Computer Security:

Governmentwide Planning Process Had Limited Impact

IMTEC-90-48: Published: May 10, 1990. Publicly Released: May 10, 1990.

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed the governmentwide computer security planning and review process that the Computer Security Act of 1987 required, focusing on: (1) 10 civilian agencies' planning processes and implementation of planned controls in 22 selected plans; and (2) the National Institute of Standards and Technology's (NIST) and the National Security Agency's (NSA) review of plans.

GAO found that: (1) governmentwide planning and review processes did little to strengthen computer security; (2) agency officials believed that the planning and review process merely heightened managerial awareness of computer security; (3) agencies experienced problems in the design and implementation of the planning process, due to a lack of information, guidance, and resources; (4) agencies made little progress in implementing planned controls, mainly because of budget constraints and inadequate management support; and (5) in January 1990, NIST, NSA, and the Office of Management and Budget issued draft security planning guidance aimed at improving governmentwide computer security.

Apr 17, 2014

Apr 2, 2014

Jan 28, 2014

Jan 8, 2014

Sep 26, 2013

Feb 20, 2013

Feb 1, 2013

Sep 27, 2012

Sep 18, 2012

Jul 17, 2012

Looking for more? Browse all our products here