Report File
Date Issued
Submitting OIG
Smithsonian Institution OIG
Other Participating OIGs
Smithsonian Institution OIG
Agencies Reviewed/Investigated
Smithsonian Institution
Components
Office of the Chief Information Officer
Report Number
OIG-A-17-05
Report Description
The objective of this audit was to assess to what extent the Smithsonian had processes in place to prevent, detect, and resolve security vulnerabilities on the Smithsonian’s publicly accessible websites. The audit focused on obtaining an inventory of publicly accessible websites; conducting vulnerability testing, which included an in-depth test of websites to simulate a focused attack by a skilled adversary; and reviewing the Smithsonian’s policies, procedures, and processes to manage website security.
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
4
Questioned Costs
$0
Funds for Better Use
$0
