After years of being told it has a problem, the Department of Defense (DoD) still hasn’t fixed its many issues related to security.

The Pentagon does not lack for security policies, according to the agency’s inspector general. The trouble lies with the number of such policies—43 in fact—and the lack of coordination among them.

“DoD security policy is fragmented, redundant, and inconsistent,” wrote the IG in a new report.

“The sheer volume of security policies that are not coordinated or integrated makes it difficult for those at the field level to ensure consistent and comprehensive policy implementation,” the inspector general’s office added.

What the Pentagon needs is to come up with a comprehensive and integrated security policy, the IG recommended, instead of having dozens of individual ones covering information security, industrial security, operations security, research and technology protection, personnel security, physical security and other areas.

According to the report, “Critical infrastructure protection, nuclear physical security, cybersecurity, supply chain risk management, insider threat, force protection, foreign disclosure, technology transfer, information assurance and other DoD functional areas should influence and be influenced by security policy and oversight–the core responsibility of the Principal Staff Assistant for Security. However, no formal mechanism exists to exercise executive-level leadership that incorporates and integrates the views of all of these functions into a cohesive departmental security program with comprehensive, non-duplicative, and mutually understood roles and responsibilities.”

-Noel Brinkerhoff

To Learn More:

DoD Security Policy is Incoherent and Unmanageable, IG Says (by Steven Aftergood, Secrecy News)

Assessment of Security within the Department of Defense (Department of Defense, Inspector General) (pdf)