Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL June 18, 2018 MEMORANDUM TO: Victor M. McCree Executive Director for Operations FROM: Dr. Brett M. Baker /RA/

Assistant Inspector General for Audits

SUBJECT:

STATUS OF RECOMMENDATIONS: AUDIT OF NRCS IMPLEMENTATION OF FEDERAL CLASSIFIED INFORMATION LAWS AND POLICIES (OIG-16-A-17)

REFERENCE:

ACTING DIRECTOR, OFFICE OF NUCLEAR SECURITY AND INCIDENT RESPONSE, MEMORANDUM DATED JUNE 5, 2018 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendations as discussed in the agencys response dated June 5, 2018. Based on this response, recommendations 1(b) and 1(c) remain resolved. Recommendations 1(a), 1(d), 1(e), 1(f), 2, and 3 were closed previously. Please provide an updated status of the resolved recommendations by October 2, 2018.

If you have any questions or concerns, please call me at (301) 415-5915, or Beth Serepca, Team Leader at (301) 415-5911.

Attachment:

As stated cc: R. Lewis, OEDO H. Rasouli, OEDO J. Jolicoeur, OEDO J. Bowen, OEDO EDO_ACS Distribution

Audit Report AUDIT OF NRCS IMPLEMENTATION OF FEDERAL CLASSIFIED INFORMATION LAWS AND POLICIES OIG-16-A-17 Status of Recommendations Recommendation 1 (b): Complete the current inventories of classified information in safes and secure storage areas.

Agency Response Dated June 5, 2018: The Office of Administration (ADM) and the Office of Nuclear Security and Incident Response (NSIR), in collaboration with the Office of the Chief Information Officer (OCIO), issued Requirement for Offices and Regions to Implement [General Services Administration] GSA-Approved Container Security Plans, dated April 8, 2016. The memorandum requested that all classified record holders develop a generic security plan for GSA-approved containers, to include compiling and subsequently verifying a local catalog of a containers classified contents on an annual basis. There are approximately 30 GSA-approved security containers that currently do not have a local inventory of classified documents. The majority of these containers reside in the Office of the Secretary, which has been coordinating efforts with ADM and NSIR to complete the initial inventory of documents. Completion is expected by June 1, 2019.

Additionally, in accordance with the security plan for GSA-approved security containers, ADM and NSIR will ensure that the security container owner conducts a periodic review of the contents of each container and compiles and/or verifies a local catalog of all classified contents of the container at least once annually. Independent of the GSA-Approved Container Security Plans, existing security plans for approved open storage areas have been revised to require room custodians to compile and verify a local catalog of secure room contents and report these actions to ADM on an annual basis. Management Directive 12.1, NRC Facility Security Program, was revised on September 28, 2016, to require security plans for all GSA-approved containers.

Audit Report AUDIT OF NRCS IMPLEMENTATION OF FEDERAL CLASSIFIED INFORMATION LAWS AND POLICIES OIG-16-A-17 Status of Recommendations Recommendation 1 (b) (cont.):

Target Completion Date: Staff has revised existing security plans for all approved open storage areas to include the requirement to compile and/or verify a local catalog of secure room contents and report these actions to ADM/Division of Facilities and Security on an annual basis. Completion of the local inventory of the remaining GSA-approved security containers is expected to be June 1, 2019.

OIG Analysis: The proposed actions meet the intent of the recommendation. OIG will close this recommendation when OIG receives verification that the inventories for classified information in safes and secure areas have been completed.

Status: Resolved.

Audit Report AUDIT OF NRCS IMPLEMENTATION OF FEDERAL CLASSIFIED INFORMATION LAWS AND POLICIES OIG-16-A-17 Status of Recommendations Recommendation 1 (c): Develop declassification training to prepare and authorize declassifiers.

Agency Response Dated June 5, 2018: NSIR, in coordination with OCIO, is currently developing Web-based declassification training to prepare and authorize declassifiers at the agency, to include a new iLearn course identification number to administer and document declassified training. Documentation will include training certifications upon successful completion of the required courses and notifications of suspended declassification authority upon failure to satisfactorily complete the requisite training. In March 2017, NSIR hosted an internal pilot offering of the declassification training to solicit staff feedback on the content of the training. Additionally, in September 2017, NSIR staff attended the Declassification Training Program hosted by the National Archives and Records Administration, National Declassification Center.

During the aforementioned training, various Federal agencies presented their classified equities and approved exemptions from automatic declassification, which will inform the NRCs declassification training. NSIR staff continues to make progress on the completion of the training; however, NSIR requires additional time to complete this recommendation and has extended the target completion date from April 30, 2018, to September 30, 2018.

Target Completion Date: Staff will complete this action by September 30, 2018.

OIG Analysis: The proposed actions meet the intent of the recommendation. This recommendation will be closed when OIG receives confirmation that the training was developed.

Status: Resolved.