Information Security:

Software Change Controls at the Department of Transportation

AIMD-00-193R: Published: Jun 30, 2000. Publicly Released: Jun 30, 2000.

Additional Materials:


Joel C. Willemssen
(202) 512-6253


Office of Public Affairs
(202) 512-4800

Pursuant to a congressional request, GAO reviewed software change controls at the Department of Transportation (DOT), focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts.

GAO noted that: (1) at DOT, GAO identified concerns in 3 control areas--formal policies and procedures, contract oversight, and awareness of contractor and foreign national personnel involvement in software change activities; (2) although DOT had established departmentwide guidance for software management, implementation was delegated to DOT components, which did not consistently apply or adopt the requirements; (3) GAO found that agency officials were not familiar with contractor practices for software management; (4) at the Bureau of Transportation Statistics (BTS), the Office of the Secretary of Transportation (OST), and the Coast Guard, data on contracts used for remediation were not readily available; (5) this is of potential concern because 171 of DOT's mission-critical federal systems covered by GAO's study involved the use of contractors for year 2000 remediation; (6) GAO determined that background screenings of personnel involved in the software change process were a routine security control for federal, contractor, and foreign national personnel involved in making changes to software; (7) however, officials at BTS, the Federal Highway Administration (FHwA), the National Highway Traffic and Safety Administration (NHTSA), and the Research and Special Programs Administration told GAO that 13 contracts for remediation services of 64 mission-critical systems did not include provisions for background checks of contractor staff; (8) officials at FHwA, the Federal Railroad Administration, NHTSA, OST, the Transportation Administrative Service Center, and Coast Guard told GAO that foreign nationals were employed on 12 of 41 contracts for remediation services; and (9) complete data on the involvement of foreign nationals in software change process activities at DOT headquarters, FHwA, OST, the Surface Transportation Board, and the Coast Guard were not readily available.

Oct 15, 2020

Oct 9, 2020

Sep 22, 2020

Sep 21, 2020

Sep 17, 2020

Sep 16, 2020

Aug 18, 2020

May 27, 2020

May 13, 2020

Apr 24, 2020

Looking for more? Browse all our products here