Accession Number:



Federal Information Security: Agencies Need to Correct Weaknesses and Fully Implement Security Programs

Descriptive Note:

[Technical Report, Congressional Report]

Corporate Author:

United States Government Accountability Office

Report Date:


Pagination or Media Count:



Why GAO Did This Study Since 1997, GAO has designated federal information security as a government-wide high risk area, and in 2003 expanded this area to include computerized systems supporting the nations critical infrastructure. In February 2015, in its high risk update, GAO further expanded this area to include protecting the privacy of personal information that is collected, maintained, and shared by both federal and nonfederal entities. FISMA required federal agencies to develop, document, and implement an agency-wide information security program. The act also assigned OMB with overseeing agencies implementation of security requirements. FISMA also included a provision for GAO to periodically report to Congress on 1 the adequacy and effectiveness of agencies information security policies and practices and 2 agencies implementation of FISMA requirements. GAO analyzed information security-related reports and data from 24 federal agencies, their inspectors general, and OMB reviewed prior GAO work examined documents from OMB and DHS and spoke to agency officials.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

[A, Approved For Public Release]