The EPA Lacks Documented Procedures for Detecting and Removing Unapproved Software on the Agency’s Network

Submitting OIG:

Report Description:

Without documented procedures governing software management and vulnerability remediation processes, the EPA continues to be at risk of outsiders gaining access to compromise and exploit Agency systems and data.

Date Issued:

Wednesday, March 30, 2022

Agency Reviewed / Investigated:

Environmental Protection Agency

Submitting OIG-Specific Report Number:

22-E-0028

Location(s):

Agency-Wide

Type of Report:

Audit

Questioned Costs:

Funds for Better Use:

Number of Recommendations:

Report updated under NDAA 5274:

Additional Details Link:

https://www.epa.gov/office-inspector-general/report-epa-lacks-documented-procedu…

Related Open Recommendations

Recommendation Number	Recommendation Status	Significant Recommendation
22-E-0028_1	Open	No
Develop and document procedures for detecting and removing unapproved software on the Agency’s network, to include time frames for removal, risk classifications, and identification of software collecting privacy data.
22-E-0028_2	Open	No
Develop and provide training on the Agency’s processes for detecting and removing unapproved software to users with privileges to install software on the EPA’s network.

Recommendation Number

Recommendation Status

Significant Recommendation

Additional Details

22-E-0028_1

Open

Develop and document procedures for detecting and removing unapproved software on the Agency’s network, to include time frames for removal, risk classifications, and identification of software collecting privacy data.

22-E-0028_2

Open

Develop and provide training on the Agency’s processes for detecting and removing unapproved software to users with privileges to install software on the EPA’s network.

Search form

The EPA Lacks Documented Procedures for Detecting and Removing Unapproved Software on the Agency’s Network

Related Open Recommendations