Federal Information Security:
Actions Needed to Address Widespread Weaknesses
T-AIMD-00-135, Mar 29, 2000
Pursuant to a congressional request, GAO discussed federal information security, focusing on actions federal agencies can take immediately to strengthen their security programs as well as other actions required to make more fundamental and long-term improvements.
GAO noted that: (1) federal agencies can act immediately to address federal information security weaknesses and reduce the related risks; (2) specifically, they can: (a) increase awareness; (b) ensure that existing controls are operating effectively; (c) ensure that software patches are up-to-date; (d) use automated scanning and testing tools to quickly identify problems; (e) propagate their best practices; and (f) ensure that their most common vulnerabilities are addressed; (3) none of these actions alone will ensure good security; (4) however, they take advantage of readily available information and tools and, thus, do not involve significant new resources; and (5) as a result, they are steps that can be made without delay.