Documents in the NTIS Technical Reports collection are the results of federally funded research. They are directly submitted to or collected by NTIS from Federal agencies for permanent accessibility to industry, academia and the public.  Before purchasing from NTIS, you may want to check for free access from (1) the issuing organization's website; (2) the U.S. Government Printing Office's Federal Digital System website http://www.gpo.gov/fdsys; (3) the federal government Internet portal USA.gov; or (4) a web search conducted using a commercial search engine such as http://www.google.com.
Accession Number PB2012-114032
Title Information Security: Environmental Protection Agency Needs to Resolve Weaknesses.
Publication Date Jul 2012
Media Count 45p
Personal Author N/A
Abstract Although the Environmental Protection Agency (EPA) has taken steps to safeguard the information and systems that support its mission, security control weaknesses pervaded its systems and networks, thereby jeopardizing the agency's ability to sufficiently protect the confidentiality, integrity, and availability of its information and systems. The agency did not fully implement access controls, which are designed to prevent, limit, and detect unauthorized access to computing resources, programs, information, and facilities. Specifically, the agency did not always (1) enforce strong policies for identifying and authenticating users by, for example, requiring the use of complex (i.e., not easily guessed) passwords; (2) limit users access to systems to what was required for them to perform their official duties; (3) ensure that sensitive information, such as passwords for system administration, was encrypted so as not to be easily readable by unauthorized individuals; (4) keep logs of network activity or monitor key parts of its networks for possible security incidents; and (5) control physical access to its systems and information, such as controlling visitor access to computing equipment. In addition to weaknesses in access controls, EPA had mixed results in implementing other security controls. For example, EPA conducted appropriate background investigations for employees and contractors to ensure sufficient clearance requirements had been met before permitting access to information and information systems.
Keywords Access controls
Data processing security
Environmental Protection Agency (EPA)
Federal government
Information security
Information systems
Management planning and control
Policies
Procedures
Risk assessment
Safeguards
Security controls
Weaknesses

 
Source Agency General Accounting Office
NTIS Subject Category 62D - Information Processing Standards
70F - Public Administration & Government
Corporate Author Government Accountability Office, Washington, DC.
Document Type Technical report
Title Note N/A
NTIS Issue Number 1226
Contract Number N/A

Science and Technology Highlights

See a sampling of the latest scientific, technical and engineering information from NTIS in the NTIS Technical Reports Newsletter

Acrobat Reader Mobile    Acrobat Reader