Information Security: Additional Actions Needed to Fully Implement Reform Legislation.

摘要

This reports discusses efforts by the federal government to implement provisions for Government Information Security Reform (the reform provisions) that were enacted as part of the National Defense Authorization Act for Fiscal Year 2001. Federal agencies rely extensively on computerized systems and electronic data to support their missions and critical operations. Concerned with reports that continuing, pervasive security weaknesses place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosures of sensitive information, the Congress enacted the reform provisions to reduce these risks and provide more effective oversight of federal information security. This report first describes some of the improvement efforts and benefits that have resulted from this first year implementation of the reform provisions. Next described are the results of our evaluation of actions by the Office of Management and Budget (0MB), 24 of the largest federal agencies, and these agencies' Inspectors general (IGs) to implement the reform provisions. Also summarized is the overall results of these actions and, in particular, note any challenges to effective implementation or oversight of the reform provisions.