U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Audit of the NRC’s Implementation of the Federal Information Security Modernization Act (FISMA) of 2014 for Fiscal Year 2022

Report Information

Date Issued
Report Number
Report Type
Joint Report
Agency Wide
Yes (agency-wide)
Questioned Costs
Funds for Better Use


Review and update the ITI Core Services SSP System Interconnections tab and related security control implementation to ensure system interconnection details reflect the current system environment.

Implement a process to verify that remaining external interconnections noted in the ITI Core Services SSP have documented, up-to-date ISA/MOUs or SLAs in place as applicable.

Update the ITI inventory to correct any discrepancies and incorrect information listed for ITI devices tracked in the Common Computing Services, Peripherals, Unified Communications and Voice over Internet Protocol subsystem inventories.

Document and implement a periodic review of subsystem inventories to verify information maintained for each ITI subsystem is current, complete, and accurate.

Implement a process to document the supply chain risk management requirements within the NRC information systems’ system security plans.