DOE rapped over computer disposal

A review of the way the Energy Department deals with excess property turned up computers that still had readable data and a lack of policies on how DOE should deal with used machines.

A random sample of 40 computers in DOE's excess property holding area in Germantown, Md., found that three machines had not been properly cleared, leaving recoverable information and data, according to a General Accounting Office report.

The report, "Safeguarding of Data in Excessed Department of Energy Computers," also found that DOE "does not have standardized instructions, verification procedures, or training for agency or contract employees on how to properly clear excessed computers."

The DOE's federal property management regulations require that all software, information and data be cleared from computers before still-useful machines are transferred to other agencies, schools, prisons and nonprofit organizations.

At the time of the review, which took place from August through November 2000, GAO interviewed officials from nine DOE headquarters program offices regarding their policies for handling excess computers. Of the 10 facilities surveyed, only one complied with federal property management regulations. And of the random sample from Germantown, seven computers had the operating system software still installed, and three had not been cleared of readable information.

In submitting the report to the House Science Committee, GAO made three recommendations to the department:

Develop and implement standard written procedures on how to clear hard drives of all software and data. Require an independent verification that the procedures have been done before turning in the computers. Emphasize the procedures in the computer security training and awareness program that is required of all DOE employees and contractors. In a March 14 letter to GAO, Joseph Mahaley, acting director of the Office of Security and Emergency Operations at DOE, agreed with the findings and recommendations of the draft report and said efforts are under way to solve the problems.

Also, as part of its Cyber Security Management Program, the office of DOE's chief information officer is preparing a manual to be issued this summer that includes procedures for:

Sanitizating media during the disposal phase of an system's life cycle. Sanitizing electronic media for reuse. Ensuring that need-to-know criteria are applied to workers granted access to classified data archives. Verifiying that sanitization has been effective.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected