Computer Security:
Compliance With Security Plan Requirements of the Computer Security Act
IMTEC-89-55: Published: Jun 21, 1989. Publicly Released: Jun 21, 1989.
Additional Materials:
- Full Report:
Contact:
Pursuant to a congressional request, GAO determined federal agencies' compliance with a legislative requirement to submit security plans for their computers containing sensitive information to the National Institute of Standards and Technology and the National Security Agency.
GAO found that: (1) the Computer Security Act of 1987 required agencies to establish and submit their computer security plans by January 8, 1989; (2) 50 of 85 surveyed agencies submitted all of their security plans, and 11 agencies submitted some of their security plans by the deadline; (3) 17 agencies reported that they had no computer systems that processed sensitive information; (4) five agencies did not submit security plans, with one citing its exemption from the act, three stating that they would submit plans later in 1989, and one not projecting when it would submit plans; (5) the agencies submitted a total of 1,592 plans; (6) most of the agencies submitting plans involved senior information resource managers, other senior managers, and system users in preparing and reviewing plans; (7) the submitted computer security plans generally were consistent with agency procedures and directives; and (8) agencies submitting plans typically used criteria based on Office of Management and Budget computer security plan guidance, as well as other criteria, to assess risks and develop protection requirements.
Oct 9, 2020
-
Aviation Cybersecurity:
FAA Should Fully Implement Key Practices to Strengthen Its Oversight of Avionics RisksGAO-21-86: Published: Oct 9, 2020. Publicly Released: Oct 9, 2020.
Sep 22, 2020
-
Cybersecurity:
Clarity of Leadership Urgently Needed to Fully Implement the National StrategyGAO-20-629: Published: Sep 22, 2020. Publicly Released: Sep 22, 2020.
Sep 21, 2020
-
Information Security and Privacy:
HUD Needs a Major Effort to Protect Data Shared with External EntitiesGAO-20-431: Published: Sep 21, 2020. Publicly Released: Sep 21, 2020.
Sep 17, 2020
-
Critical Infrastructure Protection:
Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation EffortsGAO-20-631: Published: Sep 17, 2020. Publicly Released: Sep 17, 2020.
Sep 16, 2020
-
Veterans Affairs:
VA Needs to Address Persistent IT Modernization and Cybersecurity ChallengesGAO-20-719T: Published: Sep 16, 2020. Publicly Released: Sep 16, 2020.
Aug 18, 2020
-
Cybersecurity:
DHS and Selected Agencies Need to Address Shortcomings in Implementation of Network Monitoring ProgramGAO-20-598: Published: Aug 18, 2020. Publicly Released: Aug 18, 2020.
May 27, 2020
-
Cybersecurity:
Selected Federal Agencies Need to Coordinate on Requirements and Assessments of StatesGAO-20-123: Published: May 27, 2020. Publicly Released: May 27, 2020.
May 13, 2020
-
Management Report:
Improvements Are Needed to Enhance the Internal Revenue Service's Information System Security ControlsGAO-20-411R: Published: May 13, 2020. Publicly Released: May 13, 2020.
Apr 24, 2020
-
Information Security:
FCC Made Significant Progress, but Needs to Address Remaining Control Deficiencies and Improve Its ProgramGAO-20-265: Published: Mar 25, 2020. Publicly Released: Apr 24, 2020.
Apr 13, 2020
-
Cybersecurity:
DOD Needs to Take Decisive Actions to Improve Cyber HygieneGAO-20-241: Published: Apr 13, 2020. Publicly Released: Apr 13, 2020.
Looking for more? Browse all our products here