OIG said in a report published Oct. 19 it found lapses in vulnerability and configuration management, access controls, web application integrity, security control testing, privacy awareness training and cybersecurity approaches at certain DOE sites.
The department oversees many laboratories and plants that rely on IT networks and systems to address national security, research, development and environmental management efforts.
According to the report, DOE faces various malicious threats each year that seek to steal data or hack into information systems that support its missions.
The inspector general recommended that the department identify, prioritize and track the developments of efforts aiming to address identified cybersecurity risks.
OIG conducted the audit to determine the effectiveness of the department-wide unclassified cybersecurity program, as mandated by the Federal Information Security Modernization Act of 2014.