Government Operations:

GSA's Computer Security Guidance

AIMD-93-7R: Published: Jul 19, 1993. Publicly Released: Aug 17, 1993.

Contact:

Jack L. Brock, Jr
(202) 512-4841
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed Federal Information Resources Management Regulation (FIRMR) Bulletin C-22, which provides guidance to federal agencies on the security and privacy protection of federal computer resources. GAO noted that the guidance: (1) is intended for general use by federal agencies; (2) does not address the various types of sensitive information disclosure; and (3) does not address all the methods available for removing highly sensitive information from computers.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The Administrator of General Services and the Secretary of Commerce should revise Bulletin C-22 by: (1) incorporating into it information already published in National Institute of Standards and Technology advisory material concerning the sensitivity of information and various appropriate methods of disposition; and (2) clearly stating that National Security Agency guidance on the secure handling of sensitive or classified information provides disposition alternatives that may be appropriate depending on the sensitivity of the data involved.

    Agency Affected: General Services Administration

    Status: Closed - Implemented

    Comments: The report was released to the agency on August 17, 1993. It has not had time to fully respond to the recommendations. GSA has issued revised FIRMR Bulletin C-22, Supplement 1, dated July 8, 1994, that references NIST and NSA guidance concerning disposition alternatives for sensitive and classified information.

    Recommendation: The Administrator of General Services and the Secretary of Commerce should revise Bulletin C-22 by: (1) incorporating into it information already published in National Institute of Standards and Technology advisory material concerning the sensitivity of information and various appropriate methods of disposition; and (2) clearly stating that National Security Agency guidance on the secure handling of sensitive or classified information provides disposition alternatives that may be appropriate depending on the sensitivity of the data involved.

    Agency Affected: General Services Administration

    Status: Closed - Implemented

    Comments: The report was just released to the agency on 8/17/93. It has not had time to fully respond to the recommendations. GSA has issued revised FIRMR Bulletin C-22, Supplement 1, dated July 8, 1994, that references NIST and NSA guidance concerning disposition alternatives for sensitive and classified information.

    Apr 10, 2014

    Apr 8, 2014

    Apr 3, 2014

    Mar 31, 2014

    Mar 26, 2014

    Mar 25, 2014

    Looking for more? Browse all our products here