Audit Report: Management of Los Alamos National Laboratory's Cyber Security Program [open pdf - 250KB]
"The Los Alamos National Laboratory (LANL) made significant improvements to its cyber security program in recent years. For instance, in response to our Special Inquiry Report on 'Selected Controls over Classified Information at the Los Alamos National Laboratory' (OAS-SR-07-01, November 2006), LANL improved the protection of systems and data through the elimination or disablement of data ports on machines containing classified information. LANL also worked to ensure that incompatible security personnel functions were segregated and related compensating controls were in place and operational. In addition to the actions taken in response to our previous report, site officials worked to reduce risk by segregating vulnerable computers and equipment no longer supported by vendors from the rest of the unclassified computing environment. Site officials also worked over the past year to remediate certain vulnerabilities identified during our Fiscal Year (FY) 2011 Federal Information Security Management Act of 2002 (FISMA) evaluation. In preliminary comments on our draft report, Los Alamos Site Office officials stated that they had taken measures to resolve weaknesses identified during the course of our audit work. However, we were unable to validate these recent corrective actions due to the timing of our audit work."
Department of Energy Inspector General, DOE/IG-0880
United States Deptartment of Energy: http://energy.gov/