DoD Cybersecurity Weaknesses as Reported in Audit Reports Issued from August 2015 Through July 31, 2016 [open pdf - 2MB]
"We summarized DoD and Government Accountability Office audit reports issued from August 1, 2015, through July 31, 2016, that contained findings on DoD cybersecurity weaknesses. This report supports the DoD Office of Inspector General's response to the requirements of Public Law 113 283, section 3555, 'Federal Information Security Modernization Act of 2014,' December 18, 2014. During the reporting period, the DoD and the Government Accountability Office issued 21 unclassified reports that addressed a wide range of cybersecurity weaknesses within the DoD systems and networks. Reports issued during the reporting period most frequently cited cybersecurity weaknesses in the categories of risk management, identity and access management, security and privacy training, contractor systems, and configuration management. […] Correcting cybersecurity weaknesses and maintaining adequate cybersecurity is critical, as the DoD has become increasingly reliant on cyberspace to enable its military, intelligence, and business operations to perform the full spectrum of military operations. Although the DoD has taken steps to increase cybersecurity over its systems, networks, and infrastructure, significant challenges remain."
Department of Defense, Office of the Inspector General, Report No. DODIG-2017-034
Department of Defense, Office of the Inspector General: http://www.dodig.mil/