Computer Security:
Critical Federal Operations and Assets Remain at Risk
T-AIMD-00-314: Published: Sep 11, 2000. Publicly Released: Sep 11, 2000.
Additional Materials:
- Full Report:
Contact:
(202) 512-6253
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a congressional request, GAO discussed information security audits at federal agencies, focusing on: (1) the pervasive weaknesses that continue since the results of a similar analysis 2 years ago; (2) the serious risks that these weaknesses pose; and (3) major common weaknesses that agencies need to address in order to improve their information security programs.
GAO noted that: (1) evaluations published since July 1999 continue to show that federal computer systems are riddled with weaknesses that continue to put critical operations and assets at risk; (2) just as in 1998, weaknesses were reported in all six major areas of general controls--the policies, procedures, and technical controls that apply to all or a large segment of an entity's information systems and help ensure their proper operation; (3) these weaknesses placed a broad range of critical operations and assets at risk for fraud, misuse, and disruption; (4) virtually all federal operations are supported by automated systems and electronic data, and agencies would find it difficult, if not impossible, to carry out their missions and account for their resources without these information assets; (5) hence, the degree of risk caused by security weaknesses is extremely high; (6) the nature of agency operations and the related risks vary; (7) each organization needs a set of management procedures and an organizational framework for identifying and assessing risk, deciding what policies and controls are needed, periodically evaluating the effectiveness of these policies and controls, and acting to address any identified weaknesses; (8) of the 21 agencies for which security program management was reviewed, all had deficiencies; (9) access controls were evaluated at all 24 of the agencies covered by GAO's analysis, and all were reported to have significant weaknesses; (10) GAO's auditors have been successful, in almost every test, in readily gaining unauthorized access that would allow intruders to read, modify, or delete data; (11) weaknesses in software program change controls were identified for 19 of the 21 agencies where such controls were evaluated; (12) segregation of duties was evaluated at 20 of the 24 agencies and weaknesses were identified at 17 of these agencies; (13) weaknesses were identified at each of the 18 agencies for which operating system controls were reviewed; (14) service continuity controls were evaluated for 21 of the 24 agencies included in the analysis; and (15) of these 21, weaknesses were reported for 20 agencies.
Mar 2, 2021
High-Risk Series:
Dedicated Leadership Needed to Address Limited Progress in Most High-Risk AreasGAO-21-119SP: Published: Mar 2, 2021. Publicly Released: Mar 2, 2021.-
High-Risk Series:
Dedicated Leadership Needed to Address Limited Progress in Most High-Risk AreasGAO-21-383T: Published: Mar 2, 2021. Publicly Released: Mar 2, 2021. -
High-Risk Series:
Dedicated Leadership Needed to Address Limited Progress in Most High-Risk AreasGAO-21-384T: Published: Mar 2, 2021. Publicly Released: Mar 2, 2021.
Feb 3, 2021
-
Fixed-Price-Incentive Contracts:
DOD Has Increased Their Use but Should Assess Contributions to OutcomesGAO-21-181: Published: Feb 3, 2021. Publicly Released: Feb 3, 2021.
Jan 29, 2021
-
Federal Real Property:
Additional Documentation of Decision Making Could Improve Transparency of New Disposal ProcessGAO-21-233: Published: Jan 29, 2021. Publicly Released: Jan 29, 2021.
Jan 19, 2021
-
Federal Rulemaking:
Selected EPA and HHS Regulatory Analyses Met Several Best Practices, but CMS Should Take Steps to Strengthen Its AnalysesGAO-21-151: Published: Dec 17, 2020. Publicly Released: Jan 19, 2021.
Jan 13, 2021
-
Department of Energy Contracting:
Improvements Needed to Ensure DOE Assesses Its Full Range of Contracting Fraud RisksGAO-21-44: Published: Jan 13, 2021. Publicly Released: Jan 13, 2021.
Dec 16, 2020
-
Data Governance:
Agencies Made Progress in Establishing Governance, but Need to Address Key MilestonesGAO-21-152: Published: Dec 16, 2020. Publicly Released: Dec 16, 2020.
Dec 9, 2020
-
2020 Census:
The Bureau Concluded Field Work but Uncertainty about Data Quality, Accuracy, and Protection RemainsGAO-21-206R: Published: Dec 9, 2020. Publicly Released: Dec 9, 2020.
Dec 3, 2020
-
2020 Census:
Census Bureau Needs to Assess Data Quality Concerns Stemming from Recent Design ChangesGAO-21-142: Published: Dec 3, 2020. Publicly Released: Dec 3, 2020.
Looking for more? Browse all our products here
Explore our Key Issues on Government Operations
- 2020 Census - High Risk Issue
- Cybersecurity Challenges Facing the Nation – High Risk Issue
- Department of Energy's Contract Management for the National Nuclear Security Administration and Office of Environmental Management - High Risk Issue
- DHS Management - High Risk Issue
- Disaster Assistance
- DOD Weapon Systems Acquisition - High Risk Issue
- Elections and Campaign Finance
- Federal Data Transparency
- Federal Financial Accountability
- Federal Grants to State and Local Governments
- Federal Real Property - High Risk Issue
- Federal Rulemaking
- Federal Telework
- Federal Training Investments and Assessments
- Improper Payments
- Improving Government Services to Taxpayers
- Intelligence Community Management
- Leading Practices in Collaboration Across Governments, Nonprofits, and the Private Sector
- Leading Practices in Human Capital Management
- Leading Practices in Managing for Results in Government
- NASA Acquisitions - High Risk Issue
- Open Innovation
- Spectrum Management
- Strategic Management of Human Capital - High Risk Issue
- Tax Expenditures
- U.S. Arctic Interests
- Using Data and Evidence to Improve Federal Programs
- U.S. Postal Service's Financial Viability - High Risk Issue
- VA and DOD Health Care Management
- VA and DOD Patient Care
Explore our other Key Issues here
