Information Security:

Serious Questions Remain About Justice's Management of ADP and Computer Security

T-IMTEC-91-17: Published: Jun 27, 1991. Publicly Released: Jun 27, 1991.

Additional Materials:


Office of Public Affairs
(202) 512-4800

GAO discussed the Department of Justice's (DOJ) management of its automatic data processing (ADP) resources and its computer security. GAO noted that: (1) the actions DOJ took to address ADP management shortcomings have mainly been organizational and structural and may be insufficient to solve the pervasive problems in DOJ information resources management (IRM); (2) DOJ lacks a system that can accurately provide the total number of cases in litigation or the total number of litigation staff; (3) DOJ lacks a comprehensive IRM plan and a senior IRM official with clear authority to implement IRM decisions; and (4) DOJ acknowledged that it did not have sufficient staff with adequate technical and managerial capabilities to conduct ADP acquisitions and provide oversight. GAO also noted that: (1) DOJ did not ensure adequate protection of its computer systems containing highly sensitive data; (2) DOJ did not control access to its main data center or position guards to adequately protect and survey the facility; (3) DOJ disposed of excess computer equipment which was later discovered to contain highly sensitive data; (4) to improve computer system security, DOJ established a more active leadership role for security staff, planned a major security upgrade of its data center, and increased security awareness training; and (5) DOJ did not develop security plans or conduct risk analyses for its planned Enhanced Automation for the Government Legal Environment network of computer systems, intended to hold highly sensitive law enforcement information.

Mar 2, 2015

Nov 18, 2014

Nov 17, 2014

Sep 18, 2014

Sep 16, 2014

Sep 8, 2014

Jul 17, 2014

Jun 25, 2014

May 30, 2014

Apr 17, 2014

Looking for more? Browse all our products here