Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL October 30, 2017 MEMORANDUM TO:

Chairman Svinicki FROM:

Hubert T. Bell /RA/

Inspector General

SUBJECT:

INDEPENDENT EVALUATION OF NRCS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2017 (OIG-18-A-02)

Attached is the Office of the Inspector Generals (OIG) report titled Independent Evaluation of NRCs Implementation of the Federal Information Security Modernization Act (FISMA) 2014 for Fiscal Year 2017. The objective was to perform an independent evaluation of NRCs implementation of FISMA 2014 for Fiscal Year 2017.

OIG found NRC has made significant improvements in the effectiveness of their information technology (IT) security program and continues to make improvements in performing continuous monitoring activities. However, the evaluation identified IT security program areas that need improvement. Specifically, IT security program documentation is not up-to-date and some continuous monitoring activities were not performed as required.

If you have any questions, please contact Dr. Brett M. Baker, Assistant Inspector General for Audits, at (301) 415-5915 or me at (301) 415-5930.

Attachment:

As stated cc:

Commissioner Baran Commissioner Burns R. Lewis, OEDO