Audit of the Defense Nuclear Facilities Safety Board’s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024

The Office of the Inspector General (OIG) contracted with Sikich to conduct the Audit of the Defense Nuclear Facilities Safety Board’s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024. The objective was to assess the effectiveness of the information security policies, procedures, and practices of the Defense Nuclear Facilities Safety Board (DNFSB). The findings and conclusions presented in this report are the responsibility of Sikich. The OIG’s responsibility is to provide oversight of the contractor’s work in accordance with generally accepted government auditing standards. Based on its assessment of the period October 1, 2023, through June 30, 2024, Sikich found that the DNFSB has not established an effective agency-wide information security program or effective information security practices. There are weaknesses that impact the agency’s ability to adequately protect the DNFSB’s systems and information.