The State Department’s office of inspector general has released a report saying the agency has initiated steps to improve its information security program but continues to face significant issues and control weaknesses that increase its vulnerability to cyber threats and attacks.
An audit conducted in fiscal year 2020 showed that the State Department lacked an organization-wide data security program as highlighted by security weaknesses identified across eight focus areas, including contingency planning, continuous monitoring and risk management.
Of the 265 workstations, the inspector general’s office found that information systems security officers audited only 16 of those workstations between August 2018 and July 2019.
“Failure to perform required ISSO responsibilities leaves Department networks vulnerable to potential unauthorized access and malicious activity,” the report reads. The document also uncovered issues with user access controls and records management.
In addition to information security, OIG also looked at six other management and performance challenges the State Department faced in FY 2020: protection of people and facilities; financial and property management; oversight of contracts, grants and foreign assistance; promoting accountability through clear lines of authority and internal coordination; workforce management and operating in contingency and critical environments.