Information Resources Management Reports

Helping the Agency maintain confidentiality, integrity, and availability of its systems and data.



Reports Sorted by Topic: Information Resources Management
« All Reports

You will need Adobe Reader to view some of the files on this page. See EPA's PDF page to learn more.

Report Title Date Agency Response IG Comment on Response
EPA Needs to Improve Management of the Cross-Media Electronic Reporting Regulation Program in Order to Strengthen Protection of Human Health and the Environment [Report PDF - 29pp, 297KB] [At a Glance PDF - 45KB] March 21, 2014    
EPA's Information Systems and Data Are at Risk Due to Insufficient Training of Personnel With Significant Information Security Responsibilities [Report PDF - 28pp, 311KB] [At a Glance PDF - 44KB] March 21, 2014    
EPA Needs to Improve Safeguards for Personally Identifiable Information [Report PDF - 24pp, 314KB] [At a Glance PDF - 43KB] February 24, 2014    
Fiscal Year 2013 Federal Information Security Management Act Report: Status of EPA's Computer Security Program [Report PDF - 20pp, 211KB] [At a Glance PDF - 44KB] [Accessible TEXT File - 29KB] November 26, 2013    
Congressionally Requested Inquiry Into the EPA's Use of Private and Alias Email Accounts [Report PDF - 27pp, 313KB] [At a Glance PDF - 45KB] September 26, 2013    
Controls and Oversight Needed to Improve Administration of EPA's Customer Service Lines [Report PDF - 16pp, 666KB] [At a Glance PDF - 45KB] September 26, 2013 PDF - 1pp, 440KB PDF - 1pp, 139KB
Improved Contract Administration Needed for the Customer Technology Solutions Contract [Report PDF - 37pp, 359KB] [At a Glance PDF - 45KB] September 16, 2013    
Controls Over EPA's Compass Financial System Need to Be Improved [Report PDF - 18pp, 202KB] [At a Glance PDF - 44KB] August 23, 2013    
Improved Internal Controls Needed in the Gulf of Mexico Program Office, Report No. 13-P-0271, [Report PDF - 33pp, 272KB ] [At a Glance PDF - 44KB] May 30, 2013    
Briefing Report: Improvements Needed in EPA’s Information Security Program [Report PDF - 34pp, 268KB] [At a Glance PDF - 45KB] May 13, 2013 PDF - 5pp, 46KB PDF - 1pp, 162KB
Improvements Needed to Secure IT Assets at EPA-Owned Research Facilities [Report PDF - 40pp, 380KB] [At a Glance PDF - 44KB] May 8, 2013 PDF - 9pp, 1,425KB PDF - 1pp, 130KB
Review of Hotline Complaint on EPA’s Pre-Award Activities for Multiple Award Contracts at the National Computer Center [Report PDF - 10pp, 170KB] [At a Glance PDF - 43KB] April 15, 2013    
Congressionally Requested Information on EPA Utilization of Integrated Risk Information System [Report PDF - 31pp, 535KB] [At a Glance PDF - 43KB] January 31, 2013    
Fiscal Year 2012 Federal Information Security Management Act Report Status of EPA’s Computer Security Program [Report PDF - 23pp, 289KB] [ ] October 26, 2012    
Results of Technical Network Vulnerability Assessment: EPA’s National Vehicle and Fuel Emissions Laboratory [Report PDF - 8pp, 158KB] [At a Glance PDF - 44KB] September 27, 2012 PDF - 2pp, 209KB (OAR)
PDF - 3pp, 452KB (OEI)
PDF - 1pp, 150KB (OAR)
PDF - 1pp, 166KB (OEI)
Improvements Needed in EPA’s Network Security Monitoring Program, [Report PDF - 33pp, 272KB ] [At a Glance PDF - 44KB] September 27, 2012 PDF - 5pp, 706KB (OEI) PDF - 1pp, 140KB (OEI)
EPA’s Office of Environmental Information Should Improve Ariel Rios and Potomac Yard Computer Room Security Controls [PDF - 17pp, 243KB] [PDF - 85KB] September 26, 2012 PDF - 5pp, 694KB PDF - 1pp, 178KB
EPA’s Radiation and Indoor Environments National Laboratory Should Improve Its Computer Room Security Controls [PDF - 16pp, 181KB] [PDF - 43KB] September 21, 2012 PDF - 2pp, 336KB PDF - 1pp, 160KB
EPA Should Improve Management Practices and Security Controls for Its Network Directory Service System and Related Servers, Report No. 12-P-0836, [ ] [At a Glance PDF - 43KB] Sept 20, 2012 PDF - 1PP, 242KB (OEI)
PDF - 2PP, 250KB (OARM)
PDF - 1PP, 127KB (OEI)
PDF - 1PP, 139KB (OARM)
Results of Technical Network Vulnerability Assessment: EPA’s Region 6, Report No. 12-P-0659, [Report PDF - 9pp, 168KB] [At a Glance PDF - 43KB] Aug 10, 2012 PDF - 3pp, 288KB PDF - 1pp, 154KB
EPA Did Not Properly Migrate General Ledger Balances to Compass From the Integrated Financial Management System, Report No. 12-P-0559, [Report PDF - 30pp, 381KB] [At a Glance PDF - 37KB] July 9, 2012    
EPA Data Standards Plan Completed But Additional Steps Are Needed, Report No. 12-P-0519 [Report PDF - 24pp, 213KB] [At a Glance PDF - 43KB] June 5, 2012    
Results of Technical Network Vulnerability Assessment: EPA’s Region 1, Report No. 12-P-0518 [Report PDF - 8pp, 155KB] [At a Glance PDF - 43KB] June 5, 2012 PDF - 4pp, 541KB
PDF - 2pp, 368KB
PDF - 4pp, 139KB
PDF - 2pp, 135KB
Office of Environmental Information Should Strengthen Controls Over Mobile Devices, Report No. 12-P-0427 [Report PDF - 28pp, 271KB] [At a Glance PDF - 37KB] April 25, 2012 PDF - 5pp, 245KB PDF - 4pp, 675KB
Region 10 Technical and Computer Room Security Vulnerabilities Increase Risk to EPA’s Network, Report No. 12-P-0220 [At a Glance PDF - 1pp, 44KB] January 20, 2012 PDF 1pp, 528 KB PDF 1pp, 64 KB
Fiscal Year 2011 Federal Information Security Management Act Report: Status of EPA's Computer Security Program , Report No. 12-P-0062 [Report PDF - 18pp, 212KB] November 9, 2011    
Region 9 Technical and Computer Room Security Vulnerabilities Increase Risk to EPA’s Network, Report No. 11-P-0725 [At a Glance PDF - 42KB] September 30, 2011 PDF - 1pp, 490KB PDF - 1pp, 95KB
EPA's Contract Oversight and Controls Over Personal Computers Need Improvement, Report No. 11-P-0705 [Report PDF - 27pp, 162KB] [At a Glance PDF - 39KB] September 26, 2011 PDF 3pp, 494 KB (OARM)
PDF 2pp, 285 KB (OEI)
PDF 7pp, 965 KB
EPA Has Not Fully Implemented a National Emergency Response Equipment Tracking System, Report No. 11-P-0616 [Report PDF - 23pp, 137KB] [At a Glance PDF - 46KB] September 13, 2011 PDF 2pp, 386KB PDF 2pp, 215KB
PDF 2pp, 251KB
Results of Technical Vulnerability Assessment: EPA's Directory Service System Authentication and Authorization Servers, Report No. 11-P-0597 [At a Glance PDF - 42KB] September 9, 2011    
Results of Technical Network Vulnerability Assessment: EPA's National Health & Environment Effect Research Laboratory, Western Ecology Division, Report No. 11-P-0429 [At a Glance PDF - 42KB] August 3, 2011 PDF - 1pp, 158KB PDF - 1pp, 46KB
EPA Has Taken Steps to Address Cyber Threats but Key Actions Remain Incomplete, Report No. 11-P-0277 [Report PDF - 24pp, 161KB] [At a Glance PDF - 39KB] June 23, 2011 PDF - 5pp, 303KB PDF - 1pp, 42KB
Improvements Needed in EPA's Network Traffic Management Practices, Report No. 11-P-0159 [At a Glance PDF - 38KB] March 14, 2011 PDF - 1pp, 165KB PDF - 1pp, 146KB
EPA Could Improve RCRAInfo Data Quality and System Development, Report No. 11-P-0096 [Report PDF - 17pp, 137KB] [At a Glance PDF - 33KB] February 7, 2011 PDF - 4pp, 734KB PDF - 1pp, 145KB
Improvements Needed in EPA's Efforts to Replace Its Core Financial System, Report No. 11-P-0019 [Report PDF - 18pp, 179KB] [At a Glance PDF - 34KB] November 29, 2010 PDF - 380KB (Initial)
PDF - 331KB (Final)
PDF - 40KB (Initial)
PDF - 143KB (Final)
Fiscal Year 2010 Federal Information Security Management Report Status of EPA's Security Program, Report No. 11-P-0017 [Report PDF - 15pp, 100KB] November 16, 2010    
ECHO Data Quality Audit - Phase 2 Results: EPA Could Achieve Data Quality Rate With Additional Improvements, Report No. 10-P-0230 [Report PDF - 24pp, 144KB] [At a Glance PDF - 39KB] September 22, 2010 PDF - 11pp, 2074KB PDF - 3pp, 43KB
Results of Technical Network Vulnerability Assessment: EPA's Region 4 , Report No. 10-P-0213 [Report PDF - 7pp, 72KB] [At a Glance - 62KB] September 7, 2010 PDF - 148KB PDF - 141KB
Results of Technical Network Vulnerability Assessment: EPA's Ronald Reagan Building, Report No. 10-P-0212
[Report PDF - 7pp, 92KB] [At a Glance - 39KB]
September 7, 2010 PDF - 2pp, 285KB (OEI) PDF - 159KB (OEI)
Results of Technical Network Vulnerability Assessment: EPA's Erlanger Building , Report No. 10-P-0211 [Report PDF - 7pp, 84KB] [At a Glance - 46KB] September 7, 2010 PDF - 2pp, 253KB (OARM)
PDF - 2pp, 160KB (OEI)
PDF - 31KB (OARM)
PDF - 285KB (OEI)
Results of Technical Network Vulnerability Assessments: EPA's Andrew W. Breidenbach Environmental Research Center, Report No. 10-P-0210
[Report PDF - 7pp, 88KB] [At a Glance - 47KB]
September 7, 2010 PDF - 2pp, 290KB (OARM)
PDF 2pp, 151KB (ORD)
PDF 2pp, 285KB (OEI)
PDF - 32KB(OARM)
PDF - 149KB(ORD)
PDF - 142KB(OEI)
EPA Needs to Improve Management Practices to Ensure a Successful Customer Technology Solutions Project, Report No. 10-P-0194 [Report PDF - 27pp, 378KB] [At a Glance - 41KB] August 23, 2010    
Evaluation of the U.S. Chemical Safety and Hazard Investigation Board's Compliance with the Federal Information Security Management Act (Fiscal Year 2009), Report No. 10-P-0174
[Report PDF - 18pp, 673KB] [At a Glance - 40KB]
August 2, 2010    
Steps Needed to Prevent Prior Control Weaknesses From Affecting New Acquisition System, Report No. 10-P-0160 [Report PDF - 28pp, 157KB] [At a Glance - 47KB] June 28, 2010    
Improvements Needed in Key EPA Information System Security Practices, Report No. 10-P-0146
[Report PDF - 18pp, 153KB] [At a Glance - 40KB]
June 15, 2010    
Improved Data Integrity Needed for the Integrated Contracts Management System, Report No. 10-P-0144
[Report PDF - 24pp, 239KB] [At a Glance - 87KB]
June 14, 2010    
Plans to Migrate Data to the New EPA Acquisition System Need Improvement, Report No. 10-P-0071
[Report PDF - 12pp, 190KB] [At a Glance - 102KB]
February 24, 2010    
EPA Needs to Improve Physical Security at Its Offices in Las Vegas, Nevada, Report No. 10-P-0059 [Report PDF - 28pp, 221KB] [At a Glance - 101KB] February 3, 2010    
Self-reported Data Unreliable for Assessing EPA's Computer Security Program, Report No. 10-P-0058 [Report PDF - 38pp, 250KB] [At a Glance - 47KB] February 2, 2010    
Fiscal Year 2009 Federal Information Security Management Act Report: Status of EPA's Computer Security Program, Report No. 10-P-0030 [Report PDF - 23pp, 237KB] November 18, 2009    
Improved Security Planning Needed for the Customer Technology Solutions Project, Report No. 10-P-0028 [Report PDF - 12pp, 138KB] [At a Glance - 41KB] November 16, 2009    
EPA Recovery Act Recipient Reporting and Data Review Process, Report No. 10-R-0020 [Report PDF - 8pp, 166KB] October 29, 2009    
Project Delays Prevent EPA from Implementing an Agency-wide Information Security Vulnerability Management Program, Report No. 09-P-0240 [Report PDF - 24pp, 274KB] [At a Glance PDF - 57KB] September 21, 2009    
Results of Technical Network Vulnerability Assessment: EPA's Research Triangle Park Finance Center, Report No. 09-P-0227 [At a Glance PDF - 56KB] August 31, 2009    
ECHO Data Quality Audit - Phase I Results: The Integrated Compliance Information System Needs Security Controls to Protect Significant Non-Compliance Data, Report No. 09-P-0226 [Report PDF - 19pp, 96KB] [At a Glance PDF - 56KB] August 31, 2009    
EPA Should Delay Deploying Its New Acquisition System until Testing Is Completed, Report No. 09-P-0197 [Report PDF - 14pp, 128KB] [At a Glance PDF - 100KB] July 20, 2009    
Results of Technical Network Vulnerability Assessment: EPA's 1310 L Street Building, Report No. 09-P-0189 [At a Glance PDF - 100KB] June 30, 2009    
Results of Technical Network Vulnerability Assessment: EPA's Potomac Yard Buildings, Report No. 09-P-0188 [At a Glance PDF - 102KB] June 30, 2009    
Results of Technical Network Vulnerability Assessment: Region 8, Report No. 09-P-0187 [At a Glance PDF - 100KB] June 30, 2009    
Results of Technical Network Vulnerability Assessment: EPA's National Computer Center, Report No. 09-P-0186 [At a Glance PDF - 100KB] June 30, 2009    
Results of Technical Network Vulnerability Assessment: EPA's Great Lakes National Program Office, Report No. 09-P-0185 [At a Glance PDF - 91KB] June 30, 2009    
Steps Taken But More Work Needed to Strengthen Governance, Increase Utilization, and Improve Security Planning for the Exchange Network, Report No. 09-P-0184 [Report PDF - 25pp, 229KB] June 30, 2009    
Lack of Project Plan Resulted in Transition and Contractor Performance Problems for the Institutional Controls Tracking System, Report No. 09-P-0128 [Report PDF - 13pp, 133KB] [At a Glance PDF - 51KB] March 25, 2009    
Results of Technical Network Vulnerability Assessment: EPA Headquarters, Report No. 09-P-0097 [At a Glance PDF - 51KB] February 23, 2009    
Results of Technical Network Vulnerability Assessment: EPA’s Research Triangle Park Campus, Report No. 09-P-0055 [At a Glance PDF - 55KB] December 9, 2008    
Results of Technical Network Vulnerability Assessment: EPA's Las Vegas Finance Center, Report No. 09-P-0054 [At a Glance PDF - 53KB] December 9, 2008    
Results of Technical Network Vulnerability Assessment: EPA's Radiation and Indoor Environments National Laboratory, Report No. 09-P-0053 [At a Glance PDF - 45KB] December 9, 2008    
Results of Technical Network Vulnerability Assessment: Region 9, Report No. 09-P-0052 [At a Glance PDF - 57KB] December 9, 2008    
Fiscal Year 2008 Federal Information Security Management Act Report, Report No. 08-P-0280 [Report PDF - 12pp, 844KB] September 26, 2008    
Management of EPA Headquarters Internet Protocol Addresses Needs Improvement, Report No. 08-P-0273 [At a Glance PDF - 56KB] September 23, 2008    
EPA Personnel Access and Security System Would Benefit from Improved Project Management to Control Costs and the Timeliness of Deliverables, Report No. 08-P-0271 [Report PDF - 25pp, 228KB] [At a Glance PDF - 54KB] [Close-Out Memo PDF -5pp, 144KB] September 22, 2008    
Identification Proofing, Incident Handling, and Badge Disposal Procedures Needed for EPA's Smartcard Program, Report No. 08-P-0267 [Report PDF - 14pp, 192KB] [At a Glance PDF - 108KB] September 16, 2008    
Fiscal Year 2007 Federal Information Security Management Act Report Status of EPA’s Computer Security Program, Report No. 2007-S-00003 [Report PDF - 12, 660KB] [Supplemental Fiscal 2007 FISMA Audit Results, December 20, 2007, PDF - 6pp, 467KB] September 25, 2007    
EPA Needs to Strengthen Its Privacy Program Management Controls, Report No. 2007-P-00035 [Report PDF - 20pp, 181KB] [At a Glance PDF - 51KB] September 17, 2007    
Improved Management Practices Needed to Increase Use of Exchange Network, Report No. 2007-P-00030 [Report PDF - 34pp, 774KB] [At a Glance PDF - 113KB] August 20, 2007    
EPA Needs to Strengthen Financial Database Security Oversight and Monitor Compliance, Report No. 2007-P-00017, [Report PDF - 24pp, 215KB] [At a Glance PDF - 61KB] March 29, 2007    
EPA Could Improve Controls Over Mainframe System Software, Report No. 2007-P-00008 [Report PDF - 35pp, 264KB] [At a Glance PDF - 60KB] January 29, 2007    
EPA Could Improve Processes for Managing Contractor Systems and Reporting Incidents, Report No. 2007-P-00007 [Report PDF - 22pp, 238KB] [At a Glance PDF - 50KB] January 11, 2007    
Fiscal Year 2006 Federal Information Security Management Act Report Status of EPA’s Computer Security Program, Report No. 2006-S-00008 [Report PDF - 14pp, 287KB] September 25, 2006    
Assessing EPA’s Efforts to Protect Sensitive Information, Report No. 2006-S-00006 [Report PDF - 12pp, 228KB] September 19, 2006    
Information Security Series: Security Practices Clean Air Markets Division Business System, Report No. 2006-P-00024 [Report - 143KB PDF, 14pp] [At a Glance - 59KB PDF] May 4, 2006    
Information Security Series: Security Practices, Safe Drinking Water Information System, Report No. 2006-P-00021 [Report - 142KB PDF, 14pp] [At a Glance - 66KB PDF] March 30, 2006    
Information Security Series: Security Practices Integrated Compliance Information System, Report No. 2006-P-00020 [Report - 165KB PDF, 14pp] [At a Glance - 72KB PDF] March 29, 2006    
Information Security Series: Security Practices Comprehensive Environmental Response, Compensation, and Liability Information System, Report No. 2006-P-00019 [Report -152KB PDF, 14pp] [At a Glance - 70KB PDF] March 28, 2006    
Information Security Series: Security Practices - Integrated Contract Management System, Report No. 2006-P-00010 [Report - 171KB PDF, 15pp] [At a Glance - 59KB PDF] January 31, 2006    
EPA Could Improve Physical Access and Service Continuity/Contingency Controls for Financial and Mixed-Financial Systems Located at its Research Triangle Park Campus, Report No. 2006-P-00005 [Report - 383KB, PDF, 50pp] [At a Glance - 60KB, PDF] December 14, 2005    
EPA Could Improve Its Information Security by Strengthening Verification and Validation Processes Report No. 2006-P-00002 [Report - 232KB PDF, 22pp] [At a Glance - 49KB PDF] October 17, 2005    
Federal Information Security Management Act Fiscal Year 2005 Status of EPA’s Computer Security Program Report No. 2006-S-00001 [Report -266KB PDF, 18pp] October 3, 2005    
Evaluation of U.S. Chemical Safety and Hazard Investigation Board’s Compliance with the Federal Information Security Management Act (FISMA) for Fiscal Year 2005 Report 2005-2-00030 [Report - 664KB PDF, 200pp] [At a Glance - 338KB PDF] September 28, 2005    
EPA Needs to Improve Oversight of Its Information Technology Projects Report No. 2005-P-00023Report - 154KB PDF, 20pp] [At a Glance - 51KB PDF] September 14, 2005    
PeoplePlus Security Controls Need Improvement, Report No. 2005-P-00019 [Report - 232KB PDF, 27pp] [At a Glance - 50KB PDF] July 28, 2005    
Security Configuration and Monitoring of EPA's Remote Access Methods Need Improvement Report No. 2005-P-00011 [Report - 198KB PDF] [At a Glance - 39KB PDF ] March 22, 2005    
Federal Information Security Management Act Fiscal Year 2004 Status of EPA’s Computer Security Program, Report No. 2004-S-00007 [83KB PDF] September 30, 2004    
EPA Needs to Improve Change Controls for Integrated Financial Management System (2004-P-00026) [169KB PDF] August 24, 2004    
Access Controls for Office of Enforcement and Compliance Assurance Systems Need Improvement Report No. 2004-P-00015 [Report - 487KB PDF] April 26, 2004    
EPA's Computer Security Self-Assessment Process Needs Improvement Report No. 2003-P-00017 [Report - 270 KB PDF] September 30, 2003    
Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center [310KB PDF] May 29, 2003    
Comprehensive Environmental Response, Compensation, and Liability Information System (CERLCIS) Data Quality [659KB PDF] September 30, 2002    
EPA Management of Information Technology Resources Under The Clinger-Cohen Act [302KB PDF] September 30, 2002    
Government Information Security Reform Act [163KB PDF] September 16, 2002    
Audit Report - Information Technology Review of Off-Site Consequence Analysis Information Management - (2002-P-00006) [PDF- 88KB] March 22, 2002    
Audit Report - Information Technology Unreliable Data Affects Usability of Docket Information - (2002-P-00004) [PDF- 1.39 MB] January 18, 2002    
Government Information Security Reform Act - Status of EPA's Computer Security Program - (2001-P-00016)[PDF - 85 Kb] September 7, 2001    
Contractor Access to Confidential Data - September 28, 1998 (8100250) [PDF - 45Kb] September 28, 1998    
Office of Water Data Integration Efforts - June 22, 1998 (8100177) [PDF - 85Kb] June 22, 1998    
Security of Science and Ecosystems Support Division Local Area Network (7100309) [PDF - 61KB] September 30, 1997    
Security of Region IV Local Area Networks (LANS)(7100308) [PDF - 74KB] September 29, 1997    
Security of Small Purchase Electronic Interchange (SPEDI) (7100307) [PDF - 79KB] July 18, 1997    
Review of ORD's Extramural Management Specialist Position (7100141) [PDF] April 28, 1997    
Region 5's Billing and Collection of Accounts Receivable (7100139) [PDF] April 23, 1997    
Risk Reduction Through Voluntary Programs (7100130) [PDF] April 21, 1997    
EPA Implementation of Government Performance and Results Act (6100297) [PDF] February 28, 1997    
Presidents's Council on Integrity and Efficiency (PCIE): Review of Application Software Maintenance in Federal Agencies [PDF] February 2, 1997    
EPA's Changing Budget Process: Opportunity for Improved Financial Management (6100300) [PDF] January 31, 1997    
EPA's Use of the Government Purchase Card [Summary] | [Full text] November 18, 1996    
Major EPA Information Systems Are Vulnerable to Failure Due to the Upcoming Century Change (6400036) [PDF] 1996    
Top of page