OIG-24-A-04, Status of Recommendation: Audit of the U.S. Nuclear Regulatory Commission’S Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2023, Region II: Atlanta, Georgia, Dated, August 28, 2024

From kanterella
(Redirected from OIG-24-A-04)
Jump to navigation Jump to search
OIG-24-A-04 - Status of Recommendation: Audit of the U.S. Nuclear Regulatory Commission’S Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2023, Region II: Atlanta, Georgia, Dated, August 28, 2024
ML24241A046
Person / Time
Issue date: 08/28/2024
From: Virkar H
NRC/OIG/AIGA
To: Mirela Gavrilas
NRC/EDO
References
OIG-24-A-04
Download: ML24241A046 (1)
v  d  e


Text

NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930 nrcoig.oversight.gov MEMORANDUM DATE:

August 28, 2024 TO:

Mirela Gavrilas Executive Director for Operations FROM:

Hruta Virkar, CPA /RA/

Assistant Inspector General for Audits & Evaluations

SUBJECT:

STATUS OF RECOMMENDATION: AUDIT OF THE U.S.

NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2023, REGION II: ATLANTA, GEORGIA (OIG-24-A-04)

REFERENCE:

CHIEF INFORMATION OFFICER, OFFICE OF THE CHIEF INFORMATION OFFICER MEMORANDUM DATED JULY 10, 2024.

Attached is the Office of the Inspector Generals (OIG) analysis and status of the recommendation, as discussed in the agencys response dated June 28, 2024. Based on this response, recommendation 1 is closed. Recommendation 2 was previously closed.

All recommendations related to this audit report are now closed, and the audit is considered closed.

If you have any questions or concerns, please call me at 301.415.1982 or Mike Blair, Team Leader, at 301.415.8399.

Attachment:

As stated cc: J. Martin, Acting ADO M. Meyer, DADO S. Miotla, DADO J. Jolicoeur, OEDO OIG Liaison Resource EDO ACS Distribution

AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2023 REGION II: ATLANTA, GEORGIA Status of Recommendation (OIG-24-A-04) 2 Recommendation 1:

We recommend NRC management define and implement a process to conduct reviews and removal of unnecessary badged access for its Regions.

Agency Response The U.S. Nuclear Regulatory Commission (NRC) already has Dated June 28, 2024:

an effective process in place to review badged access and remove it when not necessary at Headquarters, regional offices, and the Technical Training Center. Specifically, as described in Management Directive 12.1, NRC Facility Security Program,dated April 22, 2024, The NRC access control system is managed and maintained by DFS [Division of Facilities and Security]. It is used to ensure that only authorized individuals are granted physical access. Access lists (a list of individuals with authorized access) are required for administratively controlled, limited access, and security-controlled areas and must be reviewed and approved by the rooms designated owner (i.e., the Access Reviewing Official) at least annually. The NRC conducts an assessment of access needs with every badge renewal.

Target Completion Date: The NRC recommends closure of this item OIG Analysis:

The OIG reviewed the evidence and confirmed that the NRC management has defined and implemented a process to conduct reviews and remove unnecessary badged access for its Regions. Hence, the recommendation is closed.

Status:

Closed.

Retrieved from "https://kanterella.com/w/index.php?title=OIG-24-A-04,_Status_of_Recommendation:_Audit_of_the_U.S._Nuclear_Regulatory_Commission’S_Implementation_of_the_Federal_Information_Security_Modernization_Act_of_2014_for_Fiscal_Year_2023,_Region_II:_Atlanta,_Georgia,_Dated,_August_28,_2024&oldid=4832084"