Information systems (1 - 10 of 164 items)
Cybersecurity: Actions Needed to Strengthen U.S. Capabilities
GAO-17-440T: Published: Feb 14, 2017. Publicly Released: Feb 14, 2017.
GAO has consistently identified shortcomings in the federal government's approach to ensuring the security of federal information systems and cyber critical infrastructure as well as its approach to protecting the privacy of personally identifiable information (PII). While previous administrations and agencies have acted to improve the protections over federal and critical infrastructure informati...
Information Security: FDA Needs to Rectify Control Weaknesses That Place Industry and Public Health Data at Risk
GAO-16-513: Published: Aug 30, 2016. Publicly Released: Sep 29, 2016.
Although the Food and Drug Administration (FDA), an agency of the Department of Health and Human Services (HHS), has taken steps to safeguard the seven systems GAO reviewed, a significant number of security control weaknesses jeopardize the confidentiality, integrity, and availability of its information and systems. The agency did not fully or consistently implement access controls, which are inte...
Federal Information Security: Actions Needed to Address Challenges
GAO-16-885T: Published: Sep 19, 2016. Publicly Released: Sep 20, 2016.
Cyber incidents affecting federal agencies have continued to grow, increasing about 1,300 percent from fiscal year 2006 to fiscal year 2015.Cyber Incidents Reported by Federal Agencies, Fiscal Year 2006--2015Several laws and policies establish a framework for the federal government's information security and assign implementation and oversight responsibilities to key federal entities, including th...
Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems
GAO-16-501: Published: May 18, 2016. Publicly Released: Jun 21, 2016.
In GAO's survey of 24 federal agencies, the 18 agencies having high-impact systems identified cyber attacks from “nations” as the most serious and most frequently-occurring threat to the security of their systems. These agencies also noted that attacks delivered through e-mail were the most serious and frequent. During fiscal year 2014, 11 of the 18 agencies reported 2,267 incidents affecting...
Information Security: Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data
GAO-16-493: Published: Apr 28, 2016. Publicly Released: Apr 28, 2016.
The Securities and Exchange Commission (SEC) improved its information security by addressing weaknesses previously identified by GAO, including separating the user production network from the internal management network. However, weaknesses continue to limit the effectiveness of other security controls. In particular:While SEC had issued policies and implemented controls based on those policies, i...
Information Security: IRS Needs to Further Enhance Controls over Taxpayer and Financial Data
GAO-16-590T: Published: Apr 14, 2016. Publicly Released: Apr 14, 2016.
In March 2016 GAO reported that the Internal Revenue Service (IRS) had instituted numerous controls over key financial and tax processing systems; however, it had not always effectively implemented safeguards intended to properly restrict access to systems and information. In particular, while IRS had improved some of its access controls, weaknesses remained with identifying and authenticating use...
Information Security: IRS Needs to Further Improve Controls over Financial and Taxpayer Data
GAO-16-398: Published: Mar 28, 2016. Publicly Released: Mar 28, 2016.
The Internal Revenue Service (IRS) made progress in implementing information security controls; however, weaknesses in the controls limited their effectiveness in protecting the confidentiality, integrity, and availability of financial and sensitive taxpayer data. During fiscal year 2015, IRS continued to devote attention to securing its information systems that process sensitive taxpayer and fina...
Information Security: DHS Needs to Enhance Capabilities, Improve Planning, and Support Greater Adoption of Its National Cybersecurity Protection System
GAO-16-294: Published: Jan 28, 2016. Publicly Released: Jan 28, 2016.
The Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS) is partially, but not fully, meeting its stated system objectives:Intrusion detection: NCPS provides DHS with a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies. Specifically, NCPS compares network traffic to known patterns of malicious data...
Federal Information Security: Agencies Need to Correct Weaknesses and Fully Implement Security Programs
GAO-15-714: Published: Sep 29, 2015. Publicly Released: Sep 29, 2015.
Persistent weaknesses at 24 federal agencies illustrate the challenges they face in effectively applying information security policies and practices. Most agencies continue to have weaknesses in (1) limiting, preventing, and detecting inappropriate access to computer resources; (2) managing the configuration of software and hardware; (3) segregating duties to ensure that a single individual does n...
Cybersecurity: Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies
GAO-15-725T: Published: Jun 24, 2015. Publicly Released: Jun 24, 2015.
GAO has identified a number of challenges federal agencies face in addressing threats to their cybersecurity, including the following:Designing and implementing a risk-based cybersecurity program.Enhancing oversight of contractors providing IT services.Improving security incident response activities.Responding to breaches of personal information.Implementing cybersecurity programs at small agencie...