Independent Evaluation of the Security of NRC's Publicly Accessible Web Applications
Report Information
Recommendations
Develop and document procedures for ensuring publicly
accessible Web applications are assigned a system owner
with responsibility for ensuring adequate security measures
are in place for those applications.
Develop and document procedures for ensuring publicly
accessible Web applications are incorporated into an
approved system authorization boundary and for clearly
identifying those applications in system authorization
documentation.
Develop and document procedures for ensuring OHS is
notified of any changes to the population of publicly
accessible Web applications to be included in the Cyber
Hygiene scans.
Develop a plan and schedule to identify, review, and update
all NRC cyber security standards that have not been
updated in the past 12 months.
Develop a plan and schedule for evaluating the
vulnerabilities identified, determining the appropriate action
to address the vulnerability (e.g., mitigation, deviation, risk
acceptance), and implementing the remedial actions.