ML25181A535

From kanterella
Jump to navigation Jump to search
OIG-NRC-25-A-09: Audit of the U.S. Nuclear Regulatory Commissions Web-Based Licensing System, Dated June 30, 2025
ML25181A535
Person / Time
Issue date: 06/30/2025
From: Virkar H
NRC/OIG/AIGA
To: Mark King
NRC/EDO
References
OIG-NRC-25-A-09
Download: ML25181A535 (1)
v  d  e


Text

E Audit of the U.S. Nuclear Regulatory Commissions Web-Based Licensing System OIG-NRC-25-A-09 June 30, 2025 All publicly available OIG reports are accessible through the OIGs website at:

nrcoig.oversight.gov

NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930 nrcoig.oversight.gov MEMORANDUM DATE:

June 30, 2025 TO:

Michael F. King Acting Executive Director for Operations FROM:

Hruta Virkar, CPA /RA/

Assistant Inspector General for Audits & Evaluations

SUBJECT:

AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS WEB-BASED LICENSING SYSTEM (OIG-NRC-25-A-09)

Attached is the Office of the Inspector Generals (OIG) audit report titled: Audit of the U.S. Nuclear Regulatory Commissions Web-Based Licensing System.

The report presents the results of the subject audit. Following the May 27, 2025, exit conference, agency staff indicated that they had no formal comments for inclusion in this report.

Please provide information on actions taken or planned on each of the recommendation(s) within 30 days of the date of this memorandum.

We appreciate the cooperation extended to us by members of your staff during the audit. If you have any questions or comments about our report, please contact me at 301.415.1982 or Mike Blair, Team Leader, at 301.415.8399.

Attachment:

As stated cc: J. Martin, ADO D. Lewis, DADO E. Deeds, OEDO

i Results in Brief Audit of the U.S. Nuclear Regulatory Commissions Web-Based Licensing System OIG-NRC-25-A-09 June 30, 2025 The Office of the Inspector General (OIG) determined that the Web-Based Licensing (WBL) System manages the materials licensing and inspection information as it is designed to and in accordance with security requirements. Users were generally satisfied with the system, and acknowledged that the enhancements made since it was first deployed have improved their perception and the use of the system. However, the OIG identified areas for improvement; specifically, the OIG determined:

the WBL Systems inactivity controls interrupt users work processes; WBL users are unable to edit role-based licensing information in the Export/Import and Decommissioning, Uranium Recovery and Waste Programs (DUWP) modules; the WBL User Guide lacks quality information for using certain WBL modules; WBL users are generally unfamiliar with the change control process; several WBL System enhancements do not work as intended; the licensing and inspection modules do not contain quality data; and, the WBL System data is not readily available for the agency to use in other applications.

This report makes 15 recommendations to increase the WBL Systems functionality, effectiveness, and users efficiency.

What We Found What We Recommend Why We Did This Review The WBL System is a materials licensing system that supports the U.S. Nuclear Regulatory Commission (NRC) and some Agreement States in managing the licensing information of businesses that use radioactive materials. Deployed in August 2012, the WBL System provides an up-to-date repository of all licenses nationwide, and an avenue for Agreement States to use the same licensing and information platform as the NRC.

Designed to maintain information on materials licensees, WBL supports the entry of licensing information and license images and gives the NRC and Agreement States the information technology tools needed to manage the licensing life cycle from initial application through license issuance, amendment, reporting, and termination all in one place.

The audit objective was to determine if the WBL System effectively manages the NRCs materials licensing and inspection information and provides for the security, availability, and integrity of the system data.

ii ABBREVIATIONS............................................................................................... iii I.

BACKGROUND............................................................................................ 1 II.

OBJECTIVE.................................................................................................. 7 III. FINDINGS................................................................................................... 7

1.

The WBL Systems Inactivity Controls Interrupt Users Work Processes.............................................................................................. 7

2.

WBL Users are Unable to Edit Role-Based Licensing Information in the Export/Import and DUWP Modules....................................... 10

3.

The WBL User Guide Lacks Quality Information for using Certain WBL Modules........................................................................ 13

4.

WBL Users are Generally Unfamiliar with the Change Control Process................................................................................................ 16

5.

Several WBL System Enhancements do not Work as Intended....... 19

6.

The Licensing and Inspection Modules do not Contain Quality Data................................................................................................... 22

7.

The WBL System Data is not Readily Available for the Agency to use in other Applications.................................................................. 25 IV. CONSOLIDATED LIST OF RECOMMENDATIONS................................ 29 V.

NRC COMMENTS...................................................................................... 31 OBJECTIVE, SCOPE, AND METHODOLOGY................................................. 32 TO REPORT FRAUD, WASTE, OR ABUSE...................................................... 35 COMMENTS AND SUGGESTIONS.................................................................. 35 NOTICE TO NON-GOVERNMENTAL ORGANIZATIONS AND BUSINESS ENTITIES SPECIFICALLY MENTIONED IN THIS REPORT......................... 35 TABLE OF CONTENTS

iii DUWP Decommissioning, Uranium Recovery, and Waste Programs EDO Executive Director for Operations FISMA Federal Information Security Modernization Act GAO U.S. Government Accountability Office GLTS General License Tracking System ISMP Integrated Source Management Portfolio IT Information Technology IT/IM Information Technology/Information Management NMFS Nuclear Material FISMA Systems NMSS Office of Nuclear Material Safety and Safeguards NRC U.S. Nuclear Regulatory Commission OIG Office of the Inspector General OMB Office of Management and Budget SSP System Security Plan STIMS/FFIMS Storage and Transportation Information Management System/Fuel Facilities Information Management System WBL Web-Based Licensing ABBREVIATIONS AND ACRONYMS

1 The NRCs mission is to protect public health and safety and advance the nations common defense and security by enabling the safe and secure use and deployment of civilian nuclear energy technologies and radioactive materials through efficient and reliable licensing, oversight, and regulation for the benefit of society and the environment. Collectively, the NRC and NRC Agreement States oversee more than 18,000 licenses that authorize the use of source, byproduct, and special nuclear material.1 The NRC oversees approximately 2,000 materials licenses for medical, industrial, and academic uses. As part of its oversight, the NRC issues approximately 1,400 new licenses, renewals, or amendments for existing materials licenses annually. It conducts 600 to 800 safety and security inspections of materials licensees each year. The 39 Agreement States2 oversee the remaining licenses.

The NRCs Office of Nuclear Material Safety and Safeguards (NMSS) is responsible for regulatory activities relating to the production of nuclear fuel used in commercial nuclear reactors; the storage, transportation, and disposal of high-level radioactive waste and spent nuclear fuel; and, the transportation of radioactive materials regulated under the Atomic Energy Act. The four NMSS business lines3 cover regulatory activities pertaining to the oversight of industrial and medical uses of nuclear materials, manufacturing of nuclear fuel, transportation and storage of nuclear materials, and decommissioning of sites involving these materials.

The Web-Based Licensing System The Integrated Source Management Portfolio (ISMP) is a portfolio of automated tools for credential tracking (licenses and certificates), inspection tracking, item tracking (devices and sources), license verification, and 1 As of December 2024.

2 An Agreement State is a U.S. State that has signed an agreement with the NRC authorizing the State to regulate certain uses of radioactive materials within the State. The NRC provides assistance to States expressing interest in establishing programs to assume NRC regulatory authority under the Atomic Energy Act of 1954, as amended. Section 274 of the Act provides a statutory basis under which the NRC relinquishes to the States portions of its regulatory authority to license and regulate byproduct materials (radioisotopes); source materials (uranium and thorium); and certain quantities of special nuclear materials.

3 The NRC uses business lines to categorize its regulatory activities and to estimate the costs associated with those activities.

I. BACKGROUND

2 financial interfacing. The ISMP provides critical support to the NMSS broad mission and also supports the NRCs Office of International Programs and Office of the Chief Financial Officer. The NRCs four regional offices (Region I - Northeast, Region II - Southeast, Region III - Midwest, and Region IV -

West/Southwest) are also responsible for implementing the NRCs materials program, and they rely on the ISMP in their regulatory activities. In addition, the ISMP provides support to state regulatory agencies, licensees, and other federal agencies.

The key systems that make up the ISMP are the National Source Tracking System, Web-Based Licensing (WBL) System, and License Verification System. Figure 1 shows an integration diagram of the ISMPs subsystems.

Figure 1: ISMP Integration Concept Overview Source: NRC Public Webpage The WBL System provides an up-to-date repository of all materials licenses nationwide, and an avenue for Agreement States to use the same licensing and information platform as the NRC. Currently, 13 Agreement States use the

3 customized versions of the WBL System, and 6 are transitioning to the system.4 WBL System Data Through multiple modules, the WBL System manages licensing information related to businesses that use radioactive materials. The system manages the information from the time of the initial license application through license issuance, amendment, reporting, and termination. See Table 1 for the list of WBL modules and its associated NMSS business lines. Information tracked in the system includes, but is not limited to, contact information, program code(s), authorized materials, locations of use, radiation safety officers, authorized users, license conditions, inspection findings, and schedule milestones.

Table 1: NMSS Business Lines and Corresponding WBL System Modules Nuclear Materials Users Business Line

  • Licensing
  • Inspection
  • General License Tracking System (GLTS)
  • Reciprocity
  • Sealed Source and Device Office of International Programs
  • Export/Import Spent Fuel Storage and Transportation Business Line & Fuel Facilities Business Line
  • Storage and Transportation Information Management System/Fuel Facilities Information Management System (STIMS/FFIMS, combined module)

Decommissioning and Low-Level Waste Business Line

  • DUWP Source: OIG Created 4 The remaining Agreement States use their own respective databases to maintain licensing and inspection data.

4 NRC licensee and license information stored in the WBL System is shared with the NRCs Financial Accounting and Integrated Management Information System, Reactor Program System, National Source Tracking System, License Verification System, and Agencywide Documents Access and Management System. The NRC also uses information from the system to address reporting metrics associated with the Congressional Budget Justification and the Nuclear Energy Innovation and Modernization Act.

The NMSS has also developed dashboards for management and staff to monitor and visualize materials licensing and inspection actions in progress across various modules. The dashboards visualize the data within the WBL System, providing staff and management quick insight into agency activities without having to access the system. The dashboards also help identify any errors or missing information in the WBL System.

WBL System Security Data in the WBL System is secured per the Federal Information Security Modernization Act of 2014 (FISMA 2014)5 requirements. In 2023, the NMSS established the Nuclear Material FISMA Systems (NMFS) environment to provide a secure and effective set of automated tools to house and maintain information on licensees, nationally tracked sources possessed by licensees, licensee transactions, and scientific research.6 As part of the NMFS, the WBL System is maintained according to its security categorization and implements tailored security controls defined by National Institute of Standards and Technology Special Publication 800-53, Revision 5, Security and Privacy Controls Information Systems and Organizations.

To gain access to the system, users must apply using the Portfolio Enrollment Module, the credentialing system for the ISMP. For initial and continued access to the WBL System, users must annually certify their agreement with the systems cybersecurity requirements, acknowledging they understand the systems Rules of Behavior and associated security awareness training.

The NRC or Agreement State agency program sponsor must decide whether to approve the user for access and, if access is granted, assign the user the 5 The Federal Information Security Modernization Act 0f 2014 provides federal requirements in securing government data. It requires federal agencies to develop, document, and implement an agency-wide information security program to protect their information and information systems, including those provided or managed by another agency, contractor, or other source.

6 Prior to the NMFS, the ISMP was maintained in accordance with its system-specific system security plan.

5 appropriate role. Authorized Agreement State personnel can only use the WBL System to track licenses and inspections specific to their State and to view all agencies licenses for license verification purposes.

WBL System Management Various staff members within the NMSS support the operations and maintenance of the WBL System; these staff work on the WBL business and WBL information technology (IT) Teams. Each team member has a specific role and responsibility, but members work together to ensure the system supports the missions of each respective user community.

  • The WBL Business Team is responsible for granting system access to new users and coordinating with stakeholders. The team is also responsible for identifying and prioritizing change requests and enhancements to the system through a change control process.

Further, the WBL Business Team develops and updates the WBL guidance and procedures, such as the WBL User Guide, a document that tells users how to navigate, use, and enter information into the system.

  • The WBL IT Team manages all IT contracts supporting WBL and oversees the security aspects of the WBLs IT system and its day-to-day security operations. The IT Team also monitors users support issues and promptly addresses those related to data integrity, system stability, or security vulnerabilities.

WBL System Contracts The NMSS utilizes two contracts tasked with the systems design, development, and maintenance of the system. The NMSS has determined that it requires contractor support to ensure that the ISMP is available, accessible, and highly responsive to stakeholder needs. This support work covers areas of software maintenance, regulatory compliance data reporting, user support, application usage training, and oversight of application platform infrastructure. Additionally, the NMSS needs independent verification and validation support services to ensure accurate capture and implementation of user needs, as well as operational and governance support, where independence is required in the functional areas of system development, product review and testing, technology assessments, feasibility studies and alternative analyses, investment governance support, and FISMA compliance.

6 WBL System Budget The WBL System is funded under the aforementioned NMSS business lines.

Its budget covers tasks such as FISMA compliance activities, system and module maintenance and modernization efforts, end-user support, and dashboard development. The total requested budget for maintaining and enhancing the WBL System for fiscal year 2025 was $8,856,000.

7 The audit objective was to determine if the Web-Based Licensing System effectively manages the NRCs materials licensing and inspection information and provides for the security, availability, and integrity of the system data.

The OIG determined that the WBL System manages the materials licensing and inspection information as it is designed to and in accordance with security requirements. The WBL team has several ongoing projects to improve the features and functions of the WBL System. WBL users are generally satisfied with the system and acknowledged that the enhancements made since it was first deployed have improved their perception and use of the system. However, the OIG identified areas for improvement; specifically, the OIG determined:

1. The WBL Systems inactivity controls interrupt users work processes;
2. WBL users are unable to edit role-based licensing information in the Export/Import and DUWP modules;
3. The WBL User Guide lacks quality information for using certain WBL modules;
4. WBL users are generally unfamiliar with the change control process;
5. Several WBL System enhancements do not work as intended;
6. The licensing and inspection modules do not contain quality data; and,
7. The WBL System data is not readily available for the agency to use in other applications.
1. The WBL Systems Inactivity Controls Interrupt Users Work Processes The appropriate types of security control activities should be implemented to facilitate proper operation of information systems. However, the WBL Systems current inactivity controls impact the users ability to complete WBL-related licensing and inspection work without significant interruption.

This occurred because the WBL System had not implemented a previously granted waiver to extend the period after which an inactive user will be logged out of the system, and the guidance explaining how to obtain continuous access to the WBL System without significant disruption is ineffective. The II. OBJECTIVE III. FINDINGS

8 inability to access the system without significant disruption causes inefficiencies for users completing licensing and inspection work.

The appropriate types of system security controls should be implemented The U.S. Government Accountability Offices (GAOs) Standards for Internal Control in the Federal Government7 states that management should design appropriate types of general control activities in the entitys information system for coverage of information processing objectives for operational purposes. General controls, such as security management and logical access, facilitate the proper operation of information systems by creating the environment for proper operation of application controls. In accordance with the NMFS system security plan (SSP), the WBL System has controls in place to terminate a users session after a specified period of inactivity in the system.

The WBL Systems current inactivity controls impact users ability to work without significant interruption The WBL Systems current inactivity controls hinder users efficiency.

Specifically, the SSP security control Access Control (AC)-12, Session Termination, states that the system automatically terminates a user session after 15 minutes of user inactivity, at which time the system initiates a device lock until the user reestablishes access with the proper identification and authentication procedures.8 Additionally, when a users session is terminated due to inactivity, the WBL System requires the user to fully close the entire browser, including open tabs unrelated to the application, before accessing the system again.

7 U.S. Government Accountability Office, Standards for Internal Control in the Federal Government, GAO-14-704G, September 2014.

8 The OIG tested the inactivity controls for the WBL System and determined the WBL actually had a session termination period of 20 minutes after a user is inactive in the system.

What Is Required What We Found

9 WBL users typically have multiple tabs open within one browser to access and review lengthy license documents and to retrieve the official records needed, along with the WBL System. For example, reviews often require opening other external documents and starting user sessions in different systems and agency applications, such as the Agencywide Documents Access and Management System and the National Source Tracking System. While reviewing license documents for applications outside of the WBL System, the users browser cache9 does not alert the server of routine navigation within the document. Therefore, when the WBL times out, users must close all the other tabs in their browser sessions before reauthenticating and reconnecting.

Efforts to decrease the timeout burden on users were not implemented or do not work Due to the burdensome effects of the session timeouts, in 2016, the WBL IT Team requested a deviation in the ISMP SSP from a 15-minute inactivity period to a 30-minute inactivity period. After determining that sufficient compensating controls were in place to extend the inactivity period, a waiver was approved to deviate from the ISMP SSP and to allow a 30-minute inactivity period before a session terminates. However, that documented deviation for the control was not carried over when the ISMP systems were transitioned to the NMFS umbrella. The current NMFS SSP states the inactivity period before a users session is terminated is 15 minutes and makes no mention of the waiver for the WBL System.

Further, the WBL User Guide instructions for re-accessing the system without closing the entire browser do not work. The WBL User Guide contains instructions for clearing the cache so the user can reauthenticate into the system without closing all browsers. The OIG tested the inactivity controls for the WBL System and related instructions in the User Guide for clearing the cache and determined those instructions do not work. One of the proposed solutions submitted to the WBL System by NRC staff was to remove the requirement to close all browser tabs when WBL times out, but it has not been implemented due to stakeholders assigning it a lower priority on the WBL priority backlog.

9 A cache is a temporary storage area set aside on a processor, in memory, or in a filesystem to keep frequently needed data readily available, designed to speed up processing and improve performance.

Why This Occurred

10 The system timeouts cause inefficiencies for WBL users Due to the requirement to close all the tabs within the browser after session termination, users lose their progress. Consequently, work time is lost relogging into systems and searching for the previously accessed licensing and inspection documents. Users understand inactivity and session termination controls are in place for security reasons but are frustrated with the impact it has on the way they perform their work.

The OIG notes that as a result of this audit, the WBL IT Team recently updated the inactivity timeout to 30 minutes.

Recommendations The OIG recommends that the Executive Director for Operations (EDO):

1.1.

Update the inactivity control in the Nuclear Material FISMA Systems-system security plan to include references to the 30-minute deviation request and approval; and, 1.2.

Update the Web-Based Licensing System User Guides instructions on clearing the cache to access the system without closing the browser.

2. WBL Users are Unable to Edit Role-Based Licensing Information in the Export/Import and DUWP Modules System access and user roles should be commensurate with the authorized users assigned responsibilities. However, WBL users are unable to perform functions commensurate with their assigned WBL roles and NRC responsibilities. This occurs because the user roles for the WBL System are not properly defined. As a result, work is disrupted because users cannot perform licensing activities without additional assistance.

Why This Is Important

11 User roles should be commensurate with the authorized users assigned responsibilities Appendix III to Office of Management and Budget (OMB) Circular No. A-130 establishes a minimum set of controls to be included in federal automated information security programs. The appendix states that personnel security controls, such as the principle of least privilege, should be included in the security plan for a general support system,10 such as WBL. The least privilege security control involves restricting a users access (to data files, to processing capability, or to peripherals) or type of access (read, write, execute, delete) to the minimum necessary to perform his or her job.

The GAO Standards for Internal Control in the Federal Government also recommend that management design information system control activities so that they are commensurate with authorized users assigned responsibilities.

WBL users are unable to perform role-based functions in several WBL modules The Export/Import and DUWP modules prevented users from performing functions commensurate with their NRC responsibilities and assigned WBL System roles. Within the WBL System, user groups are established that define the activities a user may perform. User groups range from read-only, where a user may only read information and may not make changes, to system administrator, where the user has the highest level of edit-and-change privileges. As a result, some users are assigned to multiple user groups within their module to perform their tasks.

The OIG reviewed the WBL Systems user roles and descriptions for all modules and determined that some user groups within their respective modules are assigned the same access and edit rights (sometimes just read-only rights) despite those groups having different job responsibilities and escalated needs. Additionally, NRC users told the OIG that although they 10 General support system or system means an interconnected set of information resources under the same direct management control which shares common functionality.

What Is Required What We Found

12 were in the correct user group, they were not able to execute certain actions within the WBL System related to their duties. For example, a user was given the additional role of system administrator for a module but still could not make changes to any licensing information within the module to proceed with a licensing action. Additionally, in a different module, the user group Reviewer was unable to make changes to licensing information in that module despite being involved in the actual licensing and review process.

Finally, a group of users in a different module required multiple roles in the system, but that caused issues using certain features in the WBL System due to these assignments.

User roles are not properly defined User group roles are determined as the user requests initial access to the WBL System and users may request updated capabilities in WBL to perform their responsibilities; however, the user group roles are not always properly defined to reflect those responsibilities and to remediate issues with edit rights.

Instead of being assigned the group role that contains all the required capabilities to perform their jobs, several users in the WBL System are assigned to multiple user group roles. In other cases, the system does not recognize the highest level of edit rights, hindering job performance for some users because they require additional assistance to resume processing licensing actions.

While user access is periodically reviewed for the entire WBL System, there is no policy for periodic review of user roles and descriptions to ensure they are commensurate with job responsibilities. The WBL team identified the need to review and standardize the list of WBL roles, but it has not been completed.

Work is disrupted due to the inability to perform assigned licensing activities Because some user groups activities are not properly allocated to the correct roles, those users cannot make changes in WBL themselves. Therefore, processing actions in the WBL System are negatively affected due to users having to contact the WBL Help Desk to make those changes to proceed.

Why This Occurred Why This Is Important

13 Additionally, the inability to make real-time updates by reviewers has caused challenges for program managers within the same module, who must stop what they are doing to make updates within the WBL System.

Recommendations The OIG recommends that the EDO:

2.1.

Evaluate and update the Web-Based Licensing System to ensure users assigned to multiple roles may perform tasks associated with the highest access rights; 2.2. Update the Web-Based Licensing Systems user role descriptions to ensure users capabilities in the system are properly defined;

and, 2.3. Develop and implement a process to periodically update user roles in the Web-Based Licensing System to ensure users may perform tasks commensurate with their assigned NRC responsibilities.
3. The WBL User Guide Lacks Quality Information for using certain WBL Modules Management is responsible for communicating the necessary quality information to achieve the entitys objectives and should design new control activities when changes are incorporated into the entitys IT infrastructure.

However, the WBL User Guide lacks quality information for using certain modules in the system. This occurred because the WBL User Guide does not communicate how to use new modules and significant enhancements made to the WBL System. As a result, the WBL Systems effectiveness decreases and there is increased confusion among new users of the system.

The NRC should use quality information to achieve the agencys objectives According to the GAO Standards for Internal Control in the Federal Government, management should internally communicate the necessary What Is Required

14 quality informationinformation that is appropriate, current, complete, accurate, accessible, and provided on a timely basisto achieve the entitys objectives. Quality information should be communicated down, across, up, and around reporting lines to all levels of the entity. In addition, management should design control activities over the IT infrastructure to support the completeness, accuracy, and validity of information processing. Management should continue to evaluate changes in IT use and design new control activities when these changes are incorporated into the entitys information technology.

The WBL User Guide lacks quality information for using the DUWP, Export/Import, STIMS/FFIMS, and GLTS modules Since its deployment, the WBL System has undergone many system changes and enhancements, including new modules to house all materials licensing and inspection data under the NRCs purview. The WBL User Guide, developed by licensing and inspection staff, is a step-by-step guide for processing licensing actions, reciprocity actions, and sealed source and device registrations. The NMSS also has a series of trainings that demonstrate how to use and perform certain functions within the system that are available to NRC and Agreement State staff. The OIG reviewed the most recent version of the WBL User Guide and found that it does not reflect the significant changes made to the system, including adding or updating the DUWP, Export/Import, STIMS/FFIMS, and GLTS modules. The WBL User Guide also does not reference the separate NMSS-developed training for the system.

Several WBL users stated that the WBL User Guide is not helpful, and they prefer to ask others how to use the system rather than refer to the guide, despite it being easily accessible in the WBL System. Others noted that the biggest challenge users may face when using the WBL System is the lack of proper instruction on how to use the systems features and a lack of comfort in using the WBL User Guide because it does not reflect system changes.

In addition to interviewing NRC staff, the OIG sent a voluntary survey to Agreement States personnel to identify their challenges with the WBL System.

The Agreement States personnel stated that the WBL User Guide could be simplified. However, they also stated that the WBL User Guide would be What We Found

15 more beneficial if it included step-by-step instructions, especially if features were designed in a specific order.

The WBL User Guide does not communicate how to use new modules and significant enhancements to the system Prior to the February 2023 User Guide update, four modules were added to the WBL System; however, guidance for the modules was not incorporated into the User Guide, making the guide unhelpful to some users. Further, while the WBL User Guide includes some Agreement State content, it does not comprehensively address how Agreement States use their implemented modules within the WBL System. The OIG acknowledges that documentation for each new module is typically the responsibility of the relevant user groups.

However, if the WBL User Guide is meant to be the primary guidance for the system, it should address NRC and Agreement States information needs and provide instructions for all modules.

The WBL Systems effectiveness is decreased and there is increased confusion among new users Outdated and incomplete guidance decreases the effectiveness of the WBL System because not all users may be aware of the systems full capabilities.

Additionally, newer users may have trouble navigating and learning the system, which could lead to more inefficiencies. Further, the need for certain NRC users to ask other users for assistance demonstrates that not all NRC users are comfortable using the system.

The Agreement States that are new to using the WBL System do not have experienced personnel to ask for guidance in the same manner as NRC personnel; therefore, the Agreement States face additional challenges in training personnel to use the system. NRC and Agreement State users may request training for the WBL System at any time and are encouraged to contact the WBL Help Desk support as needed. However, when current and complete, the information in the WBL User Guide should make users aware of the systems full capabilities, improve user experience, enhance self-service Why This Occurred Why This Is Important

16 capabilities for new users navigating and learning the system, and reduce user inefficiencies.

Recommendations The OIG recommends that the EDO:

3.1.

Update the Web-Based Licensing System User Guide to incorporate guidance on how to use the new modules added to the WBL System, and describe how to use new enhancements to the system; and, 3.2. Establish a schedule to periodically review the Web-Based Licensing System User Guide and determine if it incorporates significant enhancements made on how to use the system.

4. WBL Users are Generally Unfamiliar with the Change Control Process The WBL change control process is intended to be a collaborative method, to determine which changes are made to the WBL System and prioritize the sequence of those changes. However, collaboration has been limited because internal and external users are generally unfamiliar with the change control process, including how to engage with it, how changes are prioritized, or how to view the status of proposed changes. This has occurred because the change control process is outdated, and deficient communications surround its elements. The lack of familiarity with the change control process prevents the submission and implementation of ideas that could make the WBL System more efficient and effective.

The WBL change control process should be a collaborative method WBL System users directly influence planned system enhancements. Given that the WBL System has multiple modules for tracking various NRC regulatory actions across NMSS business lines, a diverse set of stakeholders require continuous improvements and enhancements to the WBL System.

Each module may be used by multiple stakeholder groups, each with its own priorities for requested changes. For this reason, each stakeholder group has What Is Required

17 a representative, known as the module point of contact, who evaluates and prioritizes the changes requested by their stakeholder group. Those change requests are evaluated, assigned a business value, and provided to the module points of contact to determine their overall priority. Those prioritized change requests are automatically sorted by business value in an NMSS-developed dashboard to track planned enhancements.

The WBL Change Control Procedure is a guidance document that defines the roles and responsibilities of key WBL stakeholders, including responsibility for prioritization, evaluation, and implementation of change requests through WBL maintenance releases. The procedure states that the purpose of the WBL Systems change control process is to define the collaborative method used to determine which changes are made to WBL and the priority sequence of those changes. The process is designed to:

  • Be responsive to emergent and urgent issues;
  • Support timely WBL maintenance releases;
  • Be responsive to NRC and Agreement State business needs and efficiency goals while ensuring sustained compliance with applicable information system standards and requirements;
  • Ensure open and collaborative decision-making among stakeholder groups; and,
  • Comply with budgetary constraints and align with overall NRC enterprise architecture.

Collaboration is limited due to unfamiliarity with the change control process Despite efforts to make the change control process collaborative and inclusive of input from the stakeholders, internal and external, WBL users are generally unfamiliar with it or do not know how to engage with it. Specifically, several users are unaware that the change control process exists and how it works, including who to contact for suggested enhancements and how to submit change requests. Additionally, several users stated that frequent users of the system are not given enough input in the change control process. As a point of comparison, these users stated that determinations of business value for the WBL System are made by staff and management who are not daily users of the system, do not regularly access the system, and may not understand the What We Found

18 actual needs of the users. Finally, several NRC users were unaware of the WBL prioritized backlog and where to find it. The backlog allows internal users to access and view the current planned and prioritized enhancements.11 The change control process is outdated, and deficient communications surround its elements The information resources for the change control process are outdated.

Specifically, the WBL change control process internal SharePoint site provides resources for WBL users who want information about the system and is the main site used for knowledge management and sharing. However, the SharePoint site has not been updated and contains outdated information (i.e., points of contact and the stakeholder list for each WBL module). As a result of the OIGs review, the NRC added a disclaimer to the site notifying users that it is outdated. However, the WBL Change Control Procedure was last updated in 2018, and it also contains outdated information related to the module points of contact list and the Management Advisory Panel, which no longer exists.

The OIG found that communication about the elements of the change control process is deficient. Several users stated that the change control process is not transparent. Some points of contact also stated they were unaware of their assigned module role and referred to other staff as a better resource for information related to the system and module processes.

Communications regarding the WBL System enhancements could also be improved. The SharePoint site contains a listing of the WBL deployed enhancements, but that list has not been updated since February 2024.

Therefore, users would not know about subsequent enhancements unless they accessed the WBL Backlog dashboard. Additionally, when enhancements are made to the WBL System, users are emailed a notification of the changes.

However, several users described the notifications as vague and said that they must seek clarification of what changes were made to the system. Also, several user groups are not included in the notification emails, and as a result, 11 Agreement State users receive quarterly snapshots and participate in quarterly meetings to provide input and help reprioritize requests. However, because Agreement State users are external users, they cannot access the backlog in real-time to see where the changes are or whether the changes will be made.

Why This Occurred

19 they only learn of changes from other staff or when they access the system and notice the changes.

Reduced submission of ideas to make the system more efficient and effective Limited collaboration and familiarity with the change control process prevents the submission and implementation of ideas that may make the system more efficient and effective. Enhancements to the WBL System can indirectly affect all WBL users, and changes to the system that could benefit all users may not be suggested. Lack of transparency in the process leads to hesitance from the users to submit change requests. That hesitance also extends to users feeling their suggestions are pointless because specific modules appear to be prioritized more than others. Finally, the prioritization list may not reflect user needs because it does not incorporate various suggestions from staff that could benefit the system. Since the WBL budget is steadily decreasing, management should ensure the prioritization list reflects user needs.

Recommendations The OIG recommends that the EDO:

4.1.

Update the Web-Based Licensing System Change Control Procedure and related information resources to accurately reflect the current process and issue a memo to WBL users informing them of the updated process; and, 4.2.

Clarify the role of a Web-Based Licensing System module point of contact and update the points of contact list for the Web-Based Licensing System Change Control Procedure.

5. Several WBL System Enhancements do not Work as Intended The NRC should enhance its data architecture to ensure sufficient and scalable capacity to ingest and process data from existing and new data sources to meet agency business needs. However, several of the WBL Why This Is Important

20 Systems enhancements hinder the processing of existing and new data, as the enhancements do not work as intended. This occurred because addressing the technical issues of WBL enhancements has not been a priority. As a result, users experience inefficiencies in editing WBL System-generated documents outside of the application and using these documents to support the processing of certain licensing actions. Further, the Agreement States may be hesitant to use the WBL System if there are issues with the systems capabilities.

Enhancements should ensure sufficient and scalable capacity to ingest and process data The NRC established a Data Strategy, which describes a collaborative approach to be undertaken by all agency offices, programs, functions, and staff in the continued growth and maturity of the agencys data management efforts. The first goal of the NRCs Data Strategy is to promote the secure management and governance of agency data by enhancing the agencys data architecture to ensure sufficient and scalable capacity to ingest and process data from existing and new data sources to meet agency business needs.

Several WBL enhancements do not work as intended Since its deployment, the WBL System has undergone many enhancements, and new capabilities have been added to improve its effectiveness and user efficiency. However, several enhancements do not work as intended, essentially rendering them useless. For example, the WBL System generates flawed licenses due to spacing issues between license conditions.12 Users mentioned that they must edit the licenses in PDFs to reduce the large gaps on licenses because the licenses do not look professional; they further mentioned that the gaps could increase the possibility a person may try to modify a license illegally. Additionally, users stated that generating cover letters presents an issue because the templates do not pull the information from the WBL System to fill specified fields. Users must instead edit the cover 12 NRC license conditions, which are requirements binding on the license holder, are issued in accordance with the NRCs regulations in 10 C.F.R. Chapter I and can include limitations on activities, materials, locations, and personnel.

What Is Required What We Found

21 letters to add the missing NRC seal and other information not generated in the template.

Furthermore, when completing simultaneous actions, such as multiple license amendments for the same license, users noted the information in the WBL System does not always synchronize with the most recent version of licensing information, nor does it apply the most recent changes made to the license when it is time to reconcile the license. Finally, the WBL System is not helpful in planning inspection trips because it does not use the correct location coordinates. The WBL Systems inspection planning tool will always generate a plan for the licensees main office, even if the field office is the location of the inspection.

Addressing the WBL enhancements technical issues has not been a priority As of January 2025, the backlog of enhancements to the WBL System totaled 354 items, with 135 items prioritized with business values. Users have submitted requests to the WBL IT Team to fix features and make enhancements to features that have already been deployed and implemented, such as those pertaining to license generation, inspection planning, and information syncing. However, these requests are considered low-priority due to their business value. Some requests, dating back to 2021, have yet to be analyzed and assigned a business value.

WBLs reduced utility leads to inefficiencies and reluctance to use the system Because some enhancements do not work as intended, users cannot take advantage of features that are intended to increase efficiency, such as the trip planning tool. Additionally, users spend extra time correcting licenses and cover letters that were not properly generated in WBL so they can continue processing certain licensing actions and prepare a consistent, high-quality work product.

Why This Occurred Why This Is Important

22 The NRCs goal is for all the Agreement States eventually to adopt the WBL System. However, enhancement issues may lead to reluctance from the Agreement States to use the WBL System, especially if the system is not working for its internal stakeholders. This would ultimately impact the goal of a more unified National Materials Program.13 While the WBL team determines the priority of the systems change requests, the OIG contends that all active features within the WBL System should be functional and operating correctly.

Recommendation The OIG recommends that the EDO:

5.1.

Prioritize and fix any current features within the Web-Based Licensing System that are not operating correctly.

6. The Licensing and Inspection Modules do not Contain Quality Data Data managed and maintained in an IT system should be appropriate, accurate, and timely. Several modules in the WBL System do not contain quality data. This occurred because controls and guidance promoting data quality have not been developed. The WBL System reports may contain errors because the data is unreliable.

Data managed and maintained should be appropriate, accurate, and timely OMB issued memorandum M-19-18, Federal Data Strategy - A Framework for Consistency,14 to enable agencies to use and manage federal data to serve the American people. This memorandum sets forth the critical twin goals of agencies getting optimal value from their data assets and of protecting security, privacy, and confidentiality. The Federal Data Strategy states that 13 The National Materials Program is the broad collective framework within which both the NRC and the Agreement States function in carrying out their respective regulatory programs for radioactive material.

14 OMB Memorandum for the Heads of Executive Departments and Agencies, Federal Data Strategy - A Framework for Consistency (June 4, 2019).

What Is Required

23 agencies should protect the quality and integrity of data, and validate that data is appropriate, accurate, objective, accessible, useful, understandable, and timely.

Similarly, the GAO Standards for Internal Control define quality information as information from relevant and reliable data that is appropriate, current, complete, accurate, accessible, provided on a timely basis, and meets identified information requirements.

The licensing and inspection modules do not contain quality data Several WBL modules do not contain accurate and current information. The OIG reviewed and analyzed information in the DUWP module and determined that many fields were missing information or had inconsistent data input. The OIG also analyzed data in the inspection module and determined that assist inspectionsinspections conducted by one region at the request of another regionare not accurately documented, and some are missing final inspection report information.

Controls and guidance that would promote data quality have not been developed The WBL System lacks automated enhancements that promote accurate and complete data entry. The DUWP module requires manual entry, which allows users to input information differently and potentially with errors. DUWP module users requested a standard entry format for the module, but that has not been implemented.

The agency created a data entry guide for the inspection module in the WBL System in response to previous OIG recommendations. However, the data entry guide does not include guidance for the inspection module data input, assist inspections, and general license inspections. Additionally, specific guidance on how data should be entered into each module has not been updated by the offices responsible for those modules. For example, regional inspectors complete general license inspections when they are at a facility that holds a specific NRC license and also possesses devices under an NRC-issued What We Found Why This Occurred

24 general license. To document these inspections, inspectors use specific docket numbers assigned to the regions, but this process is not documented in the guidance.

The WBL System reports may have errors because the data is unreliable The system cannot independently produce reliable reports for internal metrics. Specifically, reliable calculations for quarterly performance metrics cannot be efficiently produced from WBL because the data in DUWPs module is inaccurate and incomplete. However, the differences in data input make it difficult to sort and search the licensing milestones within that module.

In addition, staff have expressed concerns about managements awareness of the inspection work in the regions, especially if management relies on data strictly from the WBL System. The agencys inspection guidance notes that inspections contribute to the regions operating plan goals, but unattributed inspections will reflect poorly on the regions performance. Further, inspections will continue to be improperly documented if the process for the documentation for assist inspections is not consistent across the regions.

Lack of guidance also leads to an overreliance on specific staff in each region to provide knowledge management on data entry practices for the WBL modules and dashboards to identify any errors.

Recommendations The OIG recommends that the EDO:

6.1.

Identify and automate the appropriate data entry areas within the Decommissioning, Uranium Recovery, and Waste Programs module to promote accurate, complete, and standardized data entry; 6.2. Update existing inspection data entry guidance to include how to document assist inspections and general license inspections; and, Why This Is Important

25 6.3. Review the existing guidance for each Web-Based Licensing System module and update it to reflect current data entry practices, as appropriate.

7. The WBL System Data is not Readily Available for the Agency to use in other Applications The NRC should manage its data to be accessible and available and leverage it to support and promote its mission. However, the data from the WBL System is not readily available for use in other applications because the systems search and report functions are complex and difficult to use. Non-streamlined search results could negatively impact the ability to meet regulatory requirements efficiently.

Data should be accessible to perform data analysis in support of business outcomes According to the Federal Data Strategy, agencies should protect the quality and integrity of data by validating that it is accessible. OMB Circular No. A-130, Managing Information as a Strategic Resource,15 states that information systems and processes must support and maximize the interoperability and access to information, where appropriate, by using documented, scalable, and continuously available application programming interfaces and open machine-readable formats.

The NRCs Data Strategy notes that as the agency continues to enhance its position as a modern, risk-informed regulator, leveraging data as a strategic asset remains a top priority. Effectively managing data from end to end helps ensure that the data is secure, accessible, available, and trusted. This enables the agency to leverage the data within and across organizational bounds and functional programs to gain insights to support and promote its mission.

15 OMB Memorandum to the Heads of Executive Departments and Agencies, Managing Information as a Strategic Resource (July 28, 2016).

What Is Required

26 The data from the WBL System is not readily available for use The WBL Systems data is not readily available, and users experience inefficiencies when accessing licensing and inspection data from the system.

For example, due to the different types of materials licenses, users must run reports in multiple modules to get inspection information for the regions.

Additionally, it is difficult to find information on general licenses and inspections in the system.

The WBL Systems search and report functions are complex and difficult to use The WBL System includes numerous options for querying information such as license information, inspection information, assigned staff, and generally licensed device information. However, the OIG was informed that users must think the way WBL would think to access the correct information because the search interface and functionality are too complicated. Figure 2 illustrates the WBLs search interface for the inspection module. The WBL System also includes advanced search capabilities for users to create and save customized searches. However, users expressed difficulty in running customized searches in the WBL System without the assistance of a contractor.

What We Found Why This Occurred

27 Figure 2: WBL System, Inspection Module Search Interface Source: WBL System Furthermore, the general license search function differs from the other modules that users access. For example, to search within the GLTS module, a user must use extra symbols, and the search can only run specific search parameters. This is likely because the contractor is responsible for entering the licensee-submitted general license registrations into the WBL System, and NRC staff do not enter any data themselves. However, GLTS users include NRC staff who access the information to ensure licensees have registered their devices or materials as required by the NRCs rules and to ensure the agency can process fee-billing actions.

28 Non-streamlined search results could negatively impact the ability to efficiently meet regulatory requirements While the systems functionality does not hinder staffs ability to complete licensing and inspection actions according to agency guidance, the effort to get data from WBL is cumbersome, requiring additional time to find necessary information. For example, the inability to view all regional inspection data in one report could result in NRC staff not seeing all upcoming and completed inspections, if they are unaware of all the modules they need to access to obtain that information. As a result, staff could potentially be unaware of certain inspections that need to be completed.

Finally, the search functionality limits the use of WBL data because it is difficult to develop data sets that can be used in other reports, analyses, and visualizations. Several users expressed frustration with WBL not being able to easily provide data requested by management. Since WBL is the NRCs main system to maintain all materials licensing and inspection data, it should efficiently generate complete and accurate reports.

Recommendations The OIG recommends that the EDO:

7.1.

Identify and implement strategies that improve the search functionality of the Web-Based Licensing System; and, 7.2. Update the Web-Based Licensing System to make the search functionality consistent across all the modules.

Why This Is Important

29 The OIG recommends that the Executive Director for Operations:

1.1.

Update the inactivity control in the Nuclear Material FISMA Systems-system security plan to include references to the 30-minute deviation request and approval; 1.2.

Update the Web-Based Licensing System User Guides instructions on clearing the cache to access the system without closing the browser; 2.1.

Evaluate and update the Web-Based Licensing System to ensure users assigned to multiple roles may perform tasks associated with the highest access rights; 2.2. Update the Web-Based Licensing Systems user role descriptions to ensure users capabilities in the system are properly defined; 2.3. Develop and implement a process to periodically update user roles in the Web-Based Licensing System to ensure users may perform tasks commensurate with their assigned NRC responsibilities; 3.1.

Update the Web-Based Licensing System User Guide to incorporate guidance on how to use the new modules added to the WBL System, and describe how to use new enhancements to the system; 3.2. Establish a schedule to periodically review the Web-Based Licensing System User Guide and determine if it incorporates significant enhancements made on how to use the system; 4.1.

Update the Web-Based Licensing System Change Control Procedure and related information resources to accurately reflect the current process and issue a memo to WBL users informing them of the updated process; IV. CONSOLIDATED LIST OF RECOMMENDATIONS

30 4.2. Clarify the role of a Web-Based Licensing System module point of contact and update the points of contact list for the Web-Based Licensing System Change Control Procedure; 5.1.

Prioritize and fix any current features within the Web-Based Licensing System that are not operating correctly; 6.1.

Identify and automate the appropriate data entry areas within the Decommissioning, Uranium Recovery, and Waste Programs module to promote accurate, complete, and standardized data entry; 6.2. Update existing inspection data entry guidance to include how to document assist inspections and general license inspections; 6.3. Review the existing guidance for each Web-Based Licensing System module and update it to reflect current data entry practices, as appropriate; 7.1.

Identify and implement strategies that improve the search functionality of the Web-Based Licensing System; and, 7.2. Update the Web-Based Licensing System to make the search functionality consistent across all the modules.

31 The OIG held an exit conference with the agency on May 27, 2025. Before the exit conference, agency management reviewed and provided comments on the discussion draft version of this report, and the OIG discussed these comments with the agency during the conference. Following the conference, agency management stated their general agreement with the findings and recommendations in this report and opted not to provide additional comments. The OIG has incorporated the agencys comments into this report, as appropriate.

V. NRC COMMENTS

32 Objective The audit objective was to determine if the WBL System effectively manages the NRCs materials licensing and inspection information, and provides for the security, availability, and integrity of the system data.

Scope This audit focused on the management and use of the WBL System by NRC offices and Agreement States, including the implemented security and data governance practices, and processes to enhance the system and improve its functionality. We conducted this performance audit at NRC headquarters in Rockville, Maryland, from September 2024 to March 2025.

Internal controls related to the audit objective were reviewed and analyzed.

Specifically, the OIG reviewed the components of the control environment, risk assessments, control activities, information and communication, and monitoring.

Within those components, the OIG reviewed the principles of:

  • establishing organizational structure, assigning responsibility, and delegating authority to achieve the entitys objectives;
  • evaluating performance and holding individuals accountable for their internal control responsibilities;
  • defining objectives clearly to enable the identification of risks and define risk tolerances;
  • identifying, analyzing, and responding to risks related to achieving the defined objectives;
  • considering the potential for fraud when identifying, analyzing, and responding to risks;
  • identifying, analyzing, and responding to significant changes that could impact the internal control system;
  • designing control activities to achieve objectives and respond to risks;
  • designing the entitys information system and related control activities to achieve objectives and respond to risks;
  • implementing control activities through policies;
  • using quality information to achieve the entitys objectives;
  • internally communicating the necessary quality information to achieve the entitys objectives; OBJECTIVE, SCOPE, AND METHODOLOGY

33

  • externally communicating the necessary quality information to achieve the entitys objectives;
  • establishing and operating monitoring activities to monitor the internal control system and evaluate the results; and,
  • remediating identified internal control deficiencies on a timely basis.

Methodology The OIG reviewed relevant criteria for this audit, including but not limited to:

  • NIST Special Publication 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations;
  • Nuclear Material FISMA Systems - System Security Plan;
  • ISMP Rules of Behavior and Security Awareness Training;
  • WBL Privacy Impact Assessment;
  • 2023 WBL User Guide;
  • WBL System training;
  • Web-Based Licensing System Change Control Procedure;
  • WBL System data entry guidance for the Inspection, Export/Import, DUWP, and STIMS/FFIMS modules;
  • ISMP Support Contract and Performance Work Statement;
  • NMSS Independent Verification & Validation Contract and Performance Work Statement;
  • U.S. NRCs IT/IM Strategic Plan;
  • Appendix III to OMB Circular No. A-130; and,
  • NRC Data Strategy.

The OIG interviewed the WBL Business and WBL IT Teams to understand how the WBL System is managed. The OIG interviewed NRC staff and management in NMSS, the Office of International Programs, the Office of the Chief Financial Officer, and all four Regional Offices to determine how the WBL System and its data are used in performing licensing and inspection work and to identify any potential challenges utilizing the system. The OIG sent a voluntary survey to the Agreement States personnel to identify and determine how the system is used and any potential challenges with the WBL System. The OIG performed analyses of the WBL System to evaluate the security, availability, and integrity of the system data, including analysis of the session inactivity and termination security controls, the WBL System maintenance schedule, and the data in the License, Inspection, and DUWP modules and dashboards.

34 We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Throughout the audit, auditors considered the possibility of fraud, waste, and abuse in the program.

The audit was conducted by Mike Blair, Team Leader; Janelle Davis, Audit Manager; Manpreet Sandhu, Auditor; Salma Rahaman, Management Analyst; and, Angelina Nguyen, Management Analyst Intern.

35 Please

Contact:

Online:

Hotline Form Telephone:

1.800.233.3497 TTY/TDD:

7-1-1, or 1.800.201.7165 Address:

U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program Mail Stop O12-A12 11555 Rockville Pike Rockville, Maryland 20852 If you wish to provide comments on this report, please email the OIG using this link.

In addition, if you have suggestions for future OIG audits, please provide them using this link.

TO REPORT FRAUD, WASTE, OR ABUSE COMMENTS AND SUGGESTIONS NOTICE TO NON-GOVERNMENTAL ORGANIZATIONS AND BUSINESS ENTITIES SPECIFICALLY MENTIONED IN THIS REPORT Section 5274 of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, Pub. L.

No. 117-263, amended the Inspector General Act of 1978 to require OIGs to notify certain entities of OIG reports. In particular, section 5274 requires that, if an OIG specifically identifies any non-governmental organization (NGO) or business entity (BE) in an audit or other non-investigative report, the OIG must notify the NGO or BE that it has 30 days from the date of the reports publication to review the report and, if it chooses, submit a written response that clarifies or provides additional context for each instance within the report in which the NGO or BE is specifically identified.

If you are an NGO or BE that has been specifically identified in this report and you believe you have not been otherwise notified of the reports availability, please be aware that under section 5274 such an NGO or BE may provide a written response to this report no later than 30 days from the reports publication date. Any response you provide will be appended to the published report as it appears on our public website, assuming your response is within the scope of section 5274. Please note, however, that the OIG may decline to append to the report any response, or portion of a response, that goes beyond the scope of the response provided for by section 5274. Additionally, the OIG will review each response to determine whether it should be redacted in accordance with applicable laws, rules, and policies before we post the response to our public website.

Please send any response via email using this link. Questions regarding the opportunity to respond should also be directed to this same address.

Retrieved from "https://kanterella.com/w/index.php?title=ML25181A535&oldid=5517255"