The Federal Energy Regulatory Commission (Commission) is tasked with regulating and overseeing important aspects of the U.S. energy industry. To help meet its goals and objectives, the Commission utilizes varying types of information technology resources. However, reliance on information technology, while certainly beneficial, often creates or increases various risks. For example, cyber attacks against government systems and assets continue to grow in frequency and have become increasingly sophisticated. The Commission expects to spend over $4 million during Fiscal Year (FY) 2009 to help mitigate this increasing threat and to secure its information technology assets.
The Federal Information Security Management Act of 2002 (FISMA) provides direction to agencies on the management and oversight of information security risks, including design and implementation of controls to protect Federal information and systems. As required by FISMA, the Office of Inspector General conducts an annual independent evaluation to determine whether the Commission's cyber security program adequately protects its information systems and data. This memorandum and the attached report present the results of our evaluation for FY 2009.