U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Independent Evaluation of NRC’s Implementation of the Federal Information Security Modernization Act of 2014 For Fiscal Year 2019

Report Information

Date Issued
Report Number
OIG-20-A-06
Report Type
Inspection / Evaluation
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Use the fully defined ISA to update the list of high value assets by considering risks from the supporting business functions and mission impacts.

Use the fully defined ISA to assess enterprise, business process, and information system level risks.

Use the fully defined ISA to identify and update NRC risk
management policies, procedures, and strategy.

Use the fully defined ISA to conduct a supply chain risk
assessment.

Use the fully defined ISA to conduct an organization-wide security and privacy risk assessment.