The Defense Counterintelligence and Security Agency documented 815 security violations at cleared contractor facilities during fiscal year 2025 — incidents where contractors failed to comply with National Industrial Security Program Operating Manual policies in ways that could reasonably result in the loss or compromise of classified information. As of September 2025, approximately 70 percent of those violations had been closed, with the remainder still open and averaging about 101 days since initial reporting.

A new Government Accountability Office report (GAO-26-107861) concludes that the Defense Counterintelligence and Security Agency faces persistent structural gaps in how it manages risk across the National Industrial Security Program — the framework through which the federal government extends classified contract work to private industry. The report, released April 2026, identifies failures in risk assessment tools, workforce planning, a troubled oversight center, and a data system replacement that has proceeded without meaningful input from the people who use it.