Information Security: Evaluation of GAO's Information Security Program and Practices for Fiscal Year 2009

OIG-10-3: Jan 4, 2010

Additional Materials:

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

This is a publication by GAO's Inspector General that concerns internal GAO operations. Although not obligated by law to comply, GAO has adopted the requirements of the Federal Information Security Management Act of 2002 (FISMA) to strengthen its information security program and demonstrate its ongoing commitment to lead by example. GAO's Office of Inspector General (OIG) conducted an evaluation to assess (1) the effectiveness of the agency's information security policies, procedures, and practices, and (2) agency compliance with the information security requirements of FISMA and other federal information security policies, procedures, standards, and guidelines.

Overall, the OIG's evaluation showed that GAO has established an information security program consistent with the requirements of FISMA, Office of Management and Budget (OMB) implementing guidance, and guidance and standards issued by the National Institute of Standards and Technology (NIST). However, it also found that GAO's information security policies and procedures were not always applied and some could be improved to help ensure that they are consistent with the OMB and NIST guidance. Please review the full report for a list of Inspector General recommendations.

Sep 30, 2014

Jun 3, 2014

May 27, 2014

Dec 19, 2013

Sep 27, 2013

Apr 26, 2013

Feb 13, 2013

Dec 12, 2012

Aug 28, 2012

Aug 1, 2012

  • OIG Strategic Plan:

    2013-2017
    OIG-12-1SP:Published: Aug 1, 2012. Publicly Released: Aug 1, 2012.

Looking for more? Browse all our products here