DOD Urged to Strengthen Cybersecurity Measures in Background Investigations

The Government Accountability Office (GAO) released a report urging the Department of Defense (DOD) to bolster the cybersecurity measures of its background investigation systems. The report highlighted that the Defense Counterintelligence and Security Agency (DCSA) relies on both legacy Office of Personnel Management (OPM) IT systems and the partially developed National Background Investigation Services (NBIS). During an audit of six critical systems, the GAO found that the DCSA did not fully comply with DOD’s risk management framework, leaving significant security and privacy tasks incomplete.
The GAO made 13 recommendations, including the need for the DCSA Chief Information Officer (CIO) to document all stages of the information lifecycle, fully define security requirements, complete risk assessments, and update security controls to align with the latest NIST guidelines. The DOD agreed with all but one recommendation, arguing that existing policies already enforce the necessary guidelines. The GAO concluded that without proper oversight, the risk of sensitive information being disclosed, altered, or lost remains high.
For more detailed information, the full report can be accessed here.