Audit of the U.S. Nuclear Regulatory Commission’s (NRC) Cybersecurity Inspection Program for Operating Nuclear Power Plants
The OIG determined that the current cybersecurity program guidance lacks clarity; expectations for maintaining training qualifications are not well-defined; the cybersecurity inspection process contains redundant and time-consuming tasks; and NRC staff members did not always accurately report their time spent on cybersecurity inspection-related activities. The OIG makes 9 recommendations to enhance the effectiveness, consistency, and efficiency of the NRC’s cybersecurity inspection program.
Audit of the U.S. Nuclear Regulatory Commission’s Qualification Programs
The U.S. Nuclear Regulatory Commission (NRC) does not have an adequate process for managing, tracking, and monitoring staff qualification records. The OIG found that NRC offices use inconsistent information-gathering methods, driven by changes in management’s workforce planning and individual office preferences for using separate information systems. As a result, the NRC may face reduced efficiency in retrieving qualification records and may lack full visibility into staff qualification gaps─factors that could adversely impact the agency’s ability to carry out its mission.
Audit of the U.S. Nuclear Regulatory Commission’s Awards and Recognition Program
The Office of the Inspector General (OIG) found that the U.S. Nuclear Regulatory Commission (NRC) generally administered performance awards effectively; however, the OIG identified deficiencies in administering special act awards that require improvement. Specifically, the NRC granted special act awards frequently, often without sufficient justification, raising concerns about compliance with the policy criteria intended to recognize exceptional or superior achievements or contributions.