The National Assessment Nuclear Cybersecurity (NANCY) Tool is a free web-based self-assessment tool developed by the NNSA Office of International Nuclear Security (INS) envisaged to assist partner countries in assessing the level of implementation maturity of their computer security infrastructure for nuclear facilities and associated activities.
Policy makers, competent authorities, operators, shippers and carriers can use the website to assess, prioritize and improve their computer security infrastructure.
Any user can complete a self-assessment using the NANCY Tool in as little as few hours.
The NANCY Tool criteria are aligned with relevant good practices stemming from the International Atomic Energy Agency (IAEA) nuclear security series guidance.
The NANCY Tool uses a scale of maturity indicators clustered on three levels:
- Meets the criteria
- Partially meets the criteria
- Does not meet the criteria
This maturity model provides a benchmark for competent authorities, operators, and other users to assess the level of capability of the existing computer security infrastructure, while guiding next steps and priorities for its improvement.
The Tool offers interactive features that:
- Allow users to anonymously input answers
- Generate a detailed, graphic report upon completion
- Provide a high-level description of the status of the respondent's computer security infrastructure
- Provide an overview of areas that would benefit from further improvement
- Provide an understanding of the general aspects of computer security applicable to nuclear facilities and associated activities
- Conduct a self-assessment on the existing computer security framework in the country
- Identify gaps and areas in the computer security framework to be strengthened in the future
- Inform the further development of computer security framework