Information Security:

Comments on the Proposed Federal Information Security Management Act of 2002

GAO-02-677T: Published: May 2, 2002. Publicly Released: May 2, 2002.

Additional Materials:


Robert F. Dacey
(202) 512-3317


Office of Public Affairs
(202) 512-4800

The Federal Information Security Management Act of 2002 reauthorizes and expands the information security, evaluation, and reporting requirements enacted in the National Defense Authorization Act for Fiscal Year 2001. Concerned that pervasive information security weaknesses place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosures of sensitive information, Congress enacted the Government Security Reform Act (GISRA) for more effective oversight. The Federal Information Security Management Act also changes and clarifies information security issues noted in the first-year implementation of GISRA. In particular, the bill requires the development, promulgation of, and compliance with minimum mandatory management controls for securing information and information systems; requires annual agency reporting to both the Office of Management and Budget and the Comptroller General; and defines the evaluation responsibilities for national security systems. To ensure that information security receives appropriate attention and resources and that known deficiencies are addressed, it will be necessary to delineate the roles and responsibilities of the numerous entities involved; obtain adequate technical expertise to select, implement, and maintain controls; and allocate enough agency resources for information security.

Mar 7, 2018

Feb 6, 2018

Sep 28, 2017

Aug 3, 2017

Jul 27, 2017

Jul 26, 2017

May 31, 2017

May 23, 2017

Apr 4, 2017

Mar 30, 2017

Looking for more? Browse all our products here