Anyone getting access to a federal system is going to need some kind of background check; training on and agreement to follow the rules about not misusing that data, copying it to unauthorized systems, trying to circumvent a security control, etc. If the reports about having administrator access are true, that would likely involve stronger policies since administrators not only have greater access but also fewer constraints which could prevent misuse of that access (e.g. the normal user interface might not let you download PII in bulk but a SQL query wouldn’t have that restriction unless carefully built in).
Again, none of this is remotely normal and it hasn’t previously been a contentious point that sensitive data has safeguards. The difference here is that they’re impatient and acting like it’s a hostile takeover.
