Automated Systems Security--Federal Agencies Should Strengthen Safeguards Over Personal and Other Sensitive Data
LCD-78-123: Published: Jan 23, 1979. Publicly Released: Jan 23, 1979.
Additional Materials:
- Full Report:
Contact:
GAO surveyed selected agencies in 1977 because of the generally high level of congressional interest in federal information policies following the enactment of the Privacy Act and the Freedom of Information Act Amendments in 1974. Subsequently, GAO was specifically requested to examine and report on the status and effectiveness of major computer security programs.
At a time when increasing reliance is placed on computers and rapidly advancing ADP technology, security procedures for systems processing personal and other sensitive data generally were inadequate. The agencies: (1) lacked comprehensive computer security programs and technical, administrative, and physical safeguards; (2) did not place the computer security functions at a sufficiently high level, with independence from operating functions, to preclude preemption by operational priorities; (3) did not understand and employ risk management techniques for economic selection of safeguards; (4) did not take advantage of the technical guidance provided by the National Bureau of Standards; and (5) did not effectively use their internal audit resources.
Recommendation for Executive Action
Status: Closed
Comments: Please call 202/512-6100 for additional information.
Recommendation: All agencies should strengthen their computer data security and integrity. Computer security programs should be comprehensive. Agencies should establish a computer security administration function with independence from computer operations. Programs should provide for feedback for management control, both in routine monitoring and reporting and in independent internal audits. Risks management should be provided for and should be on the perspective of the total data systems. Security planning should anticipate training needs, particularly for risk management.
Agency Affected:
Explore the full database of GAO's Open Recommendations
»
Explore the full database of GAO's Open Recommendations
Mar 14, 2018
Information Technology:
Further Implementation of Recommendations Is Needed to Better Manage Acquisitions and OperationsGAO-18-460T: Published: Mar 14, 2018. Publicly Released: Mar 14, 2018.
Jan 30, 2018
-
Coast Guard Health Records:
Timely Acquisition of New System Is Critical to Overcoming Challenges with Paper ProcessGAO-18-363T: Published: Jan 30, 2018. Publicly Released: Jan 30, 2018.
Jan 10, 2018
-
Information Technology:
Agencies Need to Involve Chief Information Officers in Reviewing Billions of Dollars in AcquisitionsGAO-18-42: Published: Jan 10, 2018. Publicly Released: Jan 10, 2018.
Nov 21, 2017
-
Information Technology:
OMB Needs to Report On and Improve Its Oversight of the Highest Priority ProgramsGAO-18-51: Published: Nov 21, 2017. Publicly Released: Nov 21, 2017.
Nov 15, 2017
-
Information Technology:
Further Implementation of FITARA Related Recommendations Is Needed to Better Manage Acquisitions and OperationsGAO-18-234T: Published: Nov 15, 2017. Publicly Released: Nov 15, 2017.
Nov 7, 2017
-
Information Technology Reform:
Agencies Need to Improve Certification of Incremental DevelopmentGAO-18-148: Published: Nov 7, 2017. Publicly Released: Nov 7, 2017.
Oct 4, 2017
-
Information Technology:
Management Attention Is Needed to Successfully Modernize Tax Processing SystemsGAO-18-153T: Published: Oct 4, 2017. Publicly Released: Oct 4, 2017.
Sep 18, 2017
-
Information Technology Modernization:
Corporation for National and Community Service Needs to Develop a System That Supports Grant MonitoringGAO-17-267: Published: Aug 17, 2017. Publicly Released: Sep 18, 2017.
Sep 6, 2017
-
Public Health Information Technology:
HHS Has Made Little Progress toward Implementing Enhanced Situational Awareness Network CapabilitiesGAO-17-377: Published: Sep 6, 2017. Publicly Released: Sep 6, 2017. -
Data Center Optimization:
Agencies Need to Address Challenges and Improve Progress to Achieve Cost Savings GoalGAO-17-448: Published: Aug 15, 2017. Publicly Released: Sep 6, 2017.
Looking for more? Browse all our products here
Explore our Key Issues on Information Technology
- Best Practices and Leading Practices in Information Technology Management
- 2020 Census - High Risk Issue
- DHS Management - High Risk Issue
- DOD Business Systems Modernization - High Risk Issue
- Ensuring the Security of Federal Information Systems and Cyber Critical Infrastructure and Protecting the Privacy of Personally Identifiable Information - High Risk Issue
- IT Acquisitions and Operations - High Risk Issue
- Managing Risks and Improving VA Health Care - High Risk Issue
- Modernization Blueprints
- OPM's Retirement Processing System Modernization
- Wireless Broadband Spectrum Management
Explore our other Key Issues here
