Northampton County Technology Infrastructure Assessment
| System | Current Version | Required By | Risk | Details |
|---|---|---|---|---|
| 10.9.1 |
11.3 by May 2026 EOL: May 31, 2026 |
HIGH |
CVE-2023-25830, CVE-2024-25694, CVE-2024-25696
Web AppBuilder deprecated in 12.0 |
|
| Server 2019 |
Server 2022/2025 Mainstream support ended |
HIGH |
CVE-2020-1472 (Zerologon) patches required
Missing 32k page database, DMSA features |
|
| v2.4.0.0 |
Updated software Required by Mar 2024 |
MEDIUM |
Settlement requires software upgrade + conditions for use 2019 & 2023 incidents documented |
|
|
Cybersecurity Posture
|
Undisclosed | SLGCP Grant Eligible | HIGH |
No public cybersecurity plan disclosed PA eligible for $10.4M FFY2023, $5.2M FFY2022 |
| System | Initiative | Timeline | Status | Details |
|---|---|---|---|---|
|
Digital Inclusion Program
|
Device Giveaway & Digital Navigator | Ongoing 2026 | Active |
Named 2025 Digital Inclusion Trailblazer by NDIA Refurbished county devices to residents |
|
2026 Capital Improvements
|
IT Capital Projects | Adopted Dec 4, 2025 | Approved |
Part of $503M budget, no tax increase Specific IT items in Capital Plan section |
|
CDBG Technology Grants
|
Community Development Block Grant | Opens Mar 3, 2025 | Scheduled |
Application closes May 22, 2025 May include technology infrastructure projects |
|
BEAD Broadband Program
|
Broadband Equity & Deployment | 2024-2028 | In Progress |
Federal infrastructure funding for broadband PA DCED 2024-2025 provisional approvals |
|
Election Security
|
Risk-Limiting Audits | 2025-2026 Elections | Active |
County participates in PA DoS RLA program 2024 primary audited successfully |
| System | Current State | Last Verified | Notes |
|---|---|---|---|
| Operational | Jan 2026 |
Financials, HR, Payroll, Procurement active 68+ PA county Munis installations |
|
|
Controller Audit Function
|
Compliant | Jan 22, 2025 |
Peer review: "adequately designed and operating effectively" Reviewed Jan 2022 - Dec 2024 period |
| Operational | Jan 2026 |
Catalyst 9300 switches deployed VLAN segmentation in place |
| Gap Area | Industry Standard | Risk | Recommendation |
|---|---|---|---|
Zero Trust Architecture |
CISA Zero Trust Maturity Model | HIGH | No public ZTA roadmap. Federal mandate for agencies by 2024. |
Cloud Migration Strategy |
Hybrid Cloud / SaaS | MEDIUM | Tyler ERP offers SaaS. No disclosed migration plan. |
SIEM/SOC Capabilities |
24/7 Security Operations | HIGH | No public SOC or SIEM disclosed. MS-ISAC available free to PA locals. |
Disaster Recovery Testing |
Annual DR drills documented | MEDIUM | No public DR test results. COOP plan status unknown. |
IT Staffing Assessment |
IT FTE per 100 employees | MEDIUM | IT staffing levels not disclosed. Industry benchmark: 3-5%. |
ArcGIS Enterprise 12.0 Planning |
Migrate from Web AppBuilder | HIGH | ESRI deprecating Web AppBuilder in 12.0. Experience Builder migration needed. |
| Audit Area | Period | Finding | Status |
|---|---|---|---|
| P-Card Transactions | Sep 2022 - Sep 2023 | Receipts uploaded, no policy circumvention. Fixed-asset threshold exceptions noted. | Favorable |
| ACL Vendors & Checks | Jul 2023 - Jun 2024 | Two duplicate payments to PA L&I identified (different vendor names). Refunds requested. | Remediation |
| Check Numbering | Jul 2023 - Jun 2024 | Gaps attributed to voided stubs or assignment errors. No material issues. | Explained |
| Law Library Cash | 2024 | No receipts processed in last year. Bank reconciliations delayed. | Exception |