Computer Security:

Compliance With Security Plan Requirements of the Computer Security Act

IMTEC-89-55: Published: Jun 21, 1989. Publicly Released: Jun 21, 1989.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO determined federal agencies' compliance with a legislative requirement to submit security plans for their computers containing sensitive information to the National Institute of Standards and Technology and the National Security Agency.

GAO found that: (1) the Computer Security Act of 1987 required agencies to establish and submit their computer security plans by January 8, 1989; (2) 50 of 85 surveyed agencies submitted all of their security plans, and 11 agencies submitted some of their security plans by the deadline; (3) 17 agencies reported that they had no computer systems that processed sensitive information; (4) five agencies did not submit security plans, with one citing its exemption from the act, three stating that they would submit plans later in 1989, and one not projecting when it would submit plans; (5) the agencies submitted a total of 1,592 plans; (6) most of the agencies submitting plans involved senior information resource managers, other senior managers, and system users in preparing and reviewing plans; (7) the submitted computer security plans generally were consistent with agency procedures and directives; and (8) agencies submitting plans typically used criteria based on Office of Management and Budget computer security plan guidance, as well as other criteria, to assess risks and develop protection requirements.

Sep 20, 2016

Sep 15, 2016

Jun 29, 2016

Jun 21, 2016

Apr 28, 2016

Apr 14, 2016

Apr 12, 2016

Mar 23, 2016

Dec 17, 2015

Nov 17, 2015

Looking for more? Browse all our products here