277 Matching Results

Search Results

Advanced search parameters have been applied.

Information Security: Software Change Controls at the Social Security Administration

Description: Correspondence issued by the General Accounting Office with an abstract that begins "Pursuant to a congressional request, GAO reviewed the software change controls at the Social Security Administration (SSA), focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts."
Date: June 30, 2000
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing

Description: A letter report issued by the Government Accountability Office with an abstract that begins "Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to (1) identify the models of cloud computing, (2) identify the information security implications of using cloud computing services in the federal government, and (3) assess federal guidance and efforts to address information security when using cloud computing. To do so, GAO reviewed relevant publications, white papers, and other documentation from federal agencies and industry groups; conducted interviews with representatives from these organizations; and surveyed 24 major federal agencies."
Date: May 27, 2010
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: Securities and Exchange Commission Needs to Address Weak Controls over Financial and Sensitive Data

Description: A letter report issued by the Government Accountability Office with an abstract that begins "The Securities and Exchange Commission (SEC) relies extensively on computerized systems to support its financial and mission-related operations. As part of the audit of SEC's fiscal year 2004 financial statements, GAO assessed the effectiveness of the commission's information system controls in protecting the integrity, confidentiality, and availability of its financial and sensitive information."
Date: March 23, 2005
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: Software Change Controls at the National Aeronautics and Space Administration

Description: Correspondence issued by the General Accounting Office with an abstract that begins "Pursuant to a congressional request, GAO reviewed the National Aeronautics and Space Administration's (NASA) software change controls, focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts."
Date: June 30, 2000
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing

Description: A letter report issued by the Government Accountability Office with an abstract that begins "Agencies rely extensively on computerized information systems and electronic data to carry out their missions. To ensure the security of the information and information systems that support critical operations and infrastructure, federal law and policy require agencies to periodically test and evaluate the effectiveness of their information security controls at least annually. GAO was asked to evaluate the extent to which agencies have adequately designed and effectively implemented policies for testing and evaluating their information security controls. GAO surveyed 24 major federal agencies and analyzed their policies to determine whether the policies address important elements for periodic testing. GAO also examined testing documentation at 6 agencies to assess the quality and effectiveness of testing on 30 systems."
Date: October 20, 2006
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: FBI Needs to Address Weaknesses in Critical Network

Description: A letter report issued by the Government Accountability Office with an abstract that begins "The Federal Bureau of Investigation (FBI) relies on a critical network to electronically communicate, capture, exchange, and access law enforcement and investigative information. Misuse or interruption of this critical network, or disclosure of the information traversing it, would impair FBI's ability to fulfill its missions. Effective information security controls are essential for ensuring that information technology resources and information are adequately protected from inadvertent or deliberate misuse, fraudulent use, disclosure, modification, or destruction. GAO was asked to assess information security controls for one of FBI's critical networks. To assess controls, GAO conducted a vulnerability assessment of the internal network and evaluated the bureau's information security program associated with the network operating environment. This report summarizes weaknesses in information security controls in one of FBI's critical networks."
Date: April 30, 2007
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: Weaknesses at 22 Agencies

Description: Correspondence issued by the General Accounting Office with an abstract that begins "Pursuant to a congressional request, GAO reviewed computer security weaknesses within 22 federal agencies' operations."
Date: November 10, 1999
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Selected Departments Need to Address Challenges in Implementing Statutory Requirements

Description: A letter report issued by the Government Accountability Office with an abstract that begins "The Federal Information Security Management Act of 2002 (FISMA) strengthened security requirements by, among other things, requiring federal agencies to establish programs to provide cost-effective security for information and information systems. In overseeing FISMA implementation, the Office of Management and Budget (OMB) has established supporting processes and reporting requirements. However, 4 years into implementation of the act, agencies have not yet fully implemented key provisions. In this context, GAO determined what challenges or obstacles inhibit the implementation of the information security provisions of FISMA at the Departments of Defense, Homeland Security, Justice, and State. To do this, GAO reviewed and analyzed department policies, procedures, and reports related to department information security programs and interviewed agency officials."
Date: August 31, 2007
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: Continued Action Needed to Improve Software Patch Management

Description: A letter report issued by the General Accounting Office with an abstract that begins "Flaws in software code can introduce vulnerabilities that may be exploited to cause significant damage to federal information systems. Such risks continue to grow with the increasing speed, sophistication, and volume of reported attacks, as well as the decreasing period of the time from vulnerability announcement to attempted exploits. The process of applying software patches to fix flaws, referred to as patch management, is a critical process to help secure systems from attacks. The Chairmen of the House Committee on Government Reform and its Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census requested that GAO assess the (1) reported status of 24 selected agencies in performing effective patch management practices, (2) patch management tools and services available to federal agencies, (3) challenges to performing patch management, and (4) additional steps that can be taken to mitigate the risks created by software vulnerabilities."
Date: June 2, 2004
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Protecting Personally Identifiable Information

Description: A letter report issued by the Government Accountability Office with an abstract that begins "The loss of personally identifiable information can result in substantial harm, embarrassment, and inconvenience to individuals and may lead to identity theft or other fraudulent use of the information. As shown in prior GAO reports, compromises to such information and long-standing weaknesses in federal information security raise important questions about what steps federal agencies should take to prevent them. As the federal government obtains and processes information about individuals in increasingly diverse ways, properly protecting this information and respecting the privacy rights of individuals will remain critically important. GAO was requested to (1) identify the federal laws and guidance issued to protect personally identifiable information from unauthorized use or disclosure and (2) describe agencies' progress in developing policies and documented procedures that respond to recent guidance from the Office of Management and Budget (OMB) to protect personally identifiable information that is either accessed remotely or physically transported outside an agency's secured physical perimeter. To do so, GAO reviewed relevant laws and guidance, surveyed officials at 24 major federal agencies, and examined and analyzed agency documents, including policies, procedures, and plans. In commenting on a draft of this report, OMB stated that it generally agreed with the report's contents."
Date: January 25, 2008
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: Software Change Controls at the Department of Labor

Description: Correspondence issued by the General Accounting Office with an abstract that begins "Pursuant to a congressional request, GAO reviewed software change controls at the Department of Labor (DOL), focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for Year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts."
Date: June 30, 2000
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: SSA's Computer Intrusion Detection Capabilities

Description: Correspondence issued by the General Accounting Office with an abstract that begins "GAO reviewed the Social Security Administration's (SSA) computing environment, focusing on its policies, procedures, and techniques designed to detect, respond to, and report on incidents of computer intrusion and misuse."
Date: October 27, 1999
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Software Change Controls at the Department of Veterans Affairs

Description: Correspondence issued by the General Accounting Office with an abstract that begins "Pursuant to a congressional request, GAO reviewed the Department of Veteran Affairs' (VA) software change controls, focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts."
Date: June 30, 2000
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Software Change Controls at the Department of Defense

Description: Correspondence issued by the General Accounting Office with an abstract that begins "Pursuant to a congressional request, GAO reviewed software change controls at the Department of Defense (DOD), focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts."
Date: June 30, 2000
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Software Change Controls at the Department of Health and Human Services

Description: Correspondence issued by the General Accounting Office with an abstract that begins "Pursuant to a congressional request, GAO reviewed software change controls at the Department of Health and Human Services (HHS), focusing on: (1) weaknesses regarding formal policies and procedures; (2) contract oversight; and (3) background screening of personnel."
Date: June 30, 2000
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Improving Oversight of Access to Federal Systems and Data by Contractors Can Reduce Risk

Description: A letter report issued by the Government Accountability Office with an abstract that begins "The federal government increasingly relies on information technology (IT) systems to provide essential services affecting the health, economy, and defense of the nation. To assist in providing these important services, the federal government relies extensively on contractors to provide IT services and systems. In addition to contractors that provide systems and services to the federal government, other organizations possess or use federal information or have access to federal information systems. These other organizations with privileged access to federal data and systems can include grantees, state and local governments, and research and educational institutions. The Office of Management and Budget (OMB) cited contractor security as a governmentwide challenge in a 2001 information security report to Congress. Recognizing the need for agencies to have effective information security programs, Congress passed the Federal Information Security Management Act of 2002 (FISMA), which provides the overall framework for ensuring the effectiveness of information security controls that support federal operations and assets. FISMA requirements apply to all federal contractors and organizations or sources that possess or use federal information or that operate, use, or have access to federal information systems on behalf of an agency. Our objectives were to (1) describe the information security risks associated with the federal government's reliance on contractor-provided IT systems and services and other users with privileged access to federal data and systems; (2) identify methods used by federal agencies to ensure security of information and information systems that are operated, used, or accessed by contractors and other users with privileged access to federal data; and (3) discuss steps the administration is taking to ensure implementation and oversight of security of information and information systems that are operated, used, or accessed by contractors and other users with ...
Date: April 22, 2005
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: Actions Needed to Manage, Protect, and Sustain Improvements to Los Alamos National Laboratory's Classified Computer Network

Description: A letter report issued by the Government Accountability Office with an abstract that begins "The Los Alamos National Laboratory (LANL), which is overseen by the National Nuclear Security Administration (NNSA), has experienced a number of security lapses in controlling classified information stored on its classified computer network. GAO was requested to (1) assess the effectiveness of security controls LANL used to protect information on its classified network, (2) assess whether LANL had fully implemented an information security program to ensure that security controls were effectively established and maintained for its classified network, and (3) identify the expenditures used to operate and support its classified network from fiscal years 2001 through 2008. To carry out this work, GAO examined security policies and procedures and reviewed LANL's access controls for protecting information on its classified network."
Date: October 14, 2009
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: Software Change Controls at the Department of the Treasury

Description: Correspondence issued by the General Accounting Office with an abstract that begins "Pursuant to a congressional request, GAO reviewed software change controls at the Department of the Treasury, focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts."
Date: June 30, 2000
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Agencies Need to Implement Consistent Processes In Authorizing Systems for Operation

Description: A letter report issued by the General Accounting Office with an abstract that begins "The Office of Management and Budget (OMB) requires agencies to certify the security controls of their information systems and to formally authorize and accept the risk associated with their operation (a process known as accreditation). These processes support requirements of the Federal Information Security Management Act of 2002 (FISMA). Further, OMB requires agencies to report the number of systems authorized following certification and accreditation as one of the key FISMA performance measures. In response to the Congressional request, GAO (1) identified existing governmentwide requirements and guidelines for certifying and accrediting information systems, (2) determined the extent to which agencies have reported their systems as certified and accredited, and (3) assessed whether their processes provide consistent, comparable results and adequate information for authorizing officials."
Date: June 28, 2004
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, but Work Remains

Description: A letter report issued by the Government Accountability Office with an abstract that begins "Many federal operations are supported by automated systems that may contain sensitive information such as national security information that, if lost or stolen, could be disclosed for improper purposes. Compromises of sensitive information at numerous federal agencies have raised concerns about the extent to which such information is vulnerable. The use of technological controls such as encryption--the process of changing plaintext into ciphertext--can help guard against the unauthorized disclosure of sensitive information. GAO was asked to determine (1) how commercially available encryption technologies can help agencies protect sensitive information and reduce risks; (2) the federal laws, policies, and guidance for using encryption technologies; and (3) the extent to which agencies have implemented, or plan to implement, encryption technologies. To address these objectives, GAO identified and evaluated commercially available encryption technologies, reviewed relevant laws and guidance, and surveyed 24 major federal agencies."
Date: June 27, 2008
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: Software Change Controls at the Department of Energy

Description: Correspondence issued by the General Accounting Office with an abstract that begins "Pursuant to a congressional request, GAO reviewed software change controls at the Department of Energy (DOE), focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts."
Date: June 30, 2000
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Information Security: Sustained Progress Needed to Strengthen Controls at the Securities and Exchange Commission

Description: A letter report issued by the Government Accountability Office with an abstract that begins "In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Integrating effective information security controls into a layered control strategy is essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misuse, disclosure, or destruction. As part of its audit of SEC's financial statements, GAO assessed (1) SEC's actions to correct previously reported information security weaknesses and (2) the effectiveness of controls for ensuring the confidentiality, integrity, and availability of SEC's information systems and information. To do this, GAO examined security policies and artifacts, interviewed pertinent officials, and conducted tests and observations of controls in operation."
Date: March 27, 2007
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: Cyber Threats Facilitate Ability to Commit Economic Espionage

Description: Testimony issued by the Government Accountability Office with an abstract that begins "The nation faces an evolving array of cyber-based threats arising from a variety of sources. These sources include criminal groups, hackers, terrorists, organization insiders, and foreign nations engaged in crime, political activism, or espionage and information warfare. These threat sources vary in terms of the capabilities of the actors, their willingness to act, and their motives, which can include monetary gain or political advantage, among others. Moreover, potential threat actors have a variety of attack techniques at their disposal, which can adversely affect an organization’s computers or networks and be used to intercept or steal valuable information. The magnitude of the threat is compounded by the ever-increasing sophistication of cyber attack techniques, such as attacks that may combine multiple techniques. Using these techniques, threat actors may target individuals and businesses, resulting in, among other things, loss of sensitive personal or proprietary information."
Date: June 28, 2012
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Information Security: NRC's Computer Intrusion Detection Capabilities

Description: Correspondence issued by the General Accounting Office with an abstract that begins "GAO reviewed the Nuclear Regulatory Commission's (NRC) policies and practices regarding intrusion detection and response capabilities in the federal government."
Date: August 27, 1999
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department