Independent Evaluation of NRC’s Use and Security of Social Media
Report Information
Recommendations
Revise warning messages for network users:
A) Revise warning message for users that attempt to access approved social media sites to indicate that any postings they make must comply with Federal and NRC social media policies and that they are responsible for safeguarding the personally identifiable information of themselves, fellow employees and members of the public.
B) Revise the warning message to users and visitors who attempt to access approved social media sites via the NRC Intranet site and public facing website to indicate that activity on NRC social media sites is monitored by the Agency and subject to NRC policies.
Revise the Problem Report to include a link to the Interim Guidance on the Use of Social Media.
Include social media security articles in the IT Security Awareness Newsletter, which is published and disseminated by the Computer Security Office (CSO) on a quarterly basis.
Establish a social media governance structure including representatives from the OGC, CSO (Policy Standards and Training Team, Cyber Situational Awareness, Analysis and Response Team), OIS (ICOD, Enterprise Architecture Team, Records and Archives Services Section, FOIA/Privacy Section) and OPA, and convene periodic meetings to guide NRC policies and practices around social media content, security, privacy, and records management.
Establish a social media governance structure including representatives from the OGC, CSO (Policy Standards and Training Team, Cyber Situational Awareness, Analysis and Response Team), OIS (ICOD, Enterprise Architecture Team, Records and Archives Services Section, FOIA/Privacy Section) and OPA, and convene periodic meetings to guide NRC policies and practices around social media content, security, privacy, and records management.