An internal investigation at the NSA has found that security is still not in order, despite recommendations being made following Snowden’s stealing of secrets. For example, NSA has still not properly organized the security of the computer systems.
A report with findings from audits and other investigations has been put online by the organization. The report lists the deficiencies identified during the investigations. For example, in 2013, a recommendation was made to improve data export processes to allow for better control and reduce the risk of data leakage. This should have been implemented last year, but the report shows that this is not yet the case.
The report also states that the security of computer systems is still not in order; there wouldn’t be a good plan for system security, nor would removable media be properly scanned for viruses and other malware. Furthermore, the NSA has still not arranged for a second person to control access to data centers and equipment. The latter was one of the recommendations made after Edward Snowden took a lot of data from US intelligence and then made it public.
The processes at NSA were examined up to and including March of this year. It is not clear whether some of these problems have since been addressed. It is also unknown what plan the NSA has to improve the deficiencies. The report identifies more than 500 outstanding recommendations that have emerged from audits and investigations, which have now expired.