The State Department's independent watchdog says the department is failing to comply with federal cyber security standards, putting sensitive data at risk.
In an audit released Friday, State's Inspector General says the department lacks an effective cyber risk management program and is not doing everything it should to secure its networks.
The IG credited Secretary of State John Kerry's department with improving a bad situation. In each year from 2011 to 2014, the State Department's poor cybersecurity was identified by the inspector general as a significant deficiency that made the department vulnerable to cyberattacks and threats.
The audit found that the Chief Information Officer didn't have the authority he needed to enforce effective information security measures.
A State Department spokesman did not immediately respond to a request for comment.