U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Performance Audit of the U.S. Nuclear Regulatory Commission's Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024 Region III: Naperville, Illinois

Report Information

Date Issued
Report Number
OIG-NRC-25-A-06
Report Type
Audit
Description
The OIG contracted with Sikich CPA LLC to conduct the Performance Audit of the NRC’s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024 Region III: Naperville, Illinois. The objective was to assess the effectiveness of the information security policies, procedures, and practices of the NRC Region III facility. The findings and conclusions presented in this report are the responsibility of Sikich. The OIG’s responsibility is to provide oversight of the contractor’s work in accordance with generally accepted government auditing standards.The agency’s staff indicated that they had no formal comments for inclusion in this report.For the period March 2024 through November 2024, Sikich found that although the NRC generally implemented effective information security policies, procedures, and practices for Region III, the agency’s implementation of a subset of selected controls was not fully effective. There are weaknesses in Region III’s information security program and practices. As a result, one recommendation was made to assist Region III in strengthening its information security program.
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

We recommend that Region III management conduct a physical asset inventory to reflect the current information technology assets located at Region III.

Agency Response Dated April 23, 2025: The U.S. Nuclear Regulatory Commission (NRC) Region III worked closely with the Office of Administration’s Facilities, Logistics, and Support Branch (ADM/FLSB) during the Region III office move and was granted an extension to complete the inventory following the move. As of April 1, 2025, Region III has completed the inventory and shared the results with the ADM/FLSB Senior Property Management Specialist. Moving forward, Region III will review the inventory annually on the schedule provided by ADM/FLSB. Target Completion Date: The NRC recommends closure of this item.<br />
OIG Analysis: The OIG reviewed and verified the evidence that management conducted a physical asset inventory to reflect the current information technology assets located at Region III. This recommendation is now closed.