Penetration Test of the Administration for Children and Families' Computer Networks and External Web Applications
We assessed Administration for Children and Families' (ACF) network's exposure to cyber attacks by performing penetration testing of its network and Internet-facing systems. Specifically, we performed Web vulnerability testing from Office of Inspector General facilities and wireless testing onsite at ACF offices in Washington, DC.
We found that ACF needs to strengthen the information security controls over its external Web applications and wireless networks. Although we did not obtain unauthorized access to the ACF network, we identified vulnerabilities that could lead to a cyber security incident involving ACF systems and data, given enough time and persistence by malicious computer hackers.
We recommended that ACF implement our detailed recommendations to address the specific findings we identified.