2 Years After Massive Breach, OPM Isn’t Sufficiently Vetting IT Systems by Joseph Marks.
From the post:
More than two years after suffering a massive data beach, the Office of Personnel Management still isn’t sufficiently vetting many of its information systems, an auditor found.
In some cases, OPM is past due to re-authorize IT systems, the inspector general’s audit said. In other cases, OPM did reauthorize those systems but did it in a haphazard and shoddy way during a 2016 “authorization sprint,” the IG said.
“The lack of a valid authorization does not necessarily mean that a system is insecure,” the auditors said. “However, it does mean that a system is at a significantly higher risk of containing unidentified security vulnerabilities.”
…
The full audit provides more details but suffice it to say OPM security is as farcical as ever.
Do you think use of https://www.opm.gov/ in hacking examples and scripts, would call greater attention to flaws at the OPM?