Skip to main content
Report File
Date Issued
Submitting OIG
Environmental Protection Agency OIG
Other Participating OIGs
Environmental Protection Agency OIG
Agencies Reviewed/Investigated
Environmental Protection Agency
Report Number
21-E-0226
Report Description

See the additional details link below for the full report, report summary, multimedia or any agency follow-up.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
7
Questioned Costs
$0
Funds for Better Use
$0
Additional Details
https://www.epa.gov/office-inspector-general/report-epas-emergency-response-sys…

Open Recommendations

This report has 1 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
21-E-0226_1 No $0 $0

Implement controls to follow National Institute of Standards and Technology guidance when conducting systems categorizations by:a. Involving the appropriate key stakeholders, including mission owners and the chief information security officer, during the system security categorization process as prescribed in the National Institute for Standards and Technology Special Publication 800-60 Volume I,Table 3, Process Roadmap.b. Having responsible parties adhere to all activity steps as outlined in the National Institute for Standards and Technology Process Roadmap, including selecting all application information types applicable to information systems.c. Having responsible parties document the security categorization determinations and decisions within system security plans as provided in the National Institute for Standards and Technology Process Roadmap, including documenting all downward adjustments toprovisional security levels.

Environmental Protection Agency OIG

United States