In the span of one year, the Pentagon addressed fewer than half of the recommendations to shore up cyber vulnerabilities identified by its inspector general's office.
All told, the Defense Department addressed 93 of 229 cyber recommendations made by the IG's office between Aug. 1 2014 and July 31, 2015, according to a summary of a new audit released by the IG's office.
DOD left the majority of recommendations -- 136 -- unresolved. All of the recommendations "required management action," the summary said.
The IG's office did not publicly release the report itself.
During the IG's reporting period, the Government Accountability Office and DOD's own auditing groups released 20 reports and testimony covering cybersecurity weaknesses including in risk management, identity and access management, and contingency planning, according to the summary.
In a call with reporters last month, DOD Chief Information Officer Terry Halvorsen said the department wants to eventually automate cyber defense -- though for now, officials are starting with simpler tasks including automatically patching updates.
"At a certain point, I want to be able to have some cyber defense completely automated where a certain set of conditions occur, and the system takes its own response," he said.