Followup Audit on Corrective Actions Taken by DoD Components in Response to DoD Cyber Red Team-Identified Vulnerabilities and Additional Challenges Facing DoD Cyber Red Team Missions (Full Report is Classified)

Date Issued

Friday, March 13, 2020

Submitting OIG

Department of Defense OIG

Agencies Reviewed/Investigated

Department of Defense

Report Number

DODIG-2020-067

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Hide this report from display

Yes

Open Recommendations

This report has 4 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
D-2020-0067-D000CR-0001-0001.A1	No	$0	$0
(U) Rec. A.1: The DoD OIG recommended that the Commander for U.S. Southern Command prioritize the risk of each unmitigated vulnerability identified in DoD Cyber Red Team Reports and adversarial assessments, take immediate actions to mitigate high-risk vulnerabilities, and if unable to immediately mitigate any of the vulnerabilities, include them on a command-approved plan of action and milestones.
D-2020-0067-D000CR-0002-0001.B1b	No	$0	$0
(U) Rec. B.1.b: The DoD OIG recommended that the Secretary of Defense, in conjunction with the implementation of Recommendation A.5, assign an organization with responsibility to perform a joint DoD-wide mission-impact analysis to determine the number of DoD Cyber Red Teams, minimum staffing levels of each team, and the composition of the staffing levels needed to meet current and future DoD Cyber Red Team mission requests.
D-2020-0067-D000CR-0002-0001.B1c	No	$0	$0
(U) Rec. B.1.c: The DoD OIG recommended that the Secretary of Defense, in conjunction with the implementation of Recommendation A.5, assign an organization with responsibility to assess and identify a baseline of core and specialized training standards, based on the three DoD Cyber Red Team roles that DoD Cyber Red Team staff must meet for the team to be certified and accredited.
D-2020-0067-D000CR-0002-0001.B1d	No	$0	$0
(U) Rec. B.1.d: The DoD OIG recommended that the Secretary of Defense, in conjunction with the implementation of Recommendation A.5, assign an organization with responsibility to identify and develop baseline tools needed by DoD Cyber Red Teams to perform missions.