ML18009A241
| ML18009A241 | |
| Person / Time | |
|---|---|
| Issue date: | 01/19/2018 |
| From: | Dan Dorman NRC/EDO/DEDCM |
| To: | Baker B NRC/OIG/AIGA |
| Margie Janney, (301) 415-7245 | |
| Shared Package | |
| ML17360A197 | List: |
| References | |
| OEDO-17-00799-OCIO, OIG-18-A-06 | |
| Download: ML18009A241 (3) | |
Text
January 19, 2018 MEMORANDUM TO:
Dr. Brett M. Baker Assistant Inspector General for Audits Office of the Inspector General FROM:
Daniel H. Dorman /RA/
Acting Deputy Executive Director for Materials, Waste, Research, State, Tribal, Compliance, Administration and Human Capital Programs Office of the Executive Director for Operations
SUBJECT:
RESPONSE TO THE OFFICE OF THE INSPECTOR GENERALS EVALUATION OF THE NUCLEAR REGULATORY COMMISSIONS SHARED S DRIVE (OIG-18-A-06)
This memorandum responds to the December 21, 2017, memorandum transmitting OIG-18-A-06, Evaluation of NRCs Shared S Drive. The U.S. Nuclear Regulatory Commission (NRC) staff agrees with the Office of the Inspector Generals (OIGs) findings and recommendations.
The OIG report makes four recommendations to improve the management of the NRCs shared S drive. Enclosed please find the NRC staffs responses to OIGs recommendations from the evaluation report.
Enclosure:
NRCs Response to OIG-18-A-06 CONTACT: Margaret A. Janney, OCIO/GEMSD (301) 415-7245
Pkg. ML17360A197; Memo. ML18009A241
- Concurred via e-mail OFFICE QTE OCIO/GEMSD OCIO/SDOD/SOB OCIO/GEMSD/IMSB NAME KAzariah-Kribbs*
SHardy*
BC: MWilliams*
BC: MJanney*
DATE 1/11/2018 01/09/2018 01/16/2018 01/09/2018 OFFICE OCIO/SDOD OCIO/GEMSD OGC (NLO)
OCFO NAME D: TRich*
D: JMoses (JFeibus* for)
DStraus*
BFicks*
DATE 01/16/2018 01/16/2018 01/17/2018 01/17/2018 OFFICE OCHCO OCIO DEDM (Acting)
NAME DOrlando*
D: DNelson*
DDorman DATE 01/09/2018 01/12/2018 01/1/2018
EVALUATION OF NRCS SHARED S. DRIVE OIG-18-A-06 Status of Recommendations Enclosure Recommendation 1:
Revise NRCs SUNSI handling requirements guidance to specify how to effectively protect PII stored on the shared S drive.
Agency Response Dated January 9, 2018:
Agree. The NRCs Office of the Chief Information Officer (OCIO) has drafted guidance that will specify how to protect Personally Identifiable Information (PII) stored on shared S drives. When the guidance is approved, it will be included on the PII web page, http://drupal.nrc.gov/ocio/pii. The Sensitive Unclassified Non-Safeguards Information (SUNSI) web page, http://www.internal.nrc.gov/sunsi/, has a link to the PII web page.
Target Completion Date: June 29, 2018 Point of
Contact:
Sally Hardy, (301) 415-5607 Recommendation 2:
Provide PII training annually to NRC staff on how to protect PII stored on the shared S drive.
Agency Response Dated January 9, 2018:
Agree. OCIO reached out to the Office of the Chief Human Capital Officer (OCHCO) to update the annual PII/Privacy Training course to include how to protect PII stored on shared drives. OCHCO has agreed to incorporate this into the training that is due to be completed by all employees and contractors by the end of June 2018.
Target Completion Date: June 29, 2018 Point of
Contact:
Sally Hardy, (301) 415-5607 Recommendation 3:
Review the shared S drive for PII on a periodic timeframe.
Agency Response Dated January 9, 2018:
Agree. OCIO will perform a full review of the shared S drive for PII every 2 years, beginning fiscal year (FY) 2019 Q4. A partial/spot check review will be performed in the year when a full review is not performed.
Target Completion Date: September 30, 2019 Point of
Contact:
Mike Williams, (301) 287-0660
EVALUATION OF NRCS SHARED S. DRIVE OIG-18-A-06 Status of Recommendations Recommendation 4:
Remove or delete PII from the shared S drive.
Agency Response Dated January 9, 2018:
Agree. OCIO will remove or delete PII from the shared S drive every year as a result of the full review or partial/spot check, beginning FY 2019 Q4.
Target Completion Date: September 30, 2019 Point of
Contact:
Mike Williams, (301) 287-0660