Evaluation of DoD Policy and Oversight Reports Related to Using Non–DoD-Controlled Electronic Messaging Systems to Conduct Official Business

View Report

Date Issued

Tuesday, December 2, 2025

Submitting OIG

Department of Defense OIG

Agencies Reviewed/Investigated

Department of Defense

Report Number

DODIG-2026-022

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 6 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
D-2026-2022-DEV0PC-0001-0001.a	No	$0	$0
(U) Rec. 1.a: The DoD OIG recommended that the DoD Chief Information Officer source and maintain DoD-controlled capabilities that meet the DoDs operational needs to share information across the DoD and U.S. Government and with foreign partners. The capabilities should include the ability to communicate on DoD-approved and non-DoD personnel mobile devices, collaborate in group environments, and share unclassified, controlled, and classified information; have a user-friendly interface; and comply with DoD and government-wide requirements to protect information and preserve official records.
D-2026-2022-DEV0PC-0001-0001.b	No	$0	$0
(U) Rec. 1.b: The DoD OIG recommended that the DoD Chief Information Officer establish and implement, in coordination with the Under Secretary of Defense for Intelligence and Security and Director of Administration and Management, a training requirement in DoD policy for DoD political appointees, general officers, flag officers, and members of the Senior Executive Service to take a tailored training with a knowledge assessment that addresses the unique needs of senior leaders and includes the content areas spelled out in DODIG-2023-041 Recommendation 2.d and its sub-elements
D-2026-2022-DEV0PC-0001-0001.c	No	$0	$0
(U) Rec. 1.c: The DoD OIG recommended that the DoD Chief Information Officer clearly define the criteria, process, and personnel authorized to grant a waiver to the DoDs prohibition against using non"DoD-controlled electronic messaging services to conduct official business in DoD Instruction 8170.01, Online Information Management and Electronic Messaging, and related policies.
D-2026-2022-DEV0PC-0001-0001.d	No	$0	$0
(U) Rec. 1.d: The DoD OIG recommended that the DoD Chief Information Officer update the annual DoD-wide cyber training to include information about the impacts of unauthorized disclosures on non-government applications and risks of using non"DoD-controlled electronic messaging services.
D-2026-2022-DEV0PC-0001-0002.a	No	$0	$0
(U) Rec. 2.a: The DoD OIG recommended that the Under Secretary of Defense for Intelligence and Security conduct an Office of the Secretary of Defense- and DoD-wide assessment to identify the extent of DoD personnel using non"DoD-controlled electronic messaging services to conduct official business and associated risks.
D-2026-2022-DEV0PC-0001-0002.b	No	$0	$0
(U) Rec. 2.b: The DoD OIG recommended that the Under Secretary of Defense for Intelligence and Security provide the findings and any recommendations of the assessment in Recommendation 2.a to the DoD Chief Information Officer to help inform the requirements for the capability described in Recommendation 1.a.