Computer Security:

Compliance With Training Requirements of the Computer Security Act of 1987

IMTEC-89-16BR: Published: Feb 22, 1989. Publicly Released: Feb 22, 1989.

Additional Materials:


Office of Public Affairs
(202) 512-4800

Pursuant to a congressional request, GAO assessed federal agencies' compliance with the Computer Security Act's requirement that agencies with computer systems containing sensitive information initiate training programs within 60 days after the Office of Personnel Management (OPM) issued a computer security training regulation.

GAO found that: (1) OPM issued an interim training regulation in July 1988; (2) 81 of 85 agencies responded to its September 1988 questionnaire about computer security training programs; (3) 45 agencies implemented programs, offering a total of 190 training courses and 114 computer security training activities; (4) 19 agencies had not implemented programs, but reported plans to start them between November 1988 and April 1989; (5) two agencies without programs did not report their program implementation dates; (6) 15 agencies reported that they did not have any sensitive computer systems; (7) most of the agencies reported that their training programs followed the National Institute for Standards and Technology's (NIST) draft training regulations and the OPM training regulation, with the remaining agencies reporting that the agency head had approved their alternative programs; (8) most agencies were satisfied with both NIST draft training guidelines and the OPM training regulation; and (9) some of the programs lacked courses covering computer security life-cycle management or targeting senior management.

Sep 17, 2018

Sep 7, 2018

Sep 6, 2018

Jul 31, 2018

Jul 25, 2018

Jul 12, 2018

Jun 14, 2018

May 14, 2018

Apr 24, 2018

Mar 7, 2018

Looking for more? Browse all our products here