U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Independent Evaluation of the DNFSB’s Implementation of the Federal Information Security Modernization Act (FISMA) of 2014 for Fiscal Year 2020

Report Information

Date Issued
Report Number
DNFSB-21-A-04
Report Type
Inspection / Evaluation
Joint Report
Yes
Participating OIG
Nuclear Regulatory Commission OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Conduct the agency’s annual breach response plan exercise for FY 2021.

Agency Response Dated February 27, 2025: DNFSB conducted an annual breach response plan exercise in September 2024. Evidence related to this exercise includes the tabletop exercise plan, after action report, attendance list and other information related to the exercise. <br />
OIG Analysis: The OIG confirmed that the agency conducted its annual breach response exercise plan. Hence, this recommendation is now closed.<br />
<br />
Status: Open: Resolved. DNFSB conducted incident response/contingency plan exercises on September 26 &amp; 27, 2022 and May 24, 2023, that included testing the agency’s breach response plan. The exercises and after-action reports can be provided. DNFSB requests confirmation from the OIG if the exercises performed above resolve this Recommendation, and if so, then this recommendation needs to be closed. Based on actions already taken, DNFSB’s position is that this Recommendation needs to be closed.

Continue current efforts to refine existing monitoring and assessment procedures to more effectively support ongoing authorization of the DNFSB system.

Update the DNFSB’s incident response plan to include profiling techniques for identifying incidents and strategies to contain all types of major incidents.

Based on the results of the DNFSB’s supply chain risk assessment included in the recommendation for the Identify function above, update the DNFSB’s contingency planning policies and procedures to address ICT supply chain risk.

Status: Open: Resolved. Supply Chain Risk, including ICT, will be addressed in an upcoming Supply Chain Risk Management Program Operating Procedure. The estimated completion is Q4FY23.<br />
<br />