IG: Security at risk in EPA contract management system

The Environmental Protection Agency should place greater emphasis on the security of its automated acquisition and contract management process, according to the agency's inspector general.

In a new report, IG investigators during a five-month review in mid-2005 found the Integrated Contract Management System was operating without up-to-date certification, accreditation and contingency plans.

"As a result, ICMS had security vulnerabilities which, if exploited, could have had a serious adverse effect on operations, assets and individuals," the report said.

Particularly, the IG found that EPA's Office of Administration and Resources Management, which manages ICMS, did not update and approve key C&A package documents in a timely fashion, develop or test a contingency plan if the system crashed, or monitor production servers for vulnerabilities.

"Exploiting one of these vulnerabilities could result in reduced integrity of the data used by all EPA contracting offices for contract processing and degrade ICMS' availability, thereby hindering the contracting officers' ability to use the application to manage contractor tasking, allocation of funds and contractor efforts," the report said.

OARM said it agreed with these conclusions, and has implemented a plan of actions and milestones to correct the flaws.

It also said many of the IG concerns will be resolved when it finalizes its server consolidation process.

Rob Thormeyer is a staff writer for Washington Technology's sister publication, Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB