Skip to main content

Information Technology: Federal Laws, Regulations, and Mandatory Standards to Securing Private Sector Information Technology Systems and Data in Critical Infrastructure Sectors

GAO-08-1075R Published: Sep 16, 2008. Publicly Released: Sep 16, 2008.
Jump To:
Skip to Highlights


Federal policy identifies 18 infrastructure sectors--such as banking and finance, energy, public health and healthcare, and telecommunications--that are critical to the nation's security, economy, public health, and safety. Because these sectors rely extensively on computerized information systems and electronic data, it is crucial that the security of these systems and data is maintained. Further, because most of these infrastructures are owned by the private sector, it is imperative that public and private entities work together to protect these assets. The federal government uses both voluntary partnerships with private industry and requirements in federal laws, regulations, and mandatory standards to assist in the security of privately owned information technology (IT) systems and data within critical infrastructure sectors. As agreed, our objectives were to (1) identify, for each critical infrastructure sector, the federal laws, regulations, and mandatory standards that pertain to securing that sector's privately owned IT systems and data and (2) identify enforcement mechanisms for each of the above laws, regulations, and mandatory standards.

Full Report

Office of Public Affairs


Banking lawBanking regulationComputer securityCritical infrastructureCritical infrastructure protectionCyber securityData collectionData integrityFederal lawFederal regulationsInformation managementInformation systemsInformation technologyInternal controlsNoncomplianceRegulatory agenciesReporting requirementsRequirements definitionSecurities regulationStandardsSystems managementPolicies and procedures