Skip Navigation
United States Flag

An official website of the United States government. Here's how you know >

A New Look for HHS-OIG. Learn More >>

U.S. Flag An official website of the United States government.
Change Font Size

Penetration Test of the Administration for Children and Families' Computer Networks and External Web Applications

We assessed Administration for Children and Families' (ACF) network's exposure to cyber attacks by performing penetration testing of its network and Internet-facing systems. Specifically, we performed Web vulnerability testing from Office of Inspector General facilities and wireless testing onsite at ACF offices in Washington, DC.

We found that ACF needs to strengthen the information security controls over its external Web applications and wireless networks. Although we did not obtain unauthorized access to the ACF network, we identified vulnerabilities that could lead to a cyber security incident involving ACF systems and data, given enough time and persistence by malicious computer hackers.

We recommended that ACF implement our detailed recommendations to address the specific findings we identified.

Copies can also be obtained by contacting the Office of Public Affairs at

Download the complete report.

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201