Audit of the NRC’s Implementation of the Federal Information Security Modernization Act (FISMA) of 2014 for Fiscal Year 2022
Report Information
Recommendations
Review and update the ITI Core Services SSP System Interconnections tab and related security control implementation to ensure system interconnection details reflect the current system environment.
Implement a process to verify that remaining external interconnections noted in the ITI Core Services SSP have documented, up-to-date ISA/MOUs or SLAs in place as applicable.
Update the ITI inventory to correct any discrepancies and incorrect information listed for ITI devices tracked in the Common Computing Services, Peripherals, Unified Communications and Voice over Internet Protocol subsystem inventories.
Document and implement a periodic review of subsystem inventories to verify information maintained for each ITI subsystem is current, complete, and accurate.
Implement a process to document the supply chain risk management requirements within the NRC information systems’ system security plans.