Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Penetration Test of the Administration for Children and Families' Computer Networks and External Web Applications

Issued on  | Posted on  | Report number: A-18-14-30330

Report Materials

We assessed Administration for Children and Families' (ACF) network's exposure to cyber attacks by performing penetration testing of its network and Internet-facing systems. Specifically, we performed Web vulnerability testing from Office of Inspector General facilities and wireless testing onsite at ACF offices in Washington, DC.

We found that ACF needs to strengthen the information security controls over its external Web applications and wireless networks. Although we did not obtain unauthorized access to the ACF network, we identified vulnerabilities that could lead to a cyber security incident involving ACF systems and data, given enough time and persistence by malicious computer hackers.

We recommended that ACF implement our detailed recommendations to address the specific findings we identified.

Report Type
Audit
HHS Agencies
Administration for Children and Families
Issue Areas
-
Target Groups
-
Financial Groups
-

Notice

This report may be subject to section 5274 of the National Defense Authorization Act Fiscal Year 2023, 117 Pub. L. 263.