OIG-19-A-08, Status of Recommendations: Independent Evaluation of NRCs Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2018 Dated June 17, 2020
| ML20169A608 | |
| Person / Time | |
|---|---|
| Issue date: | 06/17/2020 |
| From: | Baker B NRC/OIG/AIGA |
| To: | Margaret Doane NRC/EDO |
| References | |
| OIG-19-A-08 | |
| Download: ML20169A608 (3) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL June 17, 2020 MEMORANDUM TO:
Margaret M. Doane Executive Director for Operations FROM:
Dr. Brett M. Baker /RA/
Assistant Inspector General for Audits
SUBJECT:
STATUS OF RECOMMENDATIONS: INDEPENDENT EVALUATION OF THE NRCS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2018 (OIG-19-A-08)
REFERENCE:
CHIEF INFORMATION OFFICER MEMORANDUM DATED MAY 15, 2020 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendations as discussed in the agencys response dated May 15, 2020. Based on this response, recommendations 1 and 5 are now closed. Recommendations 2, 3, 4, and 6 have been previously closed. All recommendations related to this audit report are now closed.
If you have questions or concerns, please call me at (301) 415-5915, or Terri Cooper, Team Leader, at (301) 415-5965.
Attachment:
As stated cc: C. Haney, OEDO D. Jackson, OEDO J. Quichocho, OEDO J. Jolicoeur, OEDO S. Miotla, OEDO RidsEdoMailCenter Resource OIG Liaison Resource EDO_ACS Distribution
Audit Report INDEPENDENT EVALUATION OF THE NRCS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2018 OIG-19-A-08 Status of Recommendations Recommendation 1:
Develop and implement a process to remove all non-standard software that has not been approved by an authorized agency official.
Agency Response Dated May 15, 2020:
The NRC has developed a process to remove non-standard software that has not been approved by an authorized agency official. Refer to Agencywide Documents Access and Management System (ADAMS) document package for an overview of the process.
The NRC believes the intent of this recommendation has been fulfilled.
Target Completion Date: Completed OIG Analysis:
OIG reviewed NRCs overview of the unsupported and unauthorized software review process and determined that NRC has developed and implemented a process to remove non-standard software that has not been approved by an authorized agency official. Therefore, the recommendation is considered closed.
Status:
Closed.
Audit Report INDEPENDENT EVALUATION OF THE NRCS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2018 OIG-19-A-08 Status of Recommendations Recommendation 5:
Implement a process to remove unsupported software from NRC networks.
Agency Response Dated May 15, 2020:
The NRC has developed a process to remove unsupported software from the agencys network environment. Refer to the ADAMS document package for an overview of the process.
The NRC believes the intent of this recommendation has been fulfilled.
Target Completion Date: Completed OIG Analysis:
OIG reviewed NRCs overview of the unsupported and unauthorized software review process and determined that NRC has developed and implemented a process to remove unsupported software from the agencys network environment. Therefore, the recommendation is considered closed.
Status:
Closed.