News

Data protection weak in some US federal agencies, GAO finds

Warwick Ashford

Some US federal agencies need better safeguards to protect highly sensitive data from contract workers, says the Government Accountability Office (GAO).

The Departments of Defense, Homeland Security and Health and Human Services lack safeguards to keep contract workers away from sensitive information, according to the GAO's latest report.

The departments also do not specify contractor responsibilities for prompt notification if unauthorised disclosure of information or misuse occurs, the report said.

This is despite the fact that insider access to sensitive data on federal computer networks is a chief security concern of federal agencies, according to US reports.

The GAO report recommends that the US Office of Federal Procurement Policy administrator work with the Federal Acquisition Regulation Council to oversee changes in the guidelines on acquiring goods and services to address the lack of data protection safeguards.

In March, the GAO found that the IT at the US Inland Revenue Service (IRS) had multiple security weaknesses that put taxpayer information at risk, particularly to insider threats.

The GAO recommended that the IRS develop policies and procedures for network security, train contract workers on security awareness, and implement a disaster recovery plan.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy