Skip to main content

Semiannual Report: October 1, 2012 - March 31, 2013

OIG-13-2SP Published: Apr 26, 2013. Publicly Released: Apr 26, 2013.
Jump To:
Skip to Highlights

Highlights

This is a publication by GAO's Inspector General that concerns internal GAO operations. The report summarizes the activities of the Office of the Inspector General (OIG) for the first reporting period of fiscal year 2013.

The Federal Information Security Management Act of 2002 (FISMA) requires that many federal agencies establish an agency-wide information security management program for the information and information systems that support the agency's operations and assets. GAO is not obligated by law to comply with FISMA or Executive Branch information policies, but has adopted them to help ensure physical and information system security. Our prior year evaluations have shown that GAO has established an overall information security program that is generally consistent with the requirements of FISMA, OMB implementing guidance, and standards and guidance issued by the National Institute of Standards and Technology. For example, GAO has well defined operational and technical controls for remote access to its network. Its telecommunications policy requires users to comply with rules of behavior and user agreements that acknowledge their responsibility and accountability. GAO also has procedures in place to report and disable lost or stolen devices to prevent unauthorized access. In addition, GAO has continued its focus on closing prioryear security-related recommendations.

Our fiscal year 2012 limited evaluation reinforced our prior conclusion. However, using 18 new FISMA reporting metrics for federal inspectors general, we identified areas for improvement in the contingency planning process. We also identified resource challenges that affect GAO's ability to implement security upgrades and strategies identified by GAO managers and the OIG.

Full Report

GAO Contacts