Congressional investigators found that several federal agencies are not consistently overseeing security and privacy measures for information systems operated by contractors.
In reviewing six selected agencies, the Government Accountability Office said the agencies generally established security and privacy requirements and had plans to assess the effectiveness of contractor-operated systems. But five of the agencies were inconsistent in such reviews.
For example, the GAO report released Sept. 9, 2014 said Transportation Department officials responsible for system testing didn’t evaluate whether seven contractor employees had the required background investigation.
“When they did so in response to our audit, they found that three of them did not,” GAO investigators said. “Officials stated that they subsequently removed system access rights for the three contractor employees until their background investigations had been completed.”
Besides DOT, GAO also reviewed the Energy, Homeland Security, and State departments as well as the Environmental Protection Agency and Office of Personnel Management.