ML18232A097
| ML18232A097 | |
| Person / Time | |
|---|---|
| Issue date: | 08/20/2018 |
| From: | Baker B NRC/OIG/AIGA |
| To: | Margaret Doane NRC/EDO |
| References | |
| OIG-17-A-27 | |
| Download: ML18232A097 (5) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL August 20, 2018 MEMORANDUM TO: Margaret M. Doane Executive Director for Operations FROM: Dr. Brett M. Baker /RA/
Assistant Inspector General for Audits
SUBJECT:
STATUS OF RECOMMENDATIONS: THE OFFICE OF THE INSPECTOR GENERAL'S EVALUATION OF NRCS MANAGEMENT OF GOVERNMENT CELL PHONES (OIG-17-A-27)
REFERENCE:
CHIEF INFORMATION OFFICER, MEMORANDUM DATED July 25, 2018 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendations as discussed in the agencys response dated July 25, 2018. Based on this response, recommendations 1, 2, and 4 are closed. Recommendation 3 remains resolved. Please provide an updated status of the resolved recommendation by January 31, 2019.
If you have any questions or concerns, please call me at (301) 415-5915, or Eric Rivera, Team Leader at (301) 415-7032.
Attachment:
As stated cc: R. Lewis, OEDO H. Rasouli, OEDO J. Jolicoeur, OEDO J. Bowen, OEDO EDO_ACS Distribution
Audit Report EVALUATION OF NRCS MANAGEMENT OF GOVERNMENT CELL PHONES OIG-17-A-27 Status of Recommendations Recommendation 1: Reconcile guidance (e.g., MD 13.1 and OCIO service catalog) concerning the return of cell phones and provide the correct instructions to property custodians.
Agency Response Dated July 25, 2018: In December 2017, OCIO updated the NRC Service Catalog to align with current Agencywide Mobility Policy and Management Directive (MD) 13.1, Property Management.
The updated information is in the Device Return Instructions section of the NRC Service Catalog. The actions for this recommendation have been completed.
Target Completion Date: Completed OIG Analysis: OIG reviewed the service catalog to ensure that the guidance for the return of cell phones is clearly stated and matches current property policy so that the property custodians will have correct instructions.
Status: Closed.
Audit Report EVALUATION OF NRCS MANAGEMENT OF GOVERNMENT CELL PHONES OIG-17-A-27 Status of Recommendations Recommendation 2: Provide periodic cell phone management training to property custodians with responsibility for managing cell phones.
Agency Response Dated July 25, 2018: On May 18, 2018, ADM provided property custodians (via e-mail) with specific information on the property procedures to follow when cell phones are returned or lost. This information aligns with OCIOs guidance in the NRC Service Catalog. The actions for this recommendation have been completed.
OIG Analysis: OIG reviewed the information provided by ADM to property custodians on procedures for returned or lost cell phones.
OIG verified that the property custodians had received guidance.
Status: Closed.
Audit Report EVALUATION OF NRCS MANAGEMENT OF GOVERNMENT CELL PHONES OIG-17-A-27 Status of Recommendations Recommendation 3: Review SPMS and MaaS360 and account for all Government furnished cell phones annually.
Agency Response Dated July 25, 2018: The agency reached out to other Federal agencies to benchmark and research their inventory property policies and practices. Based on the findings the decision was made to increase the NRC property threshold from $1,000 to
$2,500 to align with the bench mark findings. Since the acquisition cost of cell phones falls below the revised agency threshold, the agency will remove cell phones from the Space and Property Management System (SPMS) and capture cell phones in one system of record, Remedy, maintained by OCIO. Upon completion of the 2018 agency inventory, cell phones will be removed from the SPMS and accounted for by OCIO. The MD 13.1 will be updated to revise the references link Sensitive Items list removing cell phones.
Target Completion Date: December 31, 2018 OIG Analysis: The proposed action meets the intent of the recommendation. This recommendation will be closed when OIG verifies that phones have been captured in one system of record, Remedy, to be accounted for annually by OCIO, and guidance for phone users is updated as needed.
Status: Resolved.
Audit Report EVALUATION OF NRCS MANAGEMENT OF GOVERNMENT CELL PHONES OIG-17-A-27 Status of Recommendations Recommendation 4: Require periodic re-acknowledgement of the rules of behavior for cell phones.
Agency Response Dated Jul 25, 2018: OCIO has updated the Computer Security Awareness (ID_1441) training course. The course now includes the Agencywide Mobility Policy in Part 4: Rules and Behavior Acknowledgement. In this section, staff must review and acknowledge the agencys rules of behavior for authorized computer use and cell phones. The actions for this recommendation have been completed.
OIG Analysis: OIG verified that the acknowledgement of the rules of behavior for cell phone use has been added to the annual Computer Security Awareness course. This provides for periodic re-acknowledgement on an annual basis.
Status: Closed.