U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Reports - NRC

Annual Plan Fiscal Year 2024

The Annual Plan provides the audit and investigative strategies and associated summaries of the specific work planned for the coming year. In addition, it sets forth the OIG’s formal process for identifying priority issues and managing its workload and resources for FY 2024. Since 2014, the NRC OIG has also been assigned to serve as the OIG for the Defense Nuclear Facilities Safety Board. A separate document contains the OIG’s Annual Plan for our work pertaining to that agency.


Audit of the U.S. Nuclear Regulatory Commission’s (NRC) Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2023

Report Number

For this year’s review, IGs were required to assess 20 Core IG FISMA Reporting Metrics and 20 Supplemental IG FISMA Reporting Metrics across five security function areas — Identify, Protect, Detect, Respond, and Recover — to determine the effectiveness of their agencies’ information security program and the maturity level of each function area.1 The maturity levels are: Level 1 - Ad Hoc, Level 2 - Defined, Level 3 - Consistently Implemented, Level 4 - Managed and Measurable, and Level 5 - Optimized.


U.S. Nuclear Regulatory Commission’s Vulnerability Assessment and External Penetration Test

Report Number

The OIG contracted with CliftonLarsonAllen, LLP (CLA) to conduct a vulnerability assessment and an external penetration test of the U.S. Nuclear Regulatory Commission’s (NRC) information system environment in support of the NRC’s fiscal year (FY) 2023 Federal Information Security Modernization Act of 2014 (FISMA) audit. During the vulnerability assessment and external penetration test, CLA identified weaknesses that, if remediated, would help strengthen the NRC’s security posture.


Special Inquiry into the U.S. Nuclear Regulatory Commission's Oversight of Research and Test Reactors (OIG Case No. I2100162)

Report Number

The Office of the Inspector General (OIG) initiated this Special Inquiry following a radioactive release to the environment from the National Institute of Standards and Technology (NIST) test reactor located in Gaithersburg, Maryland on February 3, 2021. After the release, the NIST test reactor was shut down for more than two years before receiving authorization to restart from the U.S. Nuclear Regulatory Commission (NRC).