Information Security:

Comments on the Proposed Federal Information Security Management Act of 2002

GAO-02-677T: Published: May 2, 2002. Publicly Released: May 2, 2002.

Additional Materials:

Contact:

Robert F. Dacey
(202) 512-3317
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Federal Information Security Management Act of 2002 reauthorizes and expands the information security, evaluation, and reporting requirements enacted in the National Defense Authorization Act for Fiscal Year 2001. Concerned that pervasive information security weaknesses place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosures of sensitive information, Congress enacted the Government Security Reform Act (GISRA) for more effective oversight. The Federal Information Security Management Act also changes and clarifies information security issues noted in the first-year implementation of GISRA. In particular, the bill requires the development, promulgation of, and compliance with minimum mandatory management controls for securing information and information systems; requires annual agency reporting to both the Office of Management and Budget and the Comptroller General; and defines the evaluation responsibilities for national security systems. To ensure that information security receives appropriate attention and resources and that known deficiencies are addressed, it will be necessary to delineate the roles and responsibilities of the numerous entities involved; obtain adequate technical expertise to select, implement, and maintain controls; and allocate enough agency resources for information security.

Sep 20, 2016

Sep 15, 2016

Jun 29, 2016

Jun 21, 2016

Apr 28, 2016

Apr 14, 2016

Apr 12, 2016

Mar 23, 2016

Dec 17, 2015

Nov 17, 2015

Looking for more? Browse all our products here