Justice and Law Enforcement:

Justice's Weak ADP Security Compromises Sensitive Data

T-IMTEC-91-6: Published: Mar 21, 1991. Publicly Released: Mar 21, 1991.

Additional Materials:

Contact:

Howard G. Rhile, Jr
(202) 512-6418
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO discussed the Department of Justice's (DOJ): (1) recent sale of surplus computer equipment that was later found to have highly sensitive data; and (2) continuing exposure to similar breaches of security. GAO noted that DOJ: (1) showed patterns of neglect and inattention in ensuring information security nationwide; (2) was unable to provide it with such basic factual information as the total number of employees in the U.S. Attorneys' Offices nationwide; and (3) could not be trusted to safely secure sensitive data.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: DOJ reports that it identified all excessed, lost, and stolen storage media and no damage was ascertained. Departmental and component procedures for disposal of magnetic media were reviewed and updated as needed.

    Recommendation: Because of the seriousness of this situation and the possibility of loss of life, the Attorney General should immediately identify all computer equipment designated surplus by DOJ components and determine whether it contained sensitive data.

    Agency Affected: Department of Justice

  2. Status: Closed - Implemented

    Comments: DOJ reports that it identified all excessed, lost, and stolen storage media and no damage was ascertained.

    Recommendation: Because of the seriousness of this situation and the possibility of loss of life, the Attorney General should immediately ensure that every DOJ component that may have compromised sensitive data immediately prepare a damage assessment of the impact of the compromise on carrying out its mission and on the identity of such people as witnesses, confidential informants, and undercover agents.

    Agency Affected: Department of Justice

  3. Status: Closed - Implemented

    Comments: In his 1991 Internal Control Report dated December 28, 1991, the Attorney General designated automatic data processing security as a material weakness under FMFIA and a high-risk area.

    Recommendation: The Attorney General should report the compromise of sensitive data and various security deficiencies as a material internal control weakness under the Federal Managers' Financial Integrity Act (FMFIA), and discuss the actions that will be taken to correct these weaknesses.

    Agency Affected: Department of Justice

  4. Status: Closed - Implemented

    Comments: OMB is designating computer security at DOJ as a high-risk area.

    Recommendation: The Director, Office of Management and Budget (OMB), should designate computer security at DOJ as a high-risk area.

    Agency Affected: Executive Office of the President: Office of Management and Budget

 

Explore the full database of GAO's Open Recommendations »

Oct 10, 2014

Sep 30, 2014

Sep 22, 2014

Jul 9, 2014

May 14, 2014

Apr 30, 2014

Mar 26, 2014

Jan 13, 2014

Dec 9, 2013

Dec 6, 2013

Looking for more? Browse all our products here