Next Office of Personnel Management (OPM) Leak, When, Not If

2 Years After Massive Breach, OPM Isn’t Sufficiently Vetting IT Systems by Joseph Marks.

From the post:

More than two years after suffering a massive data beach, the Office of Personnel Management still isn’t sufficiently vetting many of its information systems, an auditor found.

In some cases, OPM is past due to re-authorize IT systems, the inspector general’s audit said. In other cases, OPM did reauthorize those systems but did it in a haphazard and shoddy way during a 2016 “authorization sprint,” the IG said.

“The lack of a valid authorization does not necessarily mean that a system is insecure,” the auditors said. “However, it does mean that a system is at a significantly higher risk of containing unidentified security vulnerabilities.”

The full audit provides more details but suffice it to say OPM security is as farcical as ever.

Do you think use of https://www.opm.gov/ in hacking examples and scripts, would call greater attention to flaws at the OPM?

Leave a Reply

You must be logged in to post a comment.