GAO gets specific about security costs and tests

GAO gets specific about security costs and tests

The General Accounting Office yesterday made nine recommendations to the Office of Management and Budget to help agencies adhere to the Government Information Security Reform Act of 2001. The suggestions followed a March hearing on government efforts to implement GISRA provisions. GAO stated that OMB's February report on the act's progress was not specific enough.

The recommendations, GAO said, should be enacted immediately to help Congress frame legislation to extend the law.

GAO advised OMB to provide agencies with:
  • Metrics to gauge their performance

  • Specific definitions and examples of security costs

  • Detailed descriptions of the scope of annual management reviews and annual system testing.

  • GAO also asked that agencies be allowed to show their corrective action plans to Congress despite OMB's objection that the plans are too closely related to fiscal 2003 budgeting.

    Finally, GAO said, OMB should encourage inspectors general to test the security of nonfinancial as well as financial systems, evaluate corrective action plans and obtain the resources to complete security audits.

    OMB generally agreed with the recommendations. Officials said they have drafted revised guidance for fiscal 2002 reporting that would comply with some of the GAO recommendations.

    Stay Connected

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.