EPA conducts, will not release, cyber audit

EPA conducts, will not release, cyber audit

Citing privacy concerns, the Environmental Protection Agency will not be releasing an inspector general’s report discussing cybersecurity.


An “At A Glance” summary of the report says an audit of the agency’s computers found 30 systems with personally identifiable information. 

“Due to the sensitive nature of the information identified, the full report is not being made available to the public,” the summary concludes. 

Besides mentions that the EPA has no systems with national security information and that the EPA ultimately agreed with the audit, the summary does not contain any additional information about the report.

The audit was required by the Cybersecurity Act of 2015. It should contain information on how users are authenticated and what tools are used to protect the network.


CORRECTION: An earlier version of this report said the EPA agreed with recommendations made in the report. The EPA clarified that, while they agreed with the report, no recommendations or corrective actions were made in the report. 

--Update August 17, 9:53 a.m.