Information Security:
Weaknesses at 22 Agencies
AIMD-00-32R: Published: Nov 10, 1999. Publicly Released: Nov 10, 1999.
Additional Materials:
- Full Report:
Contact:
(202) 512-4841
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a congressional request, GAO reviewed computer security weaknesses within 22 federal agencies' operations.
GAO noted that: (1) the Department of Agriculture's National Finance Center had serious access control weaknesses that affected its ability to prevent or detect unauthorized changes to payroll and other payment data or computer software; (2) the Department of Commerce Inspector General (IG) reported weaknesses in the Department's information system controls; (3) the Department of Defense (DOD) information security continue to provide both hackers and hundreds of thousands of authorized users the opportunity to modify, steal, inappropriately disclose, and destroy sensitive DOD data; (4) the Department of Education IG reported that improvements were required in security over financial systems and in disaster recovery capabilities; (5) the Department of Energy recognized the need to improve unclassified computer security, noting the apparent increase in system and network vulnerabilities at the department; (6) the Environmental Protection Agency IG reported weaknesses in critical mainframe operating system software controls; (7) as part of its audit of the Federal Emergency Management Agency's financial statements, an independent accounting firm reported information system security and access control deficiencies; (8) an independent firm recommended that the General Services Administration: (a) strengthen logical and physical access controls over its information technology environment; and (b) apply security policies and procedures uniformly across service lines; (9) the Department of Health and Human Services IG reported serious control weaknesses associated with the Department's Health Care Financing Administration computers; (10) the Department of Housing and Urban Development (HUD) IG reported the need for improvements related to general system security, administration of personnel security operations, and access controls over HUD's two major payment systems; (11) the Department of the Interior IG reported general control weaknesses at the Bureau of Indian Affairs and the U.S. Geological Survey; (12) the Department of the Justice IG reported that improvements were needed in general controls at the department's data centers and component financial management systems; and (13) the Department of Labor IG reported weaknesses associated with security, access controls, and application software development and change control.
Oct 9, 2020
Aviation Cybersecurity:
FAA Should Fully Implement Key Practices to Strengthen Its Oversight of Avionics RisksGAO-21-86: Published: Oct 9, 2020. Publicly Released: Oct 9, 2020.
Sep 22, 2020
-
Cybersecurity:
Clarity of Leadership Urgently Needed to Fully Implement the National StrategyGAO-20-629: Published: Sep 22, 2020. Publicly Released: Sep 22, 2020.
Sep 21, 2020
-
Information Security and Privacy:
HUD Needs a Major Effort to Protect Data Shared with External EntitiesGAO-20-431: Published: Sep 21, 2020. Publicly Released: Sep 21, 2020.
Sep 17, 2020
-
Critical Infrastructure Protection:
Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation EffortsGAO-20-631: Published: Sep 17, 2020. Publicly Released: Sep 17, 2020.
Sep 16, 2020
-
Veterans Affairs:
VA Needs to Address Persistent IT Modernization and Cybersecurity ChallengesGAO-20-719T: Published: Sep 16, 2020. Publicly Released: Sep 16, 2020.
Aug 18, 2020
-
Cybersecurity:
DHS and Selected Agencies Need to Address Shortcomings in Implementation of Network Monitoring ProgramGAO-20-598: Published: Aug 18, 2020. Publicly Released: Aug 18, 2020.
May 27, 2020
-
Cybersecurity:
Selected Federal Agencies Need to Coordinate on Requirements and Assessments of StatesGAO-20-123: Published: May 27, 2020. Publicly Released: May 27, 2020.
May 13, 2020
-
Management Report:
Improvements Are Needed to Enhance the Internal Revenue Service's Information System Security ControlsGAO-20-411R: Published: May 13, 2020. Publicly Released: May 13, 2020.
Apr 24, 2020
-
Information Security:
FCC Made Significant Progress, but Needs to Address Remaining Control Deficiencies and Improve Its ProgramGAO-20-265: Published: Mar 25, 2020. Publicly Released: Apr 24, 2020.
Apr 13, 2020
-
Cybersecurity:
DOD Needs to Take Decisive Actions to Improve Cyber HygieneGAO-20-241: Published: Apr 13, 2020. Publicly Released: Apr 13, 2020.
Looking for more? Browse all our products here
Explore our Key Issues on Information Security
Explore our other Key Issues here
