The SEC’s Office of Inspector General released three reports covering several security-related areas. The SEC has been accused of mishandling sensitive information in the past. The audit found that contractors could unintentionally mishandle or disclose sensitive or nonpublic SEC information. The OIG also found inadequate documentation in the evaluation of some security controls performed by the SEC’s IT department. The report says the SEC should improve how it evaluated the SEC system’s security controls in accordance to requirements set by the National Institute of Standards and Technology.”]
Source: https://www.csoonline.com/article/2133205/inspector-general-finds-email-security-risks-at-sec.html