Skip to main content

Information Security: Progress Reported, but Weaknesses at Federal Agencies Persist

GAO-08-571T Published: Mar 12, 2008. Publicly Released: Mar 12, 2008.
Jump To:
Skip to Highlights

Highlights

Information security is especially important for federal agencies, where the public's trust is essential and poor information security can have devastating consequences. Since 1997, GAO has identified information security as a governmentwide high-risk issue in each of our biennial reports to Congress. Concerned by reports of significant weaknesses in federal computer systems, Congress passed the Federal Information Security Management Act (FISMA) of 2002, which permanently authorized and strengthened information security program, evaluation, and annual reporting requirements for federal agencies. GAO was asked to testify on the current state of federal information security and compliance with FISMA. This testimony summarizes (1) the status of agency performance of information security control activities as reported by major agencies and their inspectors general (IG), (2) the effectiveness of information security at federal agencies, and (3) opportunities to improve federal information security. In preparing for this testimony, GAO analyzed agency, IG, Office of Management and Budget (OMB), and GAO reports on information security and reviewed OMB FISMA reporting instructions, information technology security guidance, and information on reported security incidents.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Access controlComputer systemsCyber securityData integrityFederal agenciesFederal lawGovernment informationGovernment information disseminationInformation disclosureInformation infrastructureInformation managementInformation securityInformation security managementInformation systemsInformation technologyInternal controlsPerformance measuresPolicy evaluationProgram evaluationReporting requirementsRisk assessmentRisk managementSystems evaluationSystems integritySystems testingProgram implementation