"The OIG report reveals that TSA does not have policies, procedures and a risk management plan pertinent to the insider threat currently in place," they wrote. "Further, the report reveals that TSA has yet to implement an insider threat training and awareness program for the entire TSA workforce.

"To our dismay, TSA failed to concur with two common sense low cost OIG recommendations aimed at protecting against the loss of sensitive data from TSA's networks."

The Obama administration issued an executive order in 2011 that requires all agencies to set up internal threat programs. The IG report said the TSA has taken some steps to implement this program, including setting up an Insider Threat Working Group and Insider Threat Section to develop policies.

But it said TSA also needs to implement policies, develop a risk management plans, and provide for training and awareness programs for its employees.

Thompson and Jackson Lee wrote to TSA earlier in the year looking for answers to questions about its insider threat plan, but received no answer. As a result, the two members called on TSA to provide answers to their questions — including descriptions on how money is being spent on an insider trading program and when programs might be up and running — by Oct. 17.