answers you need on-demand, from a team of federal employee benefits professionals.

View FAQ

Federal Benefit Webinars

Twice per month we host webinars to help federal employees better understand their benefits and answer their questions LIVE.

See Webinar Schedule

Benefit Guides

From guides to detailed charts, these educational resources will help clarify confusing federal employee benefits topics.

See our resources