Justice Automation

Tighter Computer Security Needed Gao ID: IMTEC-90-69 July 30, 1990

Pursuant to a congressional request, GAO reviewed the Department of Justice's (DOJ) computer security program, focusing on compliance with the Computer Security Act of 1987 and other applicable laws and regulations.

GAO found that: (1) DOJ computer security program weaknesses posed significant risks to the integrity of its computer systems and sensitive information within its organizations; (2) weaknesses included security deficiencies, unprepared or untested contingency plans, and inadequate security training; (3) although DOJ moved its main data center operations from an older facility to improve computer operations security, the new center's material security weaknesses could adversely affect its operations and pose significant risks to litigating organizations' data; and (4) data center weaknesses included inadequate physical security, inadequate contingency planning and risk assessment, computer operations weaknesses, long-standing security weaknesses, and inadequate oversight.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.