Security of the Social Security Administration’s Wireless Networks (Limited Distribution)

Date: 
Tuesday, February 11, 2014
Report Number: 
A-14-13-13063
Report Type: 
Audit Report
Office Affiliation: 

According to the National Institute of Standards and Technology, a wireless local area network (wireless network) is a group of devices within a limited geographic area, such as an office building, that exchanges data through radio communications. Wireless networks are typically less secure than their wired counterparts for several reasons, including the ease of access to the network and often weak security configurations. The purpose of this report was to determine whether the SSA's wireless networks and attached devices were (1) authorized and (2) reasonably secure in accordance with Federal laws, regulations, guidelines, and standards as well as with Agency policy and procedures. As part of SSA’s Fiscal Year 2013 Financial Statement Audit, we contracted with Grant Thornton LLP (GT) to perform additional wireless testing. GT expanded its wireless testing to include wireless network mapping, a vulnerability assessment, and penetration testing to meet the objectives of this review and inform its Financial Statement Audit internal control opinion.