ML25167A121
| ML25167A121 | |
| Person / Time | |
|---|---|
| Issue date: | 06/10/2025 |
| From: | Virkar H NRC/OIG/AIGA |
| To: | Buhler M NRC/EDO |
| References | |
| DNFSB-23-A-04 | |
| Download: ML25167A121 (1) | |
Text
NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930 nrcoig.oversight.gov MEMORANDUM DATE:
June 10, 2025 TO:
Mary J. Buhler Executive Director of Operations FROM:
Hruta Virkar, CPA /RA/
Assistant Inspector General for Audits & Evaluations
SUBJECT:
STATUS OF RECOMMENDATIONS: AUDIT OF THE DEFENSE NUCLEAR FACILITIES SAFETY BOARDS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2023 (DNFSB-23-A-04)
REFERENCE:
OFFICE OF THE EXECUTIVE DIRECTOR OF OPERATIONS, EMAIL CORRESPONDENCE DATED JUNE 2, 2025 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendations based on the email correspondence dated June 2, 2025. Based on this response, recommendation 1 is now closed. All recommendations are now closed.
If you have any questions or concerns, please call me at 301.415.1982 or Mike Blair, Team Leader, at 301.415.8399.
Attachment:
As stated cc: K. Herrera, DEDO J. Biggins, DEDRS G. Garvin, DEDRS
Audit Report AUDIT OF THE DEFENSE NUCLEAR FACILITIES SAFETY BOARDS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2023 Status of Recommendations (DNFSB-23-A-04) 2 Recommendation 1:
We recommend that Defense Nuclear Facilities Safety Boards (DNFSB) Chief Information Security Officer acquires resources to adequately support the procurement, onboarding, and implementation of requirements across all event logging maturity tiers to ensure events are logged and tracked in accordance with Office of Management and Budget (OMB) Memorandum (M)-21-31, Improving the Federal Governments Investigative and Remediation Capabilities Related to Cybersecurity Incidents (August 27, 2021).
Agency Response Dated June 2, 2025:
A walkthrough of the DNFSB Event Logging was held on April 30, 2025. Per the walkthrough and inspection of event logging captured to meet the required logging for Critical Levels 1, 2, and 3 as required by OMB M-21-31, it was identified that the DNFSB has met the OMBs logging requirement for Critical Levels 1, 2, and 3. Key supporting documentation was provided to the Auditor. DNFSB request the closure of this recommendation, based on the status update and documentation provided.
OIG Analysis:
During the fieldwork phase of the Audit of the DNFSBs Implementation of Federal Information Security Modernization Act of 2014 (FISMA) for Fiscal Year 2025, the OIG and its contractors had a discussion with the DNFSB on its prior years outstanding FISMA recommendations. A walkthrough of the DNFSB Event Logging was held on April 30, 2025. Per the walkthrough and inspection of event logging captured to meet the required logging for Critical Levels 1, 2, and 3 as required by OMB M-21-31, it was identified that the DNFSB had met the OMBs logging requirement for Critical Levels 1, 2, and 3. This recommendation is now closed.
Status:
Closed