ML18092A413
| ML18092A413 | |
| Person / Time | |
|---|---|
| Issue date: | 04/02/2018 |
| From: | Baker B NRC/OIG/AIGA, OIG Watch |
| To: | Mccree V NRC/EDO |
| References | |
| OIG-17-A-22 | |
| Download: ML18092A413 (3) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL April 2, 2018 MEMORANDUM TO: Victor M. McCree Executive Director for Operations FROM: Dr. Brett M. Baker /RA/
Assistant Inspector General for Audits
SUBJECT:
STATUS OF RECOMMENDATIONS: INDEPENDENT EVALUATION OF THE NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2017-TECHNICAL TRAINING CENTER, CHATTANOOGA, TENNESSEE (OIG-17-A-22)
REFERENCE:
CHIEF HUMAN CAPITAL OFFICER, MEMORANDUM DATED MARCH 22, 2018 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendations as discussed in the agencys response dated March 22, 2018.
Based on this response, recommendation 2 is closed and recommendation 3 remains resolved. Recommendation 1 was closed previously. Please provide an updated status of the resolved recommendation by September 4, 2018.
If you have any questions or concerns, please call me at (301) 415-5915, or Beth Serepca, Team Leader at (301) 415-5911.
Attachment:
As stated cc: R. Lewis, OEDO H. Rasouli, OEDO J. Jolicoeur, OEDO J. Bowen, OEDO EDO_ACS Distribution
Audit Report INDEPENDENT EVALUATION OF THE NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2017-TECHNICAL TRAINING CENTER, CHATTANOOGA, TENNESSEE OIG-17-A-22 Status of Recommendations Recommendation 2: Re-authorize the SGI laptop or find an alternate solution for presenting SGI materials in the classroom.
Agency Response Dated March 22, 2018: The Safeguard information that was previously on the SGI laptop was transferred to the SLES network in December 2017. The SGI laptop was decommissioned and the hard drive was transferred to the SLES team within the Office of the Chief Information officer for distribution to the Office f Administration, Destruction Facilities Security Branch for destruction. For future training, SGI will be presented using the SLES Thin Client in the designated training classroom.
OIG Analysis: OIG reviewed the verification that the laptop was decommissioned and determined that the actions of finding an alternate solution for presenting material closes the recommendation. This recommendation is therefore considered closed.
Status: Closed.
Audit Report INDEPENDENT EVALUATION OF THE NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2017-TECHNICAL TRAINING CENTER, CHATTANOOGA, TENNESSEE OIG-17-A-22 Status of Recommendations Recommendation 3: Add the agency-managed laptops and stand-alone desktops to the TTC System Boundary and perform all required system cybersecurity assessment processes and procedures.
Agency Response Dated March 22, 2018: A standard hardened image for the paperless classroom laptops was developed and a temporary authorization was obtained in March 2018 for the paperless classroom laptops, stand-alone workstations, and individually assigned laptops.
The authorization is effective until August 2018. The components will be assessed during the next periodic security control assessment (PSCA) on the TTC system.
The final report for the upcoming PSCA will be delivered by August 31, 2018.
OIG Analysis: The proposed action meets the intent of the recommendation. This recommendation will be closed when OIG reviews the final report to ensure that all required system cybersecurity assessment processes and procedures were performed.
Status: Resolved.