Accession Number:



INFORMATION SECURITY: Department of Education and Other Federal Agencies Need to Better Implement Controls

Descriptive Note:

[Technical Report, Congressional Testimony]

Corporate Author:

United States Government Accountability Office

Report Date:


Pagination or Media Count:



The federal government faces an evolving array of cyber-based threats to its systems and data, and data breaches at federal agencies have compromised sensitive personal information, affecting millions of people. Education, in carrying out its mission of serving Americas students, relies extensively on IT systems that collect and process a large amount of sensitive information. Accordingly, it is important for federal agencies such as Education to implement information security programs that can help protect systems and networks. GAO has identified federal information security as a government-wide high-risk area since 1997, and in February 2015 expanded this to include protecting the privacy of personally identifiable information. This statement provides information on cyber threats facing federal systems and information security weaknesses identified at federal agencies, including Education. In preparing this statement, GAO relied on previously published work and updated data on security incidents and federal cybersecurity efforts. Over the past 6 years, GAO has made about 2,000 recommendations to federal agencies to correct weaknesses and fully implement agency-wide information security programs. Agencies have implemented about 58 percent of these recommendations. Agency inspectors general have also made a multitude of recommendations to assist their agencies.

Subject Categories:

  • Computer Systems Management and Standards
  • Information Science
  • Government and Political Science

Distribution Statement:

[A, Approved For Public Release]