Skip to main content
Report File
Date Issued
Submitting OIG
Environmental Protection Agency OIG
Other Participating OIGs
Environmental Protection Agency OIG
Agencies Reviewed/Investigated
Chemical Safety and Hazard Investigation Board
Report Number
21-E-0071
Report Description

The CSB has not consistently implemented its information security program’s policies, procedures, and strategies.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
5
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 2 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
21-E-0071_1 No $0 $0

Complete the Risk Assessment process as required by NIST 800-37, re-evaluate the Risk Management Framework to make in more fluent to leverage day-to-day processes in place for completing the risk assessment, and determine how to best implement an organization-wide governance process for monitoring and reporting on risks.

21-E-0071_2 No $0 $0

Document the process in place to monitor required flaw remediation to resolution and enhance the flaw remediation process to require approvals if risks cannot be mitigated to an acceptable level in a timely manner. In addition, develop timeframes and monitoring on the timeliness of applying patch updates.

Environmental Protection Agency OIG

United States