Status of Compliance With the Computer Security Act of 1987

T-IMTEC-89-1: Published: Mar 21, 1989. Publicly Released: Mar 21, 1989.

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO discussed federal agencies' compliance with the Computer Security Act of 1987. GAO found that: (1) 45 agencies had training programs for their employees, 19 planned to develop training programs, 2 were unsure of when they would start training, 15 agencies had no computer systems with sensitive information, 3 agencies responded late to a GAO questionnaire, and 1 agency did not respond; (2) 31 of 45 agencies with training programs had 190 classroom courses or modules, while 35 had nonclassroom training activities; (3) most of the agencies were satisfied with the National Institute of Standards and Technology's (NIST) guidelines and the Office of Personnel Management's (OPM) training regulations; (4) 42 agencies timely submitted their security plans to NIST, 14 did not meet the deadline but planned to comply with the act's requirements, and 12 agencies indicated that they did not have sensitive systems; and (5) 48 agencies submitted 1,172 security plans for 2,245 systems, 11 agencies submitted plans for systems operated by other agencies, 16 agencies developed 184 plans for 228 systems operated by contractors, and 1 agency reported a plan for a state and local government system. GAO also: (1) developed security plans within the required time frame; (2) submitted five plans for its systems, four plans for systems operated by other agencies, and two plans for contractor-operated systems; and (3) was satisfied with Office of Management and Budget guidance on security plan development.

Sep 17, 2018

Sep 7, 2018

Sep 6, 2018

Jul 31, 2018

Jul 25, 2018

Jul 12, 2018

Jun 14, 2018

May 14, 2018

Apr 24, 2018

Mar 7, 2018

Looking for more? Browse all our products here