Information Security:
Key Considerations Related to Federal Implementation of Radio Frequency Identification Technology
GAO-05-849T: Published: Jun 22, 2005. Publicly Released: Jun 22, 2005.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Text:
Contact:
(202) 512-6244
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Radio frequency identification (RFID) is an automated data-capture technology that can be used to electronically identify, track, and store information contained on a tag that is attached to or embedded in an object, such as a product, case, or pallet. Federal agencies have begun implementation of RFID technology, which can offer them new capabilities and efficiencies in operations. For example, the State Department has reported plans to use RFID technology in its electronic passports. The reduced cost of the technology has made the wide-scale use of it a real possibility for government and industry organizations. As requested, this testimony will provide an overview of the technology and discuss key security, privacy, and other considerations surrounding implementation of the technology in the federal government. It is based on our recently issued report (GAO-05-551).
The main technology components of an RFID system are a tag, reader, and database. A reader scans the tag for data and sends the information to a database, which stores the data contained on the tag. The use of tags and databases raises important security considerations related to the confidentiality, integrity, and availability of the data on the tags, in the databases, and in how this information is being protected. Tools and practices such as implementing the risk-based framework mandated by the Federal Information Security Management Act of 2002 and employing encryption and authentication technologies can help mitigate these security considerations. Key privacy concerns include notifying individuals of the existence or use of the technology; tracking an individual's movements; profiling an individual's habits, tastes, or predilections; and allowing for secondary uses of the information. Tools and practices can help mitigate these considerations, including existing requirements contained in legislation and proposed measures such as a deactivation mechanism on the tag, among others. In addition to security and privacy, there are other areas of consideration related to the adoption of the technology. These areas include the reliability of the tags and readers; placement and orientation of the tag; costs and benefits associated with implementation; availability of tags; and environmental issues, such as the reuse and recycling of tags.
Jun 14, 2018
Cybersecurity Workforce:
Agencies Need to Improve Baseline Assessments and Procedures for Coding PositionsGAO-18-466: Published: Jun 14, 2018. Publicly Released: Jun 14, 2018.
May 14, 2018
-
Protecting Classified Information:
Defense Security Service Should Address Challenges as New Approach Is PilotedGAO-18-407: Published: May 14, 2018. Publicly Released: May 14, 2018.
Apr 24, 2018
-
Cybersecurity:
DHS Needs to Enhance Efforts to Improve and Promote the Security of Federal and Private-Sector NetworksGAO-18-520T: Published: Apr 24, 2018. Publicly Released: Apr 24, 2018.
Mar 7, 2018
-
Cybersecurity Workforce:
DHS Needs to Take Urgent Action to Identify Its Position and Critical Skill RequirementsGAO-18-430T: Published: Mar 7, 2018. Publicly Released: Mar 7, 2018.
Feb 6, 2018
-
Cybersecurity Workforce:
Urgent Need for DHS to Take Actions to Identify Its Position and Critical Skill RequirementsGAO-18-175: Published: Feb 6, 2018. Publicly Released: Feb 6, 2018.
Sep 28, 2017
-
Federal Information Security:
Weaknesses Continue to Indicate Need for Effective Implementation of Policies and PracticesGAO-17-549: Published: Sep 28, 2017. Publicly Released: Sep 28, 2017.
Aug 3, 2017
-
Information Security:
OPM Has Improved Controls, but Further Efforts Are NeededGAO-17-614: Published: Aug 3, 2017. Publicly Released: Aug 3, 2017.
Jul 27, 2017
-
Information Security:
SEC Improved Control of Financial Systems but Needs to Take Additional ActionsGAO-17-469: Published: Jul 27, 2017. Publicly Released: Jul 27, 2017.
Jul 26, 2017
-
Information Security:
Control Deficiencies Continue to Limit IRS's Effectiveness in Protecting Sensitive Financial and Taxpayer DataGAO-17-395: Published: Jul 26, 2017. Publicly Released: Jul 26, 2017.
May 31, 2017
-
Information Security:
FDIC Needs to Improve Controls over Financial Systems and InformationGAO-17-436: Published: May 31, 2017. Publicly Released: May 31, 2017.
Looking for more? Browse all our products here
Explore our Key Issues on Information Security
Explore our other Key Issues here
