The Pentagon agency that vets federal employees hasn’t worked hard enough to protect its IT systems and the sensitive personnel data they store, according to a watchdog report.
“While [the Defense Counterintelligence and Security Agency] has taken steps to prepare for managing security risks to [the National Bureau of Investigations Services system] and legacy systems, the agency has not fully addressed key tasks in DOD’s Risk Management Framework, largely due to a lack of an oversight process,” the report said. “These key tasks include identifying all stages of the information life cycle, defining and prioritizing security and privacy requirements, performing risk assessments at both the organizational and system levels, and allocating security and privacy requirements to the appropriate systems.”
After the Office of Personnel Management was hacked in 2015, responsibility for background investigations was shifted to DSCA. The move to the Pentagon was largely seen as a way to improve cybersecurity of federal workers’ personal data and to replace old IT systems. But the effort to build the new National Bureau of Investigations Services system remains unfinished,…
