-
Assesses new vulnerabilities and the effectiveness
of DOE policies governing classified and unclassified
cyber security.
-
Conducts annual evaluations of classified information
security programs for DOE as required by the Federal
Information Security Management Act.
-
Conducts independent special studies of cyber
security topics of interest to the DOE community.
-
Conducts routine announced inspections of classified
and unclassified cyber security programs at DOE
sites.
-
Conducts unannounced (Red Team) assessments of
DOE information systems.
-
Develops recommendations and identifies opportunities
for improving cyber security performance.
-
Evaluates effectiveness of cyber security tools.
-
Maintains a continuous program of announced and
unannounced remote testing for DOE network vulnerabilities
through scanning and penetration testing.
-
Performs complex-wide reviews of cyber security
topical areas and institutes follow-up activities
to ensure that identified issues are addressed
in a timely and effective manner.
-
Performs on-going analyses to identify trends
and emerging issues in the cyber security arena.
-
Provides a "rapid response" capability to perform
special reviews for the Secretary of Energy and
senior DOE managers.
-
Provides input for the annual evaluation of DOE
unclassified information security programs as
required by the Federal Information Security Management
Act.
-
Reviews other governmental and commercial cyber
security programs to provide benchmarks for DOE
performance.