Impact of the Governmentwide Computer Security Planning and Review Process

T-IMTEC-90-11 Published: Jul 10, 1990. Publicly Released: Jul 10, 1990.

Highlights

GAO discussed the governmentwide computer security planning and review process implemented under the Computer Security Act of 1987. GAO found that: (1) agency plans developed under the act are reporting requirements, rather than tools for managing agency security programs; and (2) National Institute of Standards and Technology and National Security Agency review comments on agency plans were general and of limited use with regard to specific computer security problems. GAO believes that the planning and review process has little impact on agency computer security programs.

Full Report

Full Report (7 pages)

Office of Public Affairs

Chuck Young

Managing Director

youngc1@gao.gov

(202) 512-4800

Topics

Information Security

Computer securityFederal agenciesInformation disclosureInformation systemsInteragency relationsInternal controlsStandards evaluationSensitive informationInformation managementTechnical assistance