Status of Compliance With the Computer Security Act of 1987

T-IMTEC-89-1: Published: Mar 21, 1989. Publicly Released: Mar 21, 1989.

Additional Materials:


Office of Public Affairs
(202) 512-4800

GAO discussed federal agencies' compliance with the Computer Security Act of 1987. GAO found that: (1) 45 agencies had training programs for their employees, 19 planned to develop training programs, 2 were unsure of when they would start training, 15 agencies had no computer systems with sensitive information, 3 agencies responded late to a GAO questionnaire, and 1 agency did not respond; (2) 31 of 45 agencies with training programs had 190 classroom courses or modules, while 35 had nonclassroom training activities; (3) most of the agencies were satisfied with the National Institute of Standards and Technology's (NIST) guidelines and the Office of Personnel Management's (OPM) training regulations; (4) 42 agencies timely submitted their security plans to NIST, 14 did not meet the deadline but planned to comply with the act's requirements, and 12 agencies indicated that they did not have sensitive systems; and (5) 48 agencies submitted 1,172 security plans for 2,245 systems, 11 agencies submitted plans for systems operated by other agencies, 16 agencies developed 184 plans for 228 systems operated by contractors, and 1 agency reported a plan for a state and local government system. GAO also: (1) developed security plans within the required time frame; (2) submitted five plans for its systems, four plans for systems operated by other agencies, and two plans for contractor-operated systems; and (3) was satisfied with Office of Management and Budget guidance on security plan development.

Oct 9, 2020

Sep 22, 2020

Sep 21, 2020

Sep 17, 2020

Sep 16, 2020

Aug 18, 2020

May 27, 2020

May 13, 2020

Apr 24, 2020

Apr 13, 2020

Looking for more? Browse all our products here