Our objective was to determine whether the U.S. Central Command’s (USCENTCOM) vulnerability management program (VMP) effectively identified, remediated, and mitigated network vulnerabilities.