Semiannual Report: October 1, 2012 - March 31, 2013
OIG-13-2SP: Apr 26, 2013
Tonya R. Ford
This is a publication by GAO's Inspector General that concerns internal GAO operations. The report summarizes the activities of the Office of the Inspector General (OIG) for the first reporting period of fiscal year 2013.
The Federal Information Security Management Act of 2002 (FISMA) requires that many federal agencies establish an agency-wide information security management program for the information and information systems that support the agency's operations and assets. GAO is not obligated by law to comply with FISMA or Executive Branch information policies, but has adopted them to help ensure physical and information system security. Our prior year evaluations have shown that GAO has established an overall information security program that is generally consistent with the requirements of FISMA, OMB implementing guidance, and standards and guidance issued by the National Institute of Standards and Technology. For example, GAO has well defined operational and technical controls for remote access to its network. Its telecommunications policy requires users to comply with rules of behavior and user agreements that acknowledge their responsibility and accountability. GAO also has procedures in place to report and disable lost or stolen devices to prevent unauthorized access. In addition, GAO has continued its focus on closing prioryear security-related recommendations.