Information Security: OPM has Improved Controls, but Further Efforts are Needed
Abstract
OPM collects and maintains personal data on millions of individuals, including data related to security clearance investigations. In 2015, OPM reported significant breaches of personal information that affected 21.5 million individuals. The Senate report accompanying the Financial Services and General Government Appropriations Act, 2016 included a provision for GAO to review information security at OPM. GAO evaluated OPM's (1) actions since the 2015 reported data breaches to prevent, mitigate, and respond to data breaches involving sensitive personnel records and information; (2) information security policies and practices for implementing selected government-wide initiatives and requirements; and (3) procedures for overseeing the security of OPM information maintained by contractors providing IT services. To do so, GAO examined policies, plans, and procedures and other documents; tested controls for selected systems; and interviewed officials. This is a public version of a sensitive report being issued concurrently. GAO omitted certain specific examples due to the sensitive nature of the information.
Document Details
- Document Type
- Technical Report
- Publication Date
- Aug 01, 2017
- Accession Number
- AD1151731
Entities
People
- Gregory C. Wilshusen
- Nabajyoti Barkakati
Organizations
- United States Government Accountability Office