An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Audit Report: OAS-M-05-06
Management Controls over Selected Departmental Critical Monitoring and Control Systems
Management Controls over Selected Departmental Critical Monitoring and Control Systems
The Department of Energy (Department) could not or Restoration of ensure that it could continue operations or quickly restore Essential Operations selected critical monitoring and control systems in the event of an emergency. Specifically, management had not fully assessed risks or taken adequate steps to mitigate the foreseeable risks confronting the six critical monitoring and control systems we reviewed.
The Department of Energy (Department) could not
or Restoration of ensure that it could continue operations or quickly restore
Essential Operations selected critical monitoring and control systems in the
event of an emergency. Specifically, management had not
fully assessed risks or taken adequate steps to mitigate the
foreseeable risks confronting the six critical monitoring and
control systems we reviewed.
Risk Assessments
Management had not fully assessed the risk and
cost-benefit of risk mitigation strategies for three of the six
systems we reviewed, including Argus which is a system
deployed at a number of sites to control access to facilities
that house critical information and nuclear materials. To
manage risk, the Federal Information Security
Management Act requires agencies to assess, mitigate, and
periodically reevaluate risks and security measures for all
major systems. Risk assessments enable management to
identify threats, vulnerabilities, and the likelihood of
adverse actions or potential consequences.
minute read time