Central Agencies' Compliance With OMB Circular A-71, Transmittal Memorandum No. 1

GAO summarized actions taken by the Office of Management and Budget (OMB) in its leadership role relating to agencies' automated systems security programs and actions taken by key central agencies to comply with the requirements of OMB Circular A-71, transmittal memorandum No. 1, entitled "Security of Federal Automated Information Systems."

A task team's evaluations of agencies' plans showed that substantial differences existed in how agencies interpreted the memorandum's requirements and approaches to strengthening their computer security. OMB therefore issued a second set of plans, with a subsequent critique which identified two frequent weaknesses in implementation: a lack of provisions for personnel security, and inadequate contingency plans. OMB has established a new office which will play a Government-wide policy role and review agencies' implementation of Federal regulatory policies, reports management policies, and information policies. The OMB memorandum required: the Department of Commerce to develop and issue computer security standards and guidelines to ensure the security of automated information; the General Services Administration to issue policies and regulations for the physical security of computer rooms and to ensure that agency procurement requests for computers, software, and related services include appropriate security requirements; and the Office of Personnel Management to establish personnel security policies for Federal personnel associated with or having access to data in Federal computer systems. The agencies are in the process of issuing and implementing the appropriate guidelines and requirements.