Computer Security

DEA's Handling of Sensitive Drug Enforcement and National Security Information Is Inadequate Gao ID: T-IMTEC-92-24 September 30, 1992

GAO discussed computer security at the Drug Enforcement Administration (DEA). GAO noted that: (1) DEA relies heavily on computerized systems to access sensitive information; (2) DEA computer security risks included failure to identify computers processing sensitive information, use of unapproved equipment to process sensitive information, and unusually lax physical security over areas in which classified data were being processed; (3) DEA does not have an effective security program and has not complied with the Computer Security Act's requirements; (4) DEA employees did not enforce effective password security; (5) DEA allowed uncleared personnel access to sensitive areas; (6) DEA and the Department of Justice are taking action to identify and reduce computer security risks, but need to do more; and (7) Justice is taking a more active role in enforcing DEA compliance with computer security requirements.



The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.