The Government Accountability Office (GAO) said in a new report today that the Federal government’s primary personnel investigative agency needs to put in place improved cybersecurity oversight processes to mitigate security risks posed by its outdated and developing IT systems.
The new GAO report focuses on the Defense Department’s (DoD) Defense Counterintelligence and Security Agency (DCSA), which is responsible for conducting background investigations for most Federal agencies.
DCSA, the report says, is using a mix of legacy IT systems formerly owned by the Office of Personnel Management (OPM) along with newer but still-in-development DoD National Background Investigation Services systems.
“However, the agency hasn’t fully followed DOD’s planning steps for cybersecurity risk management, or fully implemented privacy controls for any of the IT systems involved,” GAO said.
The watchdog agency is recommending, among other steps, that “DOD establish oversight processes to help ensure” that DCSA systems are protected.
“In considering the cybersecurity risks of these systems, DCSA did not fully address all planning steps of DoD’s risk management framework,”…
