Why We Did This Report
The U.S. Environmental Protection Agency Office of Inspector General contracted this audit to assess the U.S. Chemical Safety and Hazard Investigation Board’s compliance with Fiscal Year 2023–2024 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics during fiscal year 2024. We contracted with SB & Company LLC to perform this audit under our direction and oversight.
Summary of Findings
SB & Company concluded that the CSB achieved an overall maturity of Level 2, Defined, in fiscal year 2024. This means that the CSB’s information security policies, procedures, and strategies are formalized and documented but not consistently implemented. SB & Company identified an area of needed improvement associated with the Reporting Metrics’ Risk Management domain in the Identify function area. SB & Company concluded that the CSB should ensure that its information can be reliably accessed in a timely manner even if key personnel are absent. Specifically, the CSB should ensure that its deputy chief information officer position is filled or that another CSB representative is available to respond to Federal Information Security Modernization Act of 2014 inquiries.