Why We Did This Report
The U.S. Environmental Protection Agency Office of Inspector General conducted this audit to determine whether the EPA has established sufficient controls to prevent unauthorized access to the Central Data Exchange system.
Summary of Findings
The EPA needs to strengthen management and access security controls for the Central Data Exchange, or CDX, system. The security of the CDX system is integral to the EPA accepting electronic environmental data for the Agency’s air, water, hazardous waste, and toxics release inventory programs. Without adequate security controls, the CDX is vulnerable to threat actors exploiting weak security controls to potentially gain unauthorized access, create fraudulent accounts, and enter unreliable data into the system.