Independent Evaluation of NRC’s Implementation of the Federal Information Security Management Act for Fiscal Year 2014
Report Information
Recommendations
In support of continuous monitoring, develop a plan and schedule for updating all NRC system security plans, as well as the NRC Information Security Program Plan, to reflect NIST SP 800-53, Revision 4.
Based on the updated inventory of contractor systems, identify those that are not compliant with CSO-PROS-2030, NRC Risk Management Framework, and complete appropriate authorization activities for those systems.
Based on the updated inventory of contractor systems, identify those that are not compliant with CSO-PROS-2030, NRC Risk Management Framework, and complete appropriate authorization activities for those systems.