Date Issued
Report Number
OIG-A-17-05
Report Type
Audit
Component
Office of the Chief Information Officer
Description
The objective of this audit was to assess to what extent the Smithsonian had processes in place to prevent, detect, and resolve security vulnerabilities on the Smithsonian’s publicly accessible websites. The audit focused on obtaining an inventory of publicly accessible websites; conducting vulnerability testing, which included an in-depth test of websites to simulate a focused attack by a skilled adversary; and reviewing the Smithsonian’s policies, procedures, and processes to manage website security.