GAO’s Information Technology Team

[The IT mission team changed its name to Information Technology and Cybersecurity (ITC) in early 2019 to reflect its expanded body of work. Please see our updated blog post to learn more about the ITC team.] GAO’s workforce is organized largely by subject area, with most employees working in 1 of 14 mission teams. Today we’ll be putting the spotlight on the Information Technology (IT) team, which helps the government respond to the challenges of managing the more than $80 billion spent on federal IT every year. These challenges include the effective collection, use, and dissemination of information, as well as securing information and cyber assets. Reports IT team reports cover five issue areas:

1. Information Management: Recent work in this area includes reports related to the management of federal records, geospatial data, and Freedom of Information Act requests.

2. Strategic IT Management: Recent reports in this area address electronic health records development, as well as government-wide IT reform initiatives, such as IT Dashboard, TechStat sessions, and PortfolioStat.

3. System Acquisition, Development, and Integration: In this area, recent work includes reports on major IT acquisitions, such as business systems modernization efforts, weather satellites, border security enforcement systems, and defense automated information systems.

4. Operational System Management: Our work in this area focuses on topics like data center consolidation, telecommunications, and maintaining legacy IT systems.

5. Cybersecurity and Privacy: Recent reports in this area include topics like agencies’ implementation of federal information security laws, critical infrastructure protection, and prescription drug data.

Impact In fiscal year 2013, the IT team’s work identified $3.5 billion in financial benefits for the federal government as well as other efficiencies. Directors from the IT team testified at 10 congressional hearings and contributed to 16 other hearings. A Closer Look at an IT team report: Agency Responses to Data Breaches The term “data breach” generally refers to the unauthorized or unintentional exposure, disclosure, or loss of sensitive information. A data breach can leave individuals vulnerable to identity theft or other fraudulent activity. Although federal agencies have taken steps to protect personally identifiable information (PII), breaches continue to occur on a regular basis.

Excerpted from GAO-14-34

We found that eight selected federal agencies generally developed but inconsistently implemented policies and procedures for responding to data breaches involving PII. As a result, these agencies may not be taking consistent actions to limit the risk to individuals whose PII may have been compromised. Therefore, we recommended that the Office of Management and Budget update its guidance on how federal agencies should respond to data breaches. Specifically, we suggested adding:

• guidance on notifying affected individuals based on their level of risk;
• criteria for determining whether to offer assistance such as credit monitoring; and
• revised reporting requirements with improved time frames.

We also made documentation, risk assessment, and evaluation recommendations to the specific agencies to help them improve their responses to data breaches involving PII.

---

• Questions on the content of this post? Contact the Managing Director of the IT team, Valerie Melvin, at melvinv@gao.gov. 
• Comments on GAO’s WatchBlog? Contact blog@gao.gov.