Accession Number PB2012-114032
Title Information Security: Environmental Protection Agency Needs to Resolve Weaknesses.
Publication Date Jul 2012
Media Count 45p
Personal Author N/A
Abstract Although the Environmental Protection Agency (EPA) has taken steps to safeguard the information and systems that support its mission, security control weaknesses pervaded its systems and networks, thereby jeopardizing the agency's ability to sufficiently protect the confidentiality, integrity, and availability of its information and systems. The agency did not fully implement access controls, which are designed to prevent, limit, and detect unauthorized access to computing resources, programs, information, and facilities. Specifically, the agency did not always (1) enforce strong policies for identifying and authenticating users by, for example, requiring the use of complex (i.e., not easily guessed) passwords; (2) limit users access to systems to what was required for them to perform their official duties; (3) ensure that sensitive information, such as passwords for system administration, was encrypted so as not to be easily readable by unauthorized individuals; (4) keep logs of network activity or monitor key parts of its networks for possible security incidents; and (5) control physical access to its systems and information, such as controlling visitor access to computing equipment. In addition to weaknesses in access controls, EPA had mixed results in implementing other security controls. For example, EPA conducted appropriate background investigations for employees and contractors to ensure sufficient clearance requirements had been met before permitting access to information and information systems.
Keywords Access controls
Data processing security
Environmental Protection Agency (EPA)
Federal government
Information security
Information systems
Management planning and control
Policies
Procedures
Risk assessment
Safeguards
Security controls
Weaknesses


 
Source Agency General Accounting Office
NTIS Subject Category 62D - Information Processing Standards
70F - Public Administration & Government
Corporate Author Government Accountability Office, Washington, DC.
Document Type Technical report
Title Note N/A
NTIS Issue Number 1226
Contract Number N/A

Science and Technology Highlights

See a sampling of the latest scientific, technical and engineering information from NTIS in the NTIS Technical Reports Newsletter

Acrobat Reader Mobile    Acrobat Reader