Computer Security:

Governmentwide Planning Process Had Limited Impact

IMTEC-90-48: Published: May 10, 1990. Publicly Released: May 10, 1990.

Additional Materials:


Office of Public Affairs
(202) 512-4800

Pursuant to a congressional request, GAO reviewed the governmentwide computer security planning and review process that the Computer Security Act of 1987 required, focusing on: (1) 10 civilian agencies' planning processes and implementation of planned controls in 22 selected plans; and (2) the National Institute of Standards and Technology's (NIST) and the National Security Agency's (NSA) review of plans.

GAO found that: (1) governmentwide planning and review processes did little to strengthen computer security; (2) agency officials believed that the planning and review process merely heightened managerial awareness of computer security; (3) agencies experienced problems in the design and implementation of the planning process, due to a lack of information, guidance, and resources; (4) agencies made little progress in implementing planned controls, mainly because of budget constraints and inadequate management support; and (5) in January 1990, NIST, NSA, and the Office of Management and Budget issued draft security planning guidance aimed at improving governmentwide computer security.

Sep 28, 2017

Aug 3, 2017

Jul 27, 2017

Jul 26, 2017

May 31, 2017

May 23, 2017

Apr 4, 2017

Mar 30, 2017

Mar 28, 2017

Feb 14, 2017

Looking for more? Browse all our products here