Office of the Inspector General Information System Security Evaluation of Region I - King of Prussia, PA
Report Information
Recommendations
Update the backup procedures found in the Region I Standard Operating Procedures for AIS Security to reflect the actual backup procedures being implemented, the current Region I IT environment, and to include the procedures for sending and receiving backup tapes to the offsite storage location.
Develop and document a contingency plan for the Region I seat-managed infrastructure
servers.
Develop and document a contingency plan for the Region I NRC-managed servers.
Evaluate the vulnerabilities identified by the network vulnerability assessment and
develop a plan and schedule to identify any false positives and to resolve the remaining
vulnerabilities.
Perform a network vulnerability scan following remediation to verify all vulnerabilities
have been resolved.