Audit of the U.S. Chemical Safety and Hazard Investigation Board’s Compliance with the Federal Information Security Modernization Act for Fiscal Year 2025
July 14, 2026 | Report No. 26-P-0042
Why We Did This Report
We contracted this audit to assess the U.S. Chemical Safety and Hazard Investigation Board’s compliance with the Fiscal Year 2025 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics. We contracted with SB & Company LLC to perform this audit under our direction and oversight. The Federal Information Security Modernization Act requires the inspector general of each agency to conduct an independent evaluation each year to determine the effectiveness of the agency’s information security program and practices.
Summary of Findings
SB & Company LLC concluded that the U.S. Chemical Safety and Hazard Investigation Board, also known as the CSB, achieved an overall maturity level of Level 2, Defined in fiscal year 2025. This means that the CSB’s information security policies, procedures, and strategies are formalized and documented but not consistently implemented. While the CSB maintained the same overall Level 2, Defined maturity level that it achieved in fiscal year 2024, SB & Company identified areas that need improvements associated with three IG FISMA Reporting Metrics domains: Risk and Asset Management, Identity and Access Management, and Contingency Planning.
Report Materials
OIG Independence of EPA
The EPA's Office of Inspector General is a part of the EPA, although Congress provides our funding separate from the agency, to ensure our independence. We were created pursuant to the Inspector General Act of 1978, as amended.
Environmental Protection Agency | Office of Inspector General
1200 Pennsylvania Avenue, N.W. (2410T) | Washington, DC 20460 | 202-566-2391
OIG Hotline: 1-888-546-8740.