“In a report released today, the Government Accountability Office (GAO) said the Office of Personnel Management (OPM) has yet to implement a full one-third of GAO’s information security recommendations issued to OPM in recent years.”
“From Feb. 2015 through Aug. 2017, GAO issued four reports regarding OPM’s information security practices which included 80 recommendations to improve the agency’s security posture. In order to comply with an Explanatory Statement that is part of 2018 Consolidated Appropriations Act, GAO has to brief the House and Senate Appropriations Subcommittees on Financial Services and General Government on how OPM responded to GAO’s information security…”
“In his letter to the legislators, Wilshusen said that officials inside OPM’s Office of the Chief Information Officer said the agency plans to implement 25 of the remaining 29 recommendations by the end of 2018 and will implement another three recommendations by the end of FY 2019. However, the agency does not plan to implement the GAO’s recommendation regarding…” Read the full article here.
Source: OPM Has Yet to Implement Many GAO Information Security Recommendations – November 13, 2018. MeriTalk.