Skip to main content

Environmental Protection Agency

Jump To:

Open Recommendations (83 total)

Persistent Chemicals: Additional EPA Actions Could Help Public Water Systems Address PFAS in Drinking Water

Show
4 Open Recommendations
Agency Affected Recommendation Status
Environmental Protection Agency The Assistant Administrator of EPA's Office of Water should establish a time frame for issuing additional planned resources—such as fact sheets and templates—to help public water systems communicate with customers about PFAS health risks. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Environmental Protection Agency The Administrator of EPA should publish a Small Entity Compliance Guide for the PFAS National Primary Drinking Water Regulation as soon as is feasible, to best support small public water systems preparing to comply with the PFAS maximum contaminant levels by April 2029. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Environmental Protection Agency The Assistant Administrators of EPA's Office of Water and Office of Land and Emergency Management should summarize and consolidate existing regulations, policy, and guidance relevant to the disposal of PFAS-contaminated waste into a straightforward resource for public water systems. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Environmental Protection Agency The Assistant Administrator of EPA's Office of Water should, in consultation with partners from Tribes, states, regional offices, and outside organizations, identify barriers public water systems experience obtaining federal funding to address PFAS contamination and assess how best to disseminate information on such funding potentially available to these systems. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cloud Computing: Agencies Need to Address Key OMB Procurement Requirements

Show
1 Open Recommendations
Agency Affected Recommendation Status
Environmental Protection Agency The Administrator of EPA should ensure that the CIO of EPA updates guidance to put a cloud SLA in place with every vendor when a cloud solution is deployed. The guidance should include language that addresses OMB's required elements for SLAs, including: continuous awareness of the confidentiality, integrity, and availability of its assets; a detailed description of roles and responsibilities; and remediation plans for non-compliance. (Recommendation 29)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Critical Infrastructure Protection: EPA Urgently Needs a Strategy to Address Cybersecurity Risks to Water and Wastewater Systems

Show
4 Open Recommendations
Agency Affected Recommendation Status
Environmental Protection Agency The Administrator of EPA should submit the Vulnerability Self-Assessment Tool (VSAT) for independent peer review and revise the tool as appropriate. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Environmental Protection Agency The Administrator of EPA should develop and implement a risk-informed cybersecurity strategy, in coordination with other federal and sector stakeholders, to guide its water sector cybersecurity programs. Such a strategy should include information from a risk assessment and should identify objectives, activities, and performance measures; roles, responsibilities, and coordination; and needed resources and investments. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Environmental Protection Agency The Administrator of EPA should evaluate its existing legal authorities for carrying out EPA's cybersecurity responsibilities and seek any needed enhancements to such authorities from the administration and Congress. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Environmental Protection Agency The Administrator of EPA should, as required by law, conduct a water sector risk assessment, considering physical security and cybersecurity threats, vulnerabilities, and consequences. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.