Independent Evaluation of NRC’s Implementation of the Federal Information Security Modernization Act of 2014 For Fiscal Year 2019
Report Information
Recommendations
Use the fully defined ISA to assess enterprise, business process, and information system level risks.
Fully define NRC’s ISA across the enterprise and business
processes and system levels.
Identify and implement a software whitelisting tool to detect
authorized software and block the risk of unauthorized software on its network.
Perform an assessment of role-based privacy training gaps.
Identify individuals having specialized role-based responsibilities for PII or activities involving PII and develop role-based privacy training for them.
OIG Analysis: The OIG will close this recommendation after getting assurance from evidence that the agency has identified individuals having specialized role-based responsibilities for PII [personally identifiable information] or activities involving PII and has developed role-based privacy training for them. Status: Open: Resolved.