The Defense Reduction Threat Agency lacked internal information assurance controls, according to a May 14 Defense Department inspector general report.

DTRA is a low-profile but high-impact Defense agency meant to safeguard the United States against weapons of mass destruction. However, as of August 2009, it lacked a means to notify its systems administrators when personnel left the agency in order for those accounts to be disabled. Of the 87 disabled accounts reviewed by auditors, 75 percent remained active for a month after the employee left.

The agency also lacked a tracking tool to identify all personnel involved in information assurance duties and identify whether they possess the correct certifications. DTRA reported in August that it had 205 information assurance personnel, when it in fact had 230, the audit states.

Of those 230 employees, 35.2 percent had appropriate certification, far less than the 70 percent by the end of 2009 that Pentagon regulations require, the audit adds.

For more:
- read DoD OIG report D-2010-058 (.pdf)

Related Articles:
Rules of engagement complicate DoD cyber operations
DoD hacked CIA and Saudi honey pot