The system used to produce RFID identification cards including permanent resident IDs by the USCIS has a number of serious security issues. Almost all of the workstations in the system were using no updated Java software. The system is also composed of many Oracle database servers, the database that was audited were non upgraded with at least 22 critical patch updates, this means that patch management for Oracle was not working for more than five years considering that the system release a patch quarterly. The OIG also provided the following recommendations: Perform the required assessments periodically to evaluate the effectiveness of management, operational, and technical security controls.”]
Source: https://securityaffairs.co/wordpress/25876/security/security-issues-uscis-rfid.html

