The U.S. Environmental Protection Agency's Office of lnspector General has identified a failure to follow Agency procedure—specifically EPA Classification No. CIO 2150-P-08.2, EPA Information Procedure, Information Security – Incident Response Procedures—concerning reporting and response requirements for cybersecurity incidents. The failure to follow this procedure occurred after EPA employees were notified of a potential data breach of EPA information related to the EPA Facility Registry Service, or FRS.
This report resulted from an investigation, rather than an audit or evaluation project.
Report Type