Information Security

Software Change Controls at the Department of Transportation Gao ID: AIMD-00-193R June 30, 2000

Pursuant to a congressional request, GAO reviewed software change controls at the Department of Transportation (DOT), focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts.

GAO noted that: (1) at DOT, GAO identified concerns in 3 control areas--formal policies and procedures, contract oversight, and awareness of contractor and foreign national personnel involvement in software change activities; (2) although DOT had established departmentwide guidance for software management, implementation was delegated to DOT components, which did not consistently apply or adopt the requirements; (3) GAO found that agency officials were not familiar with contractor practices for software management; (4) at the Bureau of Transportation Statistics (BTS), the Office of the Secretary of Transportation (OST), and the Coast Guard, data on contracts used for remediation were not readily available; (5) this is of potential concern because 171 of DOT's mission-critical federal systems covered by GAO's study involved the use of contractors for year 2000 remediation; (6) GAO determined that background screenings of personnel involved in the software change process were a routine security control for federal, contractor, and foreign national personnel involved in making changes to software; (7) however, officials at BTS, the Federal Highway Administration (FHwA), the National Highway Traffic and Safety Administration (NHTSA), and the Research and Special Programs Administration told GAO that 13 contracts for remediation services of 64 mission-critical systems did not include provisions for background checks of contractor staff; (8) officials at FHwA, the Federal Railroad Administration, NHTSA, OST, the Transportation Administrative Service Center, and Coast Guard told GAO that foreign nationals were employed on 12 of 41 contracts for remediation services; and (9) complete data on the involvement of foreign nationals in software change process activities at DOT headquarters, FHwA, OST, the Surface Transportation Board, and the Coast Guard were not readily available.



The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.