The Department of Defense’s Office of Inspector General released a special report that includes 24 open recommendations to address cybersecurity weaknesses in controlled unclassified information, or CUI, management by the agency’s contractors.
DOD on Monday published a document summarizing OIG’s five audits from 2018 to 2023, which found inadequate implementation of multifactor authentication among DOD contractors, as well as weak passwords.
Some companies hired by the agency to process, store and share CUI did not undergo proper vetting to check their compliance with the National Institute of Standards and Technology’s cybersecurity requirements, according to the new report. Others also lacked electronic authentication tools to prevent data breaches.
“Protecting sensitive government information in cyberspace is crucial,” Inspector General Robert Storch commented. “For that reason, strengthening the DoD’s cybersecurity capabilities has been among our Top DoD Management and Performance Challenges for more than a decade, and it will continue to be one of our top oversight priorities.”