The U.S. Environmental Protection Agency doesn’t have proper systems security in place, allowing former employees to access one of the databases for an $11 million program, according to a report from its Office of Inspector General.
The EPA Inspector General conducted an audit of its Integrated Risk Information System database to determine if it adheres to federal and agency access control requirements, finding that it didn’t. That program “is a chemical evaluation program under the Office of Research and Development and is a critical component of the EPA’s capacity to support scientifically sound environmental regulations and policies,” according to the report. “The program supports the EPA’s mission to protect human health and the environment by identifying and characterizing the health hazards of chemicals found in the environment.”
The EPA’s Office of Research and Development operated with a $574.4 million budget in FY 2023, with an estimated $11.3 million allocated to the program. Agency personnel estimated $127,000 of the program’s budget was used for its database application, the report found.
The Inspector General found that information technology access management for the database did not adhere to federal and agency IT access control requirements.
It found that 64% percent of the database general user accounts had access to the application “without a legitimate business need,” including having the accounts of two former employees remain active for eight months after they separated from the EPA.
The EPA also didn’t implement password configurations for database server accounts, “which caused inactive accounts to remain in an active status for an unlimited time frame, use the same password an unlimited amount of time, and reuse a password sooner than allowed.”
The audit found that the EPA ran the database without being included or identified in a system security plan that would ensure that the system’s security met federal standards.
The agency skipped basic security steps that even Gmail users must participate in, let alone people with access to federal government databases worth $11 million.
The #WasteOfTheDay is brought to you by the forensic auditors at OpenTheBooks.com
We're proud to make our journalism accessible to everyone, but producing high-quality investigative pieces still comes at a cost.
That's why we need your help. By making a contribution today, you'll be supporting RealClearInvestigations and ensuring that we can keep providing in-depth reporting that holds the powerful accountable.
Donate now and help us continue to publish distinctive journalism that makes a difference. Thank you for your support!
Support RealClearInvestigations →
