U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Independent Evaluation of DNFSB’s Implementation of the Federal Information Security Modernization Act of 2014 For Fiscal Year 2019

Report Information

Date Issued
Report Number
DNFSB-20-A-05
Report Type
Inspection / Evaluation
Joint Report
Yes
Participating OIG
Nuclear Regulatory Commission OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Based on the results of DNFSB’s supply chain risk assessment included in the recommendation for the Identify function above, update DNFSB’s contingency planning policies and procedures to address ICT supply chain risk.

Agency Response Dated July 15, 2025: Key Supporting Documentation was provided to the Auditor. DNFSB request closure of this recommendation, based on the status update and documentation provided above. <br />
<br />
OIG Analysis: During the fieldwork phase of the Audit of the DNFSB’s Implementation of FISMA for FY 2025, the OIG and its contractors inspected DNFSB’s General Support System Contingency Plan, Supply Chain Strategic Plan, and Supply Chain Risk Management Operating Procedure, and noted that the contingency plan references the supply chain risk management plans and procedures. We noted that the DNFSB discusses supply chain risk management in the<br />
Supply Chain Strategic Plan and Supply Chain Risk Management Operating Procedure. This recommendation is<br />
now closed.<br />
<br />
Agency Response Dated June 2, 2025: As of June 2, 2025, DNFSB did not provide an updated response pertaining to recommendation 11. However, the agency provided an update to the target completion date. Estimated Target Completion Date: FY 2025, Quarter 4<br />
<br />
OIG Analysis: The OIG will close this recommendation after confirming that the agency has updated its contingency planning policies and procedures to address ICT supply chain risk based on the results of the agency’s supply chain risk assessment.<br />
<br />
OIG Analysis: The DNFSB did not provide an updated response. On September 20, 2023, the agency provided the following response: Supply Chain Risk, including ICT, will be addressed in an upcoming Supply Chain Risk Management<br />
Program Operating Procedure. The estimated completion is Q4 FY 2023. The OIG will verify if corrective actions have been taken by the DNFSB to address this recommendation during its FY25 FISMA audit.<br />
<br />
Status: Open: Resolved. Supply Chain Risk, including ICT, will be addressed in an upcoming Supply Chain Risk Management Program Operating Procedure. The estimated completion is Q4 FY2023.