The Securities and Exchange Commission (SEC) improved its information security by addressing weaknesses previously identified by GAO, including separating the user production network from the internal management network. However, weaknesses continue to limit the effectiveness of other security controls. In particular: (1) While SEC had issued policies and implemented controls based on those polic

FAA has made progress in implementing information security for its air traffic control information systems; however, GAO identified significant security weaknesses that threaten the integrity, confidentiality, and availability of FAA's systems--including weaknesses in controls that are designed to prevent, limit, and detect access to these systems. The agency has not adequately managed its networ

SEC has not effectively implemented information system controls to protect the integrity, confidentiality, and availability of its financial and sensitive data. Specifically, the commission had not consistently implemented effective electronic access controls, including user accounts and passwords, access rights and permissions, network security, or audit and monitoring of security-relevant event

Significant, pervasive information security control weaknesses exist at USDA, including serious access control weaknesses, as well as other information security weaknesses. Specifically, USDA has not adequately protected network boundaries, sufficiently controlled network access, appropriately limited mainframe access, or fully implemented a comprehensive program to monitor access activity. In ad

FDIC has made progress in correcting information system controls since GAO's 2001 review. Of the 41 weaknesses identified that year, FDIC has corrected or has specific action plans to correct all of them. GAO's 2002 audit nonetheless identified 29 new computer security weaknesses. These weaknesses reduce the effectiveness of FDIC's controls to safeguard critical financial and other sensitive info

Since January 2001, efforts to improve federal information security have accelerated at individual agencies and at the governmentwide level. For example, implementation of Government Information Security Reform legislation (GISRA) enacted by the Congress in October 2000 was a significant step in improving federal agencies' information security programs and addressing their serious, pervasive info

Critical infrastructure protection (CIP) involves activities that enhance the security of the nation's cyber and physical public and private infrastructures that are essential to national security, economic activity, and public health and safety. At least 50 federal organizations within 13 major departments and agencies mentioned in Presidential Decision Directive 63 are involved in CIP activitie

The components, military services, and agencies of the Department of Defense (DOD) share many risks in their use of globally networked computer systems to perform operational missions. Many reports of vulnerabilities, organized intrusions, and theft related to department systems and networks have underscored weaknesses in DOD systems. In January 1998, DOD responded to these risks by announcing it

The federal government must overcome several major challenges before public key infrastructure (PKI) technology can be widely and effectively used. These challenges include providing interoperability among agency PKIs, ensuring that PKI implementations can support a potential large scale of users, reducing the cost of building PKI systems, setting policies to maintain trust levels among agencies,

This testimony compares federal agency Internet privacy policies with the Federal Trade Commission's (FTC) fair information principles. The World Wide Web requires the collection of certain data, such as Internet addresses, from individuals who visit web sites. However, the collection of even this most basic data can be controversial because of the public's apprehension about what information is