The Department of Energy anticipated spending about $250 million in Fiscal Year (FY) 2008 to implement cyber security measures necessary to protect its information technology resources - systems and data critical to supporting its mission and business lines of energy security, nuclear security, scientific discovery and innovation,environmental responsibility, and management excellence. Security challenges and threats to the Department of Energy's information systems are continually evolving. Adversaries routinely attempt to compromise its information technology assets. As these attacks become increasingly sophisticated, it is critical that the Department's cyber security protective measures keep pace with the growing threat.
The Federal Information Security Management Act (FISMA) provides direction to agencies on the management and oversight of information security risks, including design and implementation of controls to protect Federal information and systems. As required by FISMA, the Office of Inspector General conducts an annual independent evaluation to determine whether the Department's unclassified cyber security program adequately protects its information systems and data. This memorandum and the attached report present the results of our evaluation for FY 2008.