Printer Friendly

Information Security: Evaluation of GAO's Information Security Program and Practices for Fiscal Year 2009.

OIG-10-3 January 4, 2010

This is a publication by GAO's Inspector General that concerns internal GAO operations. Although not obligated by law to comply, GAO has adopted the requirements of the Federal Information Security Management Act of 2002 (FISMA) to strengthen its information security program and demonstrate its ongoing commitment to lead by example. GAO's Office of Inspector General (OIG) conducted an evaluation to assess (1) the effectiveness of the agency's information security policies, procedures, and practices, and (2) agency compliance with the information security requirements of FISMA and other federal information security policies, procedures, standards, and guidelines.

Overall, the OIG's evaluation showed that GAO has established an information security program consistent with the requirements of FISMA, Office of Management and Budget (OMB) implementing guidance, and guidance and standards issued by the National Institute of Standards and Technology (NIST). However, it also found that GAO's information security policies and procedures were not always applied and some could be improved to help ensure that they are consistent with the OMB and NIST guidance. Please review the full report for a list of Inspector General recommendations.

Categories: January 4, 2010, Documentation, Information disclosure, Information management, Information security management, Information security regulations, Information systems, Privacy policies, Requirements definition, Standards, Strategic planning, Voluntary compliance
COPYRIGHT 2010 Stonehenge International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2010 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:General Accounting Office Reports & Testimony
Date:Feb 1, 2010
Previous Article:Bid Protest Ruling: LexisNexis.
Next Article:Bid Protest Ruling: LIS, Inc.

Related Articles
Information Security: Weaknesses Persist at Federal Agencies Despite Progress Made in Implementing Related Statutory Requirements.
Information Security: IRS Needs to Address Pervasive Weaknesses.
Information Security: Although Progress Reported, Federal Agencies Need to Resolve Significant Deficiencies.
Information Security: Progress Reported, but Weaknesses at Federal Agencies Persist.
Information Security: TVA Needs to Address Weaknesses in Control Systems and Networks.
Information Security: TVA Needs to Enhance Security of Critical Infrastructure Control Systems and Networks.
Privacy: Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information.
Nuclear Nonproliferation: National Nuclear Security Administration Has Improved the Security of Reactors in its Global Research Reactor Program, but...
Homeland Defense: Greater Focus on Analysis of Alternatives and Threats Needed to Improve DOD's Strategic Nuclear Weapons Security.
Homeland Security: Better Use of Terrorist Watchlist Information and Improvements in Deployment of Passenger Screening Checkpoint Technologies Could...

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters