Quick Hits

*** The Inspector General at the Department of Homeland Security concluded in a recent report that Customs and Border Protection didn't adequately safeguard agency data, and helped set the stage for the 2019 hack of contractor Perceptics involving facial recognition data. CBP agreed with the recommendations offered in the IG report but disputed the allegation that the agency didn't adequately safeguard data. In reply comments, CPB noted multiple violations of security and data management practices on the part of a key subcontractor.

*** At his Senate confirmation hearing, acting Homeland Security Secretary Chad Wolf said that he continues to take issue with a legal opinion from the Government Accountability Office that found his elevation to his current job did not comport with the rules governing succession at DHS.

"We're certainly aware of the GAO's opinion regarding the order of succession of the department. I will say that we very strongly disagree with that opinion. I will continue to say I respect the role of the GAO plays, but that, again, does not dismiss the fact that we believe they have a faulty decision and the legal logic that they used is very inaccurate," Wolf told the Senate Homeland Security and Government Affairs Committee on Sept. 23.

According to a document published in the Federal Register on Sept. 23, there are multiple justifications for Wolf's appointment to his current position, including one that DHS argues satisfies GAO's objections.

*** The National Institute of Standards and Technology published an update of its principal security and privacy guidance, Special Publication 800-53. The update, the first in seven years, is designed as a comprehensive catalog of security and privacy controls that organizations can use for risk management.