Internal controls (41 - 50 of 50 items)
IRS Systems Security: Tax Processing Operations and Data Still at Risk Due to Serious Weaknesses
AIMD-97-49: Published: Apr 8, 1997. Publicly Released: Apr 8, 1997.
Pursuant to a congressional request, GAO reviewed the Internal Revenue Service's (IRS) computer security, focusing on whether IRS is effectively: (1) managing computer security; and (2) addressing employee browsing of electronic taxpayer data.GAO noted that: (1) over the last 3 years, GAO has reported on a number of computer security problems at IRS and has made recommendations for strengthening I...
Computer Security: DEA Is Not Adequately Protecting Sensitive Drug Enforcement Data
IMTEC-92-83: Published: Sep 22, 1992. Publicly Released: Sep 30, 1992.
Pursuant to a congressional request, GAO assessed the adequacy of the Drug Enforcement Administration's (DEA) computer security, focusing on: (1) DEA compliance with laws and requirements for protecting sensitive computer information; and (2) Department of Justice (DOJ) oversight of DEA compliance with computer security requirements.GAO found that: (1) DEA has not identified all of its computer sy...
Computer Security: DEA's Handling of Sensitive Drug Enforcement and National Security Information Is Inadequate
T-IMTEC-92-24: Published: Sep 30, 1992. Publicly Released: Sep 30, 1992.
GAO discussed computer security at the Drug Enforcement Administration (DEA). GAO noted that: (1) DEA relies heavily on computerized systems to access sensitive information; (2) DEA computer security risks included failure to identify computers processing sensitive information, use of unapproved equipment to process sensitive information, and unusually lax physical security over areas in which cla...
Computer Security: Agencies Reported Having Implemented Most System Security Controls
IMTEC-92-45: Published: Apr 30, 1992. Publicly Released: Jun 1, 1992.
Pursuant to a congressional request, GAO reviewed 12 federal agencies' implementation of security controls for their computer systems containing sensitive information, focusing on their security plans and supporting documentation.GAO found that, as of January 1992, the agencies: (1) had implemented about 88 percent of planned controls for 27 systems; and (2) reported that 44 planned security contr...
Computer Security Weaknesses at the Department of Justice
T-IMTEC-91-15: Published: Jun 27, 1991. Publicly Released: Jun 27, 1991.
GAO discussed computer security weaknesses in the Department of Justice's (DOJ) computer systems that store highly sensitive law enforcement information. GAO noted that DOJ: (1) security weaknesses have life-and-death implications for such individuals as witnesses, informants, and law enforcement officials whose identities could be disclosed because of inadequate controls; (2) did not develop secu...
Serious Questions Remain About Justice's Management of ADP and Computer Security
T-IMTEC-91-17: Published: Jun 27, 1991. Publicly Released: Jun 27, 1991.
GAO discussed the Department of Justice's (DOJ) management of its automatic data processing (ADP) resources and its computer security. GAO noted that: (1) the actions DOJ took to address ADP management shortcomings have mainly been organizational and structural and may be insufficient to solve the pervasive problems in DOJ information resources management (IRM); (2) DOJ lacks a system that can acc...
Justice's Weak ADP Security Compromises Sensitive Data
T-IMTEC-91-6: Published: Mar 21, 1991. Publicly Released: Mar 21, 1991.
GAO discussed the Department of Justice's (DOJ): (1) recent sale of surplus computer equipment that was later found to have highly sensitive data; and (2) continuing exposure to similar breaches of security. GAO noted that DOJ: (1) showed patterns of neglect and inattention in ensuring information security nationwide; (2) was unable to provide it with such basic factual information as the total nu...
Computers and Privacy: How the Government Obtains, Verifies, Uses, and Protects Personal Data
IMTEC-90-70BR: Published: Aug 3, 1990. Publicly Released: Aug 31, 1990.
Pursuant to a congressional request, GAO presented information on: (1) how federal agencies obtain, verify, use, and protect personal data; (2) how individuals are made aware of information collected about them; (3) what telecommunications and network facilities agencies' systems use to transmit data; and (4) what effect new technologies have on the sharing of personal data.GAO found that: (1) age...
Computer Security: Governmentwide Planning Process Had Limited Impact
IMTEC-90-48: Published: May 10, 1990. Publicly Released: May 10, 1990.
Pursuant to a congressional request, GAO reviewed the governmentwide computer security planning and review process that the Computer Security Act of 1987 required, focusing on: (1) 10 civilian agencies' planning processes and implementation of planned controls in 22 selected plans; and (2) the National Institute of Standards and Technology's (NIST) and the National Security Agency's (NSA) review o...
Tax Information Safeguard Activity Annual Report
GGD-85-71: Published: Aug 23, 1985. Publicly Released: Aug 23, 1985.
GAO reviewed the Internal Revenue Service's (IRS) tax information safeguard activities for the calendar year ended December 31, 1984, to assess: (1) significant changes in safeguard procedures or authorized access to tax return information; (2) any changes or enhancements to physical and computer security measures used to safeguard tax information; and (3) the results of internal inspections condu...