U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Independent Evaluation of the DNFSB’S Implementation of the Federal Information Security Modernization Act of 2014 for FY 2021

Report Information

Date Issued
Report Number
DNFSB-22-A-04
Report Type
Inspection / Evaluation
Joint Report
Yes
Participating OIG
Nuclear Regulatory Commission OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Configure all incident response tools in place to be interoperable, can collect and retain relevant and meaningful data that is consistent with the incident response policy, plans and procedures.

Develop and track metrics related to the performance of contingency planning and recovery related activities.

Status: Open: Resolved. DNFSB is currently revising the DNFSB GSS Information System Contingency Plan. An updated version with performance metrics is expected to be completed in Q4 FY 2023. DNFSB previously rejected this recommendation.

Conduct a business impact assessment within every two years to assess mission essential functions and incorporate the results into strategy and mitigation planning activities.

Agency Response Dated June 2, 2025: As of June 2, 2025, DNFSB did not provide an updated response pertaining to recommendation 11. However, the agency provided an update to the target completion date. Estimated Target Completion Date: FY 2025, Quarter 4 <br />
OIG Analysis: The OIG will close this recommendation after confirming that the agency has conducted a BIA every 2 years to assess mission essential functions and incorporate the results into strategy and mitigation planning activities.<br />
<br />
Agency Status: In a February 26th, 2025, meeting between the DNFSB and OIG, the DNFSB noted that, “corrective action is ongoing,” and “the DNFSB is currently establishing an enterprise risk management program”. Once established, this program will conduct a BIA.” <br />
OIG Analysis: The DNFSB met with the OIG on February 26th, 2025, to discuss potential corrective actions for this recommendation. To close this recommendation, the DNFSB will need to demonstrate they have conducted a DHS Federal Emergency Management Agency (FEMA) Federal Continuity Directive (FCD) 2 process-based BIA in 2025 and show that they have incorporated the results into their contingency planning strategy and mitigation planning activities. Preferably, updates to a system-based BIA supporting the DNFSB General Support Systems (GSS) Information System<br />
Contingency Program (ISCP) would be completed in parallel to ensure the most current information was reflected in the DNFSB’s contingency planning at the Mission Essential Functions (MEF), Primary Mission Essential Functions (PMEF), and system levels. It would also be preferable if regular, process- and system-level BIA updates were<br />
incorporated as part of the ISCP program / National Institute of Standards and Technology (NIST) Risk<br />
Management Framework (RMF) Monitor step in accordance with DHS FEMA FCD 2 Annex D and NIST Special<br />
Publication (SP) 800-34, Section 3.6, requirements. The OIG will verify if corrective actions have been taken by<br />
the DNFSB to address this recommendation during its FY25 FISMA audit.<br />
<br />
Status: Open: Resolved. This recommendation will be resolved when an agency-wide BIA is performed. DNFSB will complete a BIA Q3 FY 2024.

Implement role-based training for individuals with significant contingency planning and disaster recovery related responsibilities.

Status: Open: Resolved. DNFSB has identified appropriate contingency training and select members of the Contingency Planning Team have completed the training. DNFSB will deliver this training to identified individuals by Q1 FY 2024.