The Office of the Inspector General of the Intelligence Community recently completed its audit of the Management of Privileged Users of Office of the Director of National Intelligence (ODNI) Information Systems (AUD-2019-001).
Privileged users are authorized and trusted to perform security-related functions over information systems that ordinary users are not authorized to perform. Privileged users have important roles in protecting ODNI information security due to their broad administrative and technical privileges. The misuse of privileged user functions increases the risk for compromise of the confidentiality, integrity, and availability of ODNI information systems.
ICIG auditors determined that ODNI needs to improve controls to efficiently and effectively manage and mitigate the risk that a trusted privileged user could inappropriately access, modify, destroy, or exfiltrate classified data. The report includes nine recommendations, six of which are significant. We also made an observation on ODNI’s compliance monitoring of ODNI policies.