Audit Identifies 8 Improvement Areas in DOE Cybersecurity & IT Governance Program

Staff Editor 2026-06-04
Audit Identifies 8 Improvement Areas in DOE Cybersecurity & IT Governance Program

Audit Identifies 8 Improvement Areas in DOE Cybersecurity & IT Governance Program

https://www.executivegov.com/articles/doe-oig-cybersecurity-it-governance-improvement-areas

Publish Date: 2026-06-04 17:09:00

Source Domain: www.executivegov.com

  • DOE OIG has identified eight areas for improvement in cybersecurity and IT governance
  • KPMG has issued 11 recommendations to strengthen oversight, risk management and compliance
  • The 2026 FedCiv Summit will cover AI, cybersecurity, cloud and more

The Department of Energy’s Office of Inspector General said an independent audit conducted by KPMG examined the department’s cybersecurity and IT governance program and identified eight areas for improvement.

As DOE works to strengthen cybersecurity governance, risk management and compliance across the enterprise, federal leaders continue to focus on the technologies and strategies needed to modernize government operations. Attend the 2026 FedCiv Summit on Oct. 29, where discussions will cover powering and scaling AI across the government; data, cloud and compute infrastructure; cybersecurity and compliance-driven initiatives; and cross-agency and enterprise-wide programs. Save your spot now!

OIG said Tuesday the audit assessed whether DOE developed and implemented a governance structure for its cybersecurity and IT activities. The watchdog also reviewed KPMG’s work and reported no instances in which the audit firm failed to comply with generally accepted government auditing standards in any material respect.

What Did the DOE OIG Find?

KPMG identified eight areas for improvement related to DOE’s cybersecurity and IT governance program.

The audit found issues involving outdated contracts, policies and requirements to include standard terms and conditions for prime contractors and subcontractors. KPMG also reported that DOE had not fully implemented a risk monitoring program, an enterprise data strategy or a comprehensive enterprise information system inventory that includes systems containing personally identifiable information.

In addition, the audit identified areas requiring improvement to ensure compliance with federal requirements, create a comprehensive workforce assessment and verify the accuracy and completeness of…

Source

More Stories

Mountain Rides resolves cybersecurity threat | Transportation

Mountain Rides resolves cybersecurity threat | Transportation

Staff Editor 2026-06-05
NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

Staff Editor 2026-06-05
Ashley Devoto Named Air Force CIO

Ashley Devoto Named Air Force CIO

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy