Internal controls (41 - 50 of 202 items)
Information Security: Agencies Need to Implement Federal Desktop Core Configuration Requirements
GAO-10-202: Published: Mar 12, 2010. Publicly Released: Apr 12, 2010.
The increase in security incidents and continuing weakness in security controls on information technology systems at federal agencies highlight the continuing need for improved information security. To standardize and strengthen agencies' security, the Office of Management and Budget (OMB), in collaboration with the National Institute of Standards and Technology (NIST), launched the Federal Deskto...
Information Security: Concerted Effort Needed to Consolidate and Secure Internet Connections at Federal Agencies
GAO-10-237: Published: Mar 12, 2010. Publicly Released: Apr 12, 2010.
To reduce the threat to federal systems and operations posed by cyber attacks on the United States, the Office of Management and Budget (OMB) launched, in November 2007, the Trusted Internet Connections (TIC) initiative, and later, in 2008, the Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS), operationally known as Einstein, became mandatory for federal agen...
Information Security: IRS Needs to Continue to Address Significant Weaknesses
GAO-10-355: Published: Mar 19, 2010. Publicly Released: Mar 19, 2010.
The Internal Revenue Service (IRS) relies extensively on computerized systems to carry out its demanding responsibilities to collect taxes, process tax returns, and enforce the nation's tax laws. Effective information security controls are essential to protect financial and taxpayer information from inadvertent or deliberate misuse, improper disclosure, or destruction. As part of its audit of IRS'...
Cybersecurity: Continued Efforts Are Needed to Protect Information Systems from Evolving Threats
GAO-10-230T: Published: Nov 17, 2009. Publicly Released: Nov 17, 2009.
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the federal government. In recent months, federal officials have cited the continued efforts of foreign nations and criminals to target government and private sector networks; terrorist groups have expressed a desire to use cyber attacks to target the United States; and press ac...
Information Security: Actions Needed to Manage, Protect, and Sustain Improvements to Los Alamos National Laboratory's Classified Computer Network
GAO-10-28: Published: Oct 14, 2009. Publicly Released: Nov 13, 2009.
The Los Alamos National Laboratory (LANL), which is overseen by the National Nuclear Security Administration (NNSA), has experienced a number of security lapses in controlling classified information stored on its classified computer network. GAO was requested to (1) assess the effectiveness of security controls LANL used to protect information on its classified network, (2) assess whether LANL had...
Information Security: NASA Needs to Remedy Vulnerabilities in Key Networks
GAO-10-4: Published: Oct 15, 2009. Publicly Released: Oct 15, 2009.
The National Aeronautics and Space Administration (NASA) relies extensively on information systems and networks to pioneer space exploration, scientific discovery, and aeronautics research. Many of these systems and networks are interconnected through the Internet, and may be targeted by evolving and growing cyber threats from a variety of sources. GAO was directed to (1) determine whether NASA ha...
Information Security: Agencies Continue to Report Progress, but Need to Mitigate Persistent Weaknesses
GAO-09-546: Published: Jul 17, 2009. Publicly Released: Jul 17, 2009.
For many years, GAO has reported that weaknesses in information security are a widespread problem that can have serious consequences--such as intrusions by malicious users, compromised networks, and the theft of intellectual property and personally identifiable information--and has identified information security as a governmentwide high-risk issue since 1997. Concerned by reports of significant v...
Federal Information Security Issues
GAO-09-817R: Published: Jun 30, 2009. Publicly Released: Jun 30, 2009.
This letter responds to congressional request that GAO address additional questions arising from the May 19, 2009, hearing on federal information security held by the Subcommittee on Government Management, Organization, and Procurement. In that hearing, we discussed the current state of information security throughout the federal government and agency efforts to comply with the requirements of the...
Cybersecurity: Continued Federal Efforts Are Needed to Protect Critical Systems and Information
GAO-09-835T: Published: Jun 25, 2009. Publicly Released: Jun 25, 2009.
Federal laws and policy have assigned important roles and responsibilities to the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) for securing computer networks and systems. DHS is charged with coordinating the protection of computer-reliant critical infrastructure--much of which is owned by the private sector--and securing its own computer syste...
Information Security: Agencies Make Progress in Implementation of Requirements, but Significant Weaknesses Persist
GAO-09-701T: Published: May 19, 2009. Publicly Released: May 19, 2009.
Without proper safeguards, federal agencies' computer systems are vulnerable to intrusions by individuals and groups who have malicious intentions and can obtain sensitive information, commit fraud, disrupt operations, or launch attacks against other computer systems and networks. Concerned by reports of significant weaknesses in federal systems, Congress passed the Federal Information Security Ma...