SoylentNews

takyon [soylentnews.org] writes:

NSA has yet to fix security holes that helped Snowden leaks [engadget.com]

Edward Snowden's success in leaking NSA data was chalked up in part to the agency's own security lapses, so you'd think that the agency would have tightened up its procedures in the past five years... right? Apparently not. The NSA Inspector General's office has published [oversight.gov] an audit indicating that many of the Snowden-era digital security policies still haven't been addressed, at least as of the end of March 2018. It hasn't correctly implemented two-person access controls for data centers and similar rooms, doesn't properly check job duties and has computer security plans that are either unfinished or inaccurate.

The audit also showed that the NSA hasn't implemented the latest federal security guidance, doesn't have a complete inventory of its IT framework and isn't gathering all the documentation it needs before it gives a computer system the go-ahead. And while Snowden didn't rely on malware [engadget.com], the NSA isn't thoroughly scanning for viruses on USB thumb drives and other removable media.

Original Submission