Computer Security:

Compliance With Training Requirements of the Computer Security Act of 1987

IMTEC-89-16BR: Published: Feb 22, 1989. Publicly Released: Feb 22, 1989.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO assessed federal agencies' compliance with the Computer Security Act's requirement that agencies with computer systems containing sensitive information initiate training programs within 60 days after the Office of Personnel Management (OPM) issued a computer security training regulation.

GAO found that: (1) OPM issued an interim training regulation in July 1988; (2) 81 of 85 agencies responded to its September 1988 questionnaire about computer security training programs; (3) 45 agencies implemented programs, offering a total of 190 training courses and 114 computer security training activities; (4) 19 agencies had not implemented programs, but reported plans to start them between November 1988 and April 1989; (5) two agencies without programs did not report their program implementation dates; (6) 15 agencies reported that they did not have any sensitive computer systems; (7) most of the agencies reported that their training programs followed the National Institute for Standards and Technology's (NIST) draft training regulations and the OPM training regulation, with the remaining agencies reporting that the agency head had approved their alternative programs; (8) most agencies were satisfied with both NIST draft training guidelines and the OPM training regulation; and (9) some of the programs lacked courses covering computer security life-cycle management or targeting senior management.

Sep 20, 2016

Sep 15, 2016

Jun 29, 2016

Jun 21, 2016

Apr 28, 2016

Apr 14, 2016

Apr 12, 2016

Mar 23, 2016

Dec 17, 2015

Nov 17, 2015

Looking for more? Browse all our products here