Information Security: Weaknesses Place Commerce Data and Operations at Serious Risk, Report to the Chairman, Committee on Energy and Commerce, House of Representatives [open pdf - 291KB]
This report provides a general summary of the computer security weaknesses identified in the unclassified information systems of the seven Commerce organizations reviewed as well as in the management of the department's information security program. GAO (Government Accountability Office ) conducted penetration testing of sensitive Commerce systems from both inside Commerce headquarters and from a remote location through the Internet during a 2-month period. Using readily available software common techniques, they attempted to penetrate systems and exploit identified control weaknesses to verify the vulnerability they presented. Appendix I contains further details on their objectives, scope, and methodology.
Government Accountability Office (GAO): http://www.gao.gov/