Summary: Pursuant to a congressional request, GAO provided information on the Department of Defense's (DOD) efforts to protect and defend its information and information systems, focusing on: (1) the actions DOD has taken to implement the recommendations contained in the Defense Science Board task force's November 1996 report on information warfare defense; (2) DOD's development of an information assurance management process; and (3) DOD's adoption of a new information assurance certification and accreditation process.
GAO noted that: (1) since the Defense Science Board task force's November 1996 report on information warfare defense, DOD organizations have undertaken a variety of efforts to establish information assurance; (2) for example, DOD has initiated a project to develop a standard methodology and management process by which opposing force assessments will be conducted to help identify vulnerabilities in DOD systems and networks and to determine the readiness posture and preparedness of the fighting forces; and (3) the Office of the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence recently began implementing a program to bring an integrated management structure and process to information assurance activities and initiated a process for certifying and accrediting systems for information assurance.