Audit finds DOD agencies failed to check adequacy of contractor cybersecurity

By Justin Doubleday / July 26, 2019 at 2:38 PM
A new Defense Department inspector general audit has found DOD agencies routinely failed to check whether defense contractors were protecting sensitive information on their networks with the required security controls. The July 23 redacted report , "Audit of Protection of DOD Controlled Unclassified Information on Contractor-Owned Networks and Systems," shows DOD contractors did not consistently implement security requirements like multifactor authentication, while the military services and defense agencies didn’t have processes to verify whether the companies were using the cybersecurity...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.