Federal Information Security:
Actions Needed to Address Widespread Weaknesses
T-AIMD-00-135: Published: Mar 29, 2000. Publicly Released: Mar 29, 2000.
Additional Materials:
- Full Report:
Contact:
(202) 512-4841
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a congressional request, GAO discussed federal information security, focusing on actions federal agencies can take immediately to strengthen their security programs as well as other actions required to make more fundamental and long-term improvements.
GAO noted that: (1) federal agencies can act immediately to address federal information security weaknesses and reduce the related risks; (2) specifically, they can: (a) increase awareness; (b) ensure that existing controls are operating effectively; (c) ensure that software patches are up-to-date; (d) use automated scanning and testing tools to quickly identify problems; (e) propagate their best practices; and (f) ensure that their most common vulnerabilities are addressed; (3) none of these actions alone will ensure good security; (4) however, they take advantage of readily available information and tools and, thus, do not involve significant new resources; and (5) as a result, they are steps that can be made without delay.
Sep 17, 2018
Cybersecurity:
Office of Federal Student Aid Should Take Additional Steps to Oversee Non-School Partners' Protection of Borrower InformationGAO-18-518: Published: Sep 17, 2018. Publicly Released: Sep 17, 2018.
Sep 7, 2018
-
Data Protection:
Actions Taken by Equifax and Federal Agencies in Response to the 2017 BreachGAO-18-559: Published: Aug 30, 2018. Publicly Released: Sep 7, 2018.
Sep 6, 2018
-
High-Risk Series:
Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the NationGAO-18-622: Published: Sep 6, 2018. Publicly Released: Sep 6, 2018.
Jul 31, 2018
-
Information Security:
IRS Needs to Rectify Control Deficiencies That Limit Its Effectiveness in Protecting Sensitive Financial and Taxpayer DataGAO-18-391: Published: Jul 31, 2018. Publicly Released: Jul 31, 2018.
Jul 25, 2018
-
High-Risk Series:
Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the NationGAO-18-645T: Published: Jul 25, 2018. Publicly Released: Jul 25, 2018.
Jul 12, 2018
-
Information Security:
Supply Chain Risks Affecting Federal AgenciesGAO-18-667T: Published: Jul 12, 2018. Publicly Released: Jul 12, 2018.
Jun 14, 2018
-
Cybersecurity Workforce:
Agencies Need to Improve Baseline Assessments and Procedures for Coding PositionsGAO-18-466: Published: Jun 14, 2018. Publicly Released: Jun 14, 2018.
May 14, 2018
-
Protecting Classified Information:
Defense Security Service Should Address Challenges as New Approach Is PilotedGAO-18-407: Published: May 14, 2018. Publicly Released: May 14, 2018.
Apr 24, 2018
-
Cybersecurity:
DHS Needs to Enhance Efforts to Improve and Promote the Security of Federal and Private-Sector NetworksGAO-18-520T: Published: Apr 24, 2018. Publicly Released: Apr 24, 2018.
Mar 7, 2018
-
Cybersecurity Workforce:
DHS Needs to Take Urgent Action to Identify Its Position and Critical Skill RequirementsGAO-18-430T: Published: Mar 7, 2018. Publicly Released: Mar 7, 2018.
Looking for more? Browse all our products here
Explore our Key Issues on Information Security
Explore our other Key Issues here
