Automated Systems Security--Federal Agencies Should Strengthen Safeguards Over Personal and Other Sensitive Data

LCD-78-123: Published: Jan 23, 1979. Publicly Released: Jan 23, 1979.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO surveyed selected agencies in 1977 because of the generally high level of congressional interest in federal information policies following the enactment of the Privacy Act and the Freedom of Information Act Amendments in 1974. Subsequently, GAO was specifically requested to examine and report on the status and effectiveness of major computer security programs.

At a time when increasing reliance is placed on computers and rapidly advancing ADP technology, security procedures for systems processing personal and other sensitive data generally were inadequate. The agencies: (1) lacked comprehensive computer security programs and technical, administrative, and physical safeguards; (2) did not place the computer security functions at a sufficiently high level, with independence from operating functions, to preclude preemption by operational priorities; (3) did not understand and employ risk management techniques for economic selection of safeguards; (4) did not take advantage of the technical guidance provided by the National Bureau of Standards; and (5) did not effectively use their internal audit resources.

Recommendation for Executive Action

  1. Status: Closed

    Comments: Please call 202/512-6100 for additional information.

    Recommendation: All agencies should strengthen their computer data security and integrity. Computer security programs should be comprehensive. Agencies should establish a computer security administration function with independence from computer operations. Programs should provide for feedback for management control, both in routine monitoring and reporting and in independent internal audits. Risks management should be provided for and should be on the perspective of the total data systems. Security planning should anticipate training needs, particularly for risk management.

    Agency Affected:

 

Explore the full database of GAO's Open Recommendations »

Sep 29, 2016

Sep 26, 2016

Sep 15, 2016

Sep 14, 2016

Sep 8, 2016

Jun 29, 2016

Jun 22, 2016

Jun 10, 2016

Jun 9, 2016

Jun 2, 2016

Looking for more? Browse all our products here