U.S. Department of Energy Evaluation Report: The Department's Unclassified Cyber Security Program - 2004 [open pdf - 385KB]
"In 2002, the Federal Information Security Management Act (FISMA) was enacted to encourage agencies to develop and maintain adequate cyber security controls to protect information resources from the increasing number of cyber threats. As required by FISMA, the Office of Inspector General conducts an annual independent evaluation to determine whether the Department's unclassified cyber security program adequately protected data and information systems. This memorandum and the attached report present the results of our evaluation for Fiscal Year 2004. […] The Department continues to improve its unclassified cyber security program. The Office of the Chief Information Officer has issued a series of new cyber security policies that address previously reported weaknesses. We found that these polices also emphasize a risk-based approach to managing security, that, when fully implemented, should strengthen cyber security across the Department. In addition, the Department has initiated a campaign to certify and accredit its major applications and general support systems and has also improved its cyber security incident reporting. While these actions are commendable, problems continue to exist in the Department's unclassified cyber security program that, if uncorrected, could expose critical systems to compromise. We observed that the Department had not completed implementation of a comprehensive risk management program."
Department of Energy, Office of Inspector General, Report No. DOE/IG-0662
Department of Energy, Office of Inspector General: http://energy.gov/ig/