The Federal Retirement Thrift Investment Board, the agency which administers the Thrift Savings Plan, the federal government’s 401(k)-style retirement program, received the lowest of five possible scores in its first audit, to determine its compliance with federal information security standards.
Although FRTIB had started a number of initiatives to upgrade its IT infrastructure and cybersecurity in recent years, auditors found those policies to remain primarily “ad hoc” in nature. “FRTIB has not fully developed and implemented an effective organization-wide information security program,” the auditors wrote. In the board’s defense, TSP executive director Ravindra Deo pointed out that changes made to the agency’s policies after September 2016 were not considered by the audit, as they had not yet been in place for a year.