Information Security: Software Change Controls at the Department of Defense

Abstract

This letter summarizes the results of our recent review of software change controls at the Department of Defense (DOD). Controls over access to and modification of software are essential in providing reasonable assurance that system-based security controls are not compromised. Without proper software change controls, there are risks that security features could be inadvertently or deliberately omitted or rendered inoperable, processing irregularities could occur, or malicious code could be introduced. If related personnel policies for background checks and system access controls are not adequate, there is a risk that untrustworthy and untrained individuals may have unrestricted access to software code, terminated employees may have the opportunity to compromise systems, and unauthorized actions may not be detected.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 30, 2000
Accession Number
AD1167736

Entities

People

  • David L. Mcclure

Organizations

  • United States Government Accountability Office

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Accounting
  • Air Force
  • Application Software
  • Best Practices
  • Computer Access Control
  • Computer Programs
  • Contractors
  • Contracts
  • Department Of Defense
  • Electronic Mail
  • Governments
  • Guidance
  • Information Security
  • Information Systems
  • Operating Systems
  • Security
  • System Software
  • United States

Fields of Study

  • Computer science

Readers

  • Computer Science.
  • Cybersecurity.
  • Systems Analysis and Design