ML21286A684: Difference between revisions
StriderTol (talk | contribs) (StriderTol Bot change) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
Line 15: | Line 15: | ||
=Text= | =Text= | ||
{{#Wiki_filter: | {{#Wiki_filter:Ms. Clare Martorana, Chair Technology Modernization Board 1800 F St., NW Washington, DC 20405 | ||
==Dear Ms. Martorana,== | ==Dear Ms. Martorana,== | ||
The U.S. Nuclear Regulatory Commission (NRC) is responding to the September 8, 2021, memorandum from the Technology Modernization Board. On July 12, 2021, the Technology Modernization Board (Board) considered the Initial Project Proposal titled Modernization of Safeguards Local Area Network and Electronic Safe (SLES) System from NRC. There were four questions the Board asked the NRC to address. The answers to these questions are below. | The U.S. Nuclear Regulatory Commission (NRC) is responding to the September 8, 2021, memorandum from the Technology Modernization Board. On July 12, 2021, the Technology Modernization Board (Board) considered the Initial Project Proposal titled Modernization of Safeguards Local Area Network and Electronic Safe (SLES) System from NRC. There were four questions the Board asked the NRC to address. The answers to these questions are below. | ||
Items to Address | Items to Address | ||
Line 26: | Line 25: | ||
: 2. The Board would like to see additional information regarding the sustainment approach for this project. It specifically had concerns regarding whether funding would be needed for additional hardware upgrades in the coming years. | : 2. The Board would like to see additional information regarding the sustainment approach for this project. It specifically had concerns regarding whether funding would be needed for additional hardware upgrades in the coming years. | ||
NRC Response: The NRC will not require funding in the coming years. The requested funding will be utilized in fiscal year 2022 and satisfy the implementation. | NRC Response: The NRC will not require funding in the coming years. The requested funding will be utilized in fiscal year 2022 and satisfy the implementation. | ||
Future modernization and maintenance of this HVA will be included in our budget formulation process. | Future modernization and maintenance of this HVA will be included in our budget formulation process. October 28, 2021 C. Martorana 2 | ||
C. Martorana | |||
: 3. The Board wanted to know if there is a plan to move to the cloud, or if there is a specific reason why the cloud is not viable or considered by the agency at this time. | : 3. The Board wanted to know if there is a plan to move to the cloud, or if there is a specific reason why the cloud is not viable or considered by the agency at this time. | ||
NRC Response: The NRC is working to move applications and systems to the cloud, as appropriate. SLES is a system that transmits and stores Safeguards Information (SGI)1 and considered a high-value asset and is treated as a classified system. The NRC is currently evaluating authorized cloud hosting environments that satisfy the cybersecurity requirements. | NRC Response: The NRC is working to move applications and systems to the cloud, as appropriate. SLES is a system that transmits and stores Safeguards Information (SGI)1 and considered a high-value asset and is treated as a classified system. The NRC is currently evaluating authorized cloud hosting environments that satisfy the cybersecurity requirements. | ||
Line 35: | Line 32: | ||
NRC Response: The upgrades to the SLES environment represent a single, yet important, initiative supporting the agency's strategic goal of maintaining the security of its information technology assets through continual evolution of its cybersecurity controls to address the ever-changing threat environment. The NRC has a goal to promote the use of modern tools and industry best practices to enable the secure management and use of agency information. This goal is one of the agencys six primary goals in the recently developed NRC IT Strategic Roadmap. To meet this goal, the agency's IT architecture must not only be modernized to enable continued support; it must also be optimized to enable the use of advanced cybersecurity controls and enhancements. Continued modernization of agency systems (including SLES) therefore plays a critical part in the agency's technology strategy and cybersecurity roadmap. | NRC Response: The upgrades to the SLES environment represent a single, yet important, initiative supporting the agency's strategic goal of maintaining the security of its information technology assets through continual evolution of its cybersecurity controls to address the ever-changing threat environment. The NRC has a goal to promote the use of modern tools and industry best practices to enable the secure management and use of agency information. This goal is one of the agencys six primary goals in the recently developed NRC IT Strategic Roadmap. To meet this goal, the agency's IT architecture must not only be modernized to enable continued support; it must also be optimized to enable the use of advanced cybersecurity controls and enhancements. Continued modernization of agency systems (including SLES) therefore plays a critical part in the agency's technology strategy and cybersecurity roadmap. | ||
We hope the answers to these questions provide a stronger framework in which to evaluate our request for the TMF funding and appreciate your consideration of our request. If you have any questions, please contact Thomas Ashley, Director for Information Technology Services and Operations Division, Office of the Chief Information Officer at Thomas.Ashley@nrc.gov. | We hope the answers to these questions provide a stronger framework in which to evaluate our request for the TMF funding and appreciate your consideration of our request. If you have any questions, please contact Thomas Ashley, Director for Information Technology Services and Operations Division, Office of the Chief Information Officer at Thomas.Ashley@nrc.gov. | ||
Sincerely, | Sincerely, Dave J. Nelson Chief Information Officer Office of the Chief Information Officer 1 SGI is a special category of sensitive, unclassified information required by Section 147 of the Atomic Energy Act to be protected. Although SGI is sensitive, unclassified information, it is marked and protected in many aspects similar to Confidential National Security Information. | ||
Examples include information that has intrinsic security value involving equipment, procedures, communications, analyses, design basis, or response plans used by a licensee or applicant to protect certain special nuclear material, byproduct material, source material, or facilities. | Examples include information that has intrinsic security value involving equipment, procedures, communications, analyses, design basis, or response plans used by a licensee or applicant to protect certain special nuclear material, byproduct material, source material, or facilities. | ||
Signed by Nelson, David on 10/28/21 | |||
Ltr ML21286A684 OCIO/ITSDOD | Ltr ML21286A684 OFFICE OCIO/ITSDOD OCIO/ITSDOD/DD OCIO/ITSDOD/D OCIO/D | ||
/DTSB NAME KDunbar KD GHayden GH TAshley TA DNelson DN DATE Oct 13, 2021 Oct 13, 2021 Oct 14, 2021 Oct 28, 2021}} |
Revision as of 18:54, 19 November 2024
ML21286A684 | |
Person / Time | |
---|---|
Issue date: | 10/28/2021 |
From: | David Nelson NRC/OCIO |
To: | Martorana C US Executive Office of the President, Office of Mgmt & Budget (OMB) |
Robb C | |
References | |
Download: ML21286A684 (3) | |
Text
Ms. Clare Martorana, Chair Technology Modernization Board 1800 F St., NW Washington, DC 20405
Dear Ms. Martorana,
The U.S. Nuclear Regulatory Commission (NRC) is responding to the September 8, 2021, memorandum from the Technology Modernization Board. On July 12, 2021, the Technology Modernization Board (Board) considered the Initial Project Proposal titled Modernization of Safeguards Local Area Network and Electronic Safe (SLES) System from NRC. There were four questions the Board asked the NRC to address. The answers to these questions are below.
Items to Address
- 1. The Board noted that the use case for the project is justified, but it is not clear how investing to meet a defined VMware need is truly a modernization effort beyond a hardware refresh. Explaining the rationale for purchasing more hardware and whether alternative solutions were considered would be beneficial.
NRC Response: This effort will allow the NRC to implement modern, more secure, VMware solutions that improve this High Value Asset (HVAs) overall cybersecurity posture. Most importantly, the investment will allow the SLES system to encrypt data at rest necessary for this HVA system and remediate critical cybersecurity vulnerabilities that cannot be satisfied as the current platform is unsupported.
Additionally, this effort will enable the NRC to modernize test, production, and failover environments, allowing the NRC to test platform and cybersecurity enhancements in an environment that duplicates production and failover. As a result, the NRC will be able to employ additional cybersecurity tools to analyze logs and access the system.
- 2. The Board would like to see additional information regarding the sustainment approach for this project. It specifically had concerns regarding whether funding would be needed for additional hardware upgrades in the coming years.
NRC Response: The NRC will not require funding in the coming years. The requested funding will be utilized in fiscal year 2022 and satisfy the implementation.
Future modernization and maintenance of this HVA will be included in our budget formulation process. October 28, 2021 C. Martorana 2
- 3. The Board wanted to know if there is a plan to move to the cloud, or if there is a specific reason why the cloud is not viable or considered by the agency at this time.
NRC Response: The NRC is working to move applications and systems to the cloud, as appropriate. SLES is a system that transmits and stores Safeguards Information (SGI)1 and considered a high-value asset and is treated as a classified system. The NRC is currently evaluating authorized cloud hosting environments that satisfy the cybersecurity requirements.
SGI.
- 4. One Board member noted that the proposal would better align with the Technology Modernization Fund (TMF) if the requested hardware purchase was one element of a roadmap to a broader modernization effort. Situating this proposal in the context of NRCs technology strategy and roadmap would help clarify the Boards thinking on the project.
NRC Response: The upgrades to the SLES environment represent a single, yet important, initiative supporting the agency's strategic goal of maintaining the security of its information technology assets through continual evolution of its cybersecurity controls to address the ever-changing threat environment. The NRC has a goal to promote the use of modern tools and industry best practices to enable the secure management and use of agency information. This goal is one of the agencys six primary goals in the recently developed NRC IT Strategic Roadmap. To meet this goal, the agency's IT architecture must not only be modernized to enable continued support; it must also be optimized to enable the use of advanced cybersecurity controls and enhancements. Continued modernization of agency systems (including SLES) therefore plays a critical part in the agency's technology strategy and cybersecurity roadmap.
We hope the answers to these questions provide a stronger framework in which to evaluate our request for the TMF funding and appreciate your consideration of our request. If you have any questions, please contact Thomas Ashley, Director for Information Technology Services and Operations Division, Office of the Chief Information Officer at Thomas.Ashley@nrc.gov.
Sincerely, Dave J. Nelson Chief Information Officer Office of the Chief Information Officer 1 SGI is a special category of sensitive, unclassified information required by Section 147 of the Atomic Energy Act to be protected. Although SGI is sensitive, unclassified information, it is marked and protected in many aspects similar to Confidential National Security Information.
Examples include information that has intrinsic security value involving equipment, procedures, communications, analyses, design basis, or response plans used by a licensee or applicant to protect certain special nuclear material, byproduct material, source material, or facilities.
Signed by Nelson, David on 10/28/21
Ltr ML21286A684 OFFICE OCIO/ITSDOD OCIO/ITSDOD/DD OCIO/ITSDOD/D OCIO/D
/DTSB NAME KDunbar KD GHayden GH TAshley TA DNelson DN DATE Oct 13, 2021 Oct 13, 2021 Oct 14, 2021 Oct 28, 2021