We recommend that the Chief Operating Officer for FSA identify and begin tracking all active contractor employees assigned to FSA contracts, along with their risk level and any IT access, to ensure that all contractor employees have undergone security screenings at appropriate risk levels as required by Department policy. For those who have not, take immediate action to complete the security screenings and/or deny further access to Department facilities, systems, and information until appropriate security screenings are completed or required screening information is submitted. Alert the Department CISO of the condition.