Despite making improvements, the Office of Personnel Management has more work to do to fully safeguard its information security. This is the conclusion from a new Government Accountability Office Report.
OPM suffered two massive data breaches in 2015 that left the fingerprints and personal data of over 25 million current and former federal employees vulnerable. Among the personal data were Social Security numbers and other information from background investigations such as residency and educational history and employment history.
Since that time, OPM has been working to improve its information security based on recommendations made by the United States Computer Emergency Readiness Team (US-CERT).
According to GAO, there were 19 recommendations made, and OPM has completed actions for 11 of the recommendations and taken actions for the remaining 8, with actions for 4 of these 8 requiring further improvement.
“Until OPM completes implementation of government-wide requirements, its systems are at greater risk than they need be,” wrote GAO.
A copy of the report is included below.
GAO Report: OPM Has Improved Controls, but Further Efforts Are Needed