Nation's nuclear power watchdog comes up short on FISMA compliance

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/696831/nation-s-nuclear-power-watchdog-comes-up-short-on-fisma-compliance-

By George V. Hulme
CSO
December 20, 2011

Like most big organizations with complex infrastructures, the Nuclear 
Regulatory Commission (NRC ) is having trouble consistently maintaining 
its vulnerability and risk management programs.

That was the key takeaway of a recently published report that detailed 
the findings of an independent audit conducted by Richard S. Carson & 
Associates, Inc., that examined the NRC's implementation of the Federal 
Information Security Management Act (FISMA), which requires federal 
agencies to develop and maintain an information security program.

According to the report, the U.S. nuclear reactor safety and security 
watchdog has made some improvements in its IT security efforts, but also 
has much more work to do. "While the agency has continued to make 
improvements in its information system security program and has made 
progress in implementing the recommendations resulting from previous 
FISMA evaluations, the independent evaluation identified three 
information system security program weaknesses," the report said.

Areas in need of improvement include bolstering its Plan of Action and 
Milestones, development of an organization-wide risk management 
strategy, and consistently implementing its configuration management 
procedures.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn