Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Security of the Social Security Administration’s Public Web Applications (Limited Distribution)

April 25, 2017

Office Affiliation: The Office of Audit

Audit Report Number: A-14-17-50152

We issued this report to determine the effectiveness of the Social Security Administration’s (SSA) efforts to identify, assess, and remediate vulnerabilities in the Agency’s publicly accessible Web applications.

SSA manages a number of Web applications to transact business with the public, government agencies, and others. Because hackers attempt to exploit vulnerabilities to gain unauthorized access to networks, it is imperative that SSA identify any vulnerabilities in its publicly accessible Web applications and remediate them timely to protect the Agency’s sensitive information.

As part of a Council of the Inspectors General on Integrity and Efficiency (CIGIE) Information Technology Subcommittee’s crosscutting project, SSA’s Office of the Inspector General (OIG) joined other OIGs to conduct a Government-wide review of publicly accessible Web applications and associated security controls. Each OIG that participated in the project assessed its own agency’s Web application program, allowing CIGIE to then develop Government-wide recommendations and best practices to secure and manage Web applications.

 <p align="left"> We issued this report to determine the effectiveness of the Social Security Administration’s (SSA) efforts to identify, assess, and remediate vulnerabilities in the Agency’s publicly accessible Web applications. </p>

SSA manages a number of Web applications to transact business with the public, government agencies, and others. Because hackers attempt to exploit vulnerabilities to gain unauthorized access to networks, it is imperative that SSA identify any vulnerabilities in its publicly accessible Web applications and remediate them timely to protect the Agency’s sensitive information.

As part of a Council of the Inspectors General on Integrity and Efficiency (CIGIE) Information Technology Subcommittee’s crosscutting project, SSA’s Office of the Inspector General (OIG) joined other OIGs to conduct a Government-wide review of publicly accessible Web applications and associated security controls. Each OIG that participated in the project assessed its own agency’s Web application program, allowing CIGIE to then develop Government-wide recommendations and best practices to secure and manage Web applications.

 

Read the summary report

Looking for U.S. government information and services?
Visit USA.gov