Skip to main content

Information Security: Although Progress Reported, Federal Agencies Need to Resolve Significant Deficiencies

GAO-08-496T Published: Feb 14, 2008. Publicly Released: Feb 14, 2008.
Jump To:
Skip to Highlights

Highlights

Information security is especially important for federal agencies, where the public's trust is essential and poor information security can have devastating consequences. Since 1997, GAO has identified information security as a governmentwide high-risk issue in each of its biennial reports to the Congress. Concerned by reports of significant weaknesses in federal computer systems, Congress passed the Federal Information Security Management Act (FISMA) of 2002, which permanently authorized and strengthened information security program, evaluation, and annual reporting requirements for federal agencies. GAO was asked to testify on the current state of federal information security and compliance with FISMA. This testimony summarizes (1) agency progress in performing key control activities, (2) the effectiveness of information security at federal agencies, and (3) opportunities to strengthen security. In preparing for this testimony, GAO reviewed prior audit reports; examined federal policies, guidance, and budgetary documentation; and analyzed agency and inspector general (IG) reports on information security.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Computer securityComputer systemsControlled accessFederal agenciesInformation securityInformation security managementInformation security regulationsInternal controlsPolicy evaluationProgram evaluationProgram managementReporting requirementsRisk assessmentRisk managementSystems integrityProgram implementation