You are here

Inspection Report: INS-O-10-03

August 16, 2010

Internal Controls over Computer Hard Drives at the Oak Ridge National Laboratory

The Department of Energy’s (Department) Oak Ridge National Laboratory (ORNL) in Oak Ridge, Tennessee, provides unique expertise in support of the Department’s science and national security portfolios. UT-Battelle, LLC, manages ORNL for the Department through the Oak Ridge Office. ORNL’s mission frequently involves producing and receiving sensitive electronic information, data which requires special handling to protect against unauthorized disclosure. Of its approximately 16,400 computers, over 6,200 produce, store or transfer sensitive unclassified information, such as Official Use Only and Personally Identifiable Information (PII) (e.g. name, social security number and medical history). Department guidance requires that storage media no longer in use, but previously used to process sensitive unclassified information, be either protected by approved encryption or tracked and controlled until purged or destroyed. After receiving an allegation that computer hard drives were being removed by unauthorized individuals, a practice that could potentially result in the unauthorized release of sensitive unclassified information, the Office of Inspector General initiated an inspection to review the facts and circumstances of the allegation.

Topic: National Security & Safety