Information Security: Safeguarding of Data in Excessed Department of Energy Computers Page: 3 of 32
The following text was automatically extracted from the image on this page using optical character recognition software:
Accountability * Integrity * Reliability
United States General Accounting Office
Washington, D.C. 20548
March 29, 2001
The Honorable Sherwood L. Boehlert
Chairman, Committee on Science
House of Representatives
Dear Mr. Chairman:
The computer systems that support the Department of Energy's (DOE)
civilian research and development programs house enormous amounts of
data and information. Although unclassified, some of the information in
these systems is nevertheless sensitive and must be protected from
inappropriate access or disclosure. For example, these systems might
house controlled scientific and technical information such as proprietary
data or information that is export controlled. For this reason, DOE
property management regulations require the agency to clear the hard
drives of all computers before they are transferred into the excess category
for reuse or disposal. On February 16, 2001, we briefed your office on our
review of the safeguarding of data in excessed DOE computers.
In brief, we found that DOE does not have standardized instructions,
verification procedures, or training for agency and contract employees on
how to properly clear excessed computers. DOE also does not ensure that
procedures used to remove all software, information, and data from
systems are effective. As a result, some of the excessed computers we
inspected at DOE headquarters had information still stored on the hard
This report officially transmits the results of our work and
recommendations to assist DOE in ensuring that sensitive unclassified
information is removed from excessed computers. The briefing slides, as
amended, are included as appendix I.1
Recommendations for We recommend that the Secretary of Energy
Executive Action * develop and implement standardized written procedures on how to
effectively clear hard drives of all software, information, and data;
1Changes were minimal and do not affect the overall contents.
GAO-01-469 DOE Excessed Computers
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. General Accounting Office. Information Security: Safeguarding of Data in Excessed Department of Energy Computers, report, March 29, 2001; Washington D.C.. (digital.library.unt.edu/ark:/67531/metadc292943/m1/3/: accessed April 19, 2018), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.