Independent Evaluation of NRC’s Use and Security of Social Media

Conduct annual security and vulnerability assessments of NRC‟s social media channels. CSO should outline the requirements to perform the assessments and facilitate the process.

Develop a section on social media security for inclusion in the annual mandatory Computer Security Awareness Course. Include information on Federal and NRC social media policies and employee responsibilities to safeguard PII and sensitive agency information when using social media inside and outside of the NRC network.

Develop a section on social media security for inclusion in the OPA social media training for all official NRC bloggers. Include an overview of social media security and Federal and NRC social media policies, as well as guidelines regarding employee responsibilities to safeguard PII and sensitive agency information when developing posts for the NRC blog.

Disseminate electronic agencywide Yellow Announcements on a periodic basis regarding social media security, NRC-approved social media sites and the responsibilities of employees to safeguard PII, sensitive agency data, and proprietary information when using social media sites inside and outside of the NRC network.

Revise warning messages for network users:A) Revise warning message for users that attempt to access approved social media sites to indicate that any postings they make must comply with Federal and NRC social media policies and that they are responsible for safeguarding the personally identifiable information of themselves, fellow employees and members of the public.B) Revise the warning message to users and visitors who attempt to access approved social media sites via the NRC Intranet site and public facing website to indicate that activity on NRC social media sites is monitored by the Agency and subject to NRC policies.