List ordered by date updated, descending.
Report #20-P-0120, March 24, 2020. Further implementation of risk management activities and incident response tools are needed to combat cybersecurity threats intended to steal and destroy confidential and sensitive information.
Report #20-P-0077, February 12, 2020. The CSB lacks documented procedures to address information technology risks and threats from cybersecurity incidents.
Report #20-P-0062, December 16, 2019. Developing EPA guidance for collecting and communicating air quality data could improve public confidence in the agency during future disaster responses.
Report #20-P-0010, October 23, 2019. The EPA had policies and procedures in place for efficient and effective management of over $11 million in FEMA Disaster Relieve Funding for the Hurricane Harvey response.
Report #20-P-0001, October 7, 2019. EPA staff training with state partners and development of standard operating procedures could improve emergency response.
Report #19-P-0236, July 16, 2019. Enhancements to environmental justice outreach efforts during emergencies could improve the public health protections of communities impacted by hurricanes or other disasters. The English, Spanish and Vietnamese versions of this report are available below.
Report #19-P-0158, May 21, 2019. Missing POA&M data and incorrect security settings limit the EPA's ability to manage enterprise risk and strengthen its security procedures.
Report #19-P-0147, May 9, 2019. The CSB lacks established procedures for automated processes and authentication technologies, which could permit unauthorized access to agency systems.
Report #19-P-0058, January 30, 2019. Further improvements are needed to strengthen internal processes to better protect human health and environmental data from cybersecurity threats.
Report #18-P-0221, July 19, 2018. What Was Found: The EPA should strengthen its oversight of state drinking water programs to improve the efficiency and effectiveness of the agency's response to drinking water contamination emergencies.
Report #18-P-0217, June 21, 2018. What Was Found: A breach of hazardous material information within e-Manifest may facilitate terrorist or other criminal activities.
Report #18-P-0031, October 30, 2017. What Was Found: Although the EPA has an effective information security program, management emphasis is needed to achieve a higher level of maturity for the agency’s information security program.
Report #16-P-0219, June 29, 2016. What Was Found: The EPA can reduce the risk of future unsafe debris disposal practices by improving its understanding and awareness of the quality and completeness of state disaster debris management plans.
Contact Us to ask a question, provide feedback, or report a problem.