Improvements Needed to Secure It Assets at Epa-Owned Research Facilities

We sought to determine to what extent management at U.S. Environmental Protection Agency-owned research facilities establish and implement information security practices to protect Agency information technology assets. Agency IT assets must be maintained in accordance with security requirements defined by applicable federal laws, executive orders, directives, policies, standards, and regulations to ensure adequate confidentiality, availability, and integrity of the resources and information stored on or transmitted through the EPA network. Network vulnerabilities can expose IT assets to significant risk and disrupt operations if not identified and resolved.