ML20246G648

From kanterella
Jump to navigation Jump to search
Memo - Fiscal Year 2021 Cybsersecurity Risk Management Activities
ML20246G648
Person / Time
Issue date: 09/17/2020
From: David Nelson
NRC/OCIO/GEMSD/CSB
To: Jeff Baran, Annie Caputo, Castelveter D, Miriam Cohen, Eugene Dacus, Margaret Doane, Dan Dorman, Laura Dudes, Feitel R, Raymond Furstenau, Jack Giessner, Jennifer Golder, Catherine Haney, Christopher Hanson, Hawkens E, Brian Holian, Clay Johnson, David Lew, John Lubinski, Nader Mamish, Martin J, Scott Moore, Scott(Ois) Morris, David Nelson, Ho Nieh, Vonna Ordaz, Darrell Roberts, Shuttleworth E, Kristine Svinicki, Annette Vietti-Cook, George Wilson, David Wright, Marian Zobler
Advisory Committee on Reactor Safeguards, Office of Administration, Atomic Safety and Licensing Board Panel, NRC/Chairman, NRC/EDO, Office of Nuclear Material Safety and Safeguards, Office of Nuclear Reactor Regulation, Office of Nuclear Security and Incident Response, Office of Congressional Affairs, NRC/OCAA, NRC/OCFO, Office of the Chief Human Capital Officer, NRC/OCIO, NRC/OCM, NRC/OE, NRC/OGC, NRC/OI, NRC/OIG, NRC/OIP, Office of Public Affairs, Office of Nuclear Regulatory Research, NRC Region 1, NRC/RGN-II, NRC/RGN-III, NRC Region 4, NRC/SBCR, NRC/SECY
Jonathan Feibus, 301-415-0717
Shared Package
ML20246G646 List:
References
Download: ML20246G648 (5)
v  d  e


Text

MEMORANDUM TO:

Those on the Attached List FROM:

David J. Nelson Chief Information Officer Office of the Chief Information Officer

SUBJECT:

FISCAL YEAR 2021 CYBERSECURITY RISK MANAGEMENT ACTIVITIES I want to express my appreciation for your continued efforts to improve the U.S. Nuclear Regulatory Commissions (NRCs) cybersecurity posture and to fulfill the agencys goal to minimize security risks. We have been successful in implementing many improvements through the hard work of you and your staff, and these are reflected in our quarterly Federal Information Security Management Act of 2014 (FISMA) ratings and audits by the Government Accountability Office and our Inspector General.

FISMA and our implementation framework delineate the risk management activities that we are required to conduct periodically for all NRC systems, including our high-value assets. These activities include the following:

cybersecurity awareness training

cybersecurity role-based training

continuous monitoring

system cybersecurity assessment

system security categorization

privacy threshold analysis and privacy impact assessments

periodic reviews and risk management reporting

Achieving success on such important efforts requires support from all NRC Office Directors, Regional Administrators, and system owners. The agencys success also depends on completion of the risk management activities outlined in the enclosed Cybersecurity Risk Management Activities Instructions, Fiscal Year 2021. The instructions provide detailed guidance on the required activities, such as making the specified documentation available to the required staff, including the Office of the Inspector General.

CONTACT: Jonathan Feibus, OCIO 301-415-0717 September 17, 2020 Signed by Nelson, David on 09/17/20

Those on the attached list 2

Contract vehicles are available to NRC Headquarters and regional offices to support these activities. If you require contract support, please ensure sufficient resources and time are available by coordinating requirements with your designated contracting officers representative for cybersecurity program support services.

Additionally, I will continue to focus on ensuring that the agency identifies needed resources in the budget formulation process for all aspects of required cybersecurity for the life of our systems, including plans for hardware and software upgrades, maintenance, and system changes.

Please feel free to contact Jonathan Feibus, Chief Information Security Officer or me with questions. As always, I expect and appreciate your support as we work to jointly accomplish the agencys mission and minimize cybersecurity risk to the NRC.

Enclosure:

Cybersecurity Risk Management Activities Instructions, Fiscal Year 2021

MEMORANDUM TO THOSE ON THE ATTACHED LIST, DATED: September 17, 2020.

SUBJECT:

FISCAL YEAR 2021 CYBERSECURITY RISK MANAGEMENT ACTIVITIES E-Mail Mail Stops Chairman Svinicki Send a Hard Copy to O-16B33 Commissioner Baran Send a Hard Copy to O-16B33 Commissioner Caputo Send a Hard Copy to O-16B33 Commissioner Wright Send a Hard Copy to O-16B33 Commissioner Hanson Scott W. Moore, Executive Director, Advisory Committee on Reactor Safeguards Send a Hard Copy to O-16B33 RidsACRS_MailCTR Resource E. Roy Hawkens, Chief Administrative Judge, Atomic Safety and Licensing Board Panel RidsAslbpManagement Resource Marian L. Zobler, General Counsel RidsOgcMailCenter Resource Jody C. Martin, Director, Office of Commission Appellate Adjudication RidsOcaaMailCenter Resource Cherish K. Johnson, Chief Financial Officer RidsOcfoMailCenter Resource Robert J. Feitel, Inspector General RidsOigMailCenter Resource Nader L. Mamish, Director, Office of International Programs RidsOipMailCenter Resource Eugene Dacus, Director, Office of Congressional Affairs RidsOcaMailCenter Resource David A. Castelveter, Director, Office of Public Affairs RidsOpaMail Resource Annette L. Vietti-Cook, Secretary of the Commission RidsSecyMailCenter Resource RidsSecyCorrespondenceMCTR Resource Margaret M. Doane, Executive Director for Operations RidsEdoMailCenter Resource Darrell J. Roberts, Deputy Executive Director for Materials, Waste, Research, State, Tribal, Compliance, Administration, and Human Capital Programs, OEDO RidsEdoMailCenter Resource Daniel H. Dorman, Deputy Executive Director for Reactor and Preparedness Programs, OEDO RidsEdoMailCenter Resource Catherine Haney, Assistant for Operations, OEDO RidsEdoMailCenter Resource Jennifer M. Golder, Director, Office of Administration RidsAdmMailCenter Resource David J. Nelson, Chief Information Officer RidsOCIO Resource George A. Wilson, Director, Office of Enforcement RidsOeMailCenter Resource Edward Shuttleworth, Director, Office of Investigations RidsOiMailCenter Resource Miriam L. Cohen, Chief Human Capital Officer RidsOchcoMailCenter Resource John W. Lubinski, Director, Office of Nuclear Material Safety and Safeguards RidsNmssOd Resource Ho K. Nieh, Director, Office of Nuclear Reactor Regulation RidsNrrOd Resource (I)

RidsNrrMailCenter Resource (A)

Raymond V. Furstenau, Director, Office of Nuclear Regulatory Research RidsResOd Resource (I)

RidsResPmdaMail Resource (A)

Vonna L. Ordaz, Director, Office of Small Business and Civil Rights RidsSbcrMailCenter Resource Brian E. Holian, Director, Office of Nuclear Security and Incident Response RidsNsirMailCenter Resource (A)

RidsNsirOd (I)

David C. Lew, Regional Administrator, Region I RidsRgn1MailCenter Resource Laura A. Dudes, Regional Administrator Region II RidsRgn2MailCenter Resource John B. Giessner, Regional Administrator, Region III RidsRgn3MailCenter Resource Scott A. Morris, Regional Administrator, Region IV RidsRgn4MailCenter Resource

DN SF BS JM JF AM CB KA AS Those on the Attached List DATE Fiscal Year 2021 Cybersecurity Risk Management Activities September 17, 2020 DISTRIBUTION:

RidsACRS_MailCTRResource, ACRS RidsAslbpManagementResource, ASLBP RidsOgcMailCenterResource, OGC RidsOcaaMailCenterResource, OCAA RidsOcfoMailCenterResource, OCFO RidsOigMailCenterResource, OIG RidsOipMailCenterResource, OIP RidsOcaMailCenterResource, OCA RidsOpaMailResource, OPA RidsSecyMailCenterResource, SECY RidsEdoMailCenterResource, EDO RidsAdmMailCenterResource, ADM RidsOCIOResource, OCIO RidsOeMailCenterResource, OE RidsOiMailCenterResource, OI RidsOchcoMailCenterResource, OCHCO RidsNmssOdResource, NMSS RidsNrrOdResource, NRR RidsResOdResource, RES RidsSbcrMailCenterResource, SBCR RidsNsirOdResource, NSIR RidsRgn1MailCenterResource, RGN I RidsRgn2MailCenterResource, RGN II RidsRgn3MailCenterResource, RGN III RidsRgn4MailCenterResource, RGN IV ADAMS Accession No.:

ML20246G646; ML20246G645 OFFICE OCIO/GEMSD/CSB

/CSOT ADM/PMAE/DAET OCIO/GEMSD/CSB OCIO/GEMSD/DPRB

/IMIT NAME ASage KAzariah-Kribbs CBrown AMullins DATE Sep 9, 2020 Sep 9, 2020 Sep 10, 2020 Sep 11, 2020 OFFICE OCIO/CISO OCIO/GEMSD/D OCIO/GEMSD/DD OCIO/DD NAME JFeibus JMoses BSanford SFlanders DATE Sep 14, 2020 Sep 15, 2020 Sep 15, 2020 Sep 16, 2020 OFFICE OCIO/D NAME DNelson 4

DATE Sep 17, 2020 OFFICIAL RECORD COPY

Retrieved from "https://kanterella.com/w/index.php?title=ML20246G648&oldid=3904441"