We recommend CBP’s Office of Information Technology implement a mechanism to routinely assess CBP applications and supporting infrastructure operating systems for configuration and patch management vulnerabilities and timely implement corrective actions.