Federal Information Security: Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness

Abstract

FISMA requires the Comptroller General to periodically report to Congress on agency implementation of the act's provisions. To this end, this report summarizes GAO's evaluation of the extent to which agencies have implemented the requirements of FISMA, including the adequacy and effectiveness of agency information security policies and practices. To do this, GAO analyzed its previous information security reports, annual FISMA reports and other reports from the 24 major federal agencies, reports from inspectors general, and OMB's annual reports to Congress on FISMA implementation. GAO also interviewed agency officials at OMB, DHS, NIST, and 6 agencies selected using the total number of systems the agencies reported in fiscal year 2011.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2013
Accession Number
AD1163973

Entities

People

  • Gregory C. Wilshusen

Organizations

  • United States Government Accountability Office

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Accountability
  • Business Administration
  • Command And Control
  • Computer Network Security
  • Computer Networks
  • Computer Security Techniques
  • Congress
  • Cyber Threats
  • Cyberattacks
  • Cybersecurity
  • Department Of Homeland Security
  • Electronic Mail
  • Governments
  • Homeland Security
  • Information Security
  • Information Systems
  • Instructions
  • Law
  • National Governments
  • National Security
  • Personnel Management
  • Security
  • Security Personnel
  • Social Media
  • Standards
  • Test And Evaluation
  • Training
  • United States Government

Readers

  • Cybersecurity.
  • Defense Acquisition Program Management
  • Defense Financial Management and Audit.