We recommend that NRC management increases the current SIEM tool licensing level and acquires funding to adequately support the procurement, onboarding, and implementation of requirements across all EL maturity tiers to ensure events are logged and tracked in accordance with OMB M-21-31.
Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Open
Source UUID
229b59dd-a72e-4fb4-b86b-b05c46328066-3
Recommendation Number
3
Additional Information
Agency Response Dated December 10, 2024: The NRC has increased the SIEM tool licensing level and acquired funding to adequately support procurement and onboarding and implementation of requirements across all EL maturity tiers to ensure events are logged and tracked in accordance with OMB M-21-31. Target Completion Date: The NRC recommends closure of this item.
OIG Analysis: The OIG has reviewed the evidence and confirms that the agency has increased the current SIEM tool licensing level and acquired funding. A month after the OIG’s audit fieldwork ended for the FY 2024 FISMA audit, NRC
management informed the OIG that the agency has achieved EL1 maturity. The OIG will close this recommendation after verifying that the agency has implemented all requirements across EL maturity tiers (EL1, EL2, and EL3) to ensure
events are logged and tracked in accordance with OMB M-21-31.
Agency Response Dated June 6, 2024: The NRC has increased the SIEM tool licensing level and acquired funding to adequately support procurement and onboarding. The NRC plans to implement all requirements across EL maturity tiers EL1 (Basic), EL2 (Intermediate), and EL3 (Advanced) to ensure events are logged and tracked in accordance with OMBM- 21-31, “Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents,” dated August 27, 2021, by the fourth quarter (Q4) of FY 2025. The NRC is taking a
phased approach to meeting the requirements of OMB M-21-31. The EL1 logging level is scheduled to be completed by 7/31/24. The EL2 logging level is scheduled to be completed by 3/31/25. The EL3 logging level is scheduled to be completed by 8/01/25. Target Completion Date: FY 2025, Q4.
OIG Analysis: The OIG will close the recommendation when it verifies that the NRC management increases the current SIEM tool licensing level and acquires funding to adequately support the procurement, onboarding, and implementation of requirements across all EL maturity tiers to ensure events are logged and tracked in accordance with OMB M-21-31. This recommendation remains open and resolved.
OIG Analysis: The OIG has reviewed the evidence and confirms that the agency has increased the current SIEM tool licensing level and acquired funding. A month after the OIG’s audit fieldwork ended for the FY 2024 FISMA audit, NRC
management informed the OIG that the agency has achieved EL1 maturity. The OIG will close this recommendation after verifying that the agency has implemented all requirements across EL maturity tiers (EL1, EL2, and EL3) to ensure
events are logged and tracked in accordance with OMB M-21-31.
Agency Response Dated June 6, 2024: The NRC has increased the SIEM tool licensing level and acquired funding to adequately support procurement and onboarding. The NRC plans to implement all requirements across EL maturity tiers EL1 (Basic), EL2 (Intermediate), and EL3 (Advanced) to ensure events are logged and tracked in accordance with OMBM- 21-31, “Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents,” dated August 27, 2021, by the fourth quarter (Q4) of FY 2025. The NRC is taking a
phased approach to meeting the requirements of OMB M-21-31. The EL1 logging level is scheduled to be completed by 7/31/24. The EL2 logging level is scheduled to be completed by 3/31/25. The EL3 logging level is scheduled to be completed by 8/01/25. Target Completion Date: FY 2025, Q4.
OIG Analysis: The OIG will close the recommendation when it verifies that the NRC management increases the current SIEM tool licensing level and acquires funding to adequately support the procurement, onboarding, and implementation of requirements across all EL maturity tiers to ensure events are logged and tracked in accordance with OMB M-21-31. This recommendation remains open and resolved.
Significant Recommendation
Yes