Federal Manager's Daily Report

Image: WhataWin/Shutterstock.com

The inspector general’s at the EPA has recommended that the agency strengthen controls for detecting and removing unapproved software on EPA networks, following an audit that found 7,000 “nonbase” programs in them.

The report cited an internal review by the EPA that identified “foreign software and malware programs that gather user information, allow remote control and viewing of the EPA user’s computer via virtual network computing, and have a history of targeted attacks.” The IG looked more closely at 10 instances of software on the networks of one program office and four regional offices and found that in no case had the software been approved.

“Unauthorized software puts the agency’s network, including systems and data, at risk of being compromised from exploited vulnerabilities associated with unapproved software on EPA network,” it said.

The report did not examine how such software got onto the systems, but the potential for employees inadvertently allowing such software in—by responding to phishing and similar attacks—is a common theme of data security programs across government.

It said the agency agreed with its recommendations to better document procedures to detect and remove unapproved software and provide targeted training on those procedures.

Budget Seeks 4.6 Percent Raise, Hints at Additional Pay Flexibilities

Budget Breaks Little Ground on ‘Reentry’ Plans

TSP Totes Up Damage to Accounts from Recent Market Losses

Pay Gap: Salary Council Reconstituted with Familiar Members

DoD Leaves Timing, Other Details of ‘Reentry’ to Components

Vaccine Mandate Injunction Hits Two-Month Mark with Questions Still Pending

The Latest on the WEP and the GPO

Rules Coming on Consideration of Prior Salaries in Pay Setting, Says OPM

FERS Retirement Guide 2022