HSS Logo Department of Energy Seal
Left Tab SEARCH Right Tab TOOLS Right Tab Left Tab HOME Right Tab Left Tab ABOUT US Right Tab Left Tab FUNCTIONS Right Tab Left Tab RESOURCES Right Tab Left Tab NEWSFEEDS Right Tab Left Tab VIDEOS Right Tab Left Tab EVENTS
Independent Oversight
Home
Sub Offices
Security Evaluations
Cyber Security Evaluations
Emergency Management Oversight
Environment, Safety and Health Evaluations
Mission & Functions
Independent Oversight
Security Evaluations
Cyber Security Evaluations
Emergency Management Oversight
Environment, Safety and Health Evaluations
Reports
Safeguards & Security Evaluations
Cyber Security Evaluations
Emergency Management Oversight
Environment, Safety and Health Evaluations
Guidance Documents
Independent Oversight
Security Evaluations
Cyber Security Evaluations
Emergency Management Oversight
Environment, Safety and Health Evaluations
Related Links
DOE
DOE CIO
NNSA
DOE CFO
NTC
Contact Us
HSS Logo

Office of Cyber Security Evaluations

Reports to the Independent Oversight Program

Mission and Functions

Mission

The Office of Cyber Security Evaluations is responsible for the independent evaluation of the effectiveness of classified and unclassified computer security policies and programs throughout the Department. It has established and maintains a continuous program for assessing Internet security to include offsite scanning and controlled penetration attempts to detect vulnerabilities that could be exploited by hackers or sophisticated attackers. The office analyzes cyber security trends and studies complex-wide issues in order to provide feedback on essential information assurance practices to DOE sites.

Functions

  • Assesses new vulnerabilities and the effectiveness of DOE policies governing classified and unclassified cyber security.
  • Conducts annual evaluations of classified information security programs for DOE as required by the Federal Information Security Management Act.
  • Conducts independent special studies of cyber security topics of interest to the DOE community.
  • Conducts routine announced inspections of classified and unclassified cyber security programs at DOE sites.
  • Conducts unannounced (Red Team) assessments of DOE information systems.
  • Develops recommendations and identifies opportunities for improving cyber security performance.

  • Evaluates effectiveness of cyber security tools.

  • Maintains a continuous program of announced and unannounced remote testing for DOE network vulnerabilities through scanning and penetration testing.
  • Performs complex-wide reviews of cyber security topical areas and institutes follow-up activities to ensure that identified issues are addressed in a timely and effective manner.
  • Performs on-going analyses to identify trends and emerging issues in the cyber security arena.
  • Provides a "rapid response" capability to perform special reviews for the Secretary of Energy and senior DOE managers.
  • Provides input for the annual evaluation of DOE unclassified information security programs as required by the Federal Information Security Management Act.
  • Reviews other governmental and commercial cyber security programs to provide benchmarks for DOE performance.


This page was last updated on December 11, 2012