ML18275A196
| ML18275A196 | |
| Person / Time | |
|---|---|
| Issue date: | 10/31/2018 |
| From: | Kristine Svinicki NRC/Chairman |
| To: | Mulvaney M US Executive Office of the President, Office of Mgmt & Budget (OMB) |
| Aldo Eskandary, (301) 415-0088 | |
| Shared Package | |
| ML18263A172 | List: |
| References | |
| CORR-18-0099, SRM-EDO01112-1 | |
| Download: ML18275A196 (3) | |
Text
OFFICIAL USE ONLY-SECURITY-RELATED INFORMATION UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 CHAIRMAN October 31, 2018 The Honorable Mick Mulvaney Director, Office of Management and Budget 725 17th Street, NW Washington, DC 20503
Dear Mr. Mulvaney:
On behalf of the U.S. Nuclear Regulatory Commission (NRC), I am providing the Fiscal Year (FY) 2018 Federal Information Security Modernization Act (FISMA) Report and Privacy Management reports. The reports constitute the following nine enclosures:
- Chief Information Officer/2018 Quarter 4 Annual FISMA Report
- Senior Agency Official for Privacy/2018 Annual FISMA Report
- Agency Privacy Program Changes
- Agency Privacy Program Plan
- Agency Breach Response Plan
- Agency Privacy Continuous Monitoring Strategy
- Agency Privacy Program - Uniform Resource Locator
- Social Security Number Collection Policy and/or Procedures
- Inspector General Section Report/2018 Annual FISMA Report Since submitting last year's report, the NRC continues towards full compliance with FISMA targets and with the agency's Privacy Management Program. The current number of reportable systems at the NRC stands at 31. During FY 2018, the agency completed security assessments and approved change authorizations for each system.
The NRC had no major security incidents during FY 2018. The NRC had a total of three confirmed incidents reported to the U.S. Department of Homeland Security (OHS) United States Computer Emergency Readiness Team. These consisted of two improper usage and one attempted access incidents. The confirmed incidents were all detected and reported to the agency's Computer Security Incident Response Team, and they have all been mitigated.
Enclosures 1, 2, 5, and 9 transmitted herewith contain Official Use Only - Security Related Information. When separated from these enclosures, this document is decontrolled.
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY-SECURITY-RELATED INFORMATION 2
As in prior years, the NRC participated in the high-value assets risk and vulnerability assessments led by OHS and has completed mitigation and remediation activities. The NRC will continue to collaborate with OHS in future efforts to assess the NRC's protection of high value assets.
The NRC continues to make progress towards meeting the cybersecurity cross-agency priority (CAP) goals. The agency's current progress is documented in the "CAP Goals Evaluations" table in Appendix A to Enclosure 1.
In the upcoming fiscal year, the NRC will continue to make progress in updating the ongoing authorization program, implementing additional personal identity verification, reducing the risk of malware, and addressing audit findings.
In accordance with the instructions issued by the Office of Management and Budget and OHS, the agency will continue to update your staff on its progress on these initiatives.
If you have any questions about the FY 2018 NRC FISMA and Privacy Management reports, please contact me or have your staff contact Mr. David J. Nelson, Chief Information Officer, at (301) 415-8700.
Sincerely,
Enclosures:
As stated OFFICIAL USE ONLY-SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY-SECURITY-RELATED INFORMATION Identical letter sent to:
The Honorable Mick Mulvaney Director, Office of Management and Budget 725 17th Street, NW Washington, DC 20503 The Honorable Kirstjen M. Nielsen Secretary of Homeland Security Washington, DC 20528 OFFICIAL USE ONLY-SECURITY-RELATED INFORMATION