U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Independent Evaluation of NRC's Implementation of the Federal Information Security Modernization Act (FISMA) of 2014 for Fiscal Year 2020

Report Information

Date Issued
Report Number
OIG-21-A-05
Report Type
Inspection / Evaluation
Joint Report
No
Agency Wide
No (location specific)
Questioned Costs
$0
Funds for Better Use
$0

Recommendations

Update the list of high value assets, if necessary, based on reviewing the ISA to identify risks from the supporting business functions and mission impacts.

Assess enterprise, business process, and information system level risks.

Assess the NRC supply chain risk and fully define performance metrics in service level agreements and procedures to measure, report on, and monitor the risks related to contractor systems and services.

Consistently assess the criticality of POA&Ms to support why a POA&M is or is not of a high or moderate impact to the Confidentiality, Integrity and Availability (CIA) of the information system, data, and mission.

Conduct an organization wide security and privacy risk assessment and implement a process to capture lessons learned and update risk management policies, procedures, and strategies.