Management Implication Report Concerning Vulnerabilities to EPA OIG Information Security and Oversight Independence

March 15, 2023

The U.S. Environmental Protection Agency Office of Inspector General identified vulnerabilities related to the EPA's network structure, specifically, the Microsoft Office 365, or O365, environment in which little or no network segmentation exists between the EPA proper and the OIG. The EPA's 0365 administrators can modify OIG account settings as well as access and view sensitive data within the O365 environment without the knowledge or input of the OIG, including email and other data of senior OIG employees and sensitive shared email inboxes. Additionally, poor user access controls and limited event logging degrade the OIG's ability to determine details about user activity within the O365 environment.

Report Materials

OIG Independence of EPA

The EPA's Office of Inspector General is a part of the EPA, although Congress provides our funding separate from the agency, to ensure our independence. We were created pursuant to the Inspector General Act of 1978, as amended.

Environmental Protection Agency  |  Office of Inspector General
1200 Pennsylvania Avenue, N.W. (2410T)  |  Washington, DC 20460  |  202-566-2391
OIG Hotline: 1-888-546-8740.

Office of Inspector General

Contact the Office of Inspector General
Contact the Office of Inspector General to ask a question, provide feedback, or report a problem.
Last updated on October 20, 2025