The audit also showed that the NSA hasn't implemented the latest federal security guidance, doesn't have a complete inventory of its IT framework and isn't gathering all the documentation it needs before it gives a computer system the go-ahead. And while Snowden didn't rely on malware, the NSA isn't thoroughly scanning for viruses on USB thumb drives and other removable media.

The Inspector General's report only includes audits between October 1st, 2017 and March 31st, 2018, indicating that many of these issues are relatively fresh and hadn't been fixed as of earlier this year.

It's not certain what the NSA is doing to address the problems. However, there's certainly an incentive to take the audit seriously. The NSA has grappled with more than one person leaking its info to the public in recent years -- while stricter policies wouldn't definitively prevent further leaks, they might discourage such incidents.