Access control (1 - 10 of 22 items)
Federal Information Security: Agencies Need to Correct Weaknesses and Fully Implement Security Programs
GAO-15-714: Published: Sep 29, 2015. Publicly Released: Sep 29, 2015.
Persistent weaknesses at 24 federal agencies illustrate the challenges they face in effectively applying information security policies and practices. Most agencies continue to have weaknesses in (1) limiting, preventing, and detecting inappropriate access to computer resources; (2) managing the configuration of software and hardware; (3) segregating duties to ensure that a single individual does n...
Federal Facility Cybersecurity: DHS and GSA Should Address Cyber Risk to Building and Access Control Systems
GAO-15-6: Published: Dec 12, 2014. Publicly Released: Jan 12, 2015.
The Department of Homeland Security (DHS) has taken preliminary steps to begin to understand the cyber risk to building and access controls systems in federal facilities. For example, in 2013, components of DHS's National Protection and Programs Directorate (NPPD) conducted a joint assessment of the physical security and cybersecurity of a federal facility. However, significant work remains.Lack o...
Information Security: SEC Needs to Improve Controls over Financial Systems and Data
GAO-14-419: Published: Apr 17, 2014. Publicly Released: Apr 17, 2014.
Although the Securities and Exchange Commission (SEC) had implemented and made progress in strengthening information security controls, weaknesses limited their effectiveness in protecting the confidentiality, integrity, and availability of a key financial system. For this system's network, servers, applications, and databases, weaknesses in several controls were found, as the following examples i...
Information Security: Additional Guidance Needed to Address Cloud Computing Concerns
GAO-12-130T: Published: Oct 6, 2011. Publicly Released: Oct 6, 2011.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the security implications of cloud computing. This t...
Information Security: Federal Deposit Insurance Corporation Has Made Progress, but Further Actions Are Needed to Protect Financial Data
GAO-11-708: Published: Aug 12, 2011. Publicly Released: Aug 12, 2011.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC's work, effective information security controls are essential to ensure that the corporation's systems and information are adequately protected from inadvertent misuse, fraudulent use, or improper dis...
Contractor Integrity: Stronger Safeguards Needed for Contractor Access to Sensitive Information
GAO-10-693: Published: Sep 10, 2010. Publicly Released: Sep 10, 2010.
In performing agency tasks, contractor employees often require access to sensitive information that must be protected from unauthorized disclosure or misuse. This report assesses the (1) extent to which agency guidance and contracts contain safeguards for contractor access to sensitive information, and (2) adequacy of governmentwide guidance on how agencies are to safeguard sensitive information t...
Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing
GAO-10-855T: Published: Jul 1, 2010. Publicly Released: Jul 1, 2010.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, reportedly has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the benefits and risks of moving federal...
Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing
GAO-10-513: Published: May 27, 2010. Publicly Released: Jul 1, 2010.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to (1) identify the models of cloud computing, (2) identify the in...
Homeland Security: DHS's Progress and Challenges in Key Areas of Maritime, Aviation, and Cybersecurity
GAO-10-106: Published: Dec 2, 2009. Publicly Released: Dec 2, 2009.
Securing the nation's transportation and information systems is a primary responsibility of the Department of Homeland Security (DHS). Within DHS, the Transportation Security Administration (TSA) is responsible for securing all transportation modes; U.S. Customs and Border Protection (CBP) is responsible for cargo container security; the U.S. Coast Guard is responsible for protecting the maritime...
Bureau of Public Debt: Areas for Improvement in Information Security Controls
GAO-09-633R: Published: Apr 28, 2009. Publicly Released: Apr 28, 2009.
In connection with fulfilling our requirement to audit the financial statements of the U.S. government, we audited and reported on the Schedules of Federal Debt Managed by the Bureau of the Public Debt (BPD) for the fiscal years ended September 30, 2008 and 2007. As part of these audits, we performed a review of the general and application information security controls over key BPD financial syste...