ML20283A346
| ML20283A346 | |
| Person / Time | |
|---|---|
| Issue date: | 10/26/2020 |
| From: | Kristine Svinicki NRC/Chairman, NRC/OCM/KLS |
| To: | Carolyn Wolf US Executive Office of the President, Office of Homeland Security |
| Cris Brown, 301-415-8421 | |
| Shared Package | |
| ML20282A651 | List: |
| References | |
| CORR-20-0099, SRM-EDO011121-1 | |
| Download: ML20283A346 (3) | |
Text
ppREGo f
O f p
, afg UNITEDSTATES sA a
s NUCLEARREGULATORY COMMISSION
- o(j@l/
WASHINGTON;D.C.20555-0001 4** W CHAIRMAN October 26,2020 TheHonorable Chad F.Wolf Secretary ofHomeland Security Washington, DC 20528
DearMr.Wolf:
Onbehalf oftheU.S.
Nuclear Regulatory Commission (NRC),
Iampleased toreport that theFederal Information Security Modernization Act(FISMA) andPrivacy Management Program documents forfiscal year (FY) 2020 havebeensubmitted through CyberScope in accordance withtheNovember 19,2019, Office ofManagement andBudget (OMB)
Memorandum M-20-04, "Fiscal Year 2019-2020 Guidance onFederal Information Security and Privacy Management Requirements."
TheNRC's submittal included thefollowing eight documents:
(1) Chief Information Officer/2020 Quarter 4Annual FISMA Report (2) Senior Agency Official forPrivacy/2020 AnnualFISMA Report (3) AgencyPrivacy Program Changes (4) Agency Privacy Program Plan (5) AgencyBreach
Response
Plan (6) AgencyPrivacy Continuous Monitoring Strategy (7) AgencyPrivacy Program
- Uniform Resource Locator (8) Social Security NumberCollection Policy and/or Procedures TheNRC'sOffice oftheInspector General will separately submit theInspector General Section Report/2020 Annual FISMAReport through CyberScope.
TheNRCcontinues itsefforts towards full compliance withFISMAtargets and with the agency's Privacy Management Program.
- Todate, theNRChasreduced itsnumber of reportable systems to17.During FY2020,theagency completed security assessments and approved change authorizations foreachsystem.
TheNRChadnomajor security incidents during FY2020.TheNRChadatotal of 10confirmed incidents.
TheNRC'sComputer Security Incident
Response
Teamreported six incidents totheU.S.Department ofHomeland Security (DHS)
United States Computer Emergency Readiness Team(US-CERT):
five improper usageevents andoneattempted access event.
US-CERTreported fourincidents totheNRC.TheNRCinvestigated, mitigated, andremediated all10incidents.
Asinprior
- years, theNRCparticipated inthehigh-value assetrisk andvulnerability assessments ledbyDHSandhascompleted mitigation andremediation activities.
In accordance withcurrent DHSguidance, theNRCreassessed itshigh-value assets andreduced thenumber fromninetofive.
TheNRCwill continue tocollaborate withDHSinfuture efforts to assess theNRC'sprotection ofhigh-value assets.
- 2 TheNRCcontinues tomakeprogress toward meeting thecybersecurity cross-agency priority (CAP)goals, asdemonstrated bytheagency's 100-percent achievement oftheFY2020 metric targets.
The"CAPGoalEvaluations" table inAppendix AtotheNRC'sChief Information Officer/2020 Quarter 4Annual FISMAReport details theagency's current progress.
Inthe upcoming fiscal
- year, theNRCwill continue tomakeprogress inupdating the ongoing authorization program, deploying encryption
- atrest, implementing additional personal identity verification, reducing therisk ofunauthorized
- software, andaddressing audit findings.
inaccordance with theinstructions issued byOMBandDHS,theagency will continue to update yourstaff onitsprogress onthese initiatives.
Ifyouhaveanyquestions about theFY2020NRCFISMAandPrivacy Management Program documents, please contact meorhaveyourstaff contact Mr.DavidJ.Nelson, Chief Information
- Officer, at(301) 415-8700.
Sincerely, KristineL. Svinicki
identical letter sentto:
The Honorable Russell T.Vought
- Director, Office ofManagement andBudget 72517th Street, NW Washington, DC 20503 TheHonorableChad F.Wolf Secretary ofHomeland Security Washington, DC 20528