https://www.theregister.co.uk/2018/11/14/opm_hack_failure/
By Shaun Nichols
The Register
14 Nov 2018
More than three years after suffering one of the largest cyber-attacks in
US government history, the Office of Personnel Management has yet to adopt
dozens of the security measures investigators ordered - including basic
stuff like changing passwords.
A report issued this week by Government Accountability Office (GAO)
disclosed that the OPM has failed to comply with more than a third of
recommendations its investigators made for improving the office's network
security and data protection.
The GAO audit (PDF) looked over a series of four reports its investigators
issued between 2015 and 2017 concerning the massive theft of sensitive
records on around 21.5 million current, former, and prospective government
workers from Uncle Sam's computer systems.
Since the last report was written in August of 2017, GAO says that OPM has
only complied with 51 of those 80 items. Far from being abstract,
bureaucratic measures, the lapses noted by the audit include some very
basic security practices.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
