Agencies Reported Having Implemented Most System Security Controls
IMTEC-92-45, Apr 30, 1992
Pursuant to a congressional request, GAO reviewed 12 federal agencies' implementation of security controls for their computer systems containing sensitive information, focusing on their security plans and supporting documentation.
GAO found that, as of January 1992, the agencies: (1) had implemented about 88 percent of planned controls for 27 systems; and (2) reported that 44 planned security controls remained for implementation, and attributed implementation delays to system changes that could affect security controls, security control improvements, and systems in early development stages. GAO also found that: (1) agency officials frequently cited increased management awareness of computer security as a benefit of the planning process; and (2) agencies' preparations for site visits from the Office of Management and Budget, National Institute of Standards, and National Security Agency also increased senior-level management awareness.