Audit of NRC's Safeguards Information Local Area Network and Electronic Safe
Report Information
Recommendations
Develop and implement a change control process to routinely evaluate and implement any changes to SLES. Include members from the technical (OIS) and policy (NSIR) sides of SLES, as well as a representative from a Regional office, and gather user concerns from the SLES community.
Develop a structured access process that is consistent with the SGI need-to-know requirement and least privilege principle. This should include: Establishing folder owners within SLES and providing the owners the authority to approve the need-to-know authorization (as opposed to branch chiefs). Conducting periodic reviews of user access to folders. Developing a standard process to grant user access.