U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Independent Evaluation of DNFSB’s Implementation of the Federal Information Security Modernization Act of 2014 For Fiscal Year 2019

Report Information

Date Issued
Report Number
DNFSB-20-A-05
Report Type
Inspection / Evaluation
Joint Report
Yes
Participating OIG
Nuclear Regulatory Commission OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Implement procedures and define roles for reviewing configuration change activities to the DNFSB information system production environment by those with privileged access to verify the activity was approved by the system CCB and executed appropriately

Complete and document a risk-based justification for not implementing an automated solution (e.g. Splunk) to help maintain an up-to-date, complete, accurate, and readily available view of the security configurations for all information system components connected to the organization’s network.

Continue efforts to meet milestones of the DNFSB ICAM Strategy necessary for fully transitioning to DNFSB’s “to-be" ICAM architecture.

Agency Response Dated February 27, 2025: The DNFSB published its Enterprise Architecture that includes the agency’s “to-be” ICAM architecture in December 2024 and published OP 411.1-7, Identification and Authentication Operating Procedures, in September 2024. <br />
OIG Analysis: The OIG confirmed that the agency has met the milestones of the DNFSB ICAM Strategy necessary for fully transitioning to DNFSB’s “to-be&quot; ICAM architecture. Hence, this recommendation is now closed.<br />
<br />
Status: Open: Resolved. DNFSB continues to implement its zero-trust architecture, which encompasses the majority of DNFSB’s “to-be” ICAM infrastructure. Without guidance on what specific additional actions the OIG feels need to be taken, the DNFSB cannot close out this recommendation.

Complete current efforts to refine existing monitoring andassessment procedures to more effectively support ongoingauthorization of the DNFSB system.

Identify and fully define requirements for the incident response technologies DNFSB plans to utilize in the specified areas and how these technologies respond to detected threats (e.g. cross-site scripting, phishing attempts, etc.).