Information Security Risk Evaluation of Region III – Lisle, IL
Report Information
Recommendations
Update DI-NR-008, Server Administration, to (i) reflect the current Region III server infrastructure; (ii) document current backup procedures for seat-managed and NRC-managed servers; (iii) document procedures for creating Ghost images, including where those images are stored; (iv) define the schedule for creating Ghost images; (v) correct references to the current seat-management contractor; and (vi) correct any other sections impacted by the changes to the server infrastructure or the transition to the new seat-management contractor.
Update RP-12.1, Region III Facility Security Program, to describe the current requirement to review access permissions to the Region III server room and LAN closets (that are equipped with card readers) on a quarterly basis and to reflect the current NRC employee badge characteristics.
Update DI-12.1, Region III Security System Testing Process, to describe the current requirement to review access permissions to the Region III server room and LAN closets (that are equipped with card readers) on a quarterly basis.
Update DI-NR-006, Region III Switchboard Operations, to reflect the current NRC employee badge characteristics and to describe functions now performed by the protective security officer instead of the receptionist.
Update RP-3.57, System of Procedures, Notices, and Division Instructions, to specify which regional procedures and divisional instructions require annual review and update.