ML19231A359

From kanterella
Revision as of 15:00, 4 January 2025 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Memo - Fiscal Year 2020 Cybersecurity Risk Management Activities
ML19231A359
Person / Time
Issue date: 08/30/2019
From: David Nelson
NRC/OCIO
To: Pamela Baker, Jeff Baran, Frederick Brown, Annie Caputo, Castelveter D, Miriam Cohen, Eugene Dacus, Margaret Doane, Dan Dorman, Laura Dudes, Raymond Furstenau, Catherine Haney, Hawkens E, Brian Holian, Lee D, David Lew, John Lubinski, Nader Mamish, Scott Moore, Scott(Ois) Morris, Mary Muessle, David Nelson, Ho Nieh, Darrell Roberts, Catherine Scott, Shuttleworth E, Kristine Svinicki, Annette Vietti-Cook, Khadijah West, George Wilson, David Wright, Maureen Wylie, Marian Zobler
Advisory Committee on Reactor Safeguards, Office of Administration, Atomic Safety and Licensing Board Panel, NRC/EDO, NRC/EDO/AO, Office of Nuclear Material Safety and Safeguards, Office of Nuclear Reactor Regulation, Office of Nuclear Security and Incident Response, Office of Congressional Affairs, NRC/OCAA, NRC/OCFO, Office of the Chief Human Capital Officer, NRC/OCIO, NRC/OE, NRC/OGC, NRC/OI, NRC/OIG, NRC/OIP, Office of Public Affairs, Office of Nuclear Regulatory Research, NRC Region 1, NRC/RGN-II, NRC/RGN-III, NRC Region 4, NRC/SBCR, NRC/SECY
Alan Sage, 301-415-7060
References
Download: ML19231A359 (4)
v  d  e


Text

August 30, 2019 MEMORANDUM TO:

Those on the Attached List FROM:

David J. Nelson /RA/

Office of the Chief Information Officer

SUBJECT:

FISCAL YEAR 2020 CYBERSECURITY RISK MANAGEMENT ACTIVITIES I want to express my appreciation for your continued efforts to improve the U.S. Nuclear Regulatory Commissions (NRCs) cybersecurity posture and to fulfill the agencys goal to minimize security risks. We have been successful in implementing many improvements through the hard work of you and your staff and these are reflected in our Quarterly Federal Information Security Management Act ratings and audits by the Government Accountability Office and our Inspector General.

The Federal Information Technology Acquisition Reform Act requires the NRC to ensure that its Chief Information Officer has a significant and continuous role in information technology decisions, including annual and multiyear planning, programming, budgeting, execution, reporting, management, governance, and oversight functions. I will continue to work with you to ensure that the agencys information technology decisions use resources effectively and efficiently to meet the agencys mission needs.

The Federal Information Security Modernization Act of 2014 and our implementing framework delineate the risk management activities that we are required to conduct periodically. They include the following:

cybersecurity awareness training cybersecurity role-based training continuous monitoring system cybersecurity assessment system security categorization privacy threshold analysis and privacy impact assessment updates periodic reviews and risk management reporting CONTACT: Jonathan Feibus, OCIO/SDOD 301-415-0717

Those on the attached list Achieving success on such important efforts will require support from all NRC Office Directors, Regional Administrators, and system owners. The agencys success also depends on completion of the risk management activities outlined in the enclosed Cybersecurity Risk Management Activities Instructions. The instructions provide detailed guidance on the required activities, such as making the specified documentation available to required staff, including the Office of the Inspector General.

Contract vehicles are available to NRC Headquarters and regional offices to support these activities. If you require contract support, please ensure sufficient resources and time are available by coordinating requirements with your designated contracting officers representative for cybersecurity program support services.

Additionally, I will continue to focus on ensuring that the agency identifies needed resources in the budget formulation process for all aspects of required cybersecurity for the life of its systems, including plans for hardware and software upgrades and maintenance and for system changes.

Please feel free to contact Jonathan Feibus or me with questions. As always, I expect and appreciate your support as we work to jointly accomplish the agencys mission and minimize cybersecurity risk to the NRC.

Enclosure:

Cybersecurity Risk Management Activities Instructions Fiscal Year 2020

MEMORANDUM TO THOSE ON THE ATTACHED LIST DATED: August 12, 2019

SUBJECT:

FISCAL YEAR 2020 CYBERSECURITY RISK MANAGEMENT ACTIVITIES E-Mail Mail Stops Chairman Svinicki Send a Hard Copy to O-16B33 Commissioner Baran Send a Hard Copy to O-16B33 Commissioner Caputo Send a Hard Copy to O-16B33 Commissioner Wright Send a Hard Copy to O-16B33 Scott W. Moore, Executive Director, Advisory Committee on Reactor Safeguards RidsACRS_MailCTR Resource E. Roy Hawkens, Chief Administrative Judge, Atomic Safety and Licensing Board Panel RidsAslbpManagement Resource Marian L. Zobler, General Counsel RidsOgcMailCenter Resource Catherine L. Scott, Director, Office of Commission Appellate Adjudication RidsOcaaMailCenter Resource Maureen E. Wylie, Chief Financial Officer RidsOcfoMailCenter Resource David C. Lee, Acting Inspector General RidsOigMailCenter Resource Nader L. Mamish, Director, Office of International Programs RidsOipMailCenter Resource Eugene Dacus, Director, Office of Congressional Affairs RidsOcaMailCenter Resource David A. Castelveter, Director, Office of Public Affairs RidsOpaMail Resource Annette Vietti-Cook, Secretary of the Commission RidsSecyMailCenter Resource RidsSecyCorrespondenceMCTR Resource Margaret M. Doane, Executive Director for Operations RidsEdoMailCenter Resource K. Steven West, Deputy Executive Director for Materials, Waste, Research, State, Tribal, Compliance, Administration, and Human Capital Programs, OEDO RidsEdoMailCenter Resource Daniel H. Dorman, Deputy Executive Director for Reactor and Preparedness Programs, OEDO RidsEdoMailCenter Resource Catherine Haney, Assistant for Operations, OEDO RidsEdoMailCenter Resource Mary C. Muessle, Director, Office of Administration RidsAdmMailCenter Resource David J. Nelson, Chief Information Officer RidsOCIO Resource George A. Wilson, Director, Office of Enforcement RidsOeMailCenter Resource Edward Shuttleworth, Director, Office of Investigations RidsOiMailCenter Resource Miriam L. Cohen, Chief Human Capital Officer RidsOchcoMailCenter Resource Frederick D. Brown, Director, Office of New Reactors RidsNroOd Resource (I)

RidsNroMailCenter Resource (A)

John Lubinski, Director, Office of Nuclear Material Safety and Safeguards RidsNmssOd Resource Ho K. Nieh, Director, Office of Nuclear Reactor Regulation RidsNrrOd Resource (I)

RidsNrrMailCenter Resource (A)

Raymond V. Furstenau, Director, Office of Nuclear Regulatory Research RidsResOd Resource (I)

RidsResPmdaMail Resource (A)

Pamela R. Baker, Director, Office of Small Business and Civil Rights RidsSbcrMailCenter Resource Brian E. Holian, Director, Office of Nuclear Security and Incident Response RidsNsirMailCenter Resource David C. Lew, Regional Administrator, Region I RidsRgn1MailCenter Resource Laura A. Dudes, Regional Administrator Region II RidsRgn2MailCenter Resource Darrell J. Roberts, Regional Administrator, Region III RidsRgn3MailCenter Resource Scott A. Morris, Regional Administrator, Region IV RidsRgn4MailCenter Resource

ML19242B537 (Pkg.)

  • Concur via e-mail OFFICE OCIO/GEMSD/COEAB OCIO/GEMSD/COEAB OCIO/GEMSD/COEAB OCIO/GEMSD/CSO NAME ASage*

TL: ASullivan*

BC: CBrown DD: JFeibus DATE 08/21/2019 08/21/2019 08/21/2019 08/21/2019 OFFICE OCIO/GEMSD OCIO/GEMSD CIO NAME DD: MJanney D: JMoses MJanney for DNelson DATE 08/21/2019 08/21/2019 08/30/2019

Retrieved from "https://kanterella.com/w/index.php?title=ML19231A359&oldid=4898249"