Audit of the U.S. Nuclear Regulatory Commission’s (NRC) Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2023
For this year’s review, IGs were required to assess 20 Core IG FISMA Reporting Metrics and 20 Supplemental IG FISMA Reporting Metrics across five security function areas — Identify, Protect, Detect, Respond, and Recover — to determine the effectiveness of their agencies’ information security program and the maturity level of each function area.1 The maturity levels are: Level 1 - Ad Hoc, Level 2 - Defined, Level 3 - Consistently Implemented, Level 4 - Managed and Measurable, and Level 5 - Optimized.
U.S. Nuclear Regulatory Commission’s Vulnerability Assessment and External Penetration Test
The OIG contracted with CliftonLarsonAllen, LLP (CLA) to conduct a vulnerability assessment and an external penetration test of the U.S. Nuclear Regulatory Commission’s (NRC) information system environment in support of the NRC’s fiscal year (FY) 2023 Federal Information Security Modernization Act of 2014 (FISMA) audit. During the vulnerability assessment and external penetration test, CLA identified weaknesses that, if remediated, would help strengthen the NRC’s security posture.
Special Inquiry into the U.S. Nuclear Regulatory Commission's Oversight of Research and Test Reactors (OIG Case No. I2100162)
The Office of the Inspector General (OIG) initiated this Special Inquiry following a radioactive release to the environment from the National Institute of Standards and Technology (NIST) test reactor located in Gaithersburg, Maryland on February 3, 2021. After the release, the NIST test reactor was shut down for more than two years before receiving authorization to restart from the U.S. Nuclear Regulatory Commission (NRC).
Audit of the U.S. Nuclear Regulatory Commission's Oversight of the Federally Funded Research and Development Center Contract
In October 1987, the U.S. Nuclear Regulatory Commission (NRC) contracted with Southwest Research Institute (SwRI) to operate a Federally Funded Research and Development Center (FFRDC), with the principal focus to provide support for the NRC’s activities in licensing a deep geologic repository for high level waste and spent nuclear fuel. The SwRI established the Center for Nuclear Waste Regulatory Analyses to serve as an FFRDC. The current contract is the NRC’s seventh renewal of the FFRDC contract.
Semiannual Report to Congress October 1, 2022–March 31, 2023
This report highlights the work of the Office of the Inspector General for the Nuclear Regulatory Commission (NRC) and the Defense Nuclear Facilities Safety Board (DNFSB) from October 1, 2022, to March 31, 2023. During this reporting period, we initiated thirteen audit reports and issued four. We also opened ten investigative cases and completed twelve, six of which were referred to the Department of Justice, and six of which were referred to NRC or DNFSB management for action.
Audit of the U.S. Nuclear Regulatory Commission’s Oversight of Irretrievable Well Logging Source Abandonments
The audit objective was to determine the adequacy of the NRC’s handling and processing of irretrievable well logging source abandonments.