tffcD STA,
.0 U.S. Environmental Protection Agency 11-P-0725
^ Office of Inspector General September 30,2011
SiU!
^ At a Glance
Catalyst for Improving the Environment
Why We Did This Review
The U.S. Environmental
Protection Agency (EPA),
Office of Inspector General
(OIG), conducted this audit to
identify technical
vulnerabilities associated with
the Agency's network devices
located in EPA's Region 9
headquarters building, and to
assess the security posture of
the Region 9 computer room.
Results of this audit were
provided to the appropriate
EPA officials who can then
promptly remediate and/or
document their planned
actions to resolve the
identified technical
vulnerabilities and computer
room security findings.
Background
This audit was conducted in
support of the annual audit of
EPA's compliance with the
Federal Information Security
Management Act.
Region 9 Technical and Computer Room
Security Vulnerabilities Increase Risk to
EPA's Network
What We Found
OIG technical vulnerability scans conducted at Region 9 headquarters revealed a
multitude of high-risk and medium-risk vulnerabilities. These vulnerabilities were
identified on Region 9 servers, desktops, and printers. The exploitation of
unidentified and unremediated vulnerabilities could greatly impact the network
security posture of Region 9 headquarters and/or the entire EPA network by
exposing Agency data, information, and configurations to unauthorized access.
The OIG physical and environmental control review of the Region 9 computer
room found that sufficient protections were not in place to safeguard critical
information technology assets and associated data from the risk of damage and/or
loss.
What We Recommend
We recommend that the Senior Information Official, Region 9:
• Remediate high-risk and medium-risk technical vulnerabilities
• Remediate physical and environmental control deficiencies
The full report is not available to the public due to the sensitive nature of its
technical findings.
For further information,
contact our Office of
Congressional and Public
Affairs at (202) 566-2391.
-------� |