Information Security: Further Efforts Needed to Address Serious Weaknesses to USDA
GAO-04-154
Published: Jan 30, 2004. Publicly Released: Mar 01, 2004.
Skip to Highlights
Highlights
The U.S. Department of Agriculture (USDA) performs critical missions that enhance the quality of life for the American people, relying on automated systems and networks to deliver billions of dollars in programs to its customers; process and communicate sensitive payroll, financial, and market data; and maintain personal customer information. Interruptions in USDA's ability to fulfill its missions could have a significant adverse impact on the nation's food and agricultural production. In addition, securing sensitive information is critical to USDA's efforts to maintain public confidence in the department. GAO was asked to evaluate the effectiveness of USDA's information security controls.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Agriculture | To establish effective information security, the Secretary of Agriculture should direct the CIO to fully implement a comprehensive security management program. Specifically, this would include (1) ensuring that security management positions have the authority and cooperation of agency management to effectively implement and manage security programs, (2) completing periodic risk assessments for systems, (3) completing information security plans and establishing policies and procedures on the basis of identified risks, (4) ensuring that employees complete security awareness training, (5) implementing ongoing tests and evaluations of controls, (6) completing system certifications and accreditations, and (7) developing corrective action plans that clearly tie to identified weaknesses. |
Closed – Implemented
In fiscal year 2008 GAO verified, that in response to our recommendation, USDA published various departmental manuals and directives to aid in implementing a comprehensive security management program. Also, as part of the department's Federal Information Security Management Act compliance program all USDA agencies are required to complete self-assessments using NIST guidance.
|
Full Report
GAO Contacts
Office of Public Affairs
Topics
Access controlAgency missionsAutomated security systemsComputer networksComputer securityInformation resources managementInformation securityInformation systemsInternal controlsStrategic planningSystem software