Menu Search Account

LegiStorm

Get LegiStorm App Visit Product Demo Website
» Get LegiStorm App
» Get LegiStorm Pro Free Demo

Information Systems: Agencies Overlook Security Controls During Development

  Premium   Download PDF Now (56 pages)
Report Type Reports and Testimonies
Report Date May 31, 1988
Report No. IMTEC-88-11
Subject
Summary:

Pursuant to a congressional request, GAO reviewed federal civilian agencies' practices for incorporating security controls during the development of automated systems for sensitive information.

GAO found that the National Bureau of Standards (NBS), the Office of Management and Budget (OMB), and the General Services Administration issued considerable but general guidance for agencies to follow in incorporating security controls during systems development. GAO also found that agencies did not adequately: (1) determine their systems' security needs; (2) assess threats, vulnerabilities, and risks to their systems; (3) identify alternative system security approaches or compare their feasibility, costs, or benefits; (4) analyze potential risks for their specific system concepts; (5) define the sensitivity of their information; (6) define security requirements to permit implementation of appropriate controls; or (7) develop security test plans.

« Return to search Government Accountability Office reports