OIG-20-A-06, Status of Recommendations: Independent Evaluation of the U.S. Nuclear Regulatory Commission’S Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2019, Dated, June 18, 2025

From kanterella
(Redirected from OIG-20-A-06)
Jump to navigation Jump to search
OIG-20-A-06 Status of Recommendations: Independent Evaluation of the U.S. Nuclear Regulatory Commission’S Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2019, Dated, June 18, 2025
ML25169A225
Person / Time
Issue date: 06/18/2025
From: Virkar H
OIG Watch
To: Mirela Gavrilas
NRC/EDO
References
OIG-20-A-06
Download: ML25169A225 (1)
v  d  e


Text

NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930 nrcoig.oversight.gov MEMORANDUM DATE:

June 18, 2025 TO:

Mirela Gavrilas Executive Director for Operations FROM:

Hruta Virkar, CPA /RA/

Assistant Inspector General for Audits & Evaluations

SUBJECT:

STATUS OF RECOMMENDATIONS: INDEPENDENT EVALUATION OF THE U.S. NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2019 (OIG-20-A-06)

REFERENCE:

CHIEF INFORMATION OFFICER, OFFICE OF THE CHIEF INFORMATION OFFICER, MEMORANDUM DATED MAY 14, 2025 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendations as discussed in the agencys response dated May 16, 2025. Based on this response, recommendations 5 and 6 are now closed. All recommendations are now closed.

If you have any questions or concerns, please call me at 301.415.1982 or Mike Blair, Team Leader, at 301.415.8399.

Attachment:

As stated cc: J. Martin, ADO D. Lewis, DADO E. Deeds, OEDO OIG Liaison Resource EDO ACS Distribution

Evaluation Report INDEPENDENT EVALUATION OF THE U.S. NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2019 Status of Recommendations (OIG-20-A-06) 2 Recommendation 5:

Identify individuals having specialized role-based responsibilities for personally identifiable information (PII) or activities involving PII and develop role-based privacy training for them.

Agency Response Dated May 16, 2025:

The U.S. Nuclear Regulatory Commission (NRC) has identified individuals having specialized role-based responsibilities for PII or activities involving PII and has developed role-based privacy training for them. The agency has completed the associated training development and implementation. The NRC suggests closure of this item.

OIG Analysis:

The OIG reviewed and confirmed the developed role-based training for individuals having specialized role-based responsibilities for PII or activities involving PII. This recommendation is now closed.

Status:

Closed

Evaluation Report INDEPENDENT EVALUATION OF THE U.S. NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2019 Status of Recommendations (OIG-20-A-06) 3 Recommendation 6:

Based on NRCs supply chain risk assessment results, complete updates to the NRCs contingency planning policies and procedures to address supply chain risk.

Agency Response Dated May 16, 2025:

The NRC has updated its contingency planning policies and procedures and addressed supply chain risk.

OIG Analysis:

The OIG reviewed and confirmed the NRC updated its contingency planning policies and procedures to address supply chain risk. This recommendation is now closed.

Status:

Closed

Retrieved from "https://kanterella.com/w/index.php?title=OIG-20-A-06,_Status_of_Recommendations:_Independent_Evaluation_of_the_U.S._Nuclear_Regulatory_Commission’S_Implementation_of_the_Federal_Information_Security_Modernization_Act_of_2014_for_Fiscal_Year_2019,_Dated,_June_18,_2025&oldid=5515354"