Citation Edit

U.S. Department of Energy, Department of Energy Cyber Security Management (DOE O 205.1B) (May 16, 2011) (with Change 1, Dec. 7, 2012; Change 2, Mar. 11, 2013) (full-text).

Overview Edit

The purpose of this Order is to set forth requirements and responsibilities for a Departmental Cyber Security Program (CSP) that protects information and information systems for the Department of Energy (DOE). The CSP requires a Risk Management Approach (RMA) that includes: analysis of threats/risks; risk-based decisions considering security, cost and mission effectiveness; and implementation consistent with guidelines from the National Institute of Standards and Technology (NIST) and Committee on National Security Systems (CNSS) cyber requirements, processes and protections. DOE Oversight is conducted through Assurance Systems that monitor the risk evaluation and protection processes at each level in the organization.

The DOE CSP emphasizes risk management rather than a systems-level "controls compliance" approach. Through the RMA, the Department effectively and efficiently meets its obligations under the Federal Information Security Management Act of 2002 (FISMA) in a manner that improves, rather than impedes the fulfillment of the Department's statutory missions.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.