Evaluation Report: The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2011   [open pdf - 166KB]

The objective of this evaluation report was to "determine whether the Federal Energy Regulatory Commission's (Commission) unclassified cyber security program adequately protected data and information systems. The evaluation was performed between July 2011 and November 2011, at the Commission's Headquarters in Washington, DC. KPMG LLP (KPMG), assisted the Office of Inspector General (OIG) by performing an assessment of the Commission's unclassified cyber security program. Our evaluation also included a review of general and application controls in areas such as security management, access controls, configuration management, segregation of duties, and contingency planning. To accomplish our objective, we: 1) Reviewed Federal laws and regulations related to controls over information technology security such as the Federal Information Security Management Act of 2002, Office of Management and Budget Memoranda, and National Institute of Standards and Technology standards and guidance; 2) Evaluated the Commission in conjunction with its annual audit of the Financial Statements, utilizing work performed by KPMG. OIG and KPMG work included analysis and testing of general and application controls for the network and systems and review of the network configuration; 3) Reviewed the overall unclassified cyber security program management, including the Commission's policies, procedures and practices; 4) Held discussions with Commission officials and reviewed relevant documentation; and, 5) Reviewed prior reports issued by the OIG and the U.S. Government Accountability Office."

Report Number:
Department of Energy, Office of Inspector General, Office of Audit Services, Report No. OAS-M-12-01
Public Domain
Retrieved From:
Department of Energy, Office of Inspector General: http://energy.gov/ig/
Media Type:
Help with citations