Audit of NRC's Foreign Assignee Program
STATUS OF RECOMMENDATIONS: AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSION’S FOREIGN ASSIGNEE PROGRAM (OIG-17-A-07)
Develop a procedural document describing a consistent process for security planning, and for inviting, onboarding, and supervising foreign assignees to support information protection.
Develop a secure, cost-efficient method to provide foreign assignees an email account which allows for NRC detection and mitigation of inadvertent transmission of sensitive information and seek Commission approval to implement it.
When an NRC approved email account is available, develop specific Computer Security Rules of Behavior for foreign assignees using the approved email.