Information Security: Continued Efforts Needed to Fully Implement Statutory Requirements

Since 1996, GAO has reported that poor information security in the federal government is a widespread problem with potentially devastating consequences. Further, GAO has identified information security as a governmentwide high-risk issue in reports to the Congress since 1997--most recently in January 2003. To strengthen information security practices throughout the federal government, information security legislation has been enacted. This testimony discusses efforts by federal departments and the administration to implement information security requirements mandated by law. In so doing, it examines overall information security weaknesses and challenges that the government faces, and the status of actions to address them, as reported by the Office of Management and Budget (OMB). GAO's evaluation of agency efforts to implement federal information security requirements and correct identified weaknesses. New requirements mandated by the Federal Information Security Management Act of 2002 (FISMA).