U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Information Security: Continued Efforts Needed To Sustain Progress in Implementing Statutory Requirements

NCJ Number
Robert F. Dacey
Date Published
March 2004
45 pages
This testimony by a representative of the U.S. General Accounting Office (GAO) before the U.S. House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census focuses on efforts by Federal departments and agencies as well as the administration to implement the requirements of the Federal Information Security Management Act of 2002 (FISMA).
The Office of Management and Budget (OMB) recently reported to the Congress on the Government's overall information security status. It documents significant strides in addressing long-standing problems in this area while identifying weaknesses that remain. One government-wide weakness identified is a lack of understanding by agency officials of their responsibilities for ensuring the security of information and systems. The OMB report presents an action plan for closing these gaps through both management and budgetary processes. FISMA data for fiscal year 2003 showed that the 24 Federal agencies reporting increased their compliance with the information security requirements of OMB's performance measures; however, the results reported by agencies varied widely, with some reporting that less than half of their systems met certain requirements. Further, GAO noted opportunities to improve the usefulness of reported performance management data, including independent validation of these data and completion of system inventories. The National Institute of Standards and Technology (NIST) made progress in developing security-related standards and guidance required by FISMA. These include standards to categorize systems according to potential impact in the event of a security breach and recommendations for controls for such systems. NIST advises, however, that current and future funding constraints could threaten its information security work. 27 notes