Text

CHAIR UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 February 23, 2023 Jennifer R. Franks, Director Center for Enhanced Cybersecurity Information Technology and Cybersecurity U.S. Government Accountability Office 441 G Street, NW Washington, DC 20548

Dear Director Franks:

On behalf of the U.S. Nuclear Regulatory Commission (NRC), I am writing to describe our actions in response to the recommendations identified in the U.S. Government Accountability Office (GAO) report, GAO-22-105065, "Privacy: Dedicated Leadership Can Improve Programs and Address Challenges," issued September 2022:

GAO Recommendation 50: The Chairman of NRC should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy.

NRC Response: The NRC agrees with this recommendation and has updated its Privacy Program Plan to better document the roles and responsibilities of the Senior Agency Official for Privacy (SAOP) regarding the hiring, training, and professional development needs of the agency with respect to privacy.

GAO Recommendation 51: The Chairman of NRC should fully define and document the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages.

NRC Response: The NRC agrees with this recommendation and has updated its security processes to better document the SAOP's roles and responsibilities regarding reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages.

If you have any questions or need additional information, please contact me or have your staff contact John Jolicoeur, Executive Technical Assistant, Office of the Executive Director for Operations, at (301) 415-1642 or by email at John.Jolicoeur@nrc.gov.

Sincerely, Christopher T. Hanson cc: Marisol Cruz Cain

Identical letter sent to:

Ms. Jennifer R. Franks, Director Center for Enhanced Cybersecurity Information Technology and Cybersecurity U.S. Government Accountability Office 441 G Street, NW Washington, DC 20548 cc: Marisol Cruz Cain The Honorable Shalanda Young Director, Office of Management and Budget 725 17th Street, NW Washington, DC 20503 The Honorable Gary C. Peters Chairman, Committee on Homeland Security and Governmental Affairs United States Senate Washington, DC 20510 cc: Senator Rand Paul The Honorable James Comer Chairman, Committee on Oversight and Accountability United States House of Representatives Washington, DC 20515 cc: Representative Jamie Raskin The Honorable Thomas R. Carper Chairman, Committee on Environment and Public Works United States Senate Washington, DC 20510 cc: Senator Shelley Moore Capito The Honorable Cathy McMorris Rodgers Chair, Committee on Energy and Commerce United States House of Representatives Washington, DC 20515 cc: Representative Frank Pallone, Jr.

The Honorable Kay Granger Chairwoman, Committee on Appropriations United States House of Representatives Washington, DC 20515 cc: Representative Rosa Delaura The Honorable Patty Murray Chair, Committee on Appropriations United States Senate Washington, DC 20510 cc: Senator Susan Collins