Policies and procedures (1 - 10 of 23 items)
Healthcare.gov: Actions Needed to Address Weaknesses in Information Security and Privacy Controls
GAO-14-730: Published: Sep 16, 2014. Publicly Released: Sep 16, 2014.
Many systems and entities exchange information to carry out functions that support individuals' ability to use Healthcare.gov to compare, select, and enroll in private health insurance plans participating in the federal marketplaces, as required by the Patient Protection and Affordable Care Act (PPACA). The Centers for Medicare & Medicaid Services (CMS) has overall responsibility for key federal s...
Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented
GAO-13-187: Published: Feb 14, 2013. Publicly Released: Feb 14, 2013.
Threats to systems supporting critical infrastructure and federal operations are evolving and growing. Federal agencies have reported increasing numbers of cybersecurity incidents that have placed sensitive information at risk, with potentially serious impacts on federal and military operations; critical infrastructure; and the confidentiality, integrity, and availability of sensitive government,...
Information Security: State Has Taken Steps to Implement a Continuous Monitoring Application, but Key Challenges Remain
GAO-11-149: Published: Jul 8, 2011. Publicly Released: Aug 8, 2011.
The Department of State (State) has implemented a custom application called iPost and a risk scoring program that is intended to provide continuous monitoring capabilities of information security risk to elements of its information technology (IT) infrastructure. Continuous monitoring can facilitate nearer real-time risk management and represents a significant change in the way information securit...
Information Security: IRS Needs to Enhance Internal Control over Financial Reporting and Taxpayer Data
GAO-11-308: Published: Mar 15, 2011. Publicly Released: Mar 15, 2011.
The Internal Revenue Service (IRS) has a demanding responsibility in collecting taxes, processing tax returns, and enforcing the nation's tax laws. It relies extensively on computerized systems to support its financial and mission-related operations and on information security controls to protect financial and sensitive taxpayer information that resides on those systems. As part of its audit of IR...
Information Security: Federal Deposit Insurance Corporation Needs to Mitigate Control Weaknesses
GAO-11-29: Published: Nov 30, 2010. Publicly Released: Nov 30, 2010.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of its work, the corporation must employ strong information security controls to ensure that its information systems are adequately protected from inadvertent misuse, fraud, and improper disclosure. As part o...
Information Security: National Archives and Records Administration Needs to Implement Key Program Elements and Controls
GAO-11-20: Published: Oct 21, 2010. Publicly Released: Oct 27, 2010.
The National Archives and Records Administration (NARA) is responsible for preserving access to government documents and other records of historical significance and overseeing records management throughout the federal government. NARA relies on the use of information systems to receive, process, store, and track government records. As such, NARA is tasked with preserving and maintaining access to...
Information Security: Opportunities Exist for the Federal Housing Finance Agency to Improve Controls
GAO-10-528: Published: Apr 30, 2010. Publicly Released: Apr 30, 2010.
The Federal Housing Finance Agency (FHFA) relies extensively on computerized systems to carry out its mission to provide effective supervision, regulation, and housing mission oversight of the Federal National Mortgage Association (Fannie Mae), the Federal Home Loan Mortgage Corporation (Freddie Mac), and the federal home loan banks. Effective information security controls are essential to ensure...
Information Security: Concerted Response Needed to Resolve Persistent Weaknesses
GAO-10-536T: Published: Mar 24, 2010. Publicly Released: Mar 24, 2010.
Without proper safeguards, federal computer systems are vulnerable to intrusions by individuals who have malicious intentions and can obtain sensitive information. The need for a vigilant approach to information security has been demonstrated by the pervasive and sustained cyber attacks against the United States; these attacks continue to pose a potentially devastating impact to systems as well as...
Information Security: IRS Needs to Continue to Address Significant Weaknesses
GAO-10-355: Published: Mar 19, 2010. Publicly Released: Mar 19, 2010.
The Internal Revenue Service (IRS) relies extensively on computerized systems to carry out its demanding responsibilities to collect taxes, process tax returns, and enforce the nation's tax laws. Effective information security controls are essential to protect financial and taxpayer information from inadvertent or deliberate misuse, improper disclosure, or destruction. As part of its audit of IRS'...
Information Security: Concerted Effort Needed to Improve Federal Performance Measures
GAO-09-617: Published: Sep 14, 2009. Publicly Released: Oct 29, 2009.
Information security is a critical consideration for federal agencies, which depend on information systems to carry out their missions. Increases in reports of security incidents demonstrate the urgency of adequately protecting the federal government's data and information systems. Agencies are required to report to the Office of Management and Budget (OMB) on their information security programs,...