Results of the Audit of the United States Nuclear Regulatory Commission's Financial Statements for Fiscal Year 2021
Report Information
Recommendations
Periodically review the segregation of duties matrix and update it to reflect relevant changes in business processes or role configurations within the application.
Include a justification for the conflicting roles that reference to compensating controls in place for the requested conflicting roles as part of requests for conflicting roles to be granted to a FAIMIS user.
Log and review any conflicting transactions performed by users with authorized conflicting roles to determine if the conflicting transactions were in fact authorized.
Validate temporary role assignments as a part of the bi-annual user access review to ensure they were removed on a timely basis.
Review administrator logged activity and document log activities that would require further investigation.