Skip to main content

Lapse in Appropriations

Please note that a lapse in appropriations has caused GAO to shut down its operations. Therefore, GAO will not be able to publish reports or otherwise update this website until GAO resumes operations. In addition, the vast majority of GAO personnel are not permitted to work. Consequently, calls or emails to agency personnel may not be returned until GAO resumes operations. For details on how the bid protest process will be handled during the shutdown, please see the legal decisions page. For information related to the GAO Personnel Appeals Board (PAB), please see the PAB webpage.

Cybersecurity: Continued Federal Efforts Are Needed to Protect Critical Systems and Information

GAO-09-835T Published: Jun 25, 2009. Publicly Released: Jun 25, 2009.
Jump To:

Highlights

Federal laws and policy have assigned important roles and responsibilities to the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) for securing computer networks and systems. DHS is charged with coordinating the protection of computer-reliant critical infrastructure--much of which is owned by the private sector--and securing its own computer systems, while NIST is responsible for developing standards and guidelines for implementing security controls over information and information systems. GAO was asked to describe cybersecurity efforts at DHS and NIST--including partnership activities with the private sector--and the use of cybersecurity performance metrics in the federal government. To do so, GAO relied on its reports on federal information security and federal efforts to fulfill national cybersecurity responsibilities.

Full Report

Highlights
Full Report (24 pages)
Accessible Text

GAO Contacts

Gregory C. Wilshusen
Director
Information Technology and Cybersecurity
wilshuseng@gao.gov

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs
media@gao.gov

Public Inquiries

Contact Us

Topics

Information Security
Computer networksComputer securityConfidential communicationsCritical infrastructure protectionCyber securityInformation securityInformation systemsInternal controlsInternetRegulatory agenciesRisk managementSecurity assessmentsSecurity policiesSecurity threatsStandardsStrategic planningSystem security plansSystems analysisSystems monitoringInternet privacy