Computer Security:

Compliance With Security Plan Requirements of the Computer Security Act

IMTEC-89-55: Published: Jun 21, 1989. Publicly Released: Jun 21, 1989.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO determined federal agencies' compliance with a legislative requirement to submit security plans for their computers containing sensitive information to the National Institute of Standards and Technology and the National Security Agency.

GAO found that: (1) the Computer Security Act of 1987 required agencies to establish and submit their computer security plans by January 8, 1989; (2) 50 of 85 surveyed agencies submitted all of their security plans, and 11 agencies submitted some of their security plans by the deadline; (3) 17 agencies reported that they had no computer systems that processed sensitive information; (4) five agencies did not submit security plans, with one citing its exemption from the act, three stating that they would submit plans later in 1989, and one not projecting when it would submit plans; (5) the agencies submitted a total of 1,592 plans; (6) most of the agencies submitting plans involved senior information resource managers, other senior managers, and system users in preparing and reviewing plans; (7) the submitted computer security plans generally were consistent with agency procedures and directives; and (8) agencies submitting plans typically used criteria based on Office of Management and Budget computer security plan guidance, as well as other criteria, to assess risks and develop protection requirements.

Sep 28, 2017

Aug 3, 2017

Jul 27, 2017

Jul 26, 2017

May 31, 2017

May 23, 2017

Apr 4, 2017

Mar 30, 2017

Mar 28, 2017

Feb 14, 2017

Looking for more? Browse all our products here