U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Performance Audit of the Defense Nuclear Facilities Safety Board's Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2025

Report Information

Date Issued
Report Number
OIG-DNFSB-25-A-05
Report Type
Audit
Description
The Office of the Inspector General (OIG) contracted with Sikich CPA LLC (Sikich) to audit the Defense Nuclear Facilities Safety Board’s (DNFSB) Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2025. The objective was to assess the effectiveness of the information security policies, procedures, and practices of the DNFSB.  The findings and conclusions presented in this report are Sikich’s responsibility.  The OIG’s responsibility was to oversee the contractor’s work in accordance with generally accepted government auditing standards.  Based on their review for the period of October 1, 2024, through June 30, 2025, Sikich found that the DNFSB has not established an effective agency-wide information security program and practices.  There are weaknesses that impact the agency’s ability to protect the DNFSB’s systems and information adequately. As a result of the weaknesses noted in this audit, Sikich made seven new recommendations to assist the DNFSB in strengthening its information security program and practices in addition to the six prior-year recommendations that remain open.
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

We recommend that the DNFSB create and maintain a comprehensive inventory of data and corresponding metadata.

We recommend that the DNFSB prioritize and conduct an annual security control assessment and update the GSS’ System Security Plan, Security Assessment Report, Privacy Impact Assessment, and Information System Contingency Plan in accordance with the DNFSB Risk Management Framework Handbook.