GAO: OPM IT Security Still at Risk

According to a new GAO report, OPM has made progress in improving its information security but still has more work to do.

Despite making improvements, the Office of Personnel Management has more work to do to fully safeguard its information security. This is the conclusion from a new Government Accountability Office Report.

OPM suffered two massive data breaches in 2015 that left the fingerprints and personal data of over 25 million current and former federal employees vulnerable. Among the personal data were Social Security numbers and other information from background investigations such as residency and educational history and employment history.

Since that time, OPM has been working to improve its information security based on recommendations made by the United States Computer Emergency Readiness Team (US-CERT).

According to GAO, there were 19 recommendations made, and OPM has completed actions for 11 of the recommendations and taken actions for the remaining 8, with actions for 4 of these 8 requiring further improvement.

“Until OPM completes implementation of government-wide requirements, its systems are at greater risk than they need be,” wrote GAO.

A copy of the report is included below.

GAO Report: OPM Has Improved Controls, but Further Efforts Are Needed

About the Author

Ian Smith is one of the co-founders of He has over 20 years of combined experience in media and government services, having worked at two government contracting firms and an online news and web development company prior to his current role at FedSmith.