Independent Evaluation of NRC’s Implementation of the Federal Information Security Modernization Act of 2014 For Fiscal Year 2019
Report Information
Recommendations
Based on NRC’s supply chain risk assessment results, complete updates to the NRC’s contingency planning policies and procedures to address supply chain risk training for them.
Continue efforts to conduct agency and system level business impact assessments to determine contingency planning requirements and priorities, including for mission essential functions/high value assets, and update contingency planning policies and procedures accordingly.
planning policies and procedures accordingly. Target Completion Date: FY 2024, Q4
OIG Analysis: The OIG will close this recommendation after confirming that the agency has continued its efforts to conduct agency and
system-level business impact assessments to determine contingency planning requirements and priorities, including for mission-essential functions/high-value assets, and the updated contingency planning policies and procedures accordingly. Status: Open: Resolved.