You are here

Evaluation Report: IG-0620

September 16, 2003

The Department’s Unclassified Cyber Security Program-2003

While improvements were made during the last year, we noted that additional work is needed to correct problems with risk-based security management, continuity of operations, configuration management, and access controls. Despite policy changes and prompting by the Department of Energy's (Department) Chief Information Officer (CIO), sites and organizations had also not significantly improved computer incident reporting.