Skip to main content

Information on Government Accountability Office Covered Computer Systems Pursuant to the Cybersecurity Act of 2015

OIG-16-4 Published: Aug 03, 2016. Publicly Released: Aug 04, 2016.
Jump To:
Skip to Highlights


This is a publication by GAO's Inspector General that concerns internal GAO operations. The Cybersecurity Act of 2015 requires Inspectors General to report on federal computer systems that are national security systems or that provide access to personally identifiable information. This report satisfies the requirement for the Government Accountability Office (GAO). Because GAO has no national security systems, our report is specific to its computer systems that provide access to personally identifiable information (PII). Our objective was to collect specific information on GAO's information security policies and practices governing systems that provide access to PII and to assess whether logical access policies and practices over these systems are appropriate and were being followed. We did not independently validate the information that GAO provided for this report, except to determine that appropriate logical access standards and guidance were being followed, as required.

For more information, please contact Adam R. Trzeciak at (202) 512-5748 or

Full Report

GAO Contacts


CybersecurityAccess controlAuditing standardsInformation securityInformation systemsPersonally identifiable informationInformation security managementComputer securityInternal auditsInternal controlsStandardsAuthenticationComputer systems