Follow up to previous posting of November 2016 – Audit of OPM Security Systems Shows Continued Material Weakness – an update via NextGov: “More than two years after suffering a massive data beach [of over 20 million current and past federal employee personal data], the Office of Personnel Management still isn’t sufficiently vetting many of its information systems, an auditor found. In some cases, OPM is past due to re-authorize IT systems, the inspector general’s audit said. In other cases, OPM did reauthorize those systems but did it in a haphazard and shoddy way during a 2016 “authorization sprint,” the IG said. “The lack of a valid authorization does not necessarily mean that a system is insecure,” the auditors said. “However, it does mean that a system is at a significantly higher risk of containing unidentified security vulnerabilities.” The audit is dated June 20 but was publicly released July 7…”
Sorry, comments are closed for this post.