U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

(OUO)-Independent Evaluation of NRC’s Potential Compromise of Systems (Social Engineering)

Report Information

Date Issued
Report Number
OIG-20-A-09
Report Type
Inspection / Evaluation
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Inform NRC staff that they will be tested periodically for their awareness.

Within the next year, perform follow-on email tests to gauge the efficacy of the updated awareness training.

Verify or update training or guidance that reminds personnel about their responsibilities to protect passwords. The training/guidance should contain a reference to the consequences of violating the safeguarding procedures.

Within the next year, perform follow-on checks to determine if passwords are being protected.

Verify or update training or guidance that reminds personnel about their use of locked screen savers for computers that are not in their immediate control. The training/guidance should contain a reference to the consequences of violating the safeguarding procedures.