Audit of NRC's Shared S Drive
Report Information
Recommendations
Revise current personally identifiable information (PII) training to include practical scenarios and knowledge checks that address processing PII on shared network drives.
Revise current information security training for NRC staff to address specific practices for protecting Sensitive Unclassified Non-Safeguards Information (SUNSI) on the agency’s shared network drives.
Develop Controlled Unclassified Information (CUI) policies and guidance for storing and protecting CUI in agency shared drives, and:
a. post this guidance on the NRC intranet; and
b. include this guidance in annual training
Provide Information Technology (IT) coordinators with role-based training focusing on NRC information and network security policies, and means for ensuring staff compliance with these policies.
Implement procedures for quality assurance checks following network upgrades to ensure that access controls are preserved in shared network drives that process documents containing SUNSI/CUI.