Computer Security:

Compliance With Training Requirements of the Computer Security Act of 1987

IMTEC-89-16BR: Published: Feb 22, 1989. Publicly Released: Feb 22, 1989.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO assessed federal agencies' compliance with the Computer Security Act's requirement that agencies with computer systems containing sensitive information initiate training programs within 60 days after the Office of Personnel Management (OPM) issued a computer security training regulation.

GAO found that: (1) OPM issued an interim training regulation in July 1988; (2) 81 of 85 agencies responded to its September 1988 questionnaire about computer security training programs; (3) 45 agencies implemented programs, offering a total of 190 training courses and 114 computer security training activities; (4) 19 agencies had not implemented programs, but reported plans to start them between November 1988 and April 1989; (5) two agencies without programs did not report their program implementation dates; (6) 15 agencies reported that they did not have any sensitive computer systems; (7) most of the agencies reported that their training programs followed the National Institute for Standards and Technology's (NIST) draft training regulations and the OPM training regulation, with the remaining agencies reporting that the agency head had approved their alternative programs; (8) most agencies were satisfied with both NIST draft training guidelines and the OPM training regulation; and (9) some of the programs lacked courses covering computer security life-cycle management or targeting senior management.

Sep 28, 2017

Aug 3, 2017

Jul 27, 2017

Jul 26, 2017

May 31, 2017

May 23, 2017

Apr 4, 2017

Mar 30, 2017

Mar 28, 2017

Feb 14, 2017

Looking for more? Browse all our products here