EPA information systems vulnerable, IG says

Program officers at the Environmental Protection Agency have not complied with federal information security requirements and have left the agency's CIO without timely and accurate security data, according to EPA's Inspector General.

In a report, the IG found several major EPA applications that failed to meet standards outlined in the Federal Information Security Management Act and lacked adequate certification and accreditation, contingency planning and a process for monitoring security vulnerabilities.

'EPA could have discovered these inconsistencies if it had implemented verification and validation processes to review program offices' compliance with established federal and agency requirements,' the report said. 'Without these processes, EPA mission-critical information systems may not be adequately protected against known security vulnerabilities or be available in a timely manner in the event of an emergency or disaster.'

FISMA, part of the E-Government Act of 2002, requires agencies to develop policies and procedures that protect agency information assets.

The IG reviewed five major agency applications and found that none of their certification and accreditation packages complied with federal requirements. In particular, one application was operating with an expired security plan, another was operating with a security plan that was not updated, and two had security plans that did not reflect the current application status.

'Based on our findings, senior agency officials did not have a reasonable basis for accrediting the applications,' the report said. 'EPA places itself as greater risk because it could not be sure that adequate steps have been taken to eliminate or mitigate risks.'

EPA officials, the report said, agreed with the IG's conclusions.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected