Information Security:
Key Considerations Related to Federal Implementation of Radio Frequency Identification Technology
GAO-05-849T: Published: Jun 22, 2005. Publicly Released: Jun 22, 2005.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Text:
Contact:
(202) 512-6244
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Radio frequency identification (RFID) is an automated data-capture technology that can be used to electronically identify, track, and store information contained on a tag that is attached to or embedded in an object, such as a product, case, or pallet. Federal agencies have begun implementation of RFID technology, which can offer them new capabilities and efficiencies in operations. For example, the State Department has reported plans to use RFID technology in its electronic passports. The reduced cost of the technology has made the wide-scale use of it a real possibility for government and industry organizations. As requested, this testimony will provide an overview of the technology and discuss key security, privacy, and other considerations surrounding implementation of the technology in the federal government. It is based on our recently issued report (GAO-05-551).
The main technology components of an RFID system are a tag, reader, and database. A reader scans the tag for data and sends the information to a database, which stores the data contained on the tag. The use of tags and databases raises important security considerations related to the confidentiality, integrity, and availability of the data on the tags, in the databases, and in how this information is being protected. Tools and practices such as implementing the risk-based framework mandated by the Federal Information Security Management Act of 2002 and employing encryption and authentication technologies can help mitigate these security considerations. Key privacy concerns include notifying individuals of the existence or use of the technology; tracking an individual's movements; profiling an individual's habits, tastes, or predilections; and allowing for secondary uses of the information. Tools and practices can help mitigate these considerations, including existing requirements contained in legislation and proposed measures such as a deactivation mechanism on the tag, among others. In addition to security and privacy, there are other areas of consideration related to the adoption of the technology. These areas include the reliability of the tags and readers; placement and orientation of the tag; costs and benefits associated with implementation; availability of tags; and environmental issues, such as the reuse and recycling of tags.
Dec 20, 2018
-
Information Security:
Significant Progress Made, but CDC Needs to Take Further Action to Resolve Control Deficiencies and Improve Its ProgramGAO-19-70: Published: Dec 20, 2018. Publicly Released: Dec 20, 2018.
Dec 18, 2018
-
Information Security:
Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against IntrusionsGAO-19-105: Published: Dec 18, 2018. Publicly Released: Dec 18, 2018.
Dec 6, 2018
-
Cybersecurity:
Federal Agencies Met Legislative Requirements for Protecting Privacy When Sharing Threat InformationGAO-19-114R: Published: Dec 6, 2018. Publicly Released: Dec 6, 2018.
Nov 13, 2018
-
Information Security:
OPM Has Implemented Many of GAO's 80 Recommendations, but Over One-Third Remain OpenGAO-19-143R: Published: Nov 13, 2018. Publicly Released: Nov 13, 2018.
Sep 17, 2018
-
Cybersecurity:
Office of Federal Student Aid Should Take Additional Steps to Oversee Non-School Partners' Protection of Borrower InformationGAO-18-518: Published: Sep 17, 2018. Publicly Released: Sep 17, 2018.
Sep 7, 2018
-
Data Protection:
Actions Taken by Equifax and Federal Agencies in Response to the 2017 BreachGAO-18-559: Published: Aug 30, 2018. Publicly Released: Sep 7, 2018.
Sep 6, 2018
-
High-Risk Series:
Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the NationGAO-18-622: Published: Sep 6, 2018. Publicly Released: Sep 6, 2018.
Jul 31, 2018
-
Information Security:
IRS Needs to Rectify Control Deficiencies That Limit Its Effectiveness in Protecting Sensitive Financial and Taxpayer DataGAO-18-391: Published: Jul 31, 2018. Publicly Released: Jul 31, 2018.
Jul 25, 2018
-
High-Risk Series:
Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the NationGAO-18-645T: Published: Jul 25, 2018. Publicly Released: Jul 25, 2018.
Jul 12, 2018
-
Information Security:
Supply Chain Risks Affecting Federal AgenciesGAO-18-667T: Published: Jul 12, 2018. Publicly Released: Jul 12, 2018.
Looking for more? Browse all our products here