The Potential Impact of National Security Decision Directive 145 on Civil Agencies

Testimony was given on: (1) the potential impact of National Security Decision Directive 145 on civil agencies that are not normally perceived as part of the national security establishment; and (2) how well the directive addresses recommendations made by the House Committee on Science and Technology, Subcommittee on Transportation, Aviation and Materials, in its report on computer security and privacy. GAO found that the directive is a positive step toward establishing a policy framework for the protection of classified and sensitive information affecting national security and is in line with the major thrust of the Subcommittee recommendations as they relate to sensitive, classified information with a national security interest. However, the directive fails to address the area of sensitive information without a national security impact. An organizational structure of four components has been established to conduct these activities. GAO also found that the directive falls short of the intent of congressional recommendations concerning training, security awareness, and computer abuse reporting. GAO believes that the administration needs to define the types of information that will fall under the coverage of the directive and initiate action to address sensitive government information outside the purview of the directive, because implementation of the directive may lead to confusion as to which agency is responsible for information security in the government.