http://www.csoonline.com/article/696831/nation-s-nuclear-power-watchdog-comes-up-short-on-fisma-compliance- By George V. Hulme CSO December 20, 2011 Like most big organizations with complex infrastructures, the Nuclear Regulatory Commission (NRC ) is having trouble consistently maintaining its vulnerability and risk management programs. That was the key takeaway of a recently published report that detailed the findings of an independent audit conducted by Richard S. Carson & Associates, Inc., that examined the NRC's implementation of the Federal Information Security Management Act (FISMA), which requires federal agencies to develop and maintain an information security program. According to the report, the U.S. nuclear reactor safety and security watchdog has made some improvements in its IT security efforts, but also has much more work to do. "While the agency has continued to make improvements in its information system security program and has made progress in implementing the recommendations resulting from previous FISMA evaluations, the independent evaluation identified three information system security program weaknesses," the report said. Areas in need of improvement include bolstering its Plan of Action and Milestones, development of an organization-wide risk management strategy, and consistently implementing its configuration management procedures. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Wed Dec 21 2011 - 00:51:44 PST
This archive was generated by hypermail 2.2.0 : Wed Dec 21 2011 - 00:50:11 PST