vt£D STj,r

j-> J- U.S. Environmental Protection Agency	10-P-0211

?	nffironflncnorW^onoral	September 7, 2010

•	U • O • ^1 I V11 vl 111ICI I LCI I I I UlUl/ll

<	\ Office of Inspector General

1 W i

At a Glance

Catalyst for Improving the Environment

Why We Did This Review

As part of the annual audit of
the U.S. Environmental
Protection Agency's (EPA's)
compliance with the Federal
Information Security
Management Act, the Office
of Inspector General (OIG)
conducted network
vulnerability testing of the
Agency's network devices in
EPA's Erlanger Building
located in Erlanger, Kentucky.

Background

Network vulnerability testing
was conducted to identify any
network risk vulnerabilities
and to present the results to
the appropriate EPA officials,
who can then promptly
remediate or document
planned actions to resolve the
vulnerability.

Results of Technical Network Vulnerability
Assessment: EPA's Erlanger Building

What We Found

Vulnerability testing of EPA's Erlanger Building network conducted in June 2010
identified Internet Protocol addresses with numerous high-risk and medium-risk
vulnerabilities. The OIG met with EPA information security personnel to discuss
the findings. If not resolved, these vulnerabilities could expose EPA's assets to
unauthorized access and potentially harm the Agency's network.

What We Recommend

We recommend that the Director, Enterprise Desktop Solutions Division, Office
of Environmental Information, and the Director, Information Resources
Management Division - Cincinnati, Office of Administration and Resources
Management:

•	Provide the OIG a status update for all identified high-risk and medium-risk
vulnerability findings contained in this report.

•	Create plans of action and milestones in the Agency's Automated Security
Self-Evaluation and Remediation Tracking system for all vulnerabilities that
cannot be corrected within 30 days of this report.

•	Perform a technical vulnerability assessment test of assigned network
resources within 60 days to confirm completion of remediation activities.

For further information,
contact our Office of
Congressional, Public Affairs
and Management at
(202) 566-2391.

To view the full report,
click on the following link:
www.epa.qov/oiq/reports/2010/
20100907-10-P-0211.pdf

Due to the sensitive nature of the report's technical findings, the attachments are
not available to the public.


-------