Audit of the U.S. Nuclear Regulatory Commission's Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2023 Region II: Atlanta, Georgia
Report Information
Recommendations
We recommend NRC management define and implement a process to conduct reviews and removal of unnecessary badged access for its Regions.
We recommend NRC management remediate the Region II identified vulnerabilities in accordance with NRC’s defined timeframes and document risk acceptances with mitigating controls for vulnerabilities that cannot be remediated within the defined timeframes.