Computer Security:

Compliance With Training Requirements of the Computer Security Act of 1987

IMTEC-89-16BR: Published: Feb 22, 1989. Publicly Released: Feb 22, 1989.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO assessed federal agencies' compliance with the Computer Security Act's requirement that agencies with computer systems containing sensitive information initiate training programs within 60 days after the Office of Personnel Management (OPM) issued a computer security training regulation.

GAO found that: (1) OPM issued an interim training regulation in July 1988; (2) 81 of 85 agencies responded to its September 1988 questionnaire about computer security training programs; (3) 45 agencies implemented programs, offering a total of 190 training courses and 114 computer security training activities; (4) 19 agencies had not implemented programs, but reported plans to start them between November 1988 and April 1989; (5) two agencies without programs did not report their program implementation dates; (6) 15 agencies reported that they did not have any sensitive computer systems; (7) most of the agencies reported that their training programs followed the National Institute for Standards and Technology's (NIST) draft training regulations and the OPM training regulation, with the remaining agencies reporting that the agency head had approved their alternative programs; (8) most agencies were satisfied with both NIST draft training guidelines and the OPM training regulation; and (9) some of the programs lacked courses covering computer security life-cycle management or targeting senior management.

Oct 9, 2020

Sep 22, 2020

Sep 21, 2020

Sep 17, 2020

Sep 16, 2020

Aug 18, 2020

May 27, 2020

May 13, 2020

Apr 24, 2020

Apr 13, 2020

Looking for more? Browse all our products here