You are here

Audit Report: IG-0800

August 11, 2008

Certification and Accreditation of the Department's National Security Information Systems

The Department of Energy and its facility contractors maintain numerous national security information systems that process and store classified data needed to accomplish national security goals. Recognizing and addressing the risks associated with operating such systems. the Department has adopted a certification and accreditation (C&A) process designed to ensure that these systems are secure prior to beginning operation and that they remain so throughout their lifecycle. The C&A process includes formal steps to recognize and address risks, determine whether system security controls are in place and operating ef'fectively, and ensure that changes to the system are adequately tested and approved.

Topic: National Security and Safety