Federal Family Education Loan Information System

Weak Computer Controls Increase Risk of Unauthorized Access to Sensitive Data Gao ID: AIMD-95-117 June 12, 1995

Controls over the Federal Education Loan Program information system, which is operated by a contractor for the Education Department, are critical to safeguarding assets, maintaining sensitive loan data, and ensuring the reliability of financial management information. GAO found that Education's general controls over the system failed to adequately protect sensitive files, applications programs, and systems software from unauthorized access, changes, or disclosure.

GAO found that: (1) Education's general controls over the FFELP information system do not adequately protect the system from unauthorized access, since outside users can potentially bypass access controls; (2) Education has improved the system's access controls, segregated computer system duties, and prepared and tested disaster recovery plans; (3) despite improvements, major weaknesses continue in controlling system access and systems software changes; (4) FFELP access and systems software control deficiencies have resulted primarily from Education's overall weak computer security administration; and (5) Education has not yet developed adequate policies and procedures in key control areas.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.