Information Security:
Weaknesses at 22 Agencies
AIMD-00-32R: Published: Nov 10, 1999. Publicly Released: Nov 10, 1999.
Additional Materials:
- Full Report:
Contact:
(202) 512-4841
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a congressional request, GAO reviewed computer security weaknesses within 22 federal agencies' operations.
GAO noted that: (1) the Department of Agriculture's National Finance Center had serious access control weaknesses that affected its ability to prevent or detect unauthorized changes to payroll and other payment data or computer software; (2) the Department of Commerce Inspector General (IG) reported weaknesses in the Department's information system controls; (3) the Department of Defense (DOD) information security continue to provide both hackers and hundreds of thousands of authorized users the opportunity to modify, steal, inappropriately disclose, and destroy sensitive DOD data; (4) the Department of Education IG reported that improvements were required in security over financial systems and in disaster recovery capabilities; (5) the Department of Energy recognized the need to improve unclassified computer security, noting the apparent increase in system and network vulnerabilities at the department; (6) the Environmental Protection Agency IG reported weaknesses in critical mainframe operating system software controls; (7) as part of its audit of the Federal Emergency Management Agency's financial statements, an independent accounting firm reported information system security and access control deficiencies; (8) an independent firm recommended that the General Services Administration: (a) strengthen logical and physical access controls over its information technology environment; and (b) apply security policies and procedures uniformly across service lines; (9) the Department of Health and Human Services IG reported serious control weaknesses associated with the Department's Health Care Financing Administration computers; (10) the Department of Housing and Urban Development (HUD) IG reported the need for improvements related to general system security, administration of personnel security operations, and access controls over HUD's two major payment systems; (11) the Department of the Interior IG reported general control weaknesses at the Bureau of Indian Affairs and the U.S. Geological Survey; (12) the Department of the Justice IG reported that improvements were needed in general controls at the department's data centers and component financial management systems; and (13) the Department of Labor IG reported weaknesses associated with security, access controls, and application software development and change control.
Jul 31, 2018
Information Security:
IRS Needs to Rectify Control Deficiencies That Limit Its Effectiveness in Protecting Sensitive Financial and Taxpayer DataGAO-18-391: Published: Jul 31, 2018. Publicly Released: Jul 31, 2018.
Jul 25, 2018
-
High-Risk Series:
Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the NationGAO-18-645T: Published: Jul 25, 2018. Publicly Released: Jul 25, 2018.
Jul 12, 2018
-
Information Security:
Supply Chain Risks Affecting Federal AgenciesGAO-18-667T: Published: Jul 12, 2018. Publicly Released: Jul 12, 2018.
Jun 14, 2018
-
Cybersecurity Workforce:
Agencies Need to Improve Baseline Assessments and Procedures for Coding PositionsGAO-18-466: Published: Jun 14, 2018. Publicly Released: Jun 14, 2018.
May 14, 2018
-
Protecting Classified Information:
Defense Security Service Should Address Challenges as New Approach Is PilotedGAO-18-407: Published: May 14, 2018. Publicly Released: May 14, 2018.
Apr 24, 2018
-
Cybersecurity:
DHS Needs to Enhance Efforts to Improve and Promote the Security of Federal and Private-Sector NetworksGAO-18-520T: Published: Apr 24, 2018. Publicly Released: Apr 24, 2018.
Mar 7, 2018
-
Cybersecurity Workforce:
DHS Needs to Take Urgent Action to Identify Its Position and Critical Skill RequirementsGAO-18-430T: Published: Mar 7, 2018. Publicly Released: Mar 7, 2018.
Feb 6, 2018
-
Cybersecurity Workforce:
Urgent Need for DHS to Take Actions to Identify Its Position and Critical Skill RequirementsGAO-18-175: Published: Feb 6, 2018. Publicly Released: Feb 6, 2018.
Sep 28, 2017
-
Federal Information Security:
Weaknesses Continue to Indicate Need for Effective Implementation of Policies and PracticesGAO-17-549: Published: Sep 28, 2017. Publicly Released: Sep 28, 2017.
Aug 3, 2017
-
Information Security:
OPM Has Improved Controls, but Further Efforts Are NeededGAO-17-614: Published: Aug 3, 2017. Publicly Released: Aug 3, 2017.
Looking for more? Browse all our products here
Explore our Key Issues on Information Security
Explore our other Key Issues here
