Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements

GAO-04-483T Published: Mar 16, 2004. Publicly Released: Mar 16, 2004.

Highlights

For many years, GAO has reported on the widespread negative impact of poor information security within federal agencies and has identified it as a governmentwide high-risk issue since 1997. Legislation designed to improve information security was enacted in October 2000. It was strengthened in December 2002 by new legislation, the Federal Information Security Management Act of 2002 (FISMA), which incorporated important new requirements. This testimony discusses (1) the Office of Management and Budget's (OMB) recent report to the Congress required by FISMA on the government's overall information security posture, (2) the reported status of efforts by 24 of the largest agencies to implement federal information security requirements, (3) opportunities for improving the usefulness of performance measurement data, and (4) progress by the National Institute of Standards and Technology (NIST) to develop related standards and guidance.

Full Report

Highlights

Full Report (45 pages)

Accessible Text

GAO Contacts

Robert (Bob) Dacey

Chief Accountant

daceyr@gao.gov

(202) 512-2700

Office of Public Affairs

Chuck Young

Managing Director

youngc1@gao.gov

(202) 512-4800

Topics

Information Security

AccountabilityBaseline security controlsComputer securityInformation resources managementInformation security managementInformation systemsInformation systems accreditationInformation systems certificationInformation technologyIT security certification and accreditationPerformance measuresReporting requirementsRisk assessmentStandards