U.S. Environmental Protection Agency
Office of Inspector General
At a Glance
09-P-0187
June 30, 2009
Catalyst for Improving the Environment
Why We Did This Review
The Office of Inspector
General contracted with
Williams, Adley & Company,
LLP, to conduct the annual
audit of the U.S.
Environmental Protection
Agency's (EPA's) compliance
with the Federal Information
I Security Management Act
(FISMA). Williams, Adley &
Company, LLP, conducted the
I network vulnerability testing
of the Agency's local area
network located at EPA's
Region 8 office in Denver,
Colorado.
Background
The network vulnerability
testing was conducted to
identify any network risk
vulnerabilities and present the
results to the appropriate
EPA officials to promptly
remediate or document
planned actions to resolve the
vulnerability.
For further information,
contact our Office of
Congressional, Public Affairs
and Management at
(202)566-2391.
Results of Technical Network Vulnerability
Assessment: Region 8
What Williams, Adley & Company, LLP, Found
Vulnerability testing conducted in April 2009 of EPA's Region 8 network
identified Internet Protocol addresses with numerous high-risk vulnerabilities.
If not resolved, these vulnerabilities could expose EPA's assets to unauthorized
access and potential harm to the Agency's network.
What Williams, Adley & Company, LLP, Recommends
Williams, Adley & Company, LLP, recommends that the Region 8 Director of
Technical and Management Services:
• Implement actions to address all high-risk vulnerability findings.
• Update EPA's Automated Security Self Evaluation and Remediation
Tracking (ASSERT) system.
• Perform a technical vulnerability assessment test of Region 8' s network
within 30 days to demonstrate and document corrective actions that have
resolved the vulnerabilities.
Due to the sensitive nature of the report's technical findings, the full report is not
available to the public.
-------� |