U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audit of NARA's Publicly-Accessible Websites

Report Information

Date Issued
Report Number
16-05
Report Type
Audit
Description
The objective of this audit was to evaluate the security of NARA’s publicly-accessible websites. We also evaluated NARA’s progress toward implementing Hypertext Transfer Protocol Secure on all of its websites as required by Office of Management and Budget Memorandum M-15-13, and verified NARA conducted a review of security assessments associated with its cloud web hosting initiative.
Joint Report
No
Agency Wide
No (location specific)
Questioned Costs
$0
Funds for Better Use
$0

Recommendations

We recommend the Chief Innovation Office (CINO) coordinate with the CIO to improve NARA’s management and internal controls surrounding the security of NARA’s publicly-accessible websites.  Specifically, we recommend the CIO requires all NARA publicly-...

We recommend the Chief Innovation Office (CINO) coordinate with the CIO to improve NARA’s management and internal controls surrounding the security of NARA’s publicly-accessible websites.  Specifically, we recommend the CIO analyzes all publicly-...

We recommend the Chief Innovation Office (CINO) coordinate with the CIO to improve NARA’s management and internal controls surrounding the security of NARA’s publicly-accessible websites.  Specifically, we recommend the CIO requires users to change their...

We recommend the Chief Innovation Office (CINO) coordinate with the CIO to improve NARA’s management and internal controls surrounding the security of NARA’s publicly-accessible websites.  Specifically, we recommend the: CINO coordinate with the CIO on...

We recommend the Chief Innovation Office (CINO) coordinate with the CIO to improve NARA’s management and internal controls surrounding the security of NARA’s publicly-accessible websites.  Specifically, we recommend the CIO documents the process...

We recommend the Chief Innovation Office (CINO) coordinate with the CIO to improve NARA’s management and internal controls surrounding the security of NARA’s publicly-accessible websites.  Specifically, we recommend the CIO regularly (at least quarterly...

We recommend the CIO document a process to review all security assessments by a qualified official.

We recommend the CIO ensure Information Services personnel review all cloud hosting security assessments.

We recommend the CIO ensure Information Services personnel document their review of the IT security assessments.