Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CBP Has Placed Travelers' PII at Risk of Exploitation

Executive Summary

CBP did not always protect MPC apps from cybersecurity threats.  This occurred because app version updates were not always scanned for vulnerabilities and CBP did not always identify vulnerabilities detected in scans.  CBP also did not complete seven required security and privacy compliance reviews of MPC apps because it did not establish a schedule for the reviews or track and centrally store review documentation.  In addition, CBP did not obtain the information needed for the reviews, had competing priorities, and did not ensure app developers created a process for a required internal audit.  Finally, CBP did not implement Department server configuration requirements for its MPC servers.  We made eight recommendations that, when implemented, should improve the security of CBP’s MPC program.  CBP concurred with all eight recommendations.

Report Number
OIG-21-47
Issue Date
Document File
DHS Agency
Fiscal Year
2021