Information Security News mailing list archives
Defense contractors aren't securing sensitive information, watchdog finds
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 1 Aug 2019 10:44:37 +0000 (UTC)
https://fcw.com/articles/2019/07/26/dod-ig-contractor-data-security.aspx By Lauren C. Williams FCW.com July 26, 2019 Contractors routinely fail to secure the Defense Department's unclassified information from cyberthreats when it's housed on their systems and networks, according to a new report from the department's watchdog agency. The DOD inspector general released a report July 25 after reviewing how DOD information is protected on contractor's networks and systems. The IG found that contractors were not consistently adhering to DOD's cybersecurity standards, which are based on controls created by the National Institute of Standards and Technology. Specifically, contractors failed to use multifactor authentication, enforce strong password use, identify and mitigate vulnerabilities or document and track cybersecurity incidents. Administrators also improperly assigned access privileges that did not align with users' responsibilities, the report stated. According to the IG, the department "does not know the amount of DOD information managed by contractors and cannot determine whether contractors are protecting unclassified DOD information from unauthorized disclosure." [...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Defense contractors aren't securing sensitive information, watchdog finds InfoSec News (Aug 01)