Independent Evaluation of NRC's Implementation of the FISMA Act of 2014 for FY17
Perform a gap analysis to identify required IT security program documents, IT security program documents that need to be developed, and IT security program documents that need to be updated and/or finalized.
Develop a schedule for developing, updating and completing all required IT security program documentation.
Develop policies and procedures for keeping IT security program documentation up-to-date.
Develop and implement a schedule for reviewing and updating all security categorizations.
Develop and implement a schedule for reviewing and updating all business impact assessments and for developing them if they are missing.