<mods xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.loc.gov/mods/v3" version="3.3" xsi:schemaLocation="http://www.loc.gov/mods/v3 http://www.loc.gov/standards/mods/v3/mods-3-3.xsd" ID="P0b002ee18038f709">
<name type="corporate">
 <namePart>United States Government Publishing Office</namePart>
 <role>
  <roleTerm authority="marcrelator" type="text">publisher</roleTerm>
  <roleTerm authority="marcrelator" type="code">pbl</roleTerm>
</role>
 <role>
  <roleTerm authority="marcrelator" type="text">distributor</roleTerm>
  <roleTerm authority="marcrelator" type="code">dst</roleTerm>
</role>
</name>
<name type="corporate">
 <namePart>United States</namePart>
 <namePart>Government Accountability Office</namePart>
 <namePart>Accounting and Information Management Division</namePart>
 <role>
  <roleTerm authority="marcrelator" type="text">author</roleTerm>
  <roleTerm authority="marcrelator" type="code">aut</roleTerm>
</role>
 <description>Government Organization</description>
</name>
<typeOfResource>text</typeOfResource>
<genre authority="marcgt">government publication</genre>
<language>
 <languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</language>
<extension>
 <collectionCode>GAOREPORTS</collectionCode>
 <category>Legislative Agency Publications</category>
 <waisDatabaseName>gao</waisDatabaseName>
 <branch>legislative</branch>
 <dateIngested>2010-08-12</dateIngested>
</extension>
<originInfo>
 <publisher>U.S. Government Printing Office</publisher>
 <dateIssued encoding="w3cdtf">1999-12-23</dateIssued>
 <issuance>monographic</issuance>
</originInfo>
<physicalDescription>
 <note type="source content type">deposited</note>
 <digitalOrigin>born digital</digitalOrigin>
 <extent>44 p.</extent>
</physicalDescription>
<classification authority="sudocs">GA 1.13:AIMD-00-55</classification>
<identifier type="uri">https://www.govinfo.gov/app/details/GAOREPORTS-AIMD-00-55</identifier>
<identifier type="local">P0b002ee18038f709</identifier>
<identifier type="former package identifier">f:ai00055</identifier>
<recordInfo>
 <recordContentSource authority="marcorg">DGPO</recordContentSource>
 <recordCreationDate encoding="w3cdtf">2010-08-12</recordCreationDate>
 <recordChangeDate encoding="w3cdtf">2011-03-28</recordChangeDate>
 <recordIdentifier source="DGPO">GAOREPORTS-AIMD-00-55</recordIdentifier>
 <recordOrigin>machine generated</recordOrigin>
 <languageOfCataloging>
  <languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</languageOfCataloging>
</recordInfo>
<accessCondition type="GPO scope determination">fdlp</accessCondition>
<extension>
 <docClass>REPORT</docClass>
 <accessId>GAOREPORTS-AIMD-00-55</accessId>
 <reportNumber>AIMD-00-55</reportNumber>
 <subject>Computer security</subject>
 <subject>Data integrity</subject>
 <subject>Y2K</subject>
 <subject>Computer software verification and validation</subject>
 <subject>Contractor personnel</subject>
 <subject>Air traffic control systems</subject>
 <subject>Security clearances</subject>
 <subject>Contract administration</subject>
 <subject>Internal controls</subject>
 <subject>Aliens</subject>
 <identifier>Y2K</identifier>
 <identifier>FAA Display System Replacement</identifier>
 <identifier>FAA Automated Radar Terminal System IIIA</identifier>
 <identifier>FAA Voice Switching and Control System</identifier>
 <identifier>FAA Year 2000 Program</identifier>
 <type>Letter Report</type>
 <seriesAbbrev>AIMD</seriesAbbrev>
</extension>
<titleInfo>
 <title>Computer Security: FAA Needs to Improve Controls Over Use</title>
</titleInfo>
<abstract>Pursuant to a congressional request, GAO provided information on the
Federal Aviation Administration&apos;s (FAA) security controls over
information on the foreign nationals involved in remediating and
reviewing software, focusing on: (1) the extent to which foreign
nationals were involved in year 2000 code remediation and subsequent
code review activities at FAA; and (2) FAA&apos;s policies covering this
involvement.&lt;p/&gt;GAO noted that: (1) FAA policy requires system owners and users to
prepare risk assessments for all contractor tasks, and to have
background investigations conducted for all contractor employees in
high-risk positions; (2) FAA also requires more limited background
checks for moderate- and low-risk positions; (3) FAA&apos;s mission-critical
systems requiring year 2000 repairs--including some of the most
important systems supporting the air traffic control system--were
remediated by a mix of FAA and contractor employees and, in the case of
commercial-off-the-shelf products, by the product vendors; (4) while FAA
did not maintain detailed information on individuals assigned to perform
year 2000 code remediation, FAA compiled some of this information in
response to GAO&apos;s request; (5) in doing so, FAA identified instances
where foreign nationals, employed by contractors, performed year 2000
code remediation activities; (6) of 153 mission-critical systems that
were remediated, 15 had foreign national involvement--including Chinese,
Ukrainian, and Pakistani nationals; (7) FAA was unable to provide any
information about the individuals who performed code remediation for 4
of the 153 systems; (8) with regard to code reviews, 20 key
mission-critical systems have been, or are in the process of being,
reviewed by two contractors who have foreign national employees; (9) one
code review contractor employed 36 mainland Chinese nationals while the
other employed one Canadian national; (10) FAA, however, did not perform
background searches on all of its contractor employees, as required by
policy; (11) the agency did not perform risk assessments and was unaware
of whether it or the contractor had performed background searches on all
the contractor employees, including the foreign nationals; (12) during
GAO&apos;s review, GAO found instances where background searches of foreign
nationals were not performed; (13) FAA&apos;s failure to perform risk
assessments, its lack of complete information on whether background
searches were performed, and the fact that some foreign nationals did
not undergo background searches have increased the risk that
inappropriate individuals may have gained access to FAA&apos;s facilities,
information, or resources; and (14) as a result, the air traffic control
system may be more susceptible to intrusion and malicious attacks.</abstract>
<location>
 <url displayLabel="HTML rendition" access="raw object">https://www.govinfo.gov/content/pkg/GAOREPORTS-AIMD-00-55/html/GAOREPORTS-AIMD-00-55.htm</url>
 <url displayLabel="PDF rendition" access="raw object">https://www.govinfo.gov/content/pkg/GAOREPORTS-AIMD-00-55/pdf/GAOREPORTS-AIMD-00-55.pdf</url>
</location>
<identifier type="preferred citation">GAO/AIMD-00-55</identifier>
<location>
 <url displayLabel="Content Detail" access="object in context">https://www.govinfo.gov/app/details/GAOREPORTS-AIMD-00-55</url>
</location>
<note>Letter Report</note>
<extension>
 <searchTitle>GAO/AIMD-00-55; Computer Security: FAA Needs to Improve Controls Over Use;
            </searchTitle>
</extension>
<subject>
 <topic>Computer security</topic>
 <topic>Data integrity</topic>
 <topic>Y2K</topic>
 <topic>Computer software verification and validation</topic>
 <topic>Contractor personnel</topic>
 <topic>Air traffic control systems</topic>
 <topic>Security clearances</topic>
 <topic>Contract administration</topic>
 <topic>Internal controls</topic>
 <topic>Aliens</topic>
 <topic>Y2K</topic>
 <topic>FAA Display System Replacement</topic>
 <topic>FAA Automated Radar Terminal System IIIA</topic>
 <topic>FAA Voice Switching and Control System</topic>
 <topic>FAA Year 2000 Program</topic>
</subject>
</mods>