OIG-22-A-04, Status of Recommendations Audit of the U.S. Nuclear Regulatory Commission’S Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2021, Dated, January 21, 2026

From kanterella
Revision as of 01:27, 21 February 2026 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
OIG-22-A-04 Status of Recommendations Audit of the U.S. Nuclear Regulatory Commission’S Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2021, Dated, January 21, 2026
ML26021A056
Person / Time
Issue date: 01/21/2026
From: Virkar H
NRC/OIG/AIGA
To: Mark King
NRC/EDO
References
OIG-22-A-04
Download: ML26021A056 (0)
v  d  e


Text

NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930 nrcoig.oversight.gov MEMORANDUM DATE:

January 21, 2026 TO:

Michael F. King Executive Director for Operations FROM:

Hruta Virkar, CPA /RA/

Assistant Inspector General for Audits & Evaluations

SUBJECT:

STATUS OF RECOMMENDATIONS: AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2021 (OIG-22-A-04)

REFERENCE:

CHIEF INFORMATION OFFICER, OFFICE OF THE CHIEF INFORMATION OFFICER MEMORANDUM DATED DECEMBER 30, 2025 Attached is the Office of the Inspector Generals (OIG) analysis and status of recommendations, as discussed in the agencys response dated December 30, 2025.

Recommendations 1-7 and 9-18 were previously closed. Based on this response, Recommendation 8 remains open and resolved. Please provide an updated status of the open, resolved recommendation by July 24, 2026.

If you have any questions or concerns, please call me at 301.415.1982 or Mike Blair, Team Leader, at 301.415.8399.

Attachment:

As stated cc: J. Martin, ADO D. Lewis, DADO E. Deeds, OEDO OIG Liaison Resource EDO ACS Distribution

Evaluation Report AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2021 Status of Recommendations (OIG-22-A-04) 2 Recommendation 8:

Develop and implement role-based training with those who hold supply chain risk management roles and responsibilities to detect counterfeit system components.

Agency Response Dated December 30, 2025:

The U.S. Nuclear Regulatory Commission (NRC) is addressing this finding by incorporating role-based training for personnel with supply chain risk management roles and responsibilities through the quarterly Information System Security Manager (ISSM) Forum. This forum provides a structured platform to deliver targeted training focused on identifying, detecting, and mitigating risks associated with counterfeit system components. The NRC will continue to use the ISSM Forum to ensure relevant stakeholders receive recurring, role-appropriate training and updates related to supply chain risk management and counterfeit detection.

Target Completion Date: Fiscal Year 2026, first quarter OIG Analysis:

The OIG will close this recommendation after confirming that the NRC has developed and implemented role-based training with those who hold supply chain risk management roles and responsibilities to detect counterfeit system components.

Status:

Open: Resolved

Retrieved from "https://kanterella.com/w/index.php?title=OIG-22-A-04,_Status_of_Recommendations_Audit_of_the_U.S._Nuclear_Regulatory_Commission’S_Implementation_of_the_Federal_Information_Security_Modernization_Act_of_2014_for_Fiscal_Year_2021,_Dated,_January_21,_2026&oldid=5557404"