Contents
- Purpose
- Methodology
- Governance & Sensitive Documents
- Personnel & PII Exposure
- Financial Documents
- Wayback Machine Archive
- Certificate Transparency
- Infrastructure & Technical Surface
- Funding & Contracts
- Legal & Regulatory
- Disaster & Environmental
- Media & Public Narrative
- Risk Summary
- Recommendations
- What This Means
Purpose
This audit maps the publicly indexed digital footprint of the American Indian Science and Engineering Society (AISES) across federal agency databases, certificate transparency logs, the Wayback Machine, IRS nonprofit filings, foundation directories, court records, and the entity's own web properties.
What can anyone with a search engine learn about your organization in 30 minutes?
For a nonprofit of AISES's scale ($19M revenue, 7,000+ members, 200+ chapters), transparency is both a strength and an exposure surface. Donors, grantors, partners, and the public can reconstruct your funding portfolio, governance documents, leadership roster, and technology infrastructure from freely available sources. This audit shows what that picture looks like.
Methodology
The following public data sources were queried:
| Source | Purpose |
|---|---|
| Search engines | Advanced operator queries (site:, filetype:, intitle:) targeting aises.org and federal agency domains |
| Wayback Machine | CDX API queries against aises.org and www.aises.org |
| Certificate Transparency (crt.sh) | All certificates issued to aises.org subdomains |
| DNS records | A, MX, NS, TXT, CNAME lookups for aises.org |
| USASpending.gov | Federal award recipient search |
| HHS TAGGS | Health and Human Services grant tracking |
| NSF Award Search | National Science Foundation awards |
| ProPublica Nonprofit Explorer | IRS Form 990 filings |
| GuideStar/Candid | Nonprofit profile and EIN verification |
| BBB Wise Giving Alliance | Accountability standards assessment |
| Federal Register | Regulatory filings and sole-source notices |
| Court databases | Justia, CourtListener, JudyRecords |
| Native media | Indianz.com, ICT News, Native News Online |
No unauthorized access was performed or attempted. All data sources are publicly accessible.
Governance & Sensitive Documents
Queries used:
"AISES" OR "American Indian Science and Engineering Society" filetype:pdf "confidential" OR "internal"
"AISES" OR "American Indian Science and Engineering Society" filetype:pdf "resolution" OR "charter" OR "MOU"
"AISES" filetype:pdf "staff list" OR "phone directory" OR "org chart"
site:aises.org intitle:"index of"
site:aises.org inurl:backup OR inurl:admin OR inurl:config
"American Indian Science and Engineering Society" site:irs.gov
"American Indian Science and Engineering Society" site:federalregister.gov| # | Document | Hosted On | Risk | Notes |
|---|---|---|---|---|
| 1 | IHS Sole-Source Cooperative Agreement | federalregister.gov | LOW | Official IHS notice naming AISES as sole-source recipient |
| 2 | 2023 Form 990 | aises.org | LOW | Self-hosted tax filing — intentional transparency |
| 3 | 2022 Form 990 | aises.org | LOW | Self-hosted tax filing |
| 4 | 2021 Audited Financials | aises.org | LOW | Self-hosted audit report |
| 5 | AISES Bylaws (2016) | Wayback / aises.org | LOW | Governance bylaws accessible via archive |
| 6 | Bylaws Change Resolution | Wayback / aises.org | LOW | Board resolution on bylaws amendment process |
| 7 | Quorum Definition Resolution | Wayback / aises.org | LOW | Board resolution on quorum rules |
Assessment: LOW
No confidential or internal documents were found indexed on any domain. MOU references are all official government press releases. AISES self-hosts its 990 filings and audited financials, reflecting intentional transparency.
Personnel & PII Exposure
| # | Document | Hosted On | Risk | Notes |
|---|---|---|---|---|
| 1 | ZoomInfo Company Profile | zoominfo.com | MEDIUM | Data broker has assembled employee directory from scraped sources |
| 2 | Wiza Company Profile | wiza.co | MEDIUM | Second data broker aggregating employee details |
Assessment: MEDIUM
No CSV, XLSX, or PDF rosters of members or employees were found indexed. However, two data broker platforms have assembled employee directories from publicly scraped sources. Staff names, titles, and inferred contact details are aggregated and commercially available.
Financial Documents
| # | Document | Hosted On | Risk | Notes |
|---|---|---|---|---|
| 1 | ProPublica Nonprofit Explorer | propublica.org | LOW | Complete 990 filing history; FY2024 revenue $18.97M |
| 2 | Instrumentl 990 Report | instrumentl.com | LOW | 990 timeline with 14 active grant programs |
| 3 | Cause IQ Profile | causeiq.com | LOW | 69 employees; NTEE classification; financial summary |
| 4 | USASpending Recipient Profile | usaspending.gov | LOW | Federal award recipient; UEI: XUE5YPEN3UZ9 |
Financial Trajectory (from 990 filings)
| Year | Revenue | Expenses | Net Assets |
|---|---|---|---|
| 2024 | $18,970,849 | $13,288,390 | $9,259,281 |
| 2023 | $12,004,535 | $11,220,136 | $3,489,435 |
| 2022 | $9,273,961 | $9,794,112 | $2,595,016 |
| 2021 | $8,766,660 | $6,776,814 | $3,221,834 |
| 2020 | $5,717,062 | $5,696,593 | $1,210,975 |
| 2019 | $5,674,585 | $5,817,558 | $1,265,912 |
| 2018 | $5,010,011 | $4,700,230 | $1,505,583 |
| 2017 | $4,246,049 | $4,132,365 | $1,278,065 |
| 2016 | $3,262,638 | $3,259,135 | $1,152,059 |
| 2015 | $2,972,122 | $3,030,113 | $1,132,211 |
Assessment: LOW
Exemplary financial transparency. 990 filings from 2009–2024 are self-hosted and independently available through multiple nonprofit databases. Revenue has grown 6.6x from $2.9M to $19.0M over nine years. Material weakness in internal controls identified in recent audits.
Wayback Machine Archive
| Metric | Value |
|---|---|
| Total unique pages archived | 75,800+ |
| Total unique PDFs archived | ~1,220 |
| Earliest snapshot | 1998-12-12 |
| Most recent snapshot | 2026-04-10 |
| Platform history | ColdFusion (2000s) → Joomla (~2008) → Drupal (~2012) → WordPress (current) |
Notable archived content
| # | Content | Type | Notes |
|---|---|---|---|
| 1 | 990 Tax Filings (2009–2023) | Complete 14-year run across both CMS eras | |
| 2 | Audited Financial Statements (2009–2023) | Full decade+ of independent audit history | |
| 3 | Annual Reports (2005–2021) | Organizational narrative and program data | |
| 4 | Board Governance Documents | Bylaws, resolutions, tribal chapter code of conduct | |
| 5 | Drupal CHANGELOG.txt | Config | Revealed exact CMS version during Drupal era |
| 6 | Drupal install.php | Config | Installer script was publicly accessible |
| 7 | Gallery2 Photo Gallery (~928 pages) | Application | Retired photo gallery with extensive archive |
| 8 | ColdFusion Member Login Portal | Login | Legacy member authentication from 2005 era |
| 9 | Winds of Change Media Kit | Magazine advertising rates and readership data | |
| 10 | Historical Scholarship Applications (2003–2006) | Archived application forms from early programs |
Assessment: MEDIUM-HIGH
Exceptionally large Wayback footprint spanning 27 years. Four platform migrations are documented. The archive preserves the complete financial record, governance documents, and artifacts from retired platforms including CMS configuration files. The archive represents a deep historical record of the organization's digital evolution.
Certificate Transparency
| Property | Value |
|---|---|
| Total certificates found | 17 |
| Certificate issuers | Let's Encrypt (R12, R13, E7), GeoTrust, Google Trust Services, Amazon RSA |
| Earliest certificate | 2025-03-06 |
| Most recent certificate | 2026-04-01 |
| Wildcard certificates | No |
| Renewal pattern | 90-day automated (Let's Encrypt) + commercial CAs for specific services |
Subdomains discovered (20)
| # | Subdomain | Purpose | Certificate Issuer |
|---|---|---|---|
| 1 | www.aises.org | Main website | Let's Encrypt E7 |
| 2 | conference.aises.org | National conference site | Let's Encrypt R13 |
| 3 | events.aises.org | Event management (Aventri) | Amazon RSA |
| 4 | give.aises.org | Donation portal (Classy.org) | Google Trust Services |
| 5 | opportunities.aises.org | Job/scholarship board | Let's Encrypt R13 |
| 6 | resumes.aises.org | Resume portal | Let's Encrypt R12 |
| 7 | fairs.aises.org | Career fairs | Let's Encrypt R13 |
| 8 | forms.aises.org | Web forms | Let's Encrypt R12 |
| 9 | info.aises.org | Marketing (Pardot) | Let's Encrypt R13 |
| 10 | nativelinks.aises.org | Resource directory | Let's Encrypt R13 |
| 11 | photos.aises.org | Photo gallery (Azure) | GeoTrust |
| 12 | secure.aises.org | Member portal | Let's Encrypt R13 |
| 13 | woc.aises.org | Winds of Change magazine | Let's Encrypt R13 |
| 14 | nfc.aises.org | Conference (alt) | Let's Encrypt R12 |
| 15 | old.aises.org | Legacy site | Let's Encrypt R12 |
| 16 | www.conference.aises.org | Conference redirect | Let's Encrypt R13 |
| 17 | 2021.aises.org | 2021 conference archive | Let's Encrypt R13 |
| 18 | 2022.aises.org | 2022 conference archive | Let's Encrypt R12 |
| 19 | 2023.aises.org | 2023 conference archive | Let's Encrypt R13 |
| 20 | 2025.aises.org | 2025 conference site | Let's Encrypt R12 |
Assessment: LOW
Well-managed automated certificate renewal. Subdomain inventory maps cleanly to known AISES programs. No wildcard certificates, no shadow IT indicators.
Infrastructure & Technical Surface
DNS Configuration
| Record | Value | Significance |
|---|---|---|
| A | 192.0.78.213 | Automattic (WordPress.com managed hosting) |
| MX | aises-org.mail.protection.outlook.com | Microsoft 365 email |
| NS | ns9.worldnic.com, ns10.worldnic.com | Network Solutions (legacy registrar DNS) |
| TXT (SPF) | 7 includes (Outlook, Pardot, Informz, Neon, Aventri, WPCloud, Google) | Complex email sender landscape |
Infrastructure Profile
| Property | Value |
|---|---|
| Hosting platform | WordPress.com (Automattic managed) |
| Domain type | .org |
| Email provider | Microsoft 365 |
| CDN/Proxy | Automattic a8c-cdn |
| DNS provider | Network Solutions (legacy) |
| Marketing automation | Salesforce Pardot |
| Hosting providers (total) | 6 distinct across subdomains |
| Security headers | Partial (HSTS only; no CSP, X-Frame-Options, X-Content-Type-Options) |
Assessment: MEDIUM-HIGH
Sprawling infrastructure with 6 distinct hosting providers across 20 subdomains. Main site is well-hosted on WordPress.com, but legacy subdomains sit on budget shared hosting. Network Solutions nameservers indicate legacy DNS. SPF record with 7 includes approaches DNS lookup limits. Year-specific conference subdomains accumulate without retirement.
Funding & Contracts
| # | Record | Source | Amount | Agency |
|---|---|---|---|---|
| 1 | USASpending Recipient Profile | usaspending.gov | Multiple awards | Multiple |
| 2 | HHS TAGGS Cumulative Awards | taggs.hhs.gov | ~$2,955,039 | NIH, IHS, ACF |
| 3 | NSF Lighting the Pathway (Phase I & II) | nsf.gov | ~$3,000,000 | NSF |
| 4 | NSF/Kapor CS for Native Girls | nsf.gov | $1,400,000 | NSF |
| 5 | IHS Sole-Source Cooperative Agreement | IHS | ~$745,000 | IHS |
| 6 | ProPublica 990 Filings | propublica.org | $18.97M (2024 rev) | IRS |
Revenue breakdown (2024): 93.5% contributions/grants ($17.7M), 5.6% program services ($1.05M), 1.2% investment income.
Assessment: LOW
Confirmed USASpending recipient profile. Substantial federal funding from NSF, HHS (NIH, IHS, ACF), DOE, and NASA. Revenue growth of 6.6x over nine years. Funding portfolio is largely reconstructable from public sources.
Legal & Regulatory
Litigation: Zero cases found across Justia, CourtListener, and JudyRecords. No lawsuits as plaintiff or defendant.
Regulatory Filings
| # | Filing | Source | Notes |
|---|---|---|---|
| 1 | IHS Sole-Source Cooperative Agreement | Federal Register | 5-year sole-source award for AI/AN STEM workforce |
| 2 | BIA Conference Promotion | bia.gov | Official federal agency participation |
| 3 | NIST Conference Participation | nist.gov | Federal recruitment at AISES events |
Governance Flags
| # | Finding | Source | Severity |
|---|---|---|---|
| 1 | BBB Wise Giving Alliance: Does NOT meet standards | BBB/Give.org | MEDIUM |
| 2 | Material weakness in internal controls (FY2024 audit) | ProPublica / 990 | MEDIUM |
Assessment: CLEAN
Exceptionally clean legal profile. Zero litigation. BBB accountability flags and audit findings are governance matters, not legal exposure.
Disaster & Environmental
Assessment: CLEAN
No FEMA declarations, EPA enforcement, or environmental monitoring records. AISES is a STEM education nonprofit, not a jurisdictional entity. Relevant environmental programming includes the Indigenous Knowledge Research Program (USDA partnership) and Environmental Science Associates scholarships.
Media & Public Narrative
Key Coverage
| # | Article | Date | Publication | Key Points |
|---|---|---|---|---|
| 1 | National conference brings together Native scientists | 2025-10 | MPR News | 2025 conference in Minneapolis; thousands of attendees |
| 2 | Native student program shuts down due to DEI orders | 2025-03 | Indianz.com | Adjacent programs affected by anti-DEI executive orders |
| 3 | ACS partner conferences community | 2026-01 | Chemical & Engineering News | AISES highlighted as key ACS partner conference |
Leadership Identified
| # | Name | Role | Source |
|---|---|---|---|
| 1 | Sarah EchoHawk (Pawnee) | CEO/President since 2013 | AISES |
| 2 | Michael Laverdure (Turtle Mountain Chippewa) | Board Chair Emeritus | AISES |
| 3 | Lillian Sparks Robinson (Rosebud Sioux) | Board Member (2025–2028) | AISES |
| 4 | Fawn Sanchez (Shoshone-Bannock) | Board Member (2025–2028) | AISES |
Assessment: CLEAN
Overwhelmingly positive public narrative. $8.7M cumulative scholarships to 4,924 students. Emerging risk from anti-DEI executive orders affecting adjacent programs.
Risk Summary
Scorecard
| Category | Assessment | Key Finding |
|---|---|---|
| Governance & Documents | LOW | Self-hosted financials, no confidential docs indexed |
| Personnel & PII | MEDIUM | Data broker profiles aggregate staff details |
| Financial Documents | LOW | Exemplary transparency; complete 990 history |
| Wayback Archive | MEDIUM-HIGH | 75,800+ pages, retired CMS config files |
| Certificate Transparency | LOW | 20 subdomains, well-managed, no shadow IT |
| Infrastructure | MEDIUM-HIGH | 6 hosting providers, fragmented, minimal headers |
| Funding & Contracts | LOW | USASpending profile confirmed; 5 federal agencies |
| Legal & Regulatory | CLEAN | Zero litigation; BBB accountability flags |
| Disaster & Environmental | CLEAN | No jurisdictional exposure |
| Media & Narrative | CLEAN | Positive coverage; DEI policy risk |
AISES operates one of the more extensive digital footprints among Indigenous-serving nonprofits. Online since 1998, four CMS platform migrations, 20 subdomains across 6 hosting providers, and a complete public financial record spanning 14+ years. The footprint reflects organizational maturity more than security deficiency — but the infrastructure fragmentation and archive depth mean the information surface is larger than typical for an organization of this size.
Recommendations
Immediate Actions
1. Data broker cleanup — Submit removal requests to ZoomInfo and Wiza to reduce staff PII aggregation. Repeat annually.
2. Security header hardening — Add Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options headers to the main site and all subdomains.
3. BBB disclosure completion — Respond to the 3 outstanding BBB Wise Giving Alliance information requests.
Ongoing Monitoring
1. Certificate transparency alerts — Subscribe to crt.sh alerts for aises.org to detect unauthorized certificate issuance.
2. Wayback monitoring — Periodically review new archived content for sensitive documents.
3. Subdomain inventory — Audit year-specific conference subdomains (2021–2023); decommission if no longer needed.
Strategic Considerations
1. Infrastructure consolidation — Consolidate legacy subdomains (HostGator, DreamHost) onto the Automattic platform.
2. DNS modernization — Migrate from Network Solutions to a modern DNS provider (Cloudflare, AWS Route 53).
3. SPF simplification — The 7-include SPF record approaches the DNS lookup limit. Audit and remove unused senders.
What This Means
Donor and grant transparency means your funding portfolio, tax filings, and program outcomes are publicly assembled in ways that shape how funders and the public perceive your organization. For AISES, this transparency is largely intentional and well-managed — your 990s, audited financials, and annual reports are self-hosted and clearly communicated. The areas where the footprint exceeds intentional disclosure are the infrastructure fragmentation (6 hosting providers make the technical surface harder to defend) and the depth of the Wayback archive (27 years of digital history, including retired CMS artifacts). These are not urgent risks but represent the accumulated surface area of an organization that has been a digital pioneer since 1998.