Skip to HighlightsSkip to Recommendations
Pursuant to a congressional request, GAO provided information on the steps the Department of Agriculture (USDA) is taking to help ensure departmentwide information systems security.
Recommendations for Executive Action
|Department of Agriculture||In order to ensure that information security is strengthened at the department, the Secretary of Agriculture should direct that the Chief Information Officer (CIO) and Associate CIO for Cyber-Security develop and document a strategy for implementing the action plan for improving USDA information security. At a minimum, the implementing strategy should establish and set forth priorities for implementing the plan and for addressing the highest risks and threats to the department's assets; time frames and milestones for completing all necessary actions; and staff and funding resources required for fiscal years 2001, 2002, and beyond.|
|Department of Agriculture||In order to ensure that information security is strengthened at the department, the Secretary of Agriculture should demonstrate that information security at USDA is a departmental priority by (1) directing that sufficient resources be available to fund the department's information security improvement strategy and implementing plan; (2) holding the CIO and Associate CIO accountable for carrying out the strategy and plan; and (3) requiring the Office of the Chief Information Officer to provide the Secretary of Agriculture with quarterly reports describing the results of USDA's efforts to establish and implement an effective departmentwide information security program.|
|Department of Agriculture||The Secretary of Agriculture should report the department's information security weaknesses and lack of a departmentwide information security management program as a material internal control weakness under the Federal Managers' Financial Integrity Act. This internal control weakness should remain outstanding until USDA fully meets the federal regulations for information security.|