ML18199A145
ML18199A145 | |
Person / Time | |
---|---|
Issue date: | 08/13/2018 |
From: | Kristine Svinicki NRC/Chairman |
To: | Barrasso J, Frelinghuysen R, Gowdy T, Rachel Johnson, Shelby R, Walden G, Wilshusen G US Congress, US Government Accountability Office (GAO) |
Briana Dade/OCHCO | |
Shared Package | |
ML18166A091 | List: |
References | |
CORR-18-0071, LTR-18-0242 | |
Download: ML18199A145 (3) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 August 13, 2018 Mr. Gregory C. Wilshusen , Director Information Systems Issues U.S. Government Accountability Office 441 G Street, NW Washington , DC 20226
Dear Mr. Wilshusen:
On behalf of the U.S. Nuclear Regulatory Commission (NRC), I am responding to the two U.S. Government Accountability Office (GAO) recommendations contained in the report entitled "Cybersecurity Workforce: Agencies Need to Improve Baseline Assessments and Procedures for Coding Positions (GA0-18-466)." GAO recommends two actions to improve the NRC's procedures for assigning codes to NRC staff cyber-related positions. Both of these recommendations, outlined below, were previously addressed , as referenced in Appendix IX of the report.
Recommendation 23: The Chairman of the NRC should ensure that agency procedures account for the fact that information technology (IT), cybersecurity, and cyber-related positions will extend beyond the Information Technology Management 2210 occupational series.
Response: The NRC revised its Cybersecurity Coding Procedures in November 2017 to incorporate the following language to address this recommendation: "The initiative is not limited to positions in the 2210 occupational series. This effort includes any position that has IT, cybersecurity, and cyber-related functions in series 0099-2299."
Recommendation 24: The Chairman of the NRC should fully clarify requirements to assign up to three employment codes per position in order of their criticality in agency procedures.
Response: The NRC revised its Cybersecurity Coding Procedures in November 2017 to incorporate the following language to address this recommendation: "Each cybersecurity position can have up to three codes," and "[c]odes should be assigned in descending order according to the order of the level of criticality of the respective position ."
The NRC appreciates the opportunity to provide agency actions taken to address the recommendations in the GAO report. Should you have any questions, please contact Mr. John R. Jolicoeur by phone at (301) 415-1642 or by e-mail at John .Jolicoeur@nrc.gov.
Sincerely, Kristine L. Svinicki
Enclosure:
As stated
Identical letter sent to the following recipients, with the exception of the replacement of the point of contact with the Chairman and the Director of the Office of Congressional Affairs:
Mr. Gregory C. Wilshusen , Director Information Systems Issues U.S. Government Accountability Office 441 G Street, NW Washington , DC 20226 The Honorable Ron Johnson Chairman , Committee on Homeland Security and Governmental Affairs United States Senate Washington , DC 2051 O cc: Senator Claire McCaskill The Honorable Trey Gowdy Chairman , Committee on Oversight and Government Reform United States House of Representatives Washington, DC 20515 cc: Representative Elijah Cummings The Honorable John Barrasso Chairman, Committee on Environment and Public Works United States Senate Washington, DC 20510 cc: Senator Thomas R. Carper The Honorable Greg Walden Chairman , Committee on Energy and Commerce United States House of Representatives Washington, DC 20515 cc: Representative Frank Pallone, Jr.
The Honorable Rodney Frelinghuysen Chairman , Committee on Appropriations United States House of Representatives Washington , DC 20515 cc: Representative Nita Lowey The Honorable Richard Shelby Chairman, Committee on Appropriations United States Senate Washington , DC 205 10 cc: Senator Patrick Leahy