Government Operations:

GSA's Computer Security Guidance

AIMD-93-7R: Published: Jul 19, 1993. Publicly Released: Aug 17, 1993.

Additional Materials:

Contact:

Jack L. Brock, Jr
(202) 512-4841
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed Federal Information Resources Management Regulation (FIRMR) Bulletin C-22, which provides guidance to federal agencies on the security and privacy protection of federal computer resources. GAO noted that the guidance: (1) is intended for general use by federal agencies; (2) does not address the various types of sensitive information disclosure; and (3) does not address all the methods available for removing highly sensitive information from computers.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: The report was released to the agency on August 17, 1993. It has not had time to fully respond to the recommendations. GSA has issued revised FIRMR Bulletin C-22, Supplement 1, dated July 8, 1994, that references NIST and NSA guidance concerning disposition alternatives for sensitive and classified information.

    Recommendation: The Administrator of General Services and the Secretary of Commerce should revise Bulletin C-22 by: (1) incorporating into it information already published in National Institute of Standards and Technology advisory material concerning the sensitivity of information and various appropriate methods of disposition; and (2) clearly stating that National Security Agency guidance on the secure handling of sensitive or classified information provides disposition alternatives that may be appropriate depending on the sensitivity of the data involved.

    Agency Affected: General Services Administration

  2. Status: Closed - Implemented

    Comments: The report was just released to the agency on 8/17/93. It has not had time to fully respond to the recommendations. GSA has issued revised FIRMR Bulletin C-22, Supplement 1, dated July 8, 1994, that references NIST and NSA guidance concerning disposition alternatives for sensitive and classified information.

    Recommendation: The Administrator of General Services and the Secretary of Commerce should revise Bulletin C-22 by: (1) incorporating into it information already published in National Institute of Standards and Technology advisory material concerning the sensitivity of information and various appropriate methods of disposition; and (2) clearly stating that National Security Agency guidance on the secure handling of sensitive or classified information provides disposition alternatives that may be appropriate depending on the sensitivity of the data involved.

    Agency Affected: General Services Administration

 

Explore the full database of GAO's Open Recommendations »

Oct 20, 2014

Oct 9, 2014

Oct 8, 2014

Oct 2, 2014

Sep 30, 2014

Sep 26, 2014

Sep 25, 2014

Sep 19, 2014

Looking for more? Browse all our products here