Internal controls (21 - 30 of 246 items)
Cybersecurity: Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies
GAO-15-725T: Published: Jun 24, 2015. Publicly Released: Jun 24, 2015.
GAO has identified a number of challenges federal agencies face in addressing threats to their cybersecurity, including the following:Designing and implementing a risk-based cybersecurity program.Enhancing oversight of contractors providing IT services.Improving security incident response activities.Responding to breaches of personal information.Implementing cybersecurity programs at small agencie...
Cybersecurity: Actions Needed to Address Challenges Facing Federal Systems
GAO-15-573T: Published: Apr 22, 2015. Publicly Released: Apr 22, 2015.
Federal and contractor systems face an evolving array of cyber-based threats. These threats can be unintentional—for example, from equipment failure, careless or poorly trained employees; or intentional—targeted or untargeted attacks from criminals, hackers, adversarial nations, or terrorists, among others. Threat actors use a variety of attack techniques that can adversely affect federal info...
Air Traffic Control: FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen
GAO-15-370: Published: Apr 14, 2015. Publicly Released: Apr 14, 2015.
As the agency transitions to the Next Generation Air Transportation System (NextGen), the Federal Aviation Administration (FAA) faces cybersecurity challenges in at least three areas: (1) protecting air-traffic control (ATC) information systems, (2) protecting aircraft avionics used to operate and guide aircraft, and (3) clarifying cybersecurity roles and responsibilities among multiple FAA office...
Information Security: FDIC Implemented Many Controls over Financial Systems, but Opportunities for Improvement Remain
GAO-15-426: Published: Apr 9, 2015. Publicly Released: Apr 9, 2015.
The Federal Deposit Insurance Corporation (FDIC) has implemented numerous information security controls intended to protect its key financial systems; nevertheless, weaknesses remain that place the confidentiality, integrity, and availability of financial systems and information at risk. During 2014, the corporation implemented 27 of the 36 GAO recommendations pertaining to previously reported sec...
Information Security: IRS Needs to Continue Improving Controls over Financial and Taxpayer Data
GAO-15-337: Published: Mar 19, 2015. Publicly Released: Mar 19, 2015.
The Internal Revenue Service (IRS) made progress in implementing information security controls; however, weaknesses limit their effectiveness in protecting the confidentiality, integrity and availability of financial and sensitive taxpayer data. During fiscal year 2014, IRS continued to devote attention to securing its information systems that process sensitive taxpayer and financial information....
Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems
GAO-15-221: Published: Jan 29, 2015. Publicly Released: Mar 2, 2015.
While the Federal Aviation Administration (FAA) has taken steps to protect its air traffic control systems from cyber-based and other threats, significant security control weaknesses remain, threatening the agency's ability to ensure the safe and uninterrupted operation of the national airspace system (NAS). These include weaknesses in controls intended to prevent, limit, and detect unauthorized a...
Federal Facility Cybersecurity: DHS and GSA Should Address Cyber Risk to Building and Access Control Systems
GAO-15-6: Published: Dec 12, 2014. Publicly Released: Jan 12, 2015.
The Department of Homeland Security (DHS) has taken preliminary steps to begin to understand the cyber risk to building and access controls systems in federal facilities. For example, in 2013, components of DHS's National Protection and Programs Directorate (NPPD) conducted a joint assessment of the physical security and cybersecurity of a federal facility. However, significant work remains.Lack o...
Information Security: VA Needs to Address Identified Vulnerabilities
GAO-15-117: Published: Nov 13, 2014. Publicly Released: Nov 17, 2014.
While the Department of Veterans Affairs (VA) has taken actions to mitigate previously identified vulnerabilities, it has not fully addressed these weaknesses. For example, VA took actions to contain and eradicate a significant incident detected in 2012 involving a network intrusion, but these actions were not fully effective:The department's Network and Security Operations Center (NSOC) analyzed...
Identity Theft: Additional Actions Could Help IRS Combat the Large, Evolving Threat of Refund Fraud
GAO-14-633: Published: Aug 20, 2014. Publicly Released: Sep 22, 2014.
Based on preliminary analysis, the Internal Revenue Service (IRS) estimates it paid $5.2 billion in fraudulent identity theft (IDT) refunds in filing season 2013, while preventing $24.2 billion (based on what it could detect). The full extent is unknown because of the challenges inherent in detecting IDT refund fraud.IDT refund fraud takes advantage of IRS's “look-back” compliance model. Under...
Healthcare.gov: Actions Needed to Address Weaknesses in Information Security and Privacy Controls
GAO-14-730: Published: Sep 16, 2014. Publicly Released: Sep 16, 2014.
Many systems and entities exchange information to carry out functions that support individuals' ability to use Healthcare.gov to compare, select, and enroll in private health insurance plans participating in the federal marketplaces, as required by the Patient Protection and Affordable Care Act (PPACA). The Centers for Medicare & Medicaid Services (CMS) has overall responsibility for key federal s...