Information Security Risk Evaluation of Region II – Atlanta, GA
Report Information
Recommendations
Develop, document, and implement procedures for testing UPSs on a periodic basis. Procedures should include a means to record the results of such testing.
Update key management procedures to include (i) procedures for managing keys to include keys to doors, keys to the safe for storing backups of contractor-managed servers, keys to the safe for storing backups of NRC-managed servers, and keys to the key storage cabinets used to secure the inventory of keys; and (ii) a means to record the storage location and distribution of all keys and the results of key inventories.
Develop, document, and implement combination management procedures to include the following:
a) Combination management procedures for the combinations used to access the safe for storing backups of NRC-managed servers and the combination-controlled lockboxes used to store keys to the key storage cabinets used to secure the inventory of keys.
b) A means to record the use of and dissemination of all combinations and the date the combinations were last changed.
Update backup procedures for NRC-managed servers to include procedures for maintaining shadow copies to support the backup process.
Update backup procedures for seat-managed servers to include the same level of detail as in the backup procedures for NRC-managed servers and procedures for maintaining a monthly image of the Citrix servers on the behalf of ITI.