U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


The Enterprise Physical Access Control System Implementation and Physical Security Controls Need Improvement

Report Information

Date Issued
Report Number
Report Type
Joint Report
Agency Wide
Yes (agency-wide)
Questioned Costs
Funds for Better Use


The Chief, FMSS, should update the EPACS Operations Guide to provide clarity on granting and disabling operator accounts and the specific entitlements that are required in the BEARS for all EPACS roles.

The Chief Information Officer should ensure that the Cybersecurity function’s Enterprise Security Audit Trails team in collaboration with the ACM team prioritizes completing the Audit Worksheet so that the audit logs can be monitored and reviewed.

Ensure that all 1,286 noncompliant card readers are replaced with Federally compliant card readers and are properly configured.

Replace the two single-factor authentication card readers in the Limited Areas at Site 1 and the broken two-factor authentication card reader at Site 3.

Determine the cause for the inoperable alarm at Site 6 and resolve the issue to enable alarms to appear in the EPACS Event Viewer.