U.S. Environmental Protection Agency
Office of Inspector General
At a Glance
09-P-0054
December 9, 2008
Catalyst for Improving the Environment
Why We Did This Review
The Office of Inspector
General contracted with
Williams, Adley & Company,
LLP, to conduct the annual
audit of the U.S.
Environmental Protection
Agency's (EPA's) compliance
with the Federal Information
Security Management Act
(FISMA). Williams, Adley &
Company, LLP, conducted the
network vulnerability testing
of the Agency's local area
network located at EPA's Las
Vegas Finance Center in Las
Vegas, Nevada.
Background
The network vulnerability
testing was conducted to
identify any network risk
vulnerabilities and present the
results to the appropriate EPA
officials to promptly
remediate or document
planned actions to resolve the
vulnerability.
For further information,
contact our Office of
Congressional, Public Affairs,
and Management at
(202)566-2391.
Results of Technical Network Vulnerability
Assessment: EPA's Las Vegas Finance Center
What Williams, Adley & Company, LLP, Found
Vulnerability testing of EPA's Las Vegas Finance Center network identified
Internet Protocol addresses with medium-risk vulnerabilities. Although Las
Vegas Finance Center personnel have taken actions to remediate the findings,
supporting documentation is needed to support the resolution of each
vulnerability.
What Williams, Adley & Company, LLP, Recommends
Williams, Adley & Company, LLP, recommends that the Director of the Las
Vegas Finance Center:
• Complete actions to provide the Office of Inspector General documentation
for each finding.
• Update EPA's Automated Security Self Evaluation and Remediation
Tracking (ASSERT) system.
• Perform a technical vulnerability assessment test of the Las Vegas Finance
Center network within 30 days to demonstrate and document corrective
actions that have resolved the vulnerabilities.
Due to the sensitive nature of this early warning report's technical findings, the
full report is not available to the public.
-------� |