Audit finds weaknesses in DOE cybersecurity

Fifth Domain: The Department of Energy is lacking in multifactor authentication for cybersecurity, according to an audit by the department’s Office of Inspector General.

Despite longstanding federal requirements for multifactor authentication, in which users must provide multiple types of authentication before logging in, DOE’s procedures still have weaknesses, the IG found.

“Our review of 18 federal information systems, including those systems operated by contractors, identified weaknesses related to ensuring adequate protections over access to network and application resources, and noted that information reported to [the Office of Management and Budget] related to the Cybersecurity Sprint was not always consistent,” said the audit.

Read article