noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

The United States Army

U.S. Army Soldiers Share Strength and Smiles During Children’s Sports[...]
Optimum Communications Inc.

Statement of Changes in Beneficial Ownership (Form 4)
Austin Independent School District[...]

Need help registering for the 2026-27 school year? We can help!

Politics and Policy

U.S. Department of Energy

06/02/2026 | News release | Distributed by Public on 06/02/2026 15:02

Audit: DOE-OIG-26-36

The Department of Energy's Cybersecurity and Information Technology Governance Program

Office of Inspector General

June 2, 2026

Estimated Read Time min

May 28, 2026

The Department of Energy's Cybersecurity and Information Technology Governance Program

SUMMARY This audit, performed by KPMG LLP (KPMG) on behalf of the Department of Energy Office of Inspector General (OIG), examined the Department's cybersecurity and information technology (IT) governance program.

The audit's objective was to determine whether the Department developed and implemented a governance structure over its cybersecurity and IT activities.

In contracting with an independent audit firm and drawing from the results of the audit, auditing standards require the OIG to review the work performed. Accordingly, the OIG oversaw the audit and reviewed the results. Our review disclosed no instances where KPMG did not comply, in all material respects, with generally accepted government auditing standards.

KPMG identified eight areas for improvement to the Department's cybersecurity and IT governance program. Specifically, KPMG identified findings related to areas such as outdated contracts, policies, and/or requirements to include standard terms and conditions for prime and subcontractors. In addition, the Department had not fully implemented an enterprise data strategy, risk monitoring program, or comprehensive enterprise information system inventory to include those with personally identifiable information. Further, improvements were needed for ensuring compliance with Federal requirements, developing a comprehensive workforce assessment, and verifying the completeness and accuracy over various requests for data from Department elements.

KPMG made 11 recommendations to the Department to address the report's 8 areas for improvement. These areas include enterprise-level approaches for ensuring the most recent Federal cybersecurity and IT governance requirements are more timely implemented and contractually required, enterprise-level areas, such as a data strategy, risk monitoring, and systems inventories, are either formalized and/or completed, and data call information is verified for completeness and accuracy.

The Department concurred with each of the 11 recommendations and planned to take corrective actions.

DOE-OIG-26-36.pdf (464.15 KB)

U.S. Department of Energy published this content on June 02, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on June 02, 2026 at 21:02 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]

Back

View original format