Skip to main content
close search
site logo
Dive Brief

GAO: OPM making headway on security improvements, but more work required

Published Aug. 4, 2017
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr; USCapitol

Dive Brief:

  • Following the June and July 2015 data breach, the Office of Personnel Management (OPM) has completed 11 of the 19 security requests made by the U.S. Government Accountability Office (GAO), according to a GAO report. There are four tasks that need further improvement and four that are still in development.
  • Following the breach that compromised the information of 21.5 million people, GAO reviewed the plan of action OPM must take to mitigate present and future security risks. Part of the GAO's task was, in part, assessing the actions taken by the OPM following the breach and then reviewing the policies already in place for cybersecurity. The GAO also requested OPM inspect its strategy in monitoring contract IT employees.
  • The report from the GAO is a slow but steady progression in cybersecurity accountability efforts. The review process has included examination of the OPM’s plans of action, data and even review of personnel. 

Dive Insight:

Last year it was reported that the U.S. government's ranking in cybersecurity falls behind those in the private sector. As the report included government of all levels, it is noted that such a large data source is hard to maintain securely.

The OPM breach serves as the nation's human resources department for government officials. Housing personal data as well as data stored for security clearances, the 2015 breach was not taken lightly.

As of May, OPM completed 11 of the 19 security changes set by the GAO and United States Computer Emergency Readiness Team (US-CERT). Specifics of the completed, incomplete and in-progress tasks are not available due to the data sensitivity.

Outside of the US-CERT recommendations, the Obama administration implemented a National Background Investigations Bureau (NBIB), relieving OPM from the responsibility of background checking federal employees. As the NBIB is headed by the Department of Defense, last year OPM named its new CIO, David De Vries, from the Pentagon.

Two years following the breach, OPM acknowledged its role and has taken the steps necessary in preventing breaches of that severity. Changes in cybersecurity take time as they are diverse in nature. For OPM, those changes have included evaluating the number of privileged users, requiring multilayered authentication processes, encrypting data for certain networks, launching malware/threat-detector technologies, and even examining the implementation of security regulations made by contractors.  

The review by the GAO is an opportunity for any company in the public or private sector to examine their security. Any changes in existing structures needs to be followed with proper training to ensure true effectiveness. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell