DoD Inspector General Audits Contractor Networks, Systems

Jeff Brody

The Department of Defense's Office of the Inspector General released the results of an audit that sought to confirm contractors' capacity to secure controlled unclassified information on their respective systems and networks.

The audit confirmed a number of gaps in contractors' security capabilities, including password usage, mitigation of system vulnerabilities and multifactor authentication, DoD OIG said Tuesday.

DoD OIG found that the agency's contracting offices have not developed approaches that will help validate contractual requirements, send contractor notifications, mark CUI documents and confirm implementation of CUI security controls. In addition, the report confirmed that the Defense Threat Reduction Agency did not take prompt action to mitigate the leak of information from a DoD contracting office.

DoD OIG recommended the DTRA's director for contract policy and oversight to modify protocols in tracking DoD data-related security incidents. The inspection office also advises revision of security policies for DoD contracting offices as well as performance assessments on contractors.

Check Also

NSA

NSA Reports on New Cyber Vulnerability in Computers

The National Security Agency (NSA) has issued a report on a new cyber vulnerability that threatens certain systems present within the Department of Defense and other organizations. The BootHole vulnerability allows cyber actors to get through the Secure Boot security standard that makes devices boot only with software trusted by original manufacturers.