U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The EPA Needs to Develop and Implement Information Technology Processes to Comply with the Federal Information Security Modernization Act for Fiscal Year 2023

Report Number
24-P-0052

Why We Did This Report

The U.S. Environmental Protection Agency Office of Inspector General conducted this audit to assess the EPA’s compliance with the fiscal year 2023 Inspector General Federal Information Security Modernization Act of 2014 reporting metrics.

 

Summary of Findings

We concluded that the EPA achieved an overall maturity level of Level 3, Consistently Implemented, for the five security functions and nine domains outlined in the Office of Management and Budget’s FY 2023 – 2024 Inspector General Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics. This means that the EPA consistently implemented its information security policies and procedures, but quantitative and qualitative effectiveness measures are lacking. We identified that the EPA had deficiencies in three areas.

Report Type
Audit
Report sub-type
Compliance with the Law
Office
Information Resources Management (IRM)