Computer Security:

Governmentwide Planning Process Had Limited Impact

IMTEC-90-48: Published: May 10, 1990. Publicly Released: May 10, 1990.

Additional Materials:


Office of Public Affairs
(202) 512-4800

Pursuant to a congressional request, GAO reviewed the governmentwide computer security planning and review process that the Computer Security Act of 1987 required, focusing on: (1) 10 civilian agencies' planning processes and implementation of planned controls in 22 selected plans; and (2) the National Institute of Standards and Technology's (NIST) and the National Security Agency's (NSA) review of plans.

GAO found that: (1) governmentwide planning and review processes did little to strengthen computer security; (2) agency officials believed that the planning and review process merely heightened managerial awareness of computer security; (3) agencies experienced problems in the design and implementation of the planning process, due to a lack of information, guidance, and resources; (4) agencies made little progress in implementing planned controls, mainly because of budget constraints and inadequate management support; and (5) in January 1990, NIST, NSA, and the Office of Management and Budget issued draft security planning guidance aimed at improving governmentwide computer security.

Sep 17, 2018

Sep 7, 2018

Sep 6, 2018

Jul 31, 2018

Jul 25, 2018

Jul 12, 2018

Jun 14, 2018

May 14, 2018

Apr 24, 2018

Mar 7, 2018

Looking for more? Browse all our products here