Information Security:

Comments on the Proposed Federal Information Security Management Act of 2002

GAO-02-677T: Published: May 2, 2002. Publicly Released: May 2, 2002.

Additional Materials:


Robert F. Dacey
(202) 512-3317


Office of Public Affairs
(202) 512-4800

The Federal Information Security Management Act of 2002 reauthorizes and expands the information security, evaluation, and reporting requirements enacted in the National Defense Authorization Act for Fiscal Year 2001. Concerned that pervasive information security weaknesses place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosures of sensitive information, Congress enacted the Government Security Reform Act (GISRA) for more effective oversight. The Federal Information Security Management Act also changes and clarifies information security issues noted in the first-year implementation of GISRA. In particular, the bill requires the development, promulgation of, and compliance with minimum mandatory management controls for securing information and information systems; requires annual agency reporting to both the Office of Management and Budget and the Comptroller General; and defines the evaluation responsibilities for national security systems. To ensure that information security receives appropriate attention and resources and that known deficiencies are addressed, it will be necessary to delineate the roles and responsibilities of the numerous entities involved; obtain adequate technical expertise to select, implement, and maintain controls; and allocate enough agency resources for information security.

Oct 9, 2020

Sep 22, 2020

Sep 21, 2020

Sep 17, 2020

Sep 16, 2020

Aug 18, 2020

May 27, 2020

May 13, 2020

Apr 24, 2020

Apr 13, 2020

Looking for more? Browse all our products here