NSA puts out hardening guidelines for network equipment, various server OS's, and even home PC's. these standards are both respected and widely adopted (anecdotal--I've seen wide adoption in the places I've worked). I think they should update all of these documents and add "just kidding" at the bottom. What an embarrassment.

Privatized. Contractor got it up fast. Security was not a concern. This is just my opinion.

your question is pretty hard to answer. The briefing documents we've all seen are not really that sensitive, despite their classification level. Much of the info in them is already widely and publicly available.

Now, there may be more sensitive documents that haven't been released yet, but I rather doubt it. If there was truly damaging information in them, they'd have been released. Odds are that most are not that crucial or damaging.

I'm sure that the really sensitive internal stuff at the NSA is well-compartmented and access tightly controlled.

They are not saying it in public, but SIGINTers believe in worst-case scenarios, and the worst case here is Snowden, who was stealing files the entire time he was a contractor across two different employers, has a copy of every file on every computer he could access.

to the access logs. That should have have been such a high level that even the director of NSA should not have access. That is the way things are in most secure places.

But I have seen programs that can remove all the dn's from a very large switch that is open to the internet (for the outside customers to manage their services) have the root login name and password shown on the login display page. Fought like hell to have it changed, but upper management ruled me out because the CONTRACTORS bitched about changing it.