Vulnerabilities Highlight the Need for More Effective Web Security Management (Redacted)

摘要

The Department of Homeland Securitys (DHS) public-facing websites present a highly accessible point of entry and attack to its information resources. These websites are useful in providing DHS and the public with access to information and services, but must be properly configured and maintained in order to protect sensitive data. We evaluated nine of DHS most frequently visited public-facing websites to determine whether DHS has implemented effective security controls and practices. We examined the implementation of DHS required configuration settings and patch management practices. We also performed vulnerability assessments on these websites. In addition, we reviewed documentation regarding electronic authentication for web-based access according to the Federal Information Security Management Act of 2002 (FISMA).