The EPA Lacks Documented Procedures for Detecting and Removing Unapproved Software on the Agency’s Network

View Report

Date Issued

Wednesday, March 30, 2022

Submitting OIG

Environmental Protection Agency OIG

Other Participating OIGs

Environmental Protection Agency OIG

Agencies Reviewed/Investigated

Environmental Protection Agency

Report Number

22-E-0028

Report Description

Without documented procedures governing software management and vulnerability remediation processes, the EPA continues to be at risk of outsiders gaining access to compromise and exploit Agency systems and data.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Additional Details

https://www.epa.gov/office-inspector-general/report-epa-lacks-documented-proced…

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
22-E-0028_1	No	$0	$0
Develop and document procedures for detecting and removing unapproved software on the Agency’s network, to include time frames for removal, risk classifications, and identification of software collecting privacy data.
22-E-0028_2	No	$0	$0
Develop and provide training on the Agency’s processes for detecting and removing unapproved software to users with privileges to install software on the EPA’s network.