ML20106F225
| ML20106F225 | |
| Person / Time | |
|---|---|
| Issue date: | 04/15/2020 |
| From: | Baker B NRC/OIG |
| To: | Margaret Doane NRC/EDO |
| References | |
| OIG-17-A-07 | |
| Download: ML20106F225 (4) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL April 15, 2020 MEMORANDUM TO: Margaret M. Doane Executive Director for Operations FROM: Dr. Brett M. Baker /RA/
Assistant Inspector General for Audits
SUBJECT:
STATUS OF RECOMMENDATIONS: AUDIT OF THE U.S.
NUCLEAR REGULATORY COMMISSIONS FOREIGN ASSIGNEE PROGRAM (OIG-17-A-07)
REFERENCE:
DIRECTOR, OFFICE OF INTERNATIONAL PROGRAMS, MEMORANDUM DATED APRIL 1, 2020 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendations as discussed in the agencys response dated April 1, 2020. Based on this response, recommendations 2 and 3 remain open and resolved.
Recommendation 1 was previously closed. Please provide an updated status of the resolved recommendations by August 3, 2020.
If you have any questions or concerns, please call me at (301) 415-5915, or Terri Cooper, Team Leader, at (301) 415-5965.
Attachment:
As stated cc: C. Haney, OEDO D. Jackson, OEDO J. Jolicoeur, OEDO S. Miotla, OEDO S. Hudson, OCFO RidsEdoMailCenter Resource OIG Liaison Resource EDO_ACS Distribution
Audit Report AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS FOREIGN ASSIGNEE PROGRAM OIG-17-A-07 Status of Recommendations Recommendation 2: Develop a secure, cost-efficient method to provide foreign assignees an email account which allows for NRC detection and mitigation of inadvertent transmission of sensitive information and seek Commission approval to implement it.
Agency Response Dated April 1, 2020: Agree: The Office of International Programs (OIP) has developed a Notation Vote Paper seeking Commission approval for implementation of a secure, cost-efficient method to provide foreign assignees with NRC issued e-mail accounts that can be monitored by the NRC for the inadvertent transmission of sensitive information, as well as associated information security and provide improvements in communication between the foreign assignee and the pertinent NRC staff and other stakeholders. The information technology enhancements needed to support this initiative could only be developed following the issuance of the Information Technology Systems and Network Cross-Cutting Services Blanket Purchase Agreement Call under the Global Infrastructure and Development Acquisition contract. OIP received the Office of the Chief Information Officers proposal in August 2019 and sought Commission approval on December 18, 2019, via a voting paper. The Commission has had questions regarding the methods suggested in the paper to evaluate the suitability of foreign assignees for placement within the agency. An initial Chiefs of Staff Briefing was held on February 3, 2020, and a follow-up briefing is currently being scheduled.
Revised Target Completion Date: Completed December 18, 2019, via SECY-19-0124.
Audit Report AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS FOREIGN ASSIGNEE PROGRAM OIG-17-A-07 Status of Recommendations Recommendation 2 (cont.):
OIG Analysis: The proposed action meets the intent of the recommendation. OIG reviewed SECY-19-0124 and spoke with agency staff. OIG was informed that the Commission cannot approve SECY-19-0124 at this time because of limitations due to COVID-19. This recommendation will be closed when the agency obtains Commission approval of a secure, cost-efficient method to provide foreign assignees an e-mail account which allows for NRC detection and mitigation of inadvertent transmission of sensitive information.
Status: Open: Resolved.
Audit Report AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS FOREIGN ASSIGNEE PROGRAM OIG-17-A-07 Status of Recommendations Recommendation 3: When an NRC approved email account is available, develop specific Computer Security Rules of Behavior for foreign assignees using the approved email.
Agency Response Dated April 1, 2020: Agree. Staff will develop Computer Security Rules of Behavior for foreign assignees, subject to Commission approval of staffs proposed approach for responding to Recommendation 2.
Target Completion Date: Staff will complete this action within 6 months following Commission approval to Recommendation 2.
OIG Analysis: The proposed actions meet the intent of the recommendation. This recommendation will be closed once Commission Paper (SECY-19-0124) is approved which also addresses Computer Security Rules of Behavior for foreign assignees using an NRC approved email account.
Status: Open: Resolved.