Skip to main content
Report File
Date Issued
Submitting OIG
Environmental Protection Agency OIG
Agencies Reviewed/Investigated
Environmental Protection Agency
Report Number
25-P-0028
Report Description

Why We Did This Report

The U.S. Environmental Protection Agency Office of Inspector General conducted this audit to determine whether the EPA has established sufficient controls to prevent unauthorized access to the Central Data Exchange system.

 

Summary of Findings

The EPA needs to strengthen management and access security controls for the Central Data Exchange, or CDX, system. The security of the CDX system is integral to the EPA accepting electronic environmental data for the Agency’s air, water, hazardous waste, and toxics release inventory programs. Without adequate security controls, the CDX is vulnerable to threat actors exploiting weak security controls to potentially gain unauthorized access, create fraudulent accounts, and enter unreliable data into the system.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
14
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Environmental Protection Agency OIG

United States