November 3, 2014

The Federal Energy Regulatory Commission's Unclassified Cybersecurity Program – 2014

The Federal Energy Regulatory Commission (Commission) is an independent agency within the Department of Energy responsible for regulating the interstate transmission of the Nation's electricity, natural gas and oil.  To accomplish its mission, the Commission utilizes significant amounts of energy market data using a wide range of information technology resources.  As directed by the Federal Information Security Management Act of 2002, the Office of Inspector General conducted an independent evaluation of the Commission's unclassified cybersecurity program to determine whether it adequately protected data and information systems.

During our Fiscal Year 2014 evaluation, we found that the Commission had taken positive action to improve its cybersecurity program and mitigate risks associated with past weaknesses.  In particular, the Commission made improvements to its security patch management and vulnerability management program to address weaknesses identified during our prior evaluations.

Topic: National Security & Safety