Federal Information Systems Remain Highly Vulnerable to Fraudulent, Wasteful, Abusive, and Illegal Practices

Gao ID: MASAD-82-18 April 21, 1982

GAO was requested to evaluate the information security programs in the executive agencies. Specifically, GAO was asked to address: (1) whether the Office of Management and Budget (OMB) guidelines, if fully implemented by the executive agencies, provide an acceptable level of protection over information systems; (2) whether the central agencies fulfill their governmentwide information security program responsibilities; (3) what the executive agencies are doing to implement governmentwide information security program policy and guidance; and (4) what the executive agencies must do to achieve a reasonable level of protection over their automated information systems, particularly those using telecommunications networks. An examination was made of the vulnerability of automated information systems in the executive agencies to abusive and unauthorized practices.

GAO found that: (1) OMB Circular A-71 was not sufficiently comprehensive to provide needed policy and guidance to executive agencies for establishing reasonable levels of protection; (2) the central agencies have not fulfilled their automated information security program responsibilities; (3) executive agencies are doing little to implement information security program policy and guidance; and (4) executive agencies have not developed and maintained a total system of controls to eliminate the fraudulent, wasteful, abusive, and illegal practices to which their automated information systems have been and are being subjected. These conditions have precluded the establishment and maintenance of a reasonable level of protection over automated information systems used by executive agencies. GAO noted the following specific problems: (1) deficiencies in OMB Circular A-71 have left some executive agencies confused as to the nature and extent to which it should be implemented and its application to the automated systems; (2) the ineffective information security programs of the central agencies have been a primary contributing factor to the continuing vulnerability of the automated information systems in the executive agencies; and (3) the increasing federal investments in automated information systems have resulted in growing vulnerability to fraudulent, wasteful, abusive, and illegal practices because greater concentrations of information are accessible from remote terminals.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Thomas P. Giammo Team: General Accounting Office: Information Management and Technology Division Phone: (202) 275-3195


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.