EPA information systems vulnerable, IG says

Program officers at the Environmental Protection Agency have not complied with federal information security requirements and have left the agency's CIO without timely and accurate security data, according to EPA's Inspector General.

In a report, the IG found several major EPA applications that failed to meet standards outlined in the Federal Information Security Management Act and lacked adequate certification and accreditation, contingency planning and a process for monitoring security vulnerabilities.

'EPA could have discovered these inconsistencies if it had implemented verification and validation processes to review program offices' compliance with established federal and agency requirements,' the report said. 'Without these processes, EPA mission-critical information systems may not be adequately protected against known security vulnerabilities or be available in a timely manner in the event of an emergency or disaster.'

FISMA, part of the E-Government Act of 2002, requires agencies to develop policies and procedures that protect agency information assets.

The IG reviewed five major agency applications and found that none of their certification and accreditation packages complied with federal requirements. In particular, one application was operating with an expired security plan, another was operating with a security plan that was not updated, and two had security plans that did not reflect the current application status.

'Based on our findings, senior agency officials did not have a reasonable basis for accrediting the applications,' the report said. 'EPA places itself as greater risk because it could not be sure that adequate steps have been taken to eliminate or mitigate risks.'

EPA officials, the report said, agreed with the IG's conclusions.

inside gcn

  • Global Precipitation Measurement of Florence

    USDA geotargets the press

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group