Geocoder Security Assessment

NAACCR and TAMU are undergoing continual security assessments for the Geocoder. Available here is:

• An Executive Summary for the most recent assessment completed in June 2022 by an independent cybersecurity consulting team from Carve Systems. This is a PDF document.
• An Overview of the assessment summary presented to the NAACCR Geocoding Technical WG in September 2022. This is a video file.

There are additional details available. However, providing detailed information is a potential roadmap to vulnerabilities, we will only provide additional information to registries that request and sign an NDA with TAMU. Please contact Recinda Sherman, NAACCR Program Manager of Data Use and Research if you would like to request the additional details.

Summary of Security Assessment (Year 1)

Texas A&M University contracted Carve Systems, LLC in October 2021 to perform an assessment of the Geoservices website.
Testing included the following activities:

• Web application penetration test
• External network assessment

During the assessment, Carve documented eight findings related to the Geoservices website. Of these findings zero were classified as high or critical severity findings.

These findings describe actual security vulnerabilities present in the Geoservices website. They are full or partial realizations of one or more threat scenarios identified by Carve during test planning. Results are available in PDF or Video format below.