Computer Security
Status of Compliance With the Computer Security Act of 1987 Gao ID: IMTEC-88-61BR September 22, 1988Pursuant to a congressional request, GAO reviewed whether federal agencies complied with provisions of the Computer Security Act of 1987, specifically whether, by July 8, 1988: (1) the Office of Personnel Management (OPM) had issued regulations prescribing the procedures and scope of training for federal civilian employees; and (2) federal agencies had identified which computer systems contained sensitive information.
GAO found that: (1) OPM distributed an interim training regulation on July 8, 1988, which did not become effective until July 13, 1988; (2) 65 of 84, or about 77 percent of the federal agencies subject to the act, reported that, as of July 8, 1988, they had identified all of their computer systems that contained sensitive information; (3) nine agencies reported that they had identified all of their systems as of September 8, 1988; (4) six agencies estimated that they would complete identification by December 1988; and (5) four agencies did not respond to the questionnaire.