The Pentagon recently went through a yearly audit performed by The Defense Department Inspector General which published its findings in a lengthy and heavily redacted report on January 9, 2019.

According to the Office of Inspector General, the Department of Defense is still lacking when it comes to the speed of addressing cybersecurity recommendations designed to reduce such risks affecting the Pentagon's network, 266 different unresolved such issues dating as far as 2008 being discovered during the audit.

"Open recommendations can be either resolved or unresolved. Resolved recommendations are those that DoD management has agreed to implement, but has not yet completed agreed-upon actions. Unresolved recommendations are those that DoD management disagrees with or provides alternative corrective actions for." says DoD OIG's report.

The Inspector General says that the audit summarizes also includes results obtained by analyzing four classified reports and 20 unclassified reports, all issued between July 1, 2017, and June 30, 2018, by the Government Accountability Office and DoD's oversight community.

The DoD OIG found that the Pentagon managed to act upon 19 of 159 recommendations issued in the reports mentioned above, addressing a range of issues concerning anything from asset management to identity management and access control and security continuous monitoring.

Despite that, the Department of Defense still has to address a multitude of cybersecurity gaps in "governance, asset management, information protection processes and procedures, identity management and access control, security continuous monitoring, detection processes, and communications," states the DoD OIG.

The largest number of weaknesses identified in this year’s summary were related to governance, which allows an organization to inform its management of cybersecurity risk through the policies, procedures, and processes to manage and monitor the organizations regulatory, legal, risk, environmental, and operational requirements.

Similar findings reported in Financial Statements Audit report

Furthermore, as of September 30, 2018, the Inspector General's audit found that the that the Pentagon has to take action to close 266 open DoD cybersecurity-related recommendations, 11 of them being classified and 255 unclassified and 11 classified, dating as far back as 2008.

The DoD OIG concludes by saying that "Without proper governance, the DoD cannot assure that it effectively identifies and manages cybersecurity risk as it continues to face a growing variety of cyber threats from adversaries such as offensive cyberspace operations used to disrupt, degrade, or destroy targeted information systems."

Similar findings were detailed in a report regarding the Audit of the DoD FY 2018 Financial Statements, where the DoD OIG states that "Across multiple DoD Components, auditors found significant control deficiencies regarding IT systems."