Internal controls (31 - 40 of 246 items)
Information Security: Agencies Need to Improve Oversight of Contractor Controls
GAO-14-612: Published: Aug 8, 2014. Publicly Released: Sep 8, 2014.
Although the six federal agencies that GAO reviewed (the Departments of Energy (DOE), Homeland Security (DHS), State, and Transportation (DOT), the Environmental Protection Agency (EPA) and the Office of Personnel Management (OPM)) generally established security and privacy requirements and planned for assessments to determine the effectiveness of contractor implementation of controls, five of the...
Information Security: FDIC Made Progress in Securing Key Financial Systems, but Weaknesses Remain
GAO-14-674: Published: Jul 17, 2014. Publicly Released: Jul 17, 2014.
The Federal Deposit Insurance Corporation (FDIC) has implemented numerous information security controls intended to protect its key financial systems; nevertheless, weaknesses place the confidentiality, integrity, and availability of financial systems and information at unnecessary risk. During 2013, the corporation implemented 28 of the 39 open GAO recommendations pertaining to previously-reporte...
Information Security: Additional Oversight Needed to Improve Programs at Small Agencies
GAO-14-344: Published: Jun 25, 2014. Publicly Released: Jun 25, 2014.
The six small agencies GAO reviewed have made mixed progress in implementing elements of information security and privacy programs as required by the Federal Information Security Management Act of 2002, the Privacy Act of 1974, the E-Government Act of 2002, and Office of Management and Budget (OMB) guidance (see figure).Agencies' Implementation of Information Security and Privacy Elements in Fisca...
Information Security: SEC Needs to Improve Controls over Financial Systems and Data
GAO-14-419: Published: Apr 17, 2014. Publicly Released: Apr 17, 2014.
Although the Securities and Exchange Commission (SEC) had implemented and made progress in strengthening information security controls, weaknesses limited their effectiveness in protecting the confidentiality, integrity, and availability of a key financial system. For this system's network, servers, applications, and databases, weaknesses in several controls were found, as the following examples i...
Information Security: IRS Needs to Address Control Weaknesses That Place Financial and Taxpayer Data at Risk
GAO-14-405: Published: Apr 8, 2014. Publicly Released: Apr 8, 2014.
The Internal Revenue Service (IRS) continued to make progress in addressing information security control weaknesses and improving its internal control over financial reporting; however, weaknesses remain that could affect the confidentiality, integrity, and availability of financial and sensitive taxpayer data. During fiscal year 2013, IRS management devoted attention and resources to addressing i...
Information Security: Federal Agencies Need to Enhance Responses to Data Breaches
GAO-14-487T: Published: Apr 2, 2014. Publicly Released: Apr 2, 2014.
The number of reported information security incidents involving personally identifiable information (PII) has more than doubled over the last several years (see figure).Information Security Incidents Involving PII, Fiscal Years 2009 – 2013As GAO has previously reported, major federal agencies continue to face challenges in fully implementing all components of an agency-wide information security...
Federal Information Security: Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness
GAO-13-776: Published: Sep 26, 2013. Publicly Released: Sep 26, 2013.
In fiscal year 2012, 24 major federal agencies had established many of the components of an information security program required by The Federal Information Security Management Act of 2002 (FISMA); however, they had partially established others. FISMA requires each federal agency to establish an information security program that incorporates eight key components, and each agency inspector general...
Information Security: IRS Has Improved Controls but Needs to Resolve Weaknesses
GAO-13-350: Published: Mar 15, 2013. Publicly Released: Mar 15, 2013.
IRS continued to make progress in addressing information security control weaknesses, improving its internal control over financial reporting. During fiscal year 2012, IRS management devoted attention and resources to addressing information security controls, and resolved a significant number of the information security control deficiencies that GAO previously reported. Notable among these efforts...
Information Security: Federal Communications Commission Needs to Strengthen Controls over Enhanced Secured Network Project
GAO-13-155: Published: Jan 25, 2013. Publicly Released: Feb 1, 2013.
The Federal Communications Commission (FCC) did not effectively implement appropriate information security controls in the initial components of the Enhanced Secured Network (ESN) project. Although FCC took steps to enhance its ability to control and monitor its network for security threats, weaknesses identified in the commission's deployment of components of the ESN project as of August 2012 res...
Information Security: IRS Needs to Further Enhance Internal Control over Financial Reporting and Taxpayer Data
GAO-12-393: Published: Mar 16, 2012. Publicly Released: Mar 16, 2012.
IRS implemented numerous controls and procedures intended to protect key financial and tax-processing systems; nevertheless, control weaknesses in these systems continue to jeopardize the confidentiality, integrity, and availability of the financial and sensitive taxpayer information processed by IRSs systems. Specifically, the agency continues to face challenges in controlling access to its...