Results of the Audit of the United States Nuclear Regulatory Commission's Financial Statements for Fiscal Year 2021
Report Information
Recommendations
Implement the technical capability to disable or remove users who are inactive for greater than the organizationally defined threshold of 90 days.
Enhance the periodic recertification of access by ensuring that managers review the access privileges of their staff against the most current segregation of duties matrix to ensure the roles currently assigned conform to policy. In addition, we recommend the help desk documents the removal of roles that management has noted as unnecessary and communicates the confirmation with management that the user’s roles were removed.
Enhance the process to help ensure that STAQS Access Request Forms are completed and retained.
Enhance the process to help ensure that NRC Form 270 is completed and retained for each employee that is separated from the NRC.