On the authority of a 2000 law that amends the Atomic Energy Act of 1954, the Department of Energy (DOE) has issued regulations that will allow the department to impose civil penalties on contractors for breaches of information security. The final rule also gives DOE the power to withhold portions of a contractor's fee for poor information-security performance. The rule, which took effect at the end of February, will allow DOE to fine contractors up to $100,000 for each violation. The rule also allows DOE to insert a clause in its contracts that allows the agency to reduce the amount paid to a contractor if the contractor or an employee of the contractor violates rules relating to the safeguarding or security of sensitive information.information_security0405.pdf