Independent Evaluation of NRC's Implementation of the Federal Information Security Modernization Act of 2014 For FY 2016
Report Information
Recommendations
Develop a plan and schedule for ensuring all common controls are tested in accordance with NRC’s continuous monitoring process.
Develop a plan and schedule for developing a comprehensive inventory of all NRC systems.
Develop supporting processes, procedures, and guidance for ensuring the NRC systems inventory is maintained.
Based on the updated inventory of contractor systems, identify those that are not compliant with ISD-PROS-2030, NRC Risk Management Framework, and complete appropriate authorization activities for those systems.
Develop procedures for ensuring the annual IT risk management activities for systems owned and/or operated by other agencies or contractors are completed in accordance with NRC requirements.