Managers Need To Provide Better Protection for Federal Automatic Data Processing Facilities

FGMSD-76-40: Published: May 10, 1976. Publicly Released: May 10, 1976.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The federal government currently relies on the services of about 9,000 computers in its day-to-day operations, and this equipment is valued at billions of dollars. The value of some of the data which are processed on these computers is immeasurable. Consequently, protecting the equipment and data from unauthorized or inadvertent acts of destruction, alteration, or misuse is a matter of inestimable importance.

Catastrophic losses to government-sponsored data processing installations, such as the loss of human life, irreplaceable data, and equipment, have occurred. Information on the physical security measures employed by 28 federal data processing facilities led GAO to believe that many federal data processing assets and much valuable data are not protected properly. Less than half of the 28 installations visited had developed and put into operation contingency plans to provide for continuity of operations if a loss occurred. The impact from losses at data processing installations which did not have contingency plans could: (1) interfere seriously with efficient and economical operations of the government; (2) have an immeasurable impact on individuals and organizations relying on government data; and (3) result in costly reconstruction efforts. In 1974, the National Bureau of Standards issued guidelines for establishing physical security measures for data processing activities. However, the guidelines are only a reference document, and there is no requirement that agencies must use them when determining their security needs.

Recommendation for Executive Action

  1. Status: Closed

    Comments: Please call 202/512-6100 for additional information.

    Recommendation: To provide more security over government automatic data processing operations at a reasonable cost, the Director of the Office of Management and Budget should direct that management officials be appointed at federal installations having data processing systems and that they be assigned responsibility for automatic data processing physical security and risk management. These officials should be directed to use the National Bureau of Standards guidelines when developing physical security and risk management programs.

    Agency Affected:

 

Explore the full database of GAO's Open Recommendations »

Sep 26, 2016

Sep 15, 2016

Sep 14, 2016

Sep 8, 2016

Jun 29, 2016

Jun 22, 2016

Jun 10, 2016

Jun 9, 2016

Jun 2, 2016

May 25, 2016

Looking for more? Browse all our products here