GAO report finds that Federal Agencies have ‘persistent weaknesses’ in information security

As part of its duties under the Federal Information Security Management Act of 2002 (FISMA), GAO has published a report into the adequacy of information security measures within US Federal Agencies and the effectiveness of agencies' implementation of FISMA requirements.

GAO has found that ‘significant weaknesses in information security policies and practices threaten the confidentiality, integrity, and availability of critical information and information systems used to support the operations, assets, and personnel of most federal agencies.’

Almost all of the major federal agencies had weaknesses in one or more areas of information security controls. Most agencies did not implement controls to sufficiently prevent, limit, or detect access to computer resources. In addition, agencies did not always manage the configuration of network devices to prevent unauthorized access and ensure system integrity, such as patching key servers and workstations in a timely manner; assign incompatible duties to different individuals or groups so that one individual does not control all aspects of a process or transaction; or maintain or test continuity of operations plans for key information systems.

Read the report http://www.gao.gov/new.items/d07837.pdf

•Date: 30th July 2007• Region: US •Type: Article •Topic: ISM
Rate this article or make a comment - click here