U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Independent Evaluation of the Security of NRC's Publicly Accessible Web Applications

Report Information

Date Issued
Report Number
OIG-16-A-15
Report Type
Inspection / Evaluation
Joint Report
No
Agency Wide
No (location specific)
Questioned Costs
$0
Funds for Better Use
$0

Recommendations

Develop and document procedures for ensuring publicly
accessible Web applications are assigned a system owner
with responsibility for ensuring adequate security measures
are in place for those applications.

Develop and document procedures for ensuring publicly
accessible Web applications are incorporated into an
approved system authorization boundary and for clearly
identifying those applications in system authorization
documentation.

Develop and document procedures for ensuring OHS is
notified of any changes to the population of publicly
accessible Web applications to be included in the Cyber
Hygiene scans.

Develop a plan and schedule to identify, review, and update
all NRC cyber security standards that have not been
updated in the past 12 months.

Develop a plan and schedule for evaluating the
vulnerabilities identified, determining the appropriate action
to address the vulnerability (e.g., mitigation, deviation, risk
acceptance), and implementing the remedial actions.