DoD Inspector General Audits Contractor Networks, Systems

Jeff Brody

The Department of Defense's Office of the Inspector General released the results of an audit that sought to confirm contractors' capacity to secure controlled unclassified information on their respective systems and networks.

The audit confirmed a number of gaps in contractors' security capabilities, including password usage, mitigation of system vulnerabilities and multifactor authentication, DoD OIG said Tuesday.

DoD OIG found that the agency's contracting offices have not developed approaches that will help validate contractual requirements, send contractor notifications, mark CUI documents and confirm implementation of CUI security controls. In addition, the report confirmed that the Defense Threat Reduction Agency did not take prompt action to mitigate the leak of information from a DoD contracting office.

DoD OIG recommended the DTRA's director for contract policy and oversight to modify protocols in tracking DoD data-related security incidents. The inspection office also advises revision of security policies for DoD contracting offices as well as performance assessments on contractors.

You may also be interested in...

GAO: DHS Chief Acquisition Officer Must Improve Vetting of Components’ Procurement Executives

The Government Accountability Office (GAO) has released a report stating that the Department of Homeland Security’s (DHS) chief acquisition officer needs to improve the assessment of DHS units’ component acquisition executives (CAE). GAO said Tuesday that the DHS chief acquisition officer selects CAEs that handle DHS components' acquisition-related policies, workforce, data colection and reporting functions.