Menu Search Account

LegiStorm

Get LegiStorm App Visit Product Demo Website
» Get LegiStorm App
» Get LegiStorm Pro Free Demo

Computer Security: Governmentwide Planning Process Had Limited Impact

  Premium   Download PDF Now (27 pages)
Report Type Reports and Testimonies
Report Date May 10, 1990
Report No. IMTEC-90-48
Subject
Summary:

Pursuant to a congressional request, GAO reviewed the governmentwide computer security planning and review process that the Computer Security Act of 1987 required, focusing on: (1) 10 civilian agencies' planning processes and implementation of planned controls in 22 selected plans; and (2) the National Institute of Standards and Technology's (NIST) and the National Security Agency's (NSA) review of plans.

GAO found that: (1) governmentwide planning and review processes did little to strengthen computer security; (2) agency officials believed that the planning and review process merely heightened managerial awareness of computer security; (3) agencies experienced problems in the design and implementation of the planning process, due to a lack of information, guidance, and resources; (4) agencies made little progress in implementing planned controls, mainly because of budget constraints and inadequate management support; and (5) in January 1990, NIST, NSA, and the Office of Management and Budget issued draft security planning guidance aimed at improving governmentwide computer security.

« Return to search Government Accountability Office reports