An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.



News | June 21, 2024

DCSA Issues Response to GAO Personnel Vetting Report

Quantico, Va. – The Defense Counterintelligence and Security Agency (DCSA) has issued an official response to the Government Accountability Report: Personnel Vetting: DoD Needs to Enhance Cybersecurity of Background Investigation Systems (GAO-24-106179SU). The GAO assessed cybersecurity processes and risk management framework efforts within DCSA’s National Background Investigation Services (NBIS) program in the report issued June 20.  The report focused on documentation and processes, not technical cybersecurity vulnerabilities.   

DCSA has worked collaboratively with GAO since its announcement of this study in September 2022. GAO’s final report provided 12 recommendations. DCSA concurs with all of the report’s 12 recommendations and is already taking steps to address them. DCSA is now positioned to fully integrate information security oversight, an integration which marks a significant shift toward strengthening the agency’s commitment to upholding the highest standards of information security and governance principles.    

DCSA recognizes the importance of ensuring effective cyber- and other security measures to protect the sensitive personal information within the NBIS program. 

To address GAO’s recommendations, DCSA changed governance structures to give the chief information officer (CIO) and chief information security officer (CISO) oversight of the NBIS program’s cybersecurity posture. DCSA is also implementing a Cybersecurity Risk Posture Analysis (CRPA) which provides the guidance and necessary direction to ensure all systems comply with Risk Doctrine and that each system of record is up to date.  The CRPA is used to assess the Agency’s security posture, inform audit readiness, and to fully integrate DCSA CIO/CISO cybersecurity oversight of the NBIS program.  

DCSA appreciates GAO’s study and national interest in a program as substantial and important as NBIS, and we welcome the attention and visibility it has garnered. We are fully committed to addressing GAO’s concerns and continuing our work to deliver a Federal IT system to enable the personnel vetting mission.