Skip Navigation Change Font Size

Audit (A-18-13-30331)

Penetration Test of the Food and Drug Administration's Computer Network

Complete Report

Download the complete report

Adobe® Acrobat® is required to read PDF files.


We conducted an external penetration test of the Food and Drug Administration's (FDA) network and information systems. Although we did not obtain unauthorized access to the FDA network, we identified the following issues: Web page input validation was inadequate, external systems did not enforce account lockout procedures, security assessments were not performed on all external servers, error messages revealed sensitive system information, and demonstration programs revealed sensitive information. These could have led to (1) the unauthorized disclosure or modification of FDA data or (2) FDA mission critical systems being made unavailable. We recommended that FDA implement necessary corrective actions to address the specific cybersecurity vulnerabilities that we identified during this audit.

I'm Looking For

Let's start by choosing a topic

Exclusions Database Report Fraud
Newsletter Sign Up Envelop Graphic

Stay up to date on the latest OIG news and opinions

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201