Recommendations

"Develop and implement a process to perform continuous monitoring activities to
fully evaluate third-party providers’ information technology environments for security changes or threats."

Develop and conduct contingency plan and incident response testing exercises that include and/or mimic a ransomware event and incorporate the lessons learned into the site’s recovery and response capabilities.

Implement more effective oversight of data protection by the Information Technology Services Directorate, such as a review process, to determine what data should be backed up and ensure that appropriate corrective actions are taken.

Ensure that the contractual requirements included in applicable Department directives are flowed down to the support subcontractors or define specific reporting requirements for when an event occurs such as a ransomware attack.

Perform a comprehensive review of E3S for K-Area to identify whether there are gaps in access controls or SRS established procedures that have led to personnel accountability exceptions

Ensure additional compensatory measures are put in place and implemented to address any gaps identified based on the review

Implement monthly reviews of E3S exception logs to ensure timely identification of trends or determine the root causes of personnel accountability exceptions and address any issues identified

Ensure compensatory measures are put in place and implemented to address any gaps identified based on the comprehensive review performed in conjunction with the Savannah River Operations Office

Implement monthly reviews of E3S exception logs to ensure timely identification of trends or determine the root causes of personnel accountability exceptions and address any issues identified

Develop a tool to analyze the data in CBFish and identifying potential issues.