August 30, 2001

Evaluation of Classified Information Systems Security Program

All information processed, transmitted, stored, or disseminated by or on behalf of the Department of Energy (Department) on automated information systems requires some level of protection. The loss or compromise of information entrusted to the Department or its contractors may affect the nation’s economic competitive position, the environment, national security, Department missions, or citizens of the United States. In response to the increasing threat to Federal information systems, the Government Information Security Reform Act (GISRA) was enacted in October 2000. GISRA specifically requires that national security or other classified information systems be evaluated annually by an independent organization designated by the Secretary of Energy. GISRA also requires that the Office of Inspector General perform an audit of this evaluation. The Department formally selected the Office of Independent Oversight and Performance Assurance (OA) to perform the independent evaluation of its classified information systems security program. The objective of our audit was to determine whether the evaluation of classified information systems was performed in accordance with GISRA requirements.