http://www.ig.doe.gov/igreports.htm#cal2005
The Department's Unclassified Cyber Security Program - 2005
DOE/IG-0700
Results
The evaluation disclosed that although the Department has taken action
to strengthen its cyber security program, systemic problems that expose the
Department's critical systems to an increased risk of compromise persist.
Specifically, we noted:
ü Many required system certifications and accreditations had not been
performed, lacked essential elements such as independent testing of the
effectiveness of security controls, or were not adequately documented;
ü Contingency planning, an inventory of systems, and reporting of
security incidents to law enforcement officials had not been completed as
required; and,
ü Problems with segregation of duties, excessive or inappropriate
authority to access or modify information resources, and change control
management continued.
Issues to Be Resolved
We recommended that the Administrator, National Nuclear Security
Administration, and the Under Secretary for Energy, Science, and
Environment, in coordination with the Chief Information Officer (CIO):
ü Correct, through the implementation of management, operational, and
technical controls, each of the specific vulnerabilities identified in this
report and take action to analyze and disseminate information on common or
recurring cyber security weakness to cognizant program and site officials.
ü Revise program office implementing guidance and contracts to
specifically require that site and facility management contractors comply
with FISMA, OMB, and NIST cyber security requirements.
ü Require program offices to establish a mechanism to ensure that
Federal and Departmental cyber security policy and guidance are
communicated, understood, and implemented by line management across the
complex, including contractors.
§ Management generally concurred with our findings and recommendations
and in many instances initiated action to correct the cyber security
weaknesses identified.
The report can be found on the web at:
http://www.ig.doe.gov/igreports.htm#cal2005
You are a subscribed member of the infowarrior list. Visit
www.infowarrior.org for list information or to unsubscribe. This message
may be redistributed freely in its entirety. Any and all copyrights
appearing in list messages are maintained by their respective owners.
