Skip to main content
close search
site logo
Dive Brief

GAO: OPM making headway on security improvements, but more work required

Published Aug. 4, 2017
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr; USCapitol

Dive Brief:

  • Following the June and July 2015 data breach, the Office of Personnel Management (OPM) has completed 11 of the 19 security requests made by the U.S. Government Accountability Office (GAO), according to a GAO report. There are four tasks that need further improvement and four that are still in development.
  • Following the breach that compromised the information of 21.5 million people, GAO reviewed the plan of action OPM must take to mitigate present and future security risks. Part of the GAO's task was, in part, assessing the actions taken by the OPM following the breach and then reviewing the policies already in place for cybersecurity. The GAO also requested OPM inspect its strategy in monitoring contract IT employees.
  • The report from the GAO is a slow but steady progression in cybersecurity accountability efforts. The review process has included examination of the OPM’s plans of action, data and even review of personnel. 

Dive Insight:

Last year it was reported that the U.S. government's ranking in cybersecurity falls behind those in the private sector. As the report included government of all levels, it is noted that such a large data source is hard to maintain securely.

The OPM breach serves as the nation's human resources department for government officials. Housing personal data as well as data stored for security clearances, the 2015 breach was not taken lightly.

As of May, OPM completed 11 of the 19 security changes set by the GAO and United States Computer Emergency Readiness Team (US-CERT). Specifics of the completed, incomplete and in-progress tasks are not available due to the data sensitivity.

Outside of the US-CERT recommendations, the Obama administration implemented a National Background Investigations Bureau (NBIB), relieving OPM from the responsibility of background checking federal employees. As the NBIB is headed by the Department of Defense, last year OPM named its new CIO, David De Vries, from the Pentagon.

Two years following the breach, OPM acknowledged its role and has taken the steps necessary in preventing breaches of that severity. Changes in cybersecurity take time as they are diverse in nature. For OPM, those changes have included evaluating the number of privileged users, requiring multilayered authentication processes, encrypting data for certain networks, launching malware/threat-detector technologies, and even examining the implementation of security regulations made by contractors.  

The review by the GAO is an opportunity for any company in the public or private sector to examine their security. Any changes in existing structures needs to be followed with proper training to ensure true effectiveness. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Celonis Business Collaboration Networks Drive Process Improvement Across Company Boundaries
From Celonis
October 23, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Newgen Software reports Revenues from operations at Rs 361 cr in Q2 FY’25, up 23% YoY
From Newgen Software
October 16, 2024
A10 Networks Outlines Blueprint to Secure and Deliver AI Applications and Help Increase Cyber …
From A10 Networks
October 16, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell