U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Audit of the U.S. Nuclear Regulatory Commission's Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2023 Region I: King of Prussia, Pennsylvania

Report Information

Date Issued
Report Number
Report Type
Joint Report
Agency Wide
Yes (agency-wide)
Questioned Costs
Funds for Better Use


We recommend NRC management implement a process to validate that all new users complete their initial security training requirements and acknowledgement of rules of behavior within the defined timeframes NRC has established.

We recommend NRC management define and implement a process to notify appropriate members of personnel security of separations at the Region I facility.

We recommend NRC management define and implement a process to conduct reviews and removal of unnecessary badged access for its Regions.

We recommend NRC management remediate identified vulnerabilities in accordance with NRC’s defined timeframes and document risk acceptances with mitigating controls for vulnerabilities that cannot be remediated within the defined timeframes.