An independent audit [PDF file] conducted by Richard S. Carson & Associates recently examined the U.S. Nuclear Regulatory Commission's implementation of the Federal Information Security Management Act (FISMA).
"According to the report, the U.S. nuclear reactor safety and security watchdog has made some improvements in its IT security efforts, but also has much more work to do," writes ITworld's George V. Hulme. "'While the agency has continued to make improvements in its information system security program and has made progress in implementing the recommendations resulting from previous FISMA evaluations, the independent evaluation identified three information system security program weaknesses,' the report said."
"Areas in need of improvement include bolstering its Plan of Action and Milestones, development of an organization-wide risk management strategy, and consistently implementing its configuration management procedures," Hulme writes.
Go to "Nation's nuclear power watchdog comes up short on infosec compliance" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.