(CNN) A bipartisan group of senators called out Secretary of State Mike Pompeo for the State Department's failure to meet federal law on cybersecurity standards, including basic protocols used by major internet companies.

The lawmakers sent a letter to Pompeo on Tuesday citing a General Services Administration report that found the State Department has deployed only "enhanced access controls," such as multi-factor authentication, or multiple steps to log in, across "11% of required agency devices."

The letter also referenced findings by the State Department inspector general, who found in 2017 "that 33% of diplomatic missions failed to conduct the most basic cyber threat management practices, like regular reviews and audits."

Bipartisan concern

"We are sure you will agree on the need to protect American diplomacy from cyberattacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring the use of MFA (multi-factor authentication)," read the letter from Democratic Sens. Ron Wyden of Oregon, Ed Markey of Massachusetts and Jeanne Shaheen of New Hampshire and their Republican colleagues Sens. Cory Gardner of Colorado and Rand Paul of Kentucky.

Read More