Information Security: Additional Actions Needed to Fully Implement Reform Legislation Page: 4 of 43
This report is part of the collection entitled: Government Accountability Office Reports and was provided to UNT Digital Library by the UNT Libraries Government Documents Department.
Extracted Text
The following text was automatically extracted from the image on this page using optical character recognition software:
* in addition to the information currently reported, explicitly identify in
future OMB annual reports to the Congress, the overall status of
agencies' efforts to implement each of the information security program
requirements specified by the reform provisions.
In addition, to help ensure that annual independent evaluations
appropriately consider all agency systems as intended by the reform
provisions, we also recommend that director of the Office of Management
and Budget, through its budgetary and reform provision oversight
responsibilities, encourage agencies' inspectors general to
* appropriately consider both financial and nonfinancial systems in
selecting the subset of systems for testing information security control
techniques during their annual independent evaluations,
* provide an independent assessment of agencies' corrective action plans
in their future evaluations, and
* obtain appropriate resources to support these evaluations and their
other information security audit needs.
Agency Comments OMB's Chief of the Information Policy and Technology Branch, Office of
Information and Regulatory Affairs, provided us with oral comments on a
draft of this report. Emphasizing that comments pertain specifically to our
recommendations, the OMB chief generally concurred with the
recommendations and advised that OMB and the agencies identified similar
areas for improvement and have drafted revised fiscal year 2002 reporting
guidance that would address the recommendations as appropriate.
The OMB chief also wanted to clarify several key issues related to our
recommendations on providing to the Congress information on agencies
corrective action plans, reporting to the Congress on the status of agencies'
efforts to implement information security program requirements, and the
implementation of our recommendations within the context of OMB's
statutory roles and responsibilities. The OMB chief noted that he
recognizes Congress's oversight role regarding agencies' actions to correct
information security weaknesses, and at this time, OMB is continuing to
develop a solution for next year's reporting to provide to the Congress
information on agencies' corrective actions. However, he emphasized that
since OMB's objective is to maintain the confidentiality of predecisional
information contained in agencies' corrective action plans and that heGAO-02-407 Information Security Reform
Page 3
Upcoming Pages
Here’s what’s next.
Search Inside
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. General Accounting Office. Information Security: Additional Actions Needed to Fully Implement Reform Legislation, report, May 2, 2002; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc294741/m1/4/: accessed March 19, 2024), University of North Texas Libraries, UNT Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.