In the current era, the rapid development of websites has made them one of the most significant modern information media. Website creation is not only focused on the design and information presented, but also focuses on security aspects. The presence of security on a website is very important, considering the need to protect the data and information contained therein. Information Gathering is one method used to test a website's security. This information gathering is the earliest stage to obtain ownership and other sensitive information. This research aims to conduct security testing of the oase.poltektegal.ac.id website using tools in the form of penetration testing software; then, the testing results are entered into the cybersecurity framework issued by N.I.S.T. The test results obtained and adjusted to N.I.S.T. Cybersecurity are that the oase.poltektegal.ac.id website has vulnerabilities in the form of CVE-2003-1418 (apache webserver vulnerability), CVE-2005-3299 (PHP vulnerability), CVE-2010-4344 ( Buffer Overflow Vulnerability), CVE-2007-6750 (XSS). The solution to this vulnerability is updating the software and closing unused ports. These results will be used as a benchmark in creating or improving similar websites to increase awareness and vigilance in achieving cyber resilience

Information Gathering, N.I.S.T. Cybersecurity Framework, Website

M. Zeeshan, S. Un Nisa, T. Majeed, N. Nasir and S. Anayat, "Vulnerability Assessment and Penetration Testing: A proactive approach towards Network and Information Security," International Journal of Digital Information and Wireless Communications, pp. 124-142, 2017.

H. H. R, E. N. L and H. R, "Analisis Uji Penetrasi Menggunakan ISSAF," Hacking Digit, Forensics Expo, pp. 32-40, 2017.

R. B, Information Systems Security Assessment Framework (ISSAF) Draft 0.2.1B, Open Information Systems Security Group, 2006.

R. Sahtyawan, "PENERAPAN ZERO ENTRY HACKING DIDALAM SECURITY MISCONFIGURATION PADA VAPT (VULNERABILITY ASSESSMENT AND PENETRATION TESTING)," JURNAL OF INFORMATION SYSTEM MANAGEMENT, vol. 1, pp. 18-22, 2019.

"https://www.nist.gov/cyberframework," 2023. [Online].

M. Antunes, M. Maximiano, R. Gomes and D. Pinto, "Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal," Journal Of Cybersecurity Privacy, pp. 219-238, 2021.

M. Denis, C. Zena and T. Hayajneh, "Penetration testing: Concepts, attack methods, and defense strategies. 2016 IEEE Long Island Systems," Applications and Technology Conference, LISAT 2016., 2016.

M. Riasetiawan, A. Wisnuaji, D. Hariyadi and T. Febrianto, "PENGEMBANGAN APLIKASI INFORMATION GATHERING MENGGUNAKAN METODE HYBRID SCAN BERBASIS GRAPHICAL USER INTERFACE," CyberSecurity dan Forensik Digital, vol. 4, pp. 44-48, 2021.

I. G. A. S. SANJAYA, G. M. A. SASMITA and D. M. S. ARSA, "Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework ISSAF," Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi), vol. 8, pp. 113-124, 2020.

S. H. d. D. Saptadiaji, "Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP)," Jurnal Algoritma, vol. 18, no. 1, pp. 77-86, 2021.

R. A. Ramadhan, R. M. Aresta and D. Hariyadi, "Sudomy: Information Gathering Tools for Subdomain Enumeration and Analysis," IOP Conference Series: Materials Science and Engineering, 2020.

D. Hariyadi, F. and H. Wijayanto, "BANGKOLO: APLIKASI VULNERABILITY IDENTIFICATION BERBASIS HYBRID APPS," CyberSecurity dan Forensik Digital, pp. 39-44, 2020.

C. B. Setiawan, D. Hariyadi, A. Sholeh and A. Wisnuaji, "Pengembangan Aplikasi Information Gathering Berbasis HybridApps," INTEK, vol. 5, pp. 22-28, 2022.

D. Hariyadi and F. E. Nastiti, "Analisis Keamanan Sistem Informasi Menggunakan Sudomy dan OWASP ZAP di Universitas Duta Bangsa Surakarta," Jurnal Komtika (Komputasi dan Informatika), vol. 5, pp. 35-42, 2021.

A. Nofiyan and M. Mushlihudin, "Analisis Forensik pada Web Phishing Menggunakan Metode National Institute Of Standards And Technology (NIST)," Jurnal Sarjana Teknik Informatika, vol. 8, pp. 11-23, 2020.

f. panjaitan and A. Aprilo, "ANALISIS MANAJEMEN RISIKO KEAMANAN JARINGAN MENGGUNAKAN FRAMEWORK NIST," Jurnal Ilmiah Matik , vol. 24, pp. 71-81, 2022.

r. Umar and S. Sahiruddin, "METODE NIST UNTUK ANALISIS FORENSIK BUKTI DIGITAL PADA PERANGKAT ANDROID," SEMINAR NASIONAL MULTI DISIPLIN ILMU DAN CALL FOR PAPERS /, 2019.