vt£D STj,r j-> J- U.S. Environmental Protection Agency 10-P-0211 ? nffironflncnorW^onoral September 7, 2010 • U • O • ^1 I V11 vl 111ICI I LCI I I I UlUl/ll < \ Office of Inspector General 1 W i At a Glance Catalyst for Improving the Environment Why We Did This Review As part of the annual audit of the U.S. Environmental Protection Agency's (EPA's) compliance with the Federal Information Security Management Act, the Office of Inspector General (OIG) conducted network vulnerability testing of the Agency's network devices in EPA's Erlanger Building located in Erlanger, Kentucky. Background Network vulnerability testing was conducted to identify any network risk vulnerabilities and to present the results to the appropriate EPA officials, who can then promptly remediate or document planned actions to resolve the vulnerability. Results of Technical Network Vulnerability Assessment: EPA's Erlanger Building What We Found Vulnerability testing of EPA's Erlanger Building network conducted in June 2010 identified Internet Protocol addresses with numerous high-risk and medium-risk vulnerabilities. The OIG met with EPA information security personnel to discuss the findings. If not resolved, these vulnerabilities could expose EPA's assets to unauthorized access and potentially harm the Agency's network. What We Recommend We recommend that the Director, Enterprise Desktop Solutions Division, Office of Environmental Information, and the Director, Information Resources Management Division - Cincinnati, Office of Administration and Resources Management: • Provide the OIG a status update for all identified high-risk and medium-risk vulnerability findings contained in this report. • Create plans of action and milestones in the Agency's Automated Security Self-Evaluation and Remediation Tracking system for all vulnerabilities that cannot be corrected within 30 days of this report. • Perform a technical vulnerability assessment test of assigned network resources within 60 days to confirm completion of remediation activities. For further information, contact our Office of Congressional, Public Affairs and Management at (202) 566-2391. To view the full report, click on the following link: www.epa.qov/oiq/reports/2010/ 20100907-10-P-0211.pdf Due to the sensitive nature of the report's technical findings, the attachments are not available to the public. ------- |