Laws & Regulations

Report: Authorized State Hazardous Waste Program Inspections and Operations Were Impacted During Coronavirus Pandemic

Report #22-E-0009, December 1, 2021. The coronavirus pandemic impacted RCRA state program operations and resulted in fewer inspections.

Report: Management Alert - EPA's Incident Tracking System Lacks Required Controls to Protect Personal Information

Report #18-P-0298, September 28, 2018. The EPA's incident tracking system lacks the required privacy and security controls to protect PII and SPII, which could lead to identity theft.

Report: EPA Should Improve Oversight of Mobile Phones

Report #20-P-0068, January 10, 2020. The EPA was billed at least $12,000 over 2 years for unused mobile phone services due to needed improvements in mobile phone oversight. These funds could have been put to better use.

Report: EPA Should Consistently Track Coronavirus Pandemic-Related Grant Flexibilities and Implement Plan for Electronic Grant File Storage

Report #22-P-0018, February 22, 2022. The EPA Office of Grants and Debarment does not know the full extent to which program offices and regions have implemented grant flexibilities and exceptions permitted by the Office of Management and Budget.

Report: EPA Needs to Strengthen Oversight of Its Travel Program Authorization and Voucher Approval Processes

Report #21-P-0265, September 30, 2021. The Agency did not consistently comply with travel program requirements, which can lead to mismanagement of the EPA's annual travel expenses, which totaled $52.7 million in fiscal year 2019.

Report: Actions Needed to Strengthen Controls over the EPA Administrator's and Associated Staff's Travel

Report #19-P-0155, May 16, 2019. Actions need to be taken to strengthen controls over Administrator travel to help prevent the potential for fraud, waste and abuse.

Report: EPA Promoted the Use of Coal Ash Products With Incomplete Risk Information

Report #11-P-0173, March 23, 2011. EPA did not follow accepted and standard practices in determining the safety of the 15 categories of CCR beneficial uses it promoted through the C2P2 program.

Report: Measuring the Quality of Office of Inspector General Reports Issued in Fiscal Years 2008 and 2009

Report #10-N-0134, June 2, 2010

Report: Results of Technical Network Vulnerability Assessment: EPA’s Research Triangle Park Finance Center

Report #09-P-0227, August 31, 2009. Vulnerability testing conducted in April 2009 of EPA’s Research Triangle Park Finance Center network identified Internet Protocol addresses with several highrisk vulnerabilities.

Report: Region 10 Technical and Computer Room Security Vulnerabilities Increase Risk to EPA’s Network

Report #12-P-0220, January 20, 2012. OIG technical vulnerability scans conducted at Region 10 headquarters revealed a multitude of high-risk and medium-risk vulnerabilities.

Report: Results of Technical Vulnerability Assessment: EPA’s Directory Service System Authentication and Authorization Servers

Report #11-P-0597, September 9, 2011. Vulnerability testing of EPA’s directory service system authentication and authorization servers conducted in March 2011 identified authentication and authorization servers with numerous vulnerabilities.

Report: EPA Should Improve Management Practices and Security Controls for Its Network Directory Service System and Related Servers

Report #12-P-0836, September 20, 2012. EPA's OEI is not managing key system management documentation, system administration functions, the granting and monitoring of privileged accounts, and the application of security controls associated with its DSS.

Report: Region 9 Technical and Computer Room Security Vulnerabilities Increase Risk to EPA’s Network

Report #11-P-0725, September 30, 2011. OIG technical vulnerability scans conducted at Region 9 headquarters revealed a multitude of high-risk and medium-risk vulnerabilities.

Report: Results of Technical Network Vulnerability Assessment: EPA’s 1310 L Street Building

Report #09-P-0189, June 30, 2009. Vulnerability testing of EPA’s 1310 L Street building’s network conducted in April 2009 indicated several high-risk vulnerabilities.

Report: Results of Technical Network Vulnerability Assessment: Region 8

Report #09-P-0187, June 30, 2009. Vulnerability testing conducted in April 2009 of EPA’s Region 8 network identified Internet Protocol addresses with numerous high-risk vulnerabilities.

Report: Results of Technical Network Vulnerability Assessment: EPA’s Great Lakes National Program Office

Report #09-P-0185, June 30, 2009. Vulnerability testing conducted in May 2009 of EPA’s Great Lakes National Program Office network identified Internet Protocol addresses with several high-risk vulnerabilities associated with one device.

Report: Results of Technical Network Vulnerability Assessment: EPA’s Potomac Yard Buildings

Report #09-P-0188, June 30, 2009. Vulnerability testing of EPA’s Potomac Yard buildings network conducted during April 2009 indicated several high-risk vulnerabilities.

Report: Results of Technical Network Vulnerability Assessment: EPA’s National Computer Center

Report #09-P-0055, December 9, 2008. Vulnerability testing of EPA’s National Computer Center network identified Internet Protocol addresses with high-risk and medium-risk vulnerabilities.

Report: Walker River Paiute Tribe Needs to Improve Its Internal Controls to Comply With Federal Regulations

Report #15-2-0165, June 11, 2015. The Walker River Paiute Tribe did not comply with federal regulations, resulting in $994,963 of questioned costs.

Report: Improvements Needed in EPA’s Network Traffic Management Practices

Report #11-P-0159, March 14, 2011. OEI does not have consistent, repeatable intrusion detection system monitoring practices in place, which inhibits EPA’s ability to monitor unusual network activity and thus protect Agency systems and associated data.