Information Security: Answers to Posthearing Questions

Pursuant to a congressional request, GAO responded to congressional questions regarding its June 24, 1999, testimony on the need for stronger information security management, focusing on: (1) the effectiveness of federal agencies' implementation of the 1987 Computer Security Act; (2) what gaps the Presidential Decision Directive (PDD) No. 63 will fill within existing federal programs that would improve the security of federal computer systems; (3) how GAO's Information Security Management guide differ from existing National Institute of Standards Technology (NIST) issued guidelines and bulletins, and how agencies responded to the guidelines; and (4) whether the 1992 information security audits conducted by NIST and National Security Agency (NSA) were effective and useful and whether NIST and NSA should perform these audits on a regular basis.