A redacted version of an August 2016 report by the Defense Department’s inspector general says the National Security Agency failed to develop a detailed plan for the implementation of its “secure-the-net initiatives” designed to safeguard classified data from insider threats, Nextgov reported Monday.
NSA also fell short of safeguarding server racks and other sensitive systems as well as subjecting its high-level administrators to two-phase authentication in response to leaks of domestic surveillance files by former contractor Edward Snowden, according to the declassified version of the report.
The inspector general identified vulnerabilities in internal controls at NSA’s laboratories in Texas, North Carolina, Utah and Washington, D.C.
The report also found that NSA’s data security group had carried out four of the seven measures and those include the implementation of two-person access controls at machine rooms and data centers and evaluation of the number of system administrators at the agency.
The New York Times also reported that NSA failed to shrink the number of “privileged” users, contractors and officials with authority to download top-secret data.
“NSA has never stopped seeking and implementing ways to strengthen both security policies and internal controls,” Vanee Vines, a spokeswoman for the agency, said in a statement.