Skip to main content

Information Security: Concerted Effort Needed to Improve Federal Performance Measures

GAO-10-159T Published: Oct 29, 2009. Publicly Released: Oct 29, 2009.
Jump To:
Skip to Highlights


Cyber security is a critical consideration for any organization that depends on information systems and computer networks to carry out its mission or business. Organizations are faced with a variety of information security threats, such as fraudulent activity from cyber criminals, unauthorized access by disgruntled or dishonest employees, and denial-of-service attacks and other disruptions. The recent dramatic increase in reports of security incidents, the wide availability of hacking tools, and steady advances in the sophistication and effectiveness of attack technology all contribute to the urgency of ensuring that adequate steps are taken to protect the federal government's information and the systems that contain and process it. The Federal Information Security Management Act (FISMA), which was enacted in 2002, sets forth a comprehensive framework for ensuring the effectiveness of security controls over information resources that support federal operations and assets. The act assigns specific responsibilities to federal agencies, the Office of Management and Budget (OMB), and the National Institute of Standards and Technology (NIST). It also requires agencies and OMB to annually report on the adequacy and effectiveness of agency information security programs and compliance with the provisions of the act. To help meet these requirements, OMB established a uniform set of information security measures that all federal agencies report on annually.

Full Report

Office of Public Affairs


AccountabilityAgency missionsBest practicesData collectionInformation resources managementInformation securityInformation security managementInformation security regulationsInternal controlsMonitoringPerformance measuresRegulatory agenciesReporting requirementsRisk assessmentRisk managementStandardsStrategic planning