Independent Evaluation of NRC's Implementation of the Federal Information Security Modernization Act of 2014 for FY 2018
Report Information
Recommendations
Develop and implement a process to remove all non-standard software that has not been approved by an authorized agency official.
Implement a process to manage non-standard software to
ensure the software is properly approved and inspected for
security weaknesses before the software is installed on NRC’s network.
Monitor the approved installed software on NRC’s network to
determine whether it is still in use, periodically inspect the
software for known vulnerabilities, and mitigate any vulnerabilities found.
Develop and establish processes and procedures to govern
the installation of non-standard software, including processes and procedures on determining impact to agency operations or cybersecurity.
Implement a process to remove unsupported software from
NRC networks.