The OIG contracted with Sikich CPA LLC to conduct the Performance Audit of the NRC’s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024 Region III: Naperville, Illinois. The objective was to assess the effectiveness of the information security policies, procedures, and practices of the NRC Region III facility. The findings and conclusions presented in this report are the responsibility of Sikich. The OIG’s responsibility is to provide oversight of the contractor’s work in accordance with generally accepted government auditing standards.
The agency’s staff indicated that they had no formal comments for inclusion in this report.
For the period March 2024 through November 2024, Sikich found that although the NRC generally implemented effective information security policies, procedures, and practices for Region III, the agency’s implementation of a subset of selected controls was not fully effective. There are weaknesses in Region III’s information security program and practices. As a result, one recommendation was made to assist Region III in strengthening its information security program.
Report File
Date Issued
Submitting OIG
Nuclear Regulatory Commission OIG
Agencies Reviewed/Investigated
Nuclear Regulatory Commission
Report Number
OIG-NRC-25-A-06
Report Description
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
1
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No
Open Recommendations
This report has 1 open recommendations.
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 1 | No | $0 | $0 | ||
| We recommend that Region III management conduct a physical asset inventory to reflect the current information technology assets located at Region III. | |||||
