U.S. Environmental Protection Agency
                 Office of Inspector General

                 At  a  Glance
                                                                                    09-P-0053
                                                                              December 9, 2008
                                                           Catalyst for Improving the Environment
Why We Did This Review

The Office of Inspector
General contracted with
Williams, Adley & Company,
LLP, to conduct the annual
audit of the U.S.
Environmental Protection
Agency's (EPA's) compliance
with the Federal Information
Security Management Act
(FISMA).  Williams, Adley &
Company, LLP, conducted the
network vulnerability testing
of the Agency's local area
network located at EPA's
Radiation and Indoor
Environments National
Laboratory in Las Vegas,
Nevada.
                            Results of Technical Network Vulnerability
                            Assessment:  EPA's Radiation and Indoor
                            Environments National Laboratory
                             What Williams, Adley & Company, LLP, Found
                            Vulnerability testing of EPA's Radiation and Indoor Environments National
                            Laboratory (R&IEN) network identified Internet Protocol addresses with
                            medium-risk vulnerabilities.  The R&IEN Laboratory has taken appropriate
                            actions to resolve the network vulnerabilities under their control. Therefore, we
                            are closing this audit report upon issuance in our audit tracking system. However,
                            we made recommendations in a separate audit report to the Director of the
                            National Computer Center to resolve the open vulnerabilities for information
                            technology assets under their control.

                            Due to the sensitive nature of this early warning report's technical findings, the
                            full report is not available to the public.
Background

The network vulnerability
testing was conducted to
identify any network risk
vulnerabilities and present the
results to the appropriate EPA
officials to promptly
remediate or document
planned actions to resolve the
vulnerability.
pic
vu
For further information,
contact our Office of
Congressional, Public Affairs,
and Management at
(202)566-2391.


-------