Independent Evaluation of NRC's Implementation of the Federal Information Security Management Act for Fiscal Year 2008
Report Information
Recommendations
Update the NRC System Information Control Database to identify all interfaces between systems.
Develop and implement procedures to ensure interface information in the NRC SystemInformation Control Database is consistent with interface information in security plansand risk assessments.
Develop agencywide policy and procedures regarding the implementation and monitoringof Federal Desktop Core Configuration controls for all desktop and laptop computers,including both those that are centrally managed under the agency’s seat managementcontract and those that are owned by the agency regardless of whether or not they areconnected to the agency’s network.
Develop a process for verifying that all Federal Desktop Core Configuration controls areimplemented for all desktop and laptop computers, including both those that are centrallymanaged under the agency’s seat management contract and those that are owned by theagency regardless of whether or not they are connected to the agency’s network.