Department of Defense Office of Inspector General
06/04/2025 | Press release | Distributed by Public on 06/05/2025 10:25
Audit of the DoD’s Actions to Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities (Report No. DODIG-2025-108)
Report | June 4, 2025
Audit of the DoD's Actions to Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities (Report No. DODIG-2025-108)
Audit
The objective of this audit was to determine whether the actions taken by DoD Components to identify, respond to, and mitigate vulnerabilities impacting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) complied with DoD requirements.
Ivanti, Inc. provides information technology management and software solutions, including virtual private network (VPN) systems, such as ICS, which allow users to remotely connect to a network over the Internet through a secure tunnel. Between January 10, 2024, and February 8, 2024, Ivanti disclosed five critically severe or highly severe common vulnerabilities and exposures (CVEs) affecting ICS and IPS. Those CVEs could allow malicious actors to execute commands on a victim's network with elevated privileges. In response to the CVEs, Joint Force Headquarters-DoD Information Network (JFHQ-DODIN) issued multiple orders to the DoD Information Network areas of operation (DAOs).
SHARE
Related Documents
Full Report: Audit of the DoD's Actions to Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities (Report No. DODIG-2025-108)
audit
Department of Defense Office of Inspector General published this content on June 04, 2025, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on June 05, 2025 at 16:25 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at support@pubt.io