We determined whether the National Security Agency (NSA) implemented effective security configuration controls and processes to protect its devices, systems, enclaves, and networks from insider and external threats. This report is the second in a series on the implementation of NSA’s initiatives to improve security over its systems, networks, and data. We conducted this audit in response to a congressional requirement.