Security Controls at DoD Facilities for Protecting Ballistic Missile Defense System Technical Information

View Report

Date Issued

Monday, December 10, 2018

Submitting OIG

Department of Defense OIG

Other Participating OIGs

Department of Defense OIG

Agencies Reviewed/Investigated

Department of Defense

Components

United States Navy (USN)

United States Army (USA)

Missile Defense Agency (MDA)

Report Number

DODIG-2019-034

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 7 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
D-2019-0034-D000CR-0001-0001.a.2	No	$0	$0
(U) Rec. 1.a: The DoD OIG recommended that the [Redacted] develop and implement a plan to correct the systemic weaknesses at the facilities, data centers, and laboratories that manage ballistic missile defense system technical information related to using multifactor authentication.
D-2019-0034-D000CR-0001-0001.b.2	No	$0	$0
(U) Rec. 1.b: The DoD OIG recommended that the [Redacted] develop and implement a plan to correct the systemic weaknesses at the facilities, data centers, and laboratories that manage ballistic missile defense system technical information related to mitigating vulnerabilities in a timely manner.
D-2019-0034-D000CR-0001-0001.c.2	No	$0	$0
(U) Rec. 1.c: The DoD OIG recommended that the [Redacted] develop and implement a plan to correct the systemic weaknesses at the facilities, data centers, and laboratories that manage ballistic missile defense system technical information related to securing server racks.
D-2019-0034-D000CR-0001-0001.e.2	No	$0	$0
(U) Rec. 1.e: The DoD OIG recommended that the [Redacted] develop and implement a plan to correct the systemic weaknesses at the facilities, data centers, and laboratories that manage ballistic missile defense system technical information related to implementing intrusion detection controls.
D-2019-0034-D000CR-0001-0002.a	No	$0	$0
(U) Rec. 2.a: The DoD OIG recommended that the [Redacted] enforce the use of multifactor authentication to access systems that process, store, and transmit ballistic missile defense system technical information, or obtain a waiver that exempts the networks from using multifactor authentication.
D-2019-0034-D000CR-0001-0002.i	No	$0	$0
(U) Rec. 2.i: The DoD OIG recommended that the [Redacted] require written justification as a condition for obtaining access to all networks and systems that process, store, and transmit ballistic missile defense system technical information.
D-2019-0034-D000CR-0001-0002.j	No	$0	$0
(U) Rec. 2.j: The DoD OIG recommended that the [Redacted] maintain access request forms for all users with access to networks and systems that contain ballistic missile defense system technical information and verify, at least annually, the continued need for access.