Status of Compliance With the Computer Security Act of 1987

Gao ID: T-IMTEC-88-8 September 22, 1988

In response to a congressional request, GAO discussed federal agencies' compliance with Computer Security Act of 1987 requirements to: (1) establish training programs; and (2) identify computer systems that contain sensitive information. GAO found that: (1) 74 of the 89 agencies identified all of their sensitive systems; (2) six agencies had not yet identified all of their sensitive systems; and (3) four agencies did not respond because they were not sure whether they were subject to the act. GAO also found that: (1) the Navy reported 27,000 sensitive systems, which was about half of the total systems reported; (2) the Army reported 12,000 sensitive systems; (3) the Air Force reported 10,000 sensitive systems; (4) other Department of Defense components reported 3,000 sensitive systems; (5) all other civilian agencies reported about 1,400 sensitive systems; and (6) the Office of Personnel Management's training regulation became effective 5 days after the act's deadline.



The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.