April 10, 2014 - IAE Update on the OpenSSL Heartbleed Vulnerability  Print 

In accordance with updates from OMB and US-CERT, the Integrated Award Environment (IAE) surveyed all IAE systems to determine if they were impacted by the Heartbleed Vulnerability. We validated the following systems do not use the software affected by the Heartbleed Vulnerability:  SAM, FPDS-NG, FBO, eSRS, FSRS, CFDA, and WDOL.

CPARS, PPIRS and FAPIIS have been updated to OpenSSL version 1.0.1g which resolved the vulnerability. All users are required to reset passwords for these three systems upon next log-in.  There is no evidence of a security incident on any of the systems.

If you use the same password on IAE systems as you do on other internet sites, you should take appropriate precautions.  For additional information, see updates at US-CERT: https://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability