Independent Evaluation of the NRC’s Implementation of the Federal Information Security Modernization Act of 2014 for FY 2021

View Report

Date Issued

Monday, December 20, 2021

Submitting OIG

Nuclear Regulatory Commission OIG

Other Participating OIGs

Nuclear Regulatory Commission OIG

Agencies Reviewed/Investigated

Nuclear Regulatory Commission

Report Number

OIG-22-A-04

Report Type

Inspection / Evaluation

Agency Wide

Yes

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 1 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use	Additional Details
8	Yes	$0	$0	Agency Response Dated April 30, 2025: Pursuant to the Supply Chain Security Training Act of 2021 (Pub. L. 117-145), the General Services Administration is required to develop training for Federal officials with supply chain risk management responsibilities. The NRC will leverage this training, which will be implemented by the Office of Management and Budget, when it becomes available. Target Completion Date: Fiscal year 2025, third quarter OIG Analysis: The OIG will close this recommendation after confirming that the NRC has leveraged the General Services Administration’s training for Federal officials with supply chain risk management responsibilities to develop and implement role-based training for personnel with supply chain risk management roles and responsibilities to detect counterfeit system components. Agency Response Dated August 22, 2024: Pursuant to the Supply Chain Security Training Act of 2021 (Public Law 117-145), the General Services Administration is required to develop training for Federal officials with supply chain management responsibilities. The NRC will leverage this training for role holders, which will be implemented by the Office of Management and Budget, when it becomes available. Additionally, in April 2021, the NRC developed CSO-PROS-0006, aimed at those who hold supply chain risk management roles and responsibilities to ensure that counterfeit products are detected before being added to the NRC’s environment. Target Completion Date: FY 2025, Q3 OIG Analysis: The OIG will close this recommendation after confirming that the NRC has developed and implemented role-based training with those who hold supply chain risk management roles and responsibilities to detect counterfeit system components. Status: Open: Resolved. Pursuant to the Supply Chain Security Training Act of 2021 (Public Law 117-145), the General Services Administration is required to develop training for Federal officials with leverage this training, which will be implemented by the Office of Management and Budget, when it becomes available. Target Completion Date: FY 2024, Q3.
Develop and implement role-based training with those who hold supply chain risk management roles and responsibilities to detect counterfeit system components.