(OUO)-Independent Evaluation of NRC’s Potential Compromise of Systems (Social Engineering)
Report Information
Recommendations
Inform NRC staff that they will be tested periodically for their awareness.
Within the next year, perform follow-on email tests to gauge the efficacy of the updated awareness training.
Verify or update training or guidance that reminds personnel about their responsibilities to protect passwords. The training/guidance should contain a reference to the consequences of violating the safeguarding procedures.
Within the next year, perform follow-on checks to determine if passwords are being protected.
Verify or update training or guidance that reminds personnel about their use of locked screen savers for computers that are not in their immediate control. The training/guidance should contain a reference to the consequences of violating the safeguarding procedures.