OIG-17-A-07, Status of Recommendations: Audit of the U.S. Nuclear Regulatory Commissions Foreign Assignee Program Dated January 18th, 2022
| ML22018A033 | |
| Person / Time | |
|---|---|
| Issue date: | 01/18/2022 |
| From: | Rivera E NRC/OIG/AIGA |
| To: | Dan Dorman NRC/EDO |
| References | |
| OIG-17-A-07 | |
| Download: ML22018A033 (3) | |
Text
NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930 January 18, 2022 MEMORANDUM TO:
Daniel H. Dorman Executive Director for Operations FROM:
Eric Rivera /RA/
Acting Assistant Inspector General for Audit
SUBJECT:
STATUS OF RECOMMENDATIONS: AUDIT OF THE U.S.
NUCLEAR REGULATORY COMMISSIONS FOREIGN ASSIGNEE PROGRAM (OIG-17-A-07)
REFERENCE:
DIRECTOR, OFFICE OF INTERNATIONAL PROGRAMS, MEMORANDUM DATED NOVEMBER 29, 2021 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendations as discussed in the agencys response dated November 29, 2021.
Based on this response, recommendations two and three are closed. Recommendation one was previously closed. Therefore, all recommendations have been closed.
If you have any questions or concerns, please call me at (301) 415-7032 or Terri Cooper, Team Leader, at (301) 415-5965.
Attachment:
As stated cc:
S. Miotla, OEDO J. Jolicoeur, OEDO S. Hudson, OCFO RidsEdoMailCenter Resource OIG Liaison Resource EDO_ACS Distribution
Audit Report AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS FOREIGN ASSIGNEE PROGRAM OIG-17-A-07 Status of Recommendations Recommendation 2:
Develop a secure, cost-efficient method to provide foreign assignees an email account which allows for NRC detection and mitigation of inadvertent transmission of sensitive information and seek Commission approval to implement it.
Agency Response Dated November 29, 2021:
On May 27, 2021 the Commission approved staffs request (SECY-19-0124) to provide assignees with cloud-based email and calendar accounts through the agencys Office 365 (O365) cloud service as well as access to the BOX file sharing tool. The Office of the Chief Information Officer (OCIO) developed use of the NRCs current O365 cloud subscriptions sub-domain usnrc.onmicrosoft.com to create cloud-only accounts providing email and calendar services to international assignees, which was implemented on September 24, 2021. Staff believes this action resolves Recommendation 2.
OIG Analysis:
The corrective actions taken meet the intent of the recommendation. The agency provided cloud-only email and calendar accounts for foreign assignees via the NRCs O365 cloud subscription. This recommendation is closed.
Status:
Closed.
Audit Report AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS FOREIGN ASSIGNEE PROGRAM OIG-17-A-07 Status of Recommendations Recommendation 3:
When an NRC approved email account is available, develop specific Computer Security Rules of Behavior for foreign assignees using the approved email.
Agency Response Dated November 29, 2021:
As outlined in SECY-19-0124, Computer Security Rules of Behavior were developed by OCIO in October 2021 (ML21175A037). Staff believes this action resolves Recommendation 3.
OIG Analysis:
The corrective actions taken meet the intent of the recommendation. The agency developed, and OIG reviewed, the Computer Security Rules of Behavior for foreign assignees using an NRC-approved email account.
This recommendation is closed.
Status:
Closed.