U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Independent Evaluation of NRC’s Implementation of the Federal Information Security Modernization Act of 2014 For Fiscal Year 2019

Report Information

Date Issued
Report Number
OIG-20-A-06
Report Type
Inspection / Evaluation
Joint Report
Yes
Participating OIG
Nuclear Regulatory Commission OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Based on NRC’s supply chain risk assessment results, complete updates to the NRC’s contingency planning policies and procedures to address supply chain risk training for them.

Agency Response Dated May 16, 2025: The NRC has updated its contingency planning policies and procedures and addressed supply chain risk. OIG Analysis: The OIG reviewed and confirmed the NRC updated its contingency planning policies and procedures to address supply chain risk. This recommendation is now closed. <br />
<br />
Status: Open: Resolved. The NRC estimates that the agency will need 6 months to complete this task. Because this task is dependent on the completion of recommendation 2e, the NRC’s new target date for completion is FY2025 Q1.

Continue efforts to conduct agency and system level business impact assessments to determine contingency planning requirements and priorities, including for mission essential functions/high value assets, and update contingency planning policies and procedures accordingly.

Agency Response Dated March 20, 2024: The NRC will conduct agency- and system-level business impact assessments to determine contingency planning requirements and priorities, including for mission-essential functions/high-value assets, and update contingency<br />
planning policies and procedures accordingly. Target Completion Date: FY 2024, Q4<br />
OIG Analysis: The OIG will close this recommendation after confirming that the agency has continued its efforts to conduct agency and<br />
system-level business impact assessments to determine contingency planning requirements and priorities, including for mission-essential functions/high-value assets, and the updated contingency planning policies and procedures accordingly. Status: Open: Resolved.