Information Technology Division (IT) Computing and Communications Services News
May, 2005
 

DOE Regulation of IT Rises

DOE regulation and oversight of information technology are increasing as the number of regulators and the areas of regulatory focus expand. Traditionally, the focus has been on cyber security, but now there is additional interest in consolidation, system management, and financial performance of IT assets. The new UC contract also contains requirements for compliance and performance.

The following topics are growing in importance:

  1. Infrastructure Consolidation: Pressure to consolidate is happening at both the federal and DOE level. Consolidation could impact both infrastructure and scientific IT.

  2. Asset Management: The Office of the CIO has chosen a tool to provide asset management and patching and has indicated that it must be installed on all systems throughout the DOE, including all contractors, such as Berkeley Lab.

  3. Personal Identity Verification (PIV): The President has mandated that all federal employees use a common badge for access to cyber and physical resources, this currently includes DOE Labs.

In addition, Berkeley Lab will be required to install and maintain minimum security configurations on all systems by the end of this quarter. And a new rule has been proposed requiring that all DOE computer users sign a waiver of many privacy rights. This rule is currently up for comment.