Why We Did This Report
The Office of Inspector General for the U.S. EPA, which also provides oversight for the U.S. Chemical Safety and Hazard Investigation Board, or CSB, contracted with the independent accounting firm SB & Company LLC to initiate an audit of the CSB’s compliance with the Federal Information Security Modernization Act of 2014, or FISMA. While conducting the audit of the CSB’s compliance with FISMA for fiscal year 2025, OIG Project No. OA-FY25-0042, SB & Company identified issues that may have a significant impact on the confidentiality, integrity, and availability of the CSB’s information technology resources. The OIG decided to issue this management alert to inform the CSB of these security concerns because they could affect the CSB’s ability to fulfill its mission and carry out its obligations under FISMA and Office of Management and Budget Memorandum M-25-04.
Summary of Findings
Issues were identified that may have significant impact on the confidentiality, integrity, and availability of the agency’s IT resources. Improvements are needed related to managing privileged user access, availability of audit logs and maintaining an accurate inventory.
