Audit Report: Management of Cybersecurity Over Selected Information Systems at Department of Energy Headquarters [open pdf - 742KB]
From the Document: "We initiated this audit to determine whether the Department managed cybersecurity over selected Headquarters information systems in accordance with Federal and Department requirements. We found the Department had not fully managed cybersecurity for selected Headquarters information systems in accordance with Federal and Department requirements. [...] Without improvements, the systems reviewed and the data they contain will continue to be at a higher-than-necessary risk of compromise, loss, or modification. To help improve the management of the Department's cybersecurity program, we issued a detailed report to the OCIO [Office of the Chief Information Officer], Energy Information Administration, and the Office of the Chief Financial Officer that included six recommendations. Management concurred with the recommendations and indicated that corrective actions were underway or planned to mitigate the findings identified in the report. Due to the sensitive nature of the vulnerabilities identified during our audit, the report issued to the Department was for Official Use Only. We provided OCIO, Energy Information Administration, and Office of the Chief Financial Officer officials with detailed information regarding vulnerabilities that we identified."
Department of Energy, Office of Inspector General, Report No. DOE-OIG-19-52
U.S. Department of Energy: https://www.energy.gov/