SSA Not Timely in Revoking Contractor Data Access PrivilegesTweet
June 23, 2014
According to a recent audit report by the Social Security Administration’s (SSA) Inspector General (IG), SSA contractor employees had access to the agency’s information technology (IT) systems even after they stopped working on the contract. The IG found nearly a dozen instances when SSA failed to terminate contractor employees’ privileges to access sensitive data when they left the job.
The employees in question worked on an IT support services contract SSA awarded to Northrop Grumman. SSA did not immediately terminate agency data system access for 11 departing contractor and subcontract staff. For 9 of the 11, their access privileges continued for more than 100 days after their departure. One ex-employee’s access was not revoked for more than a year.
According to the IG, SSA’s security guidelines make clear the importance of controlling and limiting access to its information systems and resources to ensure “the confidentiality, integrity, and availability” of its data. The report does not specifically identify the data, only that it concerns the agency’s program, administrative, management information, and office automation systems.
The IG found the same problem in 2011 when it audited an IT contract with Lockheed Martin. On that contract, SSA failed to immediately terminate systems access for 4 departing subcontractor employees. Considering that the latest audit found nearly three times as many instances of unauthorized access, SSA’s assurance to the IG (see page 3 of the Northrop audit) that its systems access policies and procedures have improved since 2011 rings hollow.
The problem isn’t limited to SSA. Many federal agencies are falling down in their oversight of contractors’ security classifications and access privileges. Earlier this year, the Pentagon IG issued a report criticizing the defense intelligence agencies’ handling of contractor security clearances. It found that contractor employees investigated for misconduct were inappropriately granted or allowed to retain security clearances, and that those who were involved in misconduct and lost their clearance were allowed to work on other federal contracts.
Image by Flickr user Jason Eppink.
Neil Gordon is an investigator for the Project On Government Oversight. Neil investigates and maintains POGO's Federal Contractor Misconduct Database.
Topics: Contract Oversight
Authors: Neil Gordon
- January 17, 2017
- January 3, 2017
- December 16, 2016
- December 14, 2016
- December 2, 2016
- November 17, 2016
- November 16, 2016
- October 27, 2016