WASHINGTON (AP) - Hillary Clinton disregarded various State Department guidelines for avoiding cybersecurity risks, an internal audit found Wednesday, faulting her and past secretaries of state for weak information management.
The inspector general's 78-page analysis, a copy of which was obtained by The Associated Press, cites "longstanding, systemic weaknesses" related to the agency's communications. These started before Clinton's appointment as secretary of state, but her failures were singled out as more serious.
Despite guidelines to the contrary and never seeking approval, Clinton used mobile devices to conduct official business on her personal email account and private server. She never sought approval from senior information officers, who would have refused the request because of security risks, the audit said.
"By Secretary Clinton's tenure, the department's guidance was considerably more detailed and more sophisticated," it concluded. "Secretary Clinton's cybersecurity practices accordingly must be evaluated in light of these more comprehensive directives."
The review was prompted by the revelations of Clinton's email use, which has affected her campaign for the Democratic presidential nomination. Nevertheless, the review also encompassed the email and information practices of the last five secretaries.
The report said the department and its secretaries were "slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership."
Clinton has been dogged by questions about her email practices for more than a year, since AP revealed that the clintonemail.com server was in the basement of Clinton's New York home while she served as the nation's top diplomat from 2009 to 2013.
Separately from the State Department audit, FBI agents have been probing whether Clinton's use of a private email server imperiled government secrets.
Clinton has acknowledged in the campaign that her homebrew email setup was a mistake, but said she never sent or received anything marked classified at the time.