ML20283A354
| ML20283A354 | |
| Person / Time | |
|---|---|
| Issue date: | 10/26/2020 |
| From: | Kristine Svinicki NRC/OCM/KLS |
| To: | Vought R US Executive Office of the President, Office of Mgmt & Budget (OMB) |
| Cris Brown, 301-415-8421 | |
| Shared Package | |
| ML20282A651 | List: |
| References | |
| CORR-20-0099, SRM-EDO011121-1 | |
| Download: ML20283A354 (3) | |
Text
ABREGg
?t f yA, gpfg UNITEDSTATES
- Sw W
=
NUCLEARREGULATORY COMMISSION
/
WASHINGTON,D.C.20555-0001 CHAIRMAN October 26,2020 TheHonorable Russell T.Vought
- Director, Office ofManagement andBudget 72517thStreet, NW Washington, DC 20503
DearMr.Vought:
Onbehalf oftheU.S.
Nuclear Regulatory Commission(NRC),
Iampleased toreport that theFederal Information SecurityModernization Act(FISMA) andPrivacy Management Program documents forfiscal year(FY)2020 havebeensubmitted through CyberScope in accordance withtheNovember 19,2019, Office ofManagement andBudget (OMB)
Memorandum M-20-04, "Fiscal Year2019-2020 Guidance onFederal information Security and Privacy Management Requirements."
TheNRC's submittal included thefollowing eight documents:
(1) Chief Information Officer/2020 Quarter 4AnnualFISMA Report (2) Senior AgencyOfficial forPrivacy/2020 Annual FISMA Report (3) Agency Privacy Program Changes (4) Agency Privacy Program Plan (5) AgencyBreach
Response
Plan (6) AgencyPrivacy Continuous Monitoring Strategy (7) AgencyPrivacy Program
- Uniform Resource Locator (8) Social Security NumberCollection Policy and/or Procedures TheNRC'sOffice oftheInspector General will separately submit the Inspector General Section Report/2020 AnnualFISMAReport through CyberScope.
TheNRCcontinues itsefforts towards full compliance withFISMAtargets andwith the agency's Privacy Management Program.
Todate,theNRChasreduced itsnumberof reportable systems to17.During FY2020,theagency completed security assessments and approved change authorizations foreachsystem.
TheNRChadnomajor security incidents during FY2020.TheNRChadatotal of 10confirmed incidents.
TheNRC'sComputer Security Incident
Response
Teamreported six incidents totheU.S.Department ofHomeland Security (DHS)
United States Computer Emergency Readiness Team(US-CERT):
five improper usageevents andoneattempted access event.
US-CERTreported four incidents totheNRC.TheNRCinvestigated, mitigated, andremediated all10incidents.
Asinprior
- years, theNRCparticipated inthehigh-value assetrisk andvulnerability assessments ledbyDHSandhascompleted mitigation andremediation activities.
In accordance with current DHSguidance, theNRCreassessed its high-value assets andreduced thenumber fromninetofive.
TheNRCwill continue tocollaborate withDHSinfuture efforts to assess theNRC'sprotection ofhigh-value assets.
- 2 TheNRCcontinues tomakeprogress toward meeting thecybersecurity cross-agency priority (CAP) goals, asdemonstrated bytheagency's 100-percent achievement oftheFY2020 metric targets.
The"CAPGoalEvaluations" table inAppendix AtotheNRC'sChief Information Officer/2020 Quarter 4Annual FISMAReport details theagency's current progress.
Inthe upcoming fiscal
- year, theNRCwill continue tomakeprogress inupdating the ongoing authorization program, deploying encryption
- atrest, implementing additional personal identity verification, reducing therisk ofunauthorized
- software, andaddressing audit findings.
Inaccordancewith theinstructions issued byOMBandDHS,theagency will continue to update yourstaff onits progress onthese initiatives.
Ifyouhaveanyquestions about theFY2020NRCFISMAandPrivacy Management Program documents, please contact meorhaveyourstaff contact Mr.David J.Nelson, Chief Information
- Officer, at(301) 415-8700.
Sincerely, KristineL. Svinicki
identical letter sentto:
The Honorable Russell T.Vought
- Director, Office ofManagement andBudget 72517thStreet, NW Washington, DC 20503 TheHonorable Chad F.Wolf Secretary ofHomeland Security Washington, DC 20528