WASHINGTON, D.C. - As part of a continued effort to hold its contractors accountable, the U.S. Department of Energy today issued a Preliminary Notice of Violation (PNOV) to Battelle Energy Alliance, LLC (BEA), for violations of DOE's classified information security program requirements. DOE has proposed a civil penalty of $425,000 based on the significance of the violations and in consideration of BEA's timely implementation of a comprehensive set of corrective actions to prevent recurrence.
The PNOV cites four classified information security violations. BEA is cited for failure to comply with Departmental classified information security and cyber security requirements contained in DOE Manual 205.1-5, Cyber Security Process Requirements Manual, and the DOE Manual 470.4 series. The PNOV identifies three Severity Level I violations, and one Severity Level II violation associated with classification determination; protection and control of classified information; cyber security; and ineffective self-assessment processes that failed to identify the classified information security, and cyber security noncompliances disclosed by this event.
The Atomic Energy Act of 1954 section 234B authorizes the Energy Department to take regulatory actions under Title 10 C.F.R. Part 824, Procedural Rules for the Assessment of Civil Penalties for Classified Information Security Violations, against DOE contractors for violations of classified information security requirements. DOE's Enforcement Program encourages Departmental contractors to identify and correct classified information security deficiencies at an early stage, before they contribute to, or result in more serious events.
BEA is the management and operating contractor for the Idaho National Laboratory (INL), located in Idaho Falls, ID.
Additional details on this and other enforcement actions are available on the Office of Enforcement's website.