By Michael Hardy
August 15, 2008
The Energy Department's efforts to protect information systems that
contain national security information are falling short, the
department's inspector general has found.
In an audit report  released recently, the IG reported weaknesses in
five of the six facilities included in the audit. The review is the
latest of several the IG has conducted of the department's certification
and accreditation process.
Specifically, the IG found that:
* At five of the six facilities audited, security plans did not
addres risks such as classified and unclassified systems operating
in the same environment.
* In many cases, department officials were not approving security
plans and changes to systems.
* In some cases, the plans did not accurately reflect the
environment they pertained to.
* Five of the six sites did not have contingency plans for handling
service disruptions to national security information systems.
DOE managers agreed with two of the IG's recommendations and disagreed
with the other two.
Visit Defcon Pics - Defcon Memory Repository