We found that DoD Components implemented many of the agreed-upon corrective actions necessary to improve system weaknesses identified in issued reports summarized in our FY 2017 cybersecurity summary report; however, recently issued cybersecurity reports indicate that the DoD still faces challenges in managing cybersecurity risk to its network. Additionally, as of September 30, 2018, there were 266 open cybersecurity‑related recommendations, dating as far back as 2008.

https://media.defense.gov/2019/Jan/11/2002078551/-1/-1/1/DODIG-2019-044.PDF