IG: GSA contractors get system access before background checks

General Services Administration officials compromised confidential information when they failed to perform background checks on contractors before giving them access to the agency’s information systems, according to GSA’s inspector general.

The IG found that agency officials granted 25 contractors access to one system without performing background investigations, even though the contract for the work required them. In addition, two other contractor-run systems allowed temporary access but didn’t request checks on the workers, according to a Sept. 17 IG report recently posted online.

“Background investigations remain an oversight challenge,” the report states.

Casey Coleman, the agency’s chief information officer, said GSA signed an agreement with the Homeland Security Department to speed the process of conducting background checks on contractors.

However, the IG said GSA has no procedures in place to ensure that managers complete the background investigations.

In its audit, the IG said current safeguards do not guarantee that officials will complete investigations before granting access to agencies’ information systems. Even security measures mandated by Homeland Security Presidential Directive 12, which requires credentials for all federal employees and government contractors after they have undergone a background check, does not offer that protection.

“The lack of background investigations being completed for contractors is also a recurring weakness,” the report states.

The IG recommends that GSA officials find ways to measure whether managers are conducting the background checks that the task orders require.

GSA officials missed other flaws in the agency’s information systems, the report adds. The IG found unsecured Web applications, databases and operating systems and said the gaps have compromised confidential information.

Coleman said GSA continues to focus on securing its systems. She said the agency completed its latest round of checks on more than 2,100 servers in September and found that 97.5 percent had no high-risk vulnerabilities. Moreover, GSA earned an A on the Federal Information Security Management Act score card for 2006.

Dave Marin, staff director for the Republicans on the House Oversight and Government Reform Committee, said all agencies face similar challenges in guarding their systems against intrusions.

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.