ML26014A229

From kanterella
Jump to navigation Jump to search
OIG-23-A-10 Status of Recommendations: Audit of the U.S. Nuclear Regulatory Commission’S Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2023, Dated, January 14, 2026
ML26014A229
Person / Time
Issue date: 01/14/2026
From: Virkar H
NRC/OIG/AIGA
To: Mark King
NRC/EDO
References
OIG-23-A-10
Download: ML26014A229 (0)
v  d  e


Text

NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930 nrcoig.oversight.gov MEMORANDUM DATE:

January 14, 2026 TO:

Michael F. King Executive Director for Operations FROM:

Hruta Virkar, CPA /RA/

Assistant Inspector General for Audits & Evaluations

SUBJECT:

STATUS OF RECOMMENDATIONS: AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2023 (OIG-23-A-10)

REFERENCE:

CHIEF INFORMATION OFFICER, OFFICE OF THE CHIEF INFORMATION OFFICER MEMORANDUM DATED DECEMBER 22, 2025 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendations, as discussed in the agencys response dated December 22, 2025.

Recommendations 1 and 2 were previously closed. Based on this response, recommendation 3 is now closed. All recommendations related to this audit report are now closed.

If you have any questions or concerns, please call me at 301.415.1982 or Mike Blair, Team Leader, at 301.415.8399.

Attachment:

As stated cc: J. Martin, ADO D. Lewis, DADO E. Deeds, OEDO OIG Liaison Resource EDO ACS Distribution

Audit Report AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2023 Status of Recommendations (OIG-23-A-10) 2 Recommendation 3:

We recommend that the Nuclear Regulatory Commission (NRC) management increases the current Security Information and Event Management (SIEM) tool licensing level and acquires funding to adequately support the procurement, onboarding, and implementation of requirements across all Event Logging (EL) maturity tiers to ensure events are logged and tracked in accordance with the U.S. Office of Management and Budget (OMB)

Memorandum (M)-21-31.

Agency Response Dated December 22, 2025:

The NRC has increased the SIEM tool licensing level and acquired funding to adequately support procurement and onboarding. The NRC has implemented requirements across EL maturity tiers EL1 (Basic), EL2 (Intermediate), and EL3 (Advanced) to ensure events are logged and tracked in accordance with OMB M-21-31, Improving the Federal Governments Investigative and Remediation Capabilities Related to Cybersecurity Incidents, dated August 27, 2021.

Target Completion Date: The NRC suggests closure of this item.

OIG Analysis:

The OIG has reviewed the evidence and confirmed that the agency has increased the current SIEM tool licensing level and has acquired funding to adequately support the procurement, onboarding, and implementation of requirements across all EL maturity tiers, ensuring events are logged and tracked in accordance with the OMB M-21-31.

Hence, this recommendation is closed.

Status:

Closed

Retrieved from "https://kanterella.com/w/index.php?title=ML26014A229&oldid=5542786"