Department of Defense officials said they couldn't mandate strong passwords and automatic logouts for contractors because existing regulations are in the way.

Additionally, the agency failed to protect critical information technology assets found to be vulnerable two years ago, which could lead to intellectual property theft.

The agency has three new OTAs coming, including an evolution of the military's joint situational awareness system.

The order out of concern that federal agencies could be vulnerable to cyberattacks intended to gain access to the platforms used to manage domain name system (DNS) records.

State uses enhanced authentication on just 11 percent of required agency devices, according to reports.