Sorry, you need to enable JavaScript to visit this website.
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audit of the U.S. Nuclear Regulatory Commission’s (NRC) Cybersecurity Inspection Program for Operating Nuclear Power Plants

Report Information

Date Issued
Report Number
OIG-NRC-26-A-03
Report Type
Audit
Description
The OIG determined that the current cybersecurity program guidance lacks clarity; expectations for maintaining training qualifications are not well-defined; the cybersecurity inspection process contains redundant and time-consuming tasks; and NRC staff members did not always accurately report their time spent on cybersecurity inspection-related activities.  The OIG makes 9 recommendations to enhance the effectiveness, consistency, and efficiency of the NRC’s cybersecurity inspection program. 
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

The OIG recommends that the Executive Director for Operations train staff on the correct Cost Activity Codes for reporting fee-billable and non-billable cybersecurity inspection activities within the Human Capital Management Cloud System.

The OIG recommends that the Executive Director for Operations finalize the Cyber Security Issues Forum Draft Charter to include the Cost Activity Codes used by staff members when participating in or observing meetings.

The OIG recommends that the Executive Director for Operations develop clear guidance on the appropriate use of security oversight Cost Activity Codes.

The OIG recommends that the Executive Director for Operations develop and implement Enterprise Project Identifier codes for inspection oversight activities to improve tracking of safety and security related oversight activities.