Bureau of the Public Debt: Areas for Improvement in Computer Controls

Well-designed and properly implemented general and application controls are essential to protect the Bureau of Public Debt's (BPD) computer resources and operational environment from inappropriate disclosure and modification of sensitive information, misuse or damage of computer resources, and disruption of critical operations. BPD needs to take preventive measures to further reduce threats to its computer resources and operating environment from unintentional errors or omissions or intentional modification, disclosure, or destruction of data and programs by disgruntled employees, intruders, or hackers. BPD has addressed most of the vulnerabilities GAO identified as part of its audits for fiscal years 1997 through 1999 and has already taken steps to resolve the new vulnerabilities GAO cited in its fiscal year 2000 audit. However, further actions are required to fully address the vulnerabilities discussed in this letter.