Oahe Data

Digital Footprint Audit

Cheyenne River Sioux Tribe
Date: 2026-04-09 Entity Type: Tribe Audit Type: Public Index Reconnaissance

Contents

Purpose

This audit maps the publicly indexed digital footprint of the Cheyenne River Sioux Tribe across federal agency databases (BIA, IHS, EPA, FEMA, USDA, DOJ, Congress), state government portals (SD Tribal Relations, SD SOS), certificate transparency logs, the Wayback Machine, federal spending databases, court records, and the entity's own web properties.

What can anyone with a search engine learn about your organization in 30 minutes?

Tribal governments occupy a unique position in the digital landscape. As sovereign nations that interact extensively with federal agencies, tribes generate data across dozens of federal systems they do not control. Every grant application, disaster declaration, environmental permit, court filing, and Federal Register notice creates a data point that, when assembled, reveals operational capacity, funding dependencies, infrastructure vulnerabilities, and leadership identities. This audit shows what that assembled picture looks like for the Cheyenne River Sioux Tribe.

Methodology

The following data sources were queried:

Governance & Sensitive Documents

Queries used:

"Cheyenne River Sioux Tribe" filetype:pdf "confidential" OR "internal" OR "not for distribution"
"Cheyenne River Sioux Tribe" filetype:pdf "resolution" OR "compact" OR "charter" OR "MOU"
"Cheyenne River Sioux Tribe" filetype:pdf "agreement" OR "contract" OR "memorandum" site:gov
"Cheyenne River Sioux Tribe" site:bia.gov filetype:pdf
"Cheyenne River Sioux Tribe" site:ihs.gov filetype:pdf
"Cheyenne River Sioux Tribe" site:epa.gov filetype:pdf
"Cheyenne River Sioux Tribe" site:federalregister.gov
#DocumentHosted OnRiskNotes
1CRST Constitutionsdtribalrelations.sd.govLowFull tribal constitution on SD state site, not CRST's own domain
2CRST/SD Gaming Compact (1993)bia.govMediumFull gaming compact with operational details on BIA OIG site
3CRST Joint Powers Agreementsdsos.govLowUCC filing system agreement with SD SOS
4CRST Hemp Planams.usda.govLowFull tribal hemp production plan including Resolution No. 113-2020-CR
5CRST DOT TERO Agreement (signed)sdtribalrelations.sd.govMediumSigned intergovernmental agreement with officer signatures
6ACHP Consultation Letterachp.govLowHistoric Preservation correspondence
7Alcoholic Beverages Control Lawfederalregister.govLowPublished tribal law, effective June 2023
8Equitable Compensation Actcongress.govLow$290.7M trust fund for Oahe Dam land takings
9BIA Seismic Data Basemapbia.govMediumGeological/seismic survey data — mineral resource intelligence
10IHS FOIA Population Dataihs.govMediumFOIA-released population/user data including CRST service area
11USDA Conservation Reserve Draft PEAfsa.usda.govMediumEnvironmental assessment with reservation land use details
12BIA Self-Governance Compact (#54)bia.govMediumSelf-governance compact document
13LIHEAP Tribal Plan (2025)liheapch.acf.govMediumCurrent tribal plan with operational and financial details
14BIA FOIA Log (2008)bia.govMediumFOIA request log — may reveal adversarial intelligence-gathering patterns

Assessment: Medium

Summary: Multiple governance documents are hosted on third-party government sites rather than CRST's own domain. The constitution lives on SD Tribal Relations, the gaming compact on BIA, and the TERO agreement on SD Tribal Relations. No documents marked "confidential" or "internal" were found. The BIA seismic basemap reveals mineral resource data, and the FOIA log could reveal adversarial intelligence-gathering patterns.

Personnel & PII Exposure

#DocumentHosted OnRiskNotes
1BIA Tribal Leaders Directory (CSV)bia.govMediumMachine-readable CSV with CRST leadership names and contact info
2ZoomInfo — CRST Employee Directoryzoominfo.comMedium-HighData broker aggregating employee names and contact details
3ZoomInfo — CRST Telephone Authorityzoominfo.comMediumData broker listing Telephone Authority employee details
4ZoomInfo — CRST Legal Departmentzoominfo.comMediumData broker listing Legal Department staff
5ContactOut — CRST Staff Directorycontactout.comMedium-HighSecond data broker compiling employee contact info
6RocketReach — CRST Tel. Auth. Org Chartrocketreach.coMediumManagement structure and employee names

Assessment: Medium-High

Summary: Three commercial data brokers (ZoomInfo, ContactOut, RocketReach) maintain employee directories for CRST and its sub-entities without the Tribe's control. This enables targeted social engineering against tribal employees. No enrollment rosters or membership lists were found — the most important "clean" finding.

Financial Documents

#DocumentHosted OnRiskNotes
1CRST Federal Award Profileusaspending.govMediumComplete federal funding history — all awards enumerated
2GovTribe Vendor Profilegovtribe.comMediumFederal contracting profile aggregation
3HigherGov Awardee Profilehighergov.comMediumThird-party award aggregation
4LIHEAP Agreement (2024)liheapch.acf.hhs.govMediumFull LIHEAP tribal contract with budget details
5Chairman LeBeau Congressional Testimonycongress.govLowTestimony citing 85% winter unemployment

Assessment: Medium

Summary: No internal audits, CAFRs, or salary schedules were found exposed. The primary financial exposure is through USASpending.gov (standard for all federal recipients) and two third-party aggregators (GovTribe, HigherGov) that reconstruct the full award portfolio.

Wayback Machine Archive

Domains queried: cheyenneriversioux.com, crstgfp.com, crstepd.org

MetricValue
Total unique pages archived1,972
Total unique PDFs archived561
Earliest snapshot1998-12-06
Most recent snapshot2026-02-17
Hosting platforms detectedWix (primary), taoCMS/PHP (GFP), FrontPage/SHTML (EPD)

Notable archived paths

#URLTypeNotes
1/constitutionPageTribal constitution page
2/codesPageTribal legal codes
3/resolutionsPageCouncil resolutions
4/arpa-fundsPageARPA federal funding tracking
5taoCMS login (GFP)AdminCMS admin login archived — reveals backend technology
6510 Wix UGD PDFs (cheyenneriversioux.com) — hashed filenames; contents unknown without download
747 PDFs (crstgfp.com) — hunting/fishing season regulations, 2010–2022

Assessment: Medium-High

Summary: 561 archived PDFs represent a substantial document recovery corpus spanning 27 years. The primary site's PDFs are stored as Wix hash files, obscuring content but not preventing access. The GFP site's archived CMS admin login reveals backend technology. The EPD site appears dormant since the early 2000s.

Certificate Transparency

Domains analyzed: cheyenneriversioux.com, crstgfp.com, crstepd.org

PropertyValue
Total certificates found30
IssuersLet's Encrypt, Sectigo, Google Trust Services
Earliest certificate2023-04-27
Most recent certificate2026-03-16
Wildcard certs?No
Renewal pattern90-day automated (Let's Encrypt)

Subdomains discovered: 4 total (only apex + www for each active domain). No mail, vpn, portal, intranet, dev, or staging subdomains visible.

Key finding: crstepd.org has zero certificates in CT logs — the domain has never served validated HTTPS.

Assessment: Low

Summary: Minimal subdomain surface area. The absence of any service-indicating subdomains means either internal services run on different domains or the tribe has very limited digital infrastructure. The hosting migration visible in certificate issuer changes confirms a platform change in mid-2024.

Funding & Contract Records

USASpending Recipient Profile: usaspending.gov/recipient/0cb2d045-d0b8-4d47-d72d-9d435a395f10-C/latest

Major Awards Identified

#RecordAmountAgencyNotes
1IHS Health Center Construction (ARRA)$84,500,000HHS/IHSNew Cheyenne River Health Center
2Mni Waste Water Treatment Plant$65,871,293USDA RDLargest single award found
3CRSTTA Telecom Infrastructure Loan$37,900,000USDA RUSFiber-to-premises buildout
4Mni Waste North Highway 63 Water$27,146,000USDA RD + IHSLoan + grant
5CRSTTA ReConnect Broadband$16,900,000USDA ReConnectFiber to CRST + Standing Rock
6Treatment Center Construction$8,700,000CRSTSubstance abuse treatment center
7CRHA Housing Block Grant$3,800,000HUDIHBG Formula Grant FY2022
8NTIA Tribal Broadband Connectivity$2,300,000CommerceSubscriber discount program

Subsidiary Entities Discovered

#EntityRelationshipNotes
1Cheyenne River Housing AuthorityHousing authority735 rental + 152 Mutual Help units
2CRST Telephone AuthorityTelecom utilityEst. 1958; $37.9M USDA loan, $16.9M ReConnect
3Mni Waste Water CompanyWater utility$65.8M+ USDA funding; serves 14,000 members
4CREDCOSection 17 economic dev. corpOperates Lakota Thrifty Mart
5KIPI Radio (93.5 FM)Radio station100kW, FCC-licensed
6Cheyenne River Casino & HotelGaming enterpriseMajor reservation employer
7CRST TransitTransit programFTA Tribal Transit recipient
8CRST Education ServicesEducation departmentBIA 638 higher education contract

Assessment: High

Summary: $250M+ in identified federal awards across USDA, IHS, HUD, DOJ, DOT, Interior, Commerce, and FEMA. The portfolio is fully reconstructable through USASpending, GovTribe, and HigherGov. Eight subsidiary entities with independent contracting identities expand the public surface area substantially.

Legal Code Exposure

#ResourceSourceScopeNotes
1Tribal Code Indexnarf.org14 titles, 74+ ordinancesTable of contents only — full text restricted (good posture)
2Tribal Constitutionnarf.orgFull constitution & bylawsAlso on SD Tribal Relations
3Tribal Law Gatewaynarf.orgCourt opinions indexAppeals opinions from 2001 forward

Key Litigation

#CaseCourtSignificance
1South Dakota v. Bourland (1993)U.S. Supreme Court7-2 against Tribe: Congress abrogated treaty right on 104,420 Oahe Dam acres
2CRST v. United States (2003–present)Court of Federal ClaimsMoreau River flooding — 25+ year case, last filing Dec 2024
3CRST v. Trump (COVID checkpoints)D.C. DistrictDefended reservation border checkpoints during COVID-19
4Standing Rock v. USACE (DAPL)D.C. DistrictCRST joined as plaintiff-intervenor; NEPA violation found
5Western Sky/CashCall payday lendingMultiple federalCRST sovereignty exploited as shield for 90-343% APR loans. $134M judgment.

Assessment: Medium-High

Summary: The Tribe has a substantial legal footprint spanning 60+ years. Tribal code structure is indexed on NARF but full text is restricted — better posture than tribes whose codes are fully published. Litigation is dominated by Oahe Dam takings, sovereignty-era cases, and the Western Sky/CashCall controversy.

Infrastructure & Technical Surface

Domains analyzed: cheyenneriversioux.com, crstgfp.com, crstepd.org

Propertycheyenneriversioux.comcrstgfp.comcrstepd.org
HostingWixMicrosoft AzureGoDaddy
Domain type.com.com.org
Email providerNone configuredISP Services / Lakota NetworkMicrosoft 365
SSL/TLSValid (Wix-managed)ValidSelf-signed (broken)
SPFNoYes (strict)Yes (strict)
DMARCNoNoNo
DKIMNoNoNo
Security headersHSTS + nosniffNoneNone

Assessment: Medium-High

Summary: Infrastructure is fragmented across three entirely separate hosting stacks with no centralized IT governance. The primary tribal website runs on Wix — a consumer-grade site builder — notable for a sovereign government entity. No .gov domain. DMARC absent on all domains. Legacy FTP subdomains exposed on two of three domains.

Disaster & Environmental

FEMA Declarations

#DeclarationDateTypeNotes
1FEMA-4842-DR2024-11Severe Storm/FloodingIA, PA, Hazard Mitigation. SBA loans + IRS relief authorized.
2EM-35362020-03COVID-19Tribal-specific emergency declaration.
3FEMA-4440-DR (SD)2019-06Winter Storm/FloodingState declaration; Dewey/Ziebach counties included.
4No declaration2022-12Winter Storm Elliott60+ mph winds, -55F wind chills, 1,000+ homes damaged. No federal disaster declaration issued.

Environmental Monitoring

#StationAgencyNotes
1Cheyenne River Near Eagle ButteUSGS24,235 sq mi drainage; cooperator: CRST
2Cheyenne River at Cherry CreekUSGSOn-reservation; 23,568 sq mi drainage
3Moreau River Near FaithUSGSFederal Priority Streamgage; records since 1944

EPA Records

#RecordNotes
1Superfund Site (SDN000802901)Landfill fire SE of Eagle Butte. Closed — No Further Action.
2NPDES Permit SD-0020192Eagle Butte wastewater. EPA directly administers NPDES on reservation.
3Upstream Superfund ContaminationElevated arsenic, zinc, mercury from Black Hills mining. Ongoing since 1997.
4CWA Section 319 Allocation$70,000 FY2025 nonpoint source funding

Assessment: Medium-High

Summary: Active FEMA disaster declaration with full federal assistance. The December 2022 blizzard (1,000+ homes damaged) received no federal aid — a significant gap. Chronic upstream contamination from Black Hills mining documented for 29 years. USGS operates cooperative streamgages on tribal lands.

Media & Public Narrative

Key Coverage

#ArticleDatePublicationKey Points
1CRST October 2025 Motions2025-10West River EagleFY2026 budget $27M; $8.7M treatment center; TTP reform
2LeBeau Outlines Vision2025-05West River EagleFour pillars: renewable energy, healthcare, education, culture
3CRST Purchases Foster Village2024-04SD SearchlightAcquired 8-acre Children's Village in La Plant
4Kristi Noem Banned from Reservation2024-04ICT News12-0 council vote
5Army Corps Recommends Continued DAPL2025-12ND Monitor464-page EIS favors continued operation. CRST opposes.
6Cannabis Corp Appoints Executive Director2025West River EagleSummer Rain Afraid Of Hawk appointed

Leadership Identified

#NameRoleNotes
1Ryman LeBeauChairmanElected Nov 2022; NCAI delegate through Nov 2026
2Harold FrazierFormer Chairman (3 terms)Lost 2022 election to LeBeau
3Sharon VogelExec. Director, Housing AuthoritySenate Banking testimony
4Summer Rain Afraid Of HawkMarijuana Executive DirectorCannabis Control Corp

Assessment: Low

Summary: Coverage reveals active governance under Chairman LeBeau — not crisis, not steady-state, but deliberate infrastructure buildout. Dominant concerns: land fractionation, federal funding vulnerability from budget cuts, DAPL opposition, and acute social service needs.

Risk Summary

Overall Scorecard

CategoryAssessment
Governance & DocumentsMedium
Personnel & PIIMedium-High
Financial DocumentsMedium
Wayback ArchiveMedium-High
Certificate TransparencyLow
Funding & ContractsHigh
Legal & RegulatoryMedium-High
InfrastructureMedium-High
Disaster & EnvironmentalMedium-High
Media & NarrativeLow
Overall Footprint Assessment: SIGNIFICANT

The Cheyenne River Sioux Tribe has an extensive digital footprint driven primarily by its deep interaction with federal agencies. The funding portfolio alone — $250M+ across 8+ subsidiary entities — creates a detailed public picture of organizational structure, operational priorities, and financial dependencies. The legal record spans 60+ years of federal litigation. Infrastructure fragmentation across three hosting platforms with no .gov domain and no DMARC on any domain represents the most actionable near-term gap.

Recommendations

Immediate Actions

  1. Request removal from data brokers. File opt-out requests with ZoomInfo, ContactOut, and RocketReach to remove CRST employee directories. These enable social engineering and phishing campaigns against tribal staff.
  2. Enable DMARC on all three domains. No domain has DMARC configured, making all three vulnerable to email spoofing. Start with p=none monitoring, then move to p=quarantine.
  3. Fix crstepd.org SSL certificate. The Environmental Protection Department domain serves a self-signed certificate. Either install a valid certificate or redirect to the primary domain.
  4. Remove legacy FTP subdomains. Both crstgfp.com and crstepd.org have FTP subdomains pointing to live IPs. FTP is unencrypted and should be decommissioned.

Ongoing Monitoring

  1. Set a Google Alert for "Cheyenne River Sioux Tribe" filetype:pdf to detect new document indexing on third-party servers.
  2. Monitor USASpending recipient profile quarterly — it aggregates all new federal awards and is the primary source for anyone reconstructing the funding portfolio.
  3. Review FOIA logs periodically on bia.gov and ihs.gov to detect patterns of adversarial information requests targeting CRST.

Strategic Considerations

  1. Consider a .gov domain. The Tribe qualifies for a .gov domain under the Tribal Governments category. A .gov domain provides domain authority, inherent trust signaling, and eligibility for CISA .gov security programs.
  2. Host authoritative governance documents on your own domain. The tribal constitution, ordinances, and key agreements should have canonical copies on cheyenneriversioux.com rather than relying on third-party government sites.
  3. Consolidate web infrastructure. Three separate hosting stacks with three DNS providers means no single point of IT governance. A unified platform would reduce surface area and simplify security management.

What This Means

Data sovereignty is not only about what data you collect. It is about knowing where your data already lives, who else can find it, and what decisions it enables them to make.

The Cheyenne River Sioux Tribe's digital footprint is not unusual for a large, mature tribal government — but it is substantial. Federal agencies, commercial data brokers, court databases, and the Wayback Machine collectively hold a detailed picture of the Tribe's funding dependencies, leadership identities, infrastructure capabilities, legal history, and environmental vulnerabilities. None of this data was obtained through unauthorized access. All of it is available to anyone with a search engine and 30 minutes.

The question is not whether this data exists — it does, and much of it must exist as a consequence of the Tribe's relationship with the federal government. The question is whether the Tribe knows the full picture, controls the canonical copies, and has a strategy for managing what the assembled data reveals.

Prepared by Oahe Data
This audit is provided as an informational assessment of publicly available data. No unauthorized access was performed or attempted.