IG: GSA contractors get system access before background checks

General Services Administration officials compromised confidential information when they failed to perform background checks on contractors before giving them access to the agency’s information systems, according to GSA’s inspector general.

The IG found that agency officials granted 25 contractors access to one system without performing background investigations, even though the contract for the work required them. In addition, two other contractor-run systems allowed temporary access but didn’t request checks on the workers, according to a Sept. 17 IG report recently posted online.

“Background investigations remain an oversight challenge,” the report states.

Casey Coleman, the agency’s chief information officer, said GSA signed an agreement with the Homeland Security Department to speed the process of conducting background checks on contractors.

However, the IG said GSA has no procedures in place to ensure that managers complete the background investigations.

In its audit, the IG said current safeguards do not guarantee that officials will complete investigations before granting access to agencies’ information systems. Even security measures mandated by Homeland Security Presidential Directive 12, which requires credentials for all federal employees and government contractors after they have undergone a background check, does not offer that protection.

“The lack of background investigations being completed for contractors is also a recurring weakness,” the report states.

The IG recommends that GSA officials find ways to measure whether managers are conducting the background checks that the task orders require.

GSA officials missed other flaws in the agency’s information systems, the report adds. The IG found unsecured Web applications, databases and operating systems and said the gaps have compromised confidential information.

Coleman said GSA continues to focus on securing its systems. She said the agency completed its latest round of checks on more than 2,100 servers in September and found that 97.5 percent had no high-risk vulnerabilities. Moreover, GSA earned an A on the Federal Information Security Management Act score card for 2006.

Dave Marin, staff director for the Republicans on the House Oversight and Government Reform Committee, said all agencies face similar challenges in guarding their systems against intrusions.

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.