Dive Brief:
-
The Office of the Inspector General issued a report saying the Department of Labor has demonstrated "significant deficiencies" in key information security areas over the last five years.
-
According to the report, 11 former employees accessed agency networks with old credentials.
-
The department also failed to meet targets for identity, credential and access management in the recent cybersecurity sprint.
Dive Insight:
According to the report, DOL has a long history of failing to turn off access privileges for former employees.
The report also cited a long list of problems including "physical and logical access controls not in place, improper use of shared accounts, system security assessments not performed, business impact assessments not performed, untested contingency plan, interconnections not fully documented, and agreements not in place.”
OIG also warned the DOL about fixing vulnerabilities based on known security flaws.