Reports - NRC

For this year’s review, IGs were required to assess 20 Core IG FISMA Reporting Metrics and 20 Supplemental IG FISMA Reporting Metrics across five security function areas — Identify, Protect, Detect, Respond, and Recover — to determine the effectiveness of their agencies’ information security program and the maturity level of each function area.1 The maturity levels are: Level 1 - Ad Hoc, Level 2 - Defined, Level 3 - Consistently Implemented, Level 4 - Managed and Measurable, and Level 5 - Optimized.

The OIG contracted with CliftonLarsonAllen, LLP (CLA) to conduct a vulnerability assessment and an external penetration test of the U.S. Nuclear Regulatory Commission’s (NRC) information system environment in support of the NRC’s fiscal year (FY) 2023 Federal Information Security Modernization Act of 2014 (FISMA) audit. During the vulnerability assessment and external penetration test, CLA identified weaknesses that, if remediated, would help strengthen the NRC’s security posture.

The Office of the Inspector General (OIG) initiated this Special Inquiry following a radioactive release to the environment from the National Institute of Standards and Technology (NIST) test reactor located in Gaithersburg, Maryland on February 3, 2021. After the release, the NIST test reactor was shut down for more than two years before receiving authorization to restart from the U.S. Nuclear Regulatory Commission (NRC).

In October 1987, the U.S. Nuclear Regulatory Commission (NRC) contracted with Southwest Research Institute (SwRI) to operate a Federally Funded Research and Development Center (FFRDC), with the principal focus to provide support for the NRC’s activities in licensing a deep geologic repository for high level waste and spent nuclear fuel. The SwRI established the Center for Nuclear Waste Regulatory Analyses to serve as an FFRDC. The current contract is the NRC’s seventh renewal of the FFRDC contract.

This report highlights the work of the Office of the Inspector General for the Nuclear Regulatory Commission (NRC) and the Defense Nuclear Facilities Safety Board (DNFSB) from October 1, 2022, to March 31, 2023. During this reporting period, we initiated thirteen audit reports and issued four. We also opened ten investigative cases and completed twelve, six of which were referred to the Department of Justice, and six of which were referred to NRC or DNFSB management for action.

The audit objective was to determine the adequacy of the NRC’s handling and processing of irretrievable well logging source abandonments.