The Defense Department (DoD) Inspector General (IG) released a list of the top management and performance challenges facing the DoD in fiscal year (FY) 2022, including strengthening DoD cyberspace operations.
To strengthen DoD cyberspace operations and secure the department’s systems, networks, and data the IG conducted four separate audit reports.
In an audit of the protection of military research information and technologies developed by DoD academic and research contractors, the IG determined that 10 academic and research contractors assessed did not consistently implement required cybersecurity controls to protect controlled unclassified information stored on their networks from insider and external cyber threats.
The audit concluded that the cybersecurity issues identified could increase the risk of malicious actors targeting vulnerable contractor networks and systems, and stealing information related to the development and advancement of DoD technologies.
Among the recommendations the IG made was directing DoD contracting officers to assess whether contractors are complying with Federal cybersecurity requirements for protecting controlled unclassified information and that contracting officers verify that academic and research contractors implement various security controls as required.
Moreover, an audit of the DoD’s use of cybersecurity reciprocity within the risk management framework process determined that the U.S. Transportation Command and the Defense Health Agency leveraged reciprocity while authorizing their systems through the Risk Management Framework process; however, the Defense Logistics Agency and the Defense Human Resources Activity did not.
“The DoD’s requirement to leverage reciprocity enables the DoD to rapidly deliver secure systems to DoD Components while reducing process inefficiencies and system authorization costs. Unless DoD Components fully leverage Risk Management Framework reciprocity, the DoD may not fully realize the associated benefits—including cost savings,” the report noted.
In a separate audit, the IG determined that the DoD did not comply with all requirements laid out in the Digital Accountability and Transparency Act (DATA Act) of 2014. The IG found that some data elements were not accurate, complete, or timely. And the moderate quality of the data submission does not allow taxpayers and policymakers to track Federal spending effectively and undermines the DATA Act’s objective of providing quality and transparent Federal spending data on USAspending.gov.
The DoD IG made two recommendations, including that the Principal Director of Defense Pricing and Contracting identify controls to improve the accuracy and completeness of the data elements.
Additionally, the IG also determined that the U.S. Army Corps of Engineers (USACE) did not comply with the DATA Act. Although USACE used the Government-wide data standards and the Senior Accountable Official certified the USACE DATA Act submission on time, the submission was not accurate or complete, making it unreliable.
The DoD OIG made two recommendations, including that the USACE Chief of Engineers and Commanding General revise and implement the USACE data quality plan to be consistent with Federal guidance.
The DoD IG plans to use this document to determine areas of risk in DoD operations and where to allocate DoD OIG oversight resources.