Independent Evaluation of NRC's Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2017-Region IV, Arlington, Texas
Report Information
Recommendations
Update Region IV policy guides that are due for review in accordance with PG 0001.13.
Remediate the identified vulnerabilities within the timeframes specified in ISD standard ISD-STD-0020, or submit a deviation request in accordance with Information Security Directorate Process ISD-PROS-1324, Deviation Request Process.
Update the backup procedures for Region IV NRC-managed servers to include backup procedures for the Region IV IT [Information Technology] support server and for sending backups to an offsite storage location.
Address the identified vulnerabilities within the timeframes specified in ISD [Information Security Directorate] standard ISD-STD-0020, Organization Defined Values for System Security Controls.