Laws & Regulations

Report: Results of Technical Network Vulnerability Assessment: EPA’s Research Triangle Park Finance Center

Report #09-P-0227, August 31, 2009. Vulnerability testing conducted in April 2009 of EPA’s Research Triangle Park Finance Center network identified Internet Protocol addresses with several highrisk vulnerabilities.

Report: Region 10 Technical and Computer Room Security Vulnerabilities Increase Risk to EPA’s Network

Report #12-P-0220, January 20, 2012. OIG technical vulnerability scans conducted at Region 10 headquarters revealed a multitude of high-risk and medium-risk vulnerabilities.

Report: Results of Technical Vulnerability Assessment: EPA’s Directory Service System Authentication and Authorization Servers

Report #11-P-0597, September 9, 2011. Vulnerability testing of EPA’s directory service system authentication and authorization servers conducted in March 2011 identified authentication and authorization servers with numerous vulnerabilities.

Report: EPA Should Improve Management Practices and Security Controls for Its Network Directory Service System and Related Servers

Report #12-P-0836, September 20, 2012. EPA's OEI is not managing key system management documentation, system administration functions, the granting and monitoring of privileged accounts, and the application of security controls associated with its DSS.

Report: Region 9 Technical and Computer Room Security Vulnerabilities Increase Risk to EPA’s Network

Report #11-P-0725, September 30, 2011. OIG technical vulnerability scans conducted at Region 9 headquarters revealed a multitude of high-risk and medium-risk vulnerabilities.

Report: Results of Technical Network Vulnerability Assessment: EPA’s 1310 L Street Building

Report #09-P-0189, June 30, 2009. Vulnerability testing of EPA’s 1310 L Street building’s network conducted in April 2009 indicated several high-risk vulnerabilities.

Report: Results of Technical Network Vulnerability Assessment: Region 8

Report #09-P-0187, June 30, 2009. Vulnerability testing conducted in April 2009 of EPA’s Region 8 network identified Internet Protocol addresses with numerous high-risk vulnerabilities.

Report: Results of Technical Network Vulnerability Assessment: EPA’s Great Lakes National Program Office

Report #09-P-0185, June 30, 2009. Vulnerability testing conducted in May 2009 of EPA’s Great Lakes National Program Office network identified Internet Protocol addresses with several high-risk vulnerabilities associated with one device.

Report: Results of Technical Network Vulnerability Assessment: EPA’s Potomac Yard Buildings

Report #09-P-0188, June 30, 2009. Vulnerability testing of EPA’s Potomac Yard buildings network conducted during April 2009 indicated several high-risk vulnerabilities.

Report: Results of Technical Network Vulnerability Assessment: EPA’s National Computer Center

Report #09-P-0055, December 9, 2008. Vulnerability testing of EPA’s National Computer Center network identified Internet Protocol addresses with high-risk and medium-risk vulnerabilities.

Report: Walker River Paiute Tribe Needs to Improve Its Internal Controls to Comply With Federal Regulations

Report #15-2-0165, June 11, 2015. The Walker River Paiute Tribe did not comply with federal regulations, resulting in $994,963 of questioned costs.

Report: Improvements Needed in EPA’s Network Traffic Management Practices

Report #11-P-0159, March 14, 2011. OEI does not have consistent, repeatable intrusion detection system monitoring practices in place, which inhibits EPA’s ability to monitor unusual network activity and thus protect Agency systems and associated data.

Report: Results of Technical Network Vulnerability Assessment: EPA’s National Health & Environment Effects Research Laboratory, Western Ecology Division

Report #11-P-0429, August 3, 2011. Vulnerability testing of EPA’s NHEERL Western Ecology Division network conducted in March 2011 identified Internet Protocol addresses with numerous high-risk and medium-risk vulnerabilities.

Report: EPA’s Emergency Response Systems at Risk of Having Inadequate Security Controls

Report #21-E-0226, September 13, 2021. If the availability and integrity of emergency response system data are jeopardized, it could harm the EPA’s ability to coordinate response efforts to protect the public from environmental disasters.

Report: The EPA’s Fiscal Years 2020 and 2019 Toxic Substances Control Act Service Fee Fund Financial Statements

Report #23-F-0005, December 29, 2022. We found the fund’s financial statements, except for expenses and income from other appropriations, to be fairly presented.

Report: EPA Has Reduced Its Backlog of State Implementation Plans Submitted Prior to 2013 but Continues to Face Challenges in Taking Timely Final Actions on Submitted Plans

Report #21-E-0163, June 14, 2021. Delays in EPA SIP actions increase the risk that state or local air agencies are not implementing plans sufficient to achieve or maintain the NAAQS.

Report: The EPA’s Fiscal Years 2021 and 2020 (Restated) Hazardous Waste Electronic Manifest System Fund Financial Statements

Report #22-F-0062, September 30, 2022. We found the fund’s financial statements, except for accounts receivable and earned revenue, to be fairly presented.

Report: EPA’s Fiscal Years 2020 and 2019 (Restated) Financial Statements for the Pesticides Reregistration and Expedited Processing Fund

Report #21-F-0012, December 21, 2021. We found the fund’s financial statements to be fairly presented and free of material misstatement.

Report: Audit of EPA’s Fiscal Years 2015 and 2014 Consolidated Financial Statements

Report #16-F-0040, November 16, 2015. We found the EPA’s financial statements to be fairly presented and free of material misstatement.

Report: EPA's Fiscal Year 2019 First Quarter Compliance with the Digital Accountability and Transparency Act of 2014

Report #20-P-0026, November 8, 2019. The DATA Act requires the EPA to report accurate financial and award data on USAspending.gov.