The Department of Energy's Office of Inspector General has concluded an audit of the Federal Energy Regulatory Commission’s unclassified cybersecurity program for fiscal 2016.
In the evaluation, dated Nov. 4, Assistant Inspector General for Audits and Administration Sarah B. Nelson states that the assessment found the commission implemented cybersecurity program attributes meeting the implementation of the Federal Information Security Modernization Act of 2014 and the requirements of the National Institute of Standards and Technology, the Office of Management and Budget, and the Department of Homeland Security.
The test work, performed by KPMG LLP, found the management, operating and technical controls of servers and workstations within the commission's internal network to be effective. Topic areas tested included risk management, contractor systems, configuration management, identity and access management, security and privacy training, information security continuous monitoring, incident response, and contingency planning.
With no significant control weaknesses or vulnerabilities identified, no recommendation or suggested actions have been made.
The entire audit is available on the Energy Department IG's website.
