Senator Seeks Answers on Poor IT Vetting at OPM

Sen. Claire McCaskill, D-Mo.

Sen. Claire McCaskill, D-Mo. Susan Walsh/AP

Two years after a major breach, a recent audit found OPM rushed through security reviews and one lawmaker wants to know why.

The top Democrat on the Senate’s Homeland Security Committee wants to know what steps the Office of Personnel Management is taking to get all of its information systems properly vetted.

Sen. Claire McCaskill, D-Mo., also wants to know by Aug. 3 when each of those steps will be completed, according to a Thursday letter to the office’s acting Director Kathleen McGettigan.

An audit released last week found numerous cases in which OPM IT systems were either past due to be authorized or had been reauthorized in a hasty and haphazard way. Many of the authorization forms were missing critical elements, the audit found.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The audit also found OPM wasn’t sufficiently testing the security of its local area networks and wide area networks, known as LAN/WAN.

Those hasty reviews raise the likelihood OPM systems contain security vulnerabilities, the audit said.

OPM suffered one of the worst data breaches in government history in 2015 when China-linked hackers compromised sensitive security clearance documents about more than 20 million current and former federal employees and their families.

McCaskill also wants answers on why OPM rushed through its third-party security reviews in the first place and what checks the office makes to ensure its reviews are sufficient.