Skip to main content
Report File
Date Issued
Submitting OIG
Nuclear Regulatory Commission OIG
Other Participating OIGs
Nuclear Regulatory Commission OIG
Agencies Reviewed/Investigated
Nuclear Regulatory Commission
Report Number
OIG-21-A-05
Report Type
Inspection / Evaluation
Agency Wide
Yes
Number of Recommendations
13
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 1 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
12 Yes $0 $0 Agency Response Dated July 3, 2025: The NRC will analyze its contingency plans to identify opportunities to integrate metrics for measuring the effectiveness of the associated information system. The analysis will include, but not be limited to, metrics for mean time to recovery, incident response time, and site recovery time. The revised target completion date is the fourth quarter (Q4) of fiscal year (FY) 2025. Target Completion Date: FY 2025, Q4

OIG Analysis: The OIG will close this recommendation after confirming that the agency has integrated metrics for measuring the effectiveness of information system contingency plans with information on the effectiveness of related plans, such as organization and business process continuity, disaster recovery, incident management, insider threat
implementation, and occupant emergency plans, as appropriate, to deliver persistent situational awareness across the organization.


Agency Response Dated February 14, 2025: The NRC will analyze its contingency plans to identify opportunities to integrate metrics for measuring the effectiveness of the associated information system. The analysis will include, but not be limited to, metrics for mean time to recovery, incident response time, and site recovery time. The new target completion date is the fourth quarter (Q4) of FY 2025. Target Completion Date: FY 2025, Q4
OIG Analysis: The OIG will close this recommendation after reviewing the evidence that demonstrates and confirms the NRC integrated metrics for measuring the effectiveness of information system contingency plans and its relation to other plans such as the organization and business process continuity, disaster recovery, incident management, insider threat implementation, and occupant emergency plans, as appropriate, to deliver persistent situational awareness
across the organization. This recommendation remains open and resolved.

Status: Open: Resolved. The NRC and the OIG are working to come to an agreement on a sufficient way to complete this recommendation. The OIG will close the recommendation after the NRC integrates metrics for measuring the effectiveness of information system contingency plans with information on the effectiveness of related plans to deliver persistent situational awareness across the organization. Target Completion Date: To be determined.

Integrate metrics for measuring the effectiveness of information system contingency plans with information on the effectiveness of related plans, such as organization and business process continuity, disaster recovery, incident management, insider threat implementation, and occupant emergency plans, as appropriate, to deliver persistent situational awareness across the organization.

Nuclear Regulatory Commission OIG

United States