The Office of Personnel Management released a "Cybersecurity Action Report" June 24 detailing the actions taken to shore up network security since the agency's systems were hacked, though legislators aren't satisfied with the efforts to-date.
The document lists 23 actions that were already in process before the breach was discovered — either completed or still ongoing — and an additional 15 initiatives started since.
OPM Report: Actions to Strengthen Cybersecurity and Protect Critical IT Systems
The report notes it was through the ongoing security improvements that the breach was initially detected.
Special Multimedia Report: The OPM Data Breach: What You Need to Know
Despite those improvements, the significant scope of the hack led IT managers at OPM to step up efforts going forward.
"The interagency incident response team has reviewed OPM's systems and concluded that there is no evidence that the intruder remains active on those systems," the report states. "Yet simply because there is no evidence that this particular threat remains active does not mean that we can decrease our vigilance."
More: OPM breach a failure on encryption, detection
Moving forward, OPM plans on instituting some significant security upgrades — such as continuous monitoring and requiring multifactor authentication across the enterprise — as well hiring a cybersecurity advisor and increasing engagement with the agency inspector general.
"The recent breaches of OPM data make clear that cybersecurity must remain a priority for all agencies but especially OPM," as employees expect the agency to protect their personal information, the report says.
OPM Director Katherine Archuleta discussed the plan during a hearing in front of the Senate Homeland Security and Governmental Affairs Committee on June 25.
More: OPM fires back at hack criticism, vows further reform
Committee members weren't satisfied though, stating that OPM should have done more sooner to safeguard federal employee data.
"Cybersecurity on federal agency networks has proven to be grossly inadequate," said Committee Chairman Sen. Ron Johnson, R-Wisc. "OPM has been hacked five times in the past three years and it still has not responded to effectively secure its network."
"I don't expect perfection," he said later in the hearing. "But I'm looking for people to prioritize. I'm looking at people's actions that they took … It really gives me pretty great pause in terms of having confidence that the current management team in OPM really is up to the task."
More: Lawmakers demand OPM chief's resignation
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.