Skip to main content

Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements

GAO-05-483T Published: Apr 07, 2005. Publicly Released: Apr 07, 2005.
Jump To:
Skip to Highlights

Highlights

For many years, GAO has reported that poor information security is a widespread problem that has potentially devastating consequences. Further, since 1997, GAO has identified information security as a governmentwide high-risk issue in reports to Congress--most recently in January 2005. Concerned with accounts of attacks on commercial systems via the Internet and reports of significant weaknesses in federal computer systems that make them vulnerable to attack, Congress passed the Federal Information Security Management Act of 2002 (FISMA), which permanently authorized and strengthened the federal information security program, evaluation, and reporting requirements established for federal agencies. This testimony discusses the federal government's progress and challenges in implementing FISMA as reported by the Office of Management and Budget (OMB), the agencies, and Inspectors General (IGs) and opportunities for improving the usefulness of the annual reporting process, including the consideration of a common framework for the annual FISMA reviews conducted by the IGs.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Certification and accreditationComputer securityContingency plansFederal agenciesFederal lawGovernment informationInformation resources managementInformation security managementInformation systems accreditationInformation systems certificationInformation technologyPerformance measuresReporting requirements