Report: The EPA Needs to Develop and Implement Information Technology Processes to Comply with the Federal Information Security Modernization Act for Fiscal Year 2023

Report #24-P-0052, August 5, 2024

Why We Did This Report

The U.S. Environmental Protection Agency Office of Inspector General conducted this audit to assess the EPA’s compliance with the fiscal year 2023 Inspector General Federal Information Security Modernization Act of 2014 reporting metrics.
 

Summary of Findings

We concluded that the EPA achieved an overall maturity level of Level 3, Consistently Implemented, for the five security functions and nine domains outlined in the Office of Management and Budget’s FY 2023 – 2024 Inspector General Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics. This means that the EPA consistently implemented its information security policies and procedures, but quantitative and qualitative effectiveness measures are lacking. We identified that the EPA had deficiencies in three areas.


Report Materials

OIG Independence of EPA

The EPA's Office of Inspector General is a part of the EPA, although Congress provides our funding separate from the agency, to ensure our independence. We were created pursuant to the Inspector General Act of 1978, as amended.

Environmental Protection Agency  |  Office of Inspector General
1200 Pennsylvania Avenue, N.W. (2410T)  |  Washington, DC 20460  |  202-566-2391
OIG Hotline: 1-888-546-8740.

Office of Inspector General

Contact the Office of Inspector General
Contact the Office of Inspector General to ask a question, provide feedback, or report a problem.
Last updated on October 22, 2025