U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Audit of the U.S. Chemical Safety and Hazard Investigation Board’s Compliance with the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024

Report Number
25-P-0037

Why We Did This Report

The U.S. Environmental Protection Agency Office of Inspector General contracted this audit to assess the U.S. Chemical Safety and Hazard Investigation Board’s compliance with Fiscal Year 2023–2024 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics during fiscal year 2024. We contracted with SB & Company LLC to perform this audit under our direction and oversight.

 

Summary of Findings

SB & Company concluded that the CSB achieved an overall maturity of Level 2, Defined, in fiscal year 2024. This means that the CSB’s information security policies, procedures, and strategies are formalized and documented but not consistently implemented. SB & Company identified an area of needed improvement associated with the Reporting Metrics’ Risk Management domain in the Identify function area. SB & Company concluded that the CSB should ensure that its information can be reliably accessed in a timely manner even if key personnel are absent. Specifically, the CSB should ensure that its deputy chief information officer position is filled or that another CSB representative is available to respond to Federal Information Security Modernization Act of 2014 inquiries.

Report Type
Report sub-type