Search.gov System Security and Compliance
System security is a top priority for Search.gov.
We have an ATO (Authorization to Operate) from the General Services Administration. Active customers can request a meeting to review security package documentation. Please email us with any questions.
Reporting a Vulnerability
Services operated by the U.S. General Services Administration (GSA) are covered by the GSA Vulnerability Disclosure Program (VDP).
See the GSA Vulnerability Disclosure Policy for details including:
- How to submit a report if you believe you have discovered a vulnerability.
- Bug bounty scope.
- GSA’s coordinated disclosure policy.
- Information on how you may conduct security research on GSA developed software and systems.
- Important legal and policy guidance.