Security of the Social Security Administration’s Public Web Applications (Limited Distribution)
Office Affiliation: The Office of Audit
Audit Report Number: A-14-17-50152
We issued this report to determine the effectiveness of the Social Security Administration’s (SSA) efforts to identify, assess, and remediate vulnerabilities in the Agency’s publicly accessible Web applications.
SSA manages a number of Web applications to transact business with the public, government agencies, and others. Because hackers attempt to exploit vulnerabilities to gain unauthorized access to networks, it is imperative that SSA identify any vulnerabilities in its publicly accessible Web applications and remediate them timely to protect the Agency’s sensitive information.
As part of a Council of the Inspectors General on Integrity and Efficiency (CIGIE) Information Technology Subcommittee’s crosscutting project, SSA’s Office of the Inspector General (OIG) joined other OIGs to conduct a Government-wide review of publicly accessible Web applications and associated security controls. Each OIG that participated in the project assessed its own agency’s Web application program, allowing CIGIE to then develop Government-wide recommendations and best practices to secure and manage Web applications.
<p align="left"> We issued this report to determine the effectiveness of the Social Security Administration’s (SSA) efforts to identify, assess, and remediate vulnerabilities in the Agency’s publicly accessible Web applications. </p>
SSA manages a number of Web applications to transact business with the public, government agencies, and others. Because hackers attempt to exploit vulnerabilities to gain unauthorized access to networks, it is imperative that SSA identify any vulnerabilities in its publicly accessible Web applications and remediate them timely to protect the Agency’s sensitive information.
As part of a Council of the Inspectors General on Integrity and Efficiency (CIGIE) Information Technology Subcommittee’s crosscutting project, SSA’s Office of the Inspector General (OIG) joined other OIGs to conduct a Government-wide review of publicly accessible Web applications and associated security controls. Each OIG that participated in the project assessed its own agency’s Web application program, allowing CIGIE to then develop Government-wide recommendations and best practices to secure and manage Web applications.