ML17355A465

From kanterella
Revision as of 06:55, 22 October 2019 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
OEDO-17-00539; OIG-17-A-17 Status of Recommendations: Independent Evaluation of Nrc'S Implementation of the Fisma of 2014 for Fy 2017 - Region I, King of Prussia, PA, Dated August 17, 2017: Memorandum Dated 1/3/18
ML17355A465
Person / Time
Issue date: 01/03/2018
From: David Lew
NRC Region 1
To: Baker B
NRC/OIG/AIGA
Shared Package
ML17184A163 List:
References
OEDO-17-00539, OIG-17-A-17
Download: ML17355A465 (3)


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION REGION I 2100 RENAISSANCE BLVD., Suite 100 KING OF PRUSSIA, PA 19406-2713 January 3, 2018 MEMORANDUM TO: Dr. Brett M. Baker Assistant Inspector General for Audits Office of the Inspector General FROM: David C. Lew /RA/

Acting Regional Administrator Region I SUBJECT STATUS OF RECOMMENDATIONS: INDEPENDENT EVALUATION OF NRCS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT (FISMA) OF 2014 FOR FY 2017 - REGION I, KING OF PRUSSIA, PA (OIG-17-A-17)

This memorandum provides the Region I staffs update for the recommendation pertaining to the Office of the Inspector Generals (OIG) independent evaluation of Region Is implementation of FISMA.

Recommendation 1:

Remediate the identified vulnerabilities within the timeframes specified in Information Security Directorate (ISD) standard ISD-STD-0020, Organization Defined Values for System Security Controls, or submit a deviation request in accordance with ISD Process ISD-PROS-1324, Deviation Request Process.

Response (August 1, 2017):

Agree. Region I will either remediate the identified vulnerabilities within the timeframes specified in ISD standard ISD-STD-0020, Organization Defined Values for System Security Controls, or submit a deviation request in accordance with ISD Process ISD-PROS-1324, Deviation Request Process.

Region I anticipates completing the remediation/deviation request process for the identified high risk findings by August 17, 2017, and October 1, 2017, for the identified moderate risk finding.

Region I anticipates completing all remediation/deviation requests by December 29, 2017, in conjunction with the Regional Information System Authority to Operate.

CONTACT: Michael Dean, RI/ISSO (610) 337-5079

Dr. Brett Baker 2 Region I Update (December 29, 2017):

Region I remediated identified vulnerabilities specified in ISD standard ISD-STD-0020, Organization Defined Values for System Security Controls, or submitted deviation requests in accordance with ISD Process ISD-PROS-1324, Deviation Request Process for those vulnerabilities that could not be remediated. Deviation requests were submitted on November 13, 2017 (ML17319A119) and December 20, 2017 (ML17353A023). On December 22, 2017, the Chief Information Officer granted an Authorization to Operate for the Regional Information System for three years.

cc: R. Lewis, OEDO H. Rasouli, OEDO J. Jolicoeur, OEDO J. Bowen, OEDO J. Storch, OIG B. Baker, OIG S. Zane, OIG B. Serepca, OIG J. Feibus, OCIO B. Bauer, OCIO

Dr. Brett Baker 3

SUBJECT:

STATUS OF RECOMMENDATIONS: INDEPENDENT EVALUATION OF NRCS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT (FISMA) OF 2014 FOR FY 2017 - REGION I, KING OF PRUSSIA, PA (OIG-17-A-17), MEMORANDUM DATED: JANUARY 3, 2018 Distribution: (via e-mail)

D. Lew, RI D. Collins, RI T. Walker, RI M. Dean, RI L. Manning, RI RidsEdoMailCenter DOCUMENT NAME: G/DRM/FISMA/OIG-17-A-17 Status of Recommendations Dated 12.29.17.docx Ticket No: OEDO-17-00539, ADAMS Package - ML17230A017/Memo - ML17355A465 X- Sunsi Review X- Non-Sensitive X - Publicly Available Sensitive Non-Publicly Available OFFICE RI/DRM RI/DRM Ri/drm NAME MDean TEWalker DCLew DATE 12/26/17 12/27/17 1/2/18 OFFICIAL RECORD COPY