Gtr masthead v5

OPM has failed to address security vetting processes

By Dylan Bushell-Embling
Tuesday, 11 July, 2017

00848frh carousel

The US Office of Personnel Management (OPM) still hasn’t adequately addressed weaknesses in its LAN/WAN network security authorisation processes more than two years after a major data breach, a new audit has found.

The report from the office’s inspector general found that the department’s LAN/WAN system security plan is incomplete.

In addition, security control testing performed as part of the authorisation process likely prevented assessors from identifying security vulnerabilities that could have been detected with a more thorough testing procedure, while weaknesses detected during the process were not adequately tracked.

In 2015, the OPM suffered a major data breach when suspected Chinese government-backed hackers compromised documents containing the personal information of more than 20 million government employees. A subsequent investigation found that the breach would have been preventable if the OPM had followed requirements to implement security controls including multifactor authentication.

In the wake of the breach, the OPM initiated what it called an “authorisation sprint”, designed to bring all its IT systems in compliance with current security assessment and authorisation requirements.

But the audit found that the sprint failed to adequately address deficiencies in authorisation practices and that significant effort will still be needed to bring the authorisation program back on track.

Follow us on Twitter and Facebook

Related Articles

Canberra releases Cities Performance Framework interim report

A project designed to support a collaborative and evidence-based approach across governments has...

FREE passes to Tech in Govt, 1–2 August 2017!

We're giving away 10 FREE passes to the Technology in Government Summit, Australia's...

Vic govt learns from Estonia on DX

Victoria's special minister for state, Gavin Jennings, has visited Estonia to explore how its...

  • All content Copyright © 2017 Westwick-Farrow Pty Ltd