Section 3545 of the Federal Information Security Management Act (FISMA) requires that each Federal agency conduct an annual independent evaluation of their information security program and provide a report to the Office of Management and Budget (OMB). Consistent with the FISMA statute, the Secretary of Energy,
through promulgation of U.S. Department of Energy (DOE) Order 205.1,Department of Energy Cyber Security Management Program, assigned the Office of Independent Oversight, within the Office of Security and Safety Performance Assurance, the responsibility for conducting the annual evaluation of DOE’s information security program for national security systems. This report provides the results of that evaluation and details DOE’s progress in establishing, implementing, and assessing its information security program for national security systems.
This is the sixth annual evaluation report on the status of DOE’s information security program for national security systems prepared by Independent Oversight pursuant to the FISMA and the Government Information Security Reform Act (GISRA).