Information Security: Agencies Make Progress in Implementation of Requirements, but Significant Weaknesses Persist

GAO-09-701T Published: May 19, 2009. Publicly Released: May 19, 2009.

Highlights

Without proper safeguards, federal agencies' computer systems are vulnerable to intrusions by individuals and groups who have malicious intentions and can obtain sensitive information, commit fraud, disrupt operations, or launch attacks against other computer systems and networks. Concerned by reports of significant weaknesses in federal systems, Congress passed the Federal Information Security Management Act (FISMA), which permanently authorized and strengthened information security program, evaluation, and annual reporting requirements for federal agencies. GAO was asked to testify on its draft report on (1) the adequacy and effectiveness of federal agencies' information security policies and practices and (2) their implementation of FISMA requirements. To prepare for this testimony, GAO summarized its draft report where it analyzed agency, inspectors general, Office of Management and Budget (OMB), congressional, and GAO reports on information security.

Full Report

Highlights

Full Report (16 pages)

Accessible Text

GAO Contacts

Gregory C. Wilshusen

Director

Information Technology and Cybersecurity

wilshuseng@gao.gov

(202) 512-4800

Media Inquiries

Sarah Kaczmarek

Managing Director

Office of Public Affairs

kaczmareks@gao.gov

(202) 512-4800

Public Inquiries

Public Affairs

PublicAffairs@gao.gov

(202) 512-4800

Topics

Information Security

AccountabilityAgency evaluationClassified defense informationComputer securityFraudIdentity theftInformation securityInformation systemsInternal controlsOperational testingPerformance appraisalProgram evaluationRegulatory agenciesReporting requirementsRisk managementStandardsStrategic information systems planningSystems evaluationPolicies and procedures