Audit of NRC's Laptop Management
Report Information
Recommendations
Develop agencywide policy and procedures regarding the
implementation and monitoring of security controls, especially
concerning virus protection and operating system updates, for
all agency-owned laptop computers.
Communicate the policy in recommendation 1 to the agency
when initially complete. Send periodic reminders of the policy
requirements, as well as detailed instructions on how to fulfill the
requirements.
Provide mandatory formal training to all IT coordinators and
property custodians on how to update security controls on
laptops.
Develop a process for verifying that all required security controls
are implemented on agency-owned laptops.
Develop a protocol to facilitate the efficient and routine updating
of agency-owned laptops located at headquarters.