Status of Compliance With the Computer Security Act of 1987

T-IMTEC-89-1: Published: Mar 21, 1989. Publicly Released: Mar 21, 1989.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO discussed federal agencies' compliance with the Computer Security Act of 1987. GAO found that: (1) 45 agencies had training programs for their employees, 19 planned to develop training programs, 2 were unsure of when they would start training, 15 agencies had no computer systems with sensitive information, 3 agencies responded late to a GAO questionnaire, and 1 agency did not respond; (2) 31 of 45 agencies with training programs had 190 classroom courses or modules, while 35 had nonclassroom training activities; (3) most of the agencies were satisfied with the National Institute of Standards and Technology's (NIST) guidelines and the Office of Personnel Management's (OPM) training regulations; (4) 42 agencies timely submitted their security plans to NIST, 14 did not meet the deadline but planned to comply with the act's requirements, and 12 agencies indicated that they did not have sensitive systems; and (5) 48 agencies submitted 1,172 security plans for 2,245 systems, 11 agencies submitted plans for systems operated by other agencies, 16 agencies developed 184 plans for 228 systems operated by contractors, and 1 agency reported a plan for a state and local government system. GAO also: (1) developed security plans within the required time frame; (2) submitted five plans for its systems, four plans for systems operated by other agencies, and two plans for contractor-operated systems; and (3) was satisfied with Office of Management and Budget guidance on security plan development.

Sep 20, 2016

Sep 15, 2016

Jun 29, 2016

Jun 21, 2016

Apr 28, 2016

Apr 14, 2016

Apr 12, 2016

Mar 23, 2016

Dec 17, 2015

Nov 17, 2015

Looking for more? Browse all our products here