noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

ATF - Bureau of Alcohol, Tobacco,[...]

Everett Man Sentenced to 18 Months in Prison for Selling Firearms (DOJ)
ATF - Bureau of Alcohol, Tobacco,[...]

Panama City Felon Sentenced for Unlawfully Possessing Firearms (DOJ)
ATF - Bureau of Alcohol, Tobacco,[...]

Guilty Plea in Federal Murder Case for Killing of U.S. Air Force[...]

Politics and Policy

U.S. Department of Energy

04/02/2026 | News release | Distributed by Public on 04/02/2026 07:53

Evaluation: DOE-OIG-26-28

The Department of Energy Took Actions Necessary to Implement the Cybersecurity Information Sharing Act of 2015

Office of Inspector General

April 2, 2026

min minute read time

April 2, 2026

The Department of Energy Took Actions Necessary to Implement the Cybersecurity Information Sharing Act of 2015

The Cybersecurity Information Sharing Act of 2015 (Cybersecurity Act) requires agencies to develop processes and procedures to facilitate and promote the timely sharing of cyber threat information. It also requires the Office of Inspector General to report to Congress at least every 2 years on the sufficiency of information sharing policies, procedures, and guidelines.

We participated in a joint review led by the Office of the Inspector General of the Intelligence Community to assess efforts by seven executive agencies, including the Department of Energy, to implement Cybersecurity Act requirements related to policies and procedures, information sharing, and barriers.

Our evaluation determined that the Department had taken the actions necessary to implement the requirements of the Cybersecurity Act. Specifically, we found that policies and procedures related to the sharing of cyber threat indicators were sufficient and included requirements for the removal of personally identifiable information. Officials also indicated that they were unaware of any violations by the Department regarding the failure to remove personally identifiable information related to a cybersecurity threat. In addition, Department officials informed us that security clearances were authorized for the purpose of sharing classified cyber threat indicators and defensive measures with the private sector. The Department also continued to share and receive cyber threat indicators using Automated Indicator Sharing capabilities during the period under review.

Although the barrier related to the quality of cyber threat indicators received from the Office of the Director of National Intelligence was mitigated since our 2023 evaluation, with the discontinued active feed of the Intelligence Community Analysis and Signature Tool, Department officials noted another barrier related to the quality of cyber threat indicators shared with the Department and industry partners. Specifically, information-sharing fatigue from the large quantity of cyber threat indicators was noted as an issue. While Department officials noted this barrier, we did not identify any associated impact to the sharing of threat indicators and defensive measures from calendar year 2023 through calendar year 2024.

Due to the Department's continued implementation of the Cybersecurity Act, we did not make formal recommendations for improvement.

U.S. Department of Energy published this content on April 02, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on April 02, 2026 at 13:53 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]