U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Independent Evaluation of DNFSB’s Implementation of the Federal Information Security Modernization Act of 2014 For Fiscal Year 2019

Report Information

Date Issued
Report Number
DNFSB-20-A-05
Report Type
Inspection / Evaluation
Joint Report
Yes
Participating OIG
Nuclear Regulatory Commission OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Based on the results of DNFSB’s supply chain risk assessment included in the recommendation for the Identify function above, update DNFSB’s contingency planning policies and procedures to address ICT supply chain risk.

Agency Response Dated June 2, 2025: As of June 2, 2025, DNFSB did not provide an updated response pertaining to recommendation 11. However, the agency provided an update to the target completion date. Estimated Target Completion Date: FY 2025, Quarter 4<br />
<br />
OIG Analysis: The OIG will close this recommendation after confirming that the agency has updated its contingency planning policies and procedures to address ICT supply chain risk based on the results of the agency’s supply chain risk assessment.<br />
<br />
OIG Analysis: The DNFSB did not provide an updated response. On September 20, 2023, the agency provided the following response: Supply Chain Risk, including ICT, will be addressed in an upcoming Supply Chain Risk Management<br />
Program Operating Procedure. The estimated completion is Q4 FY 2023. The OIG will verify if corrective actions have been taken by the DNFSB to address this recommendation during its FY25 FISMA audit.<br />
<br />
Status: Open: Resolved. Supply Chain Risk, including ICT, will be addressed in an upcoming Supply Chain Risk Management Program Operating Procedure. The estimated completion is Q4 FY2023.