Report: Audit of the EPA’s Central Data Exchange System

Report # 25-P-0028, April 30, 2025
Why We Did This Report

The U.S. Environmental Protection Agency Office of Inspector General conducted this audit to determine whether the EPA has established sufficient controls to prevent unauthorized access to the Central Data Exchange system.
 

Summary of Findings

The EPA needs to strengthen management and access security controls for the Central Data Exchange, or CDX, system. The security of the CDX system is integral to the EPA accepting electronic environmental data for the Agency’s air, water, hazardous waste, and toxics release inventory programs. Without adequate security controls, the CDX is vulnerable to threat actors exploiting weak security controls to potentially gain unauthorized access, create fraudulent accounts, and enter unreliable data into the system.


Report Materials

OIG Independence of EPA

The EPA's Office of Inspector General is a part of the EPA, although Congress provides our funding separate from the agency, to ensure our independence. We were created pursuant to the Inspector General Act of 1978, as amended.

Environmental Protection Agency  |  Office of Inspector General
1200 Pennsylvania Avenue, N.W. (2410T)  |  Washington, DC 20460  |  202-566-2391
OIG Hotline: 1-888-546-8740.

Office of Inspector General

Contact the Office of Inspector General
Contact the Office of Inspector General to ask a question, provide feedback, or report a problem.
Last updated on November 17, 2025