Impact of the Governmentwide Computer Security Planning and Review Process
T-IMTEC-90-11: Published: Jul 10, 1990. Publicly Released: Jul 10, 1990.
- Full Report:
GAO discussed the governmentwide computer security planning and review process implemented under the Computer Security Act of 1987. GAO found that: (1) agency plans developed under the act are reporting requirements, rather than tools for managing agency security programs; and (2) National Institute of Standards and Technology and National Security Agency review comments on agency plans were general and of limited use with regard to specific computer security problems. GAO believes that the planning and review process has little impact on agency computer security programs.