Comments on Proposed Government Information Act of 1999
T-AIMD-00-107: Published: Mar 2, 2000. Publicly Released: Mar 2, 2000.
Pursuant to a congressional request, GAO discussed S. 1993, the Government Information Security Act of 1999 and its impact on strengthening the information security practices throughout the federal government, focusing on: (1) potential improvements in federal agency performance in addressing computer security issues; (2) the need for better-defined control standards; and (3) centralized leadership.
GAO noted that: (1) the nation's computer-based infrastructures are at increasing risk of severe disruption; (2) the dramatic increase of computer interconnectivity has provided pathways among systems that can be used to gain unauthorized access to data and operations from remote locations; (3) government officials are increasingly worried about attacks from individuals and groups with malicious intentions, such as terrorists and nations engaging in information warfare; (4) S. 1993 provides opportunities to address this problem; (5) it updates the legal framework that supports federal information security requirements and addresses widespread federal information security weaknesses; (6) the bill provides for a risk-based approach to information security and independent annual audits of security controls; and (7) it approaches security from a governmentwide perspective, taking steps to accommodate the significantly varying information security needs of both national security and civilian agency operations.