Penetration Test of the Food and Drug Administration's Computer Network
Download the complete report
Adobe® Acrobat® is required to read PDF files.
We conducted an external penetration test of the Food and Drug Administration's (FDA) network and information systems. Although we did not obtain unauthorized access to the FDA network, we identified the following issues: Web page input validation was inadequate, external systems did not enforce account lockout procedures, security assessments were not performed on all external servers, error messages revealed sensitive system information, and demonstration programs revealed sensitive information. These could have led to (1) the unauthorized disclosure or modification of FDA data or (2) FDA mission critical systems being made unavailable. We recommended that FDA implement necessary corrective actions to address the specific cybersecurity vulnerabilities that we identified during this audit.
Let's start by choosing a topic
Priority recommendations summarized.
FY 2016 Work Plan
OIG projects planned for 2016.
Significant OIG activities in 6-month increments.