Some US federal agencies need better safeguards to protect highly sensitive data from contract workers, says the Government Accountability Office (GAO).
The Departments of Defense, Homeland Security and Health and Human Services lack safeguards to keep contract workers away from sensitive information, according to the GAO's latest report.
The departments also do not specify contractor responsibilities for prompt notification if unauthorised disclosure of information or misuse occurs, the report said.
This is despite the fact that insider access to sensitive data on federal computer networks is a chief security concern of federal agencies, according to US reports.
The GAO report recommends that the US Office of Federal Procurement Policy administrator work with the Federal Acquisition Regulation Council to oversee changes in the guidelines on acquiring goods and services to address the lack of data protection safeguards.
In March, the GAO found that the IT at the US Inland Revenue Service (IRS) had multiple security weaknesses that put taxpayer information at risk, particularly to insider threats.
The GAO recommended that the IRS develop policies and procedures for network security, train contract workers on security awareness, and implement a disaster recovery plan.