Governance, Risk and Compliance, Government Regulations, Critical Infrastructure Security

EPA poised to finalize agency-wide cyber risk assessment process

Closeup of the homepage of the Environmental Protection Agency

Completion of an organization-wide cybersecurity risk assessment process at the Environmental Protection Agency is expected by Nov. 22, more than six years after such a mechanism was recommended by the Government Accountability Office in an effort to better protect its IT systems and data from increasingly prevalent cybersecurity threats, FedScoop reports.

Aside from integrating several performance metrics gauging robust authentication, logging maturity, critical vulnerability remediation, and priority security control, the EPA's updated cyber risk assessment procedure will also include risk-scoring system changes to accommodate enterprise- and component-level risk scores, according to an EPA spokesperson.

"The procedures also include activities to consolidate the various cybersecurity dashboards into one overall dashboard that provides an executive level view of EPA's risk posture," said the spokesperson.

Such a development follows a GAO document noting the EPA's potential gaps in monitoring cyber risk trends and addressing systemic risks stemming from its lack of cyber risk evaluations.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.