The Defense Department has been inconsistent in meeting the cyber standards it holds contractors to when it comes to securing sensitive but unclassified information. But they’re working on it.
A recent Government Accountability Office released on May 19 highlights how DOD inconsistently implemented certain requirements for its controlled unclassified information systems from specific controls to authorizing systems to operate.
“Our analysis of DOD-reported data determined that DOD components have taken actions to implement selected cybersecurity requirements for CUI systems, but none were fully compliant,” as of January, the report states.