Information Security: Comments on the Proposed Federal Information Security Management Act of 2002

United States Government Publishing Office publisher pbl distributor dst United States Government Accountability Office author aut Government Organization text government publication eng GAOREPORTS Legislative Agency Publications gao legislative 2010-08-12 U.S. Government Printing Office 2002-05-02 monographic deposited born digital GA 1.13:GAO-02-677T https://www.govinfo.gov/app/details/GAOREPORTS-GAO-02-677T P0b002ee180376270 f:d02677t DGPO 2010-08-12 2011-03-24 GAOREPORTS-GAO-02-677T machine generated eng fdlp REPORT GAOREPORTS-GAO-02-677T GAO-02-677T Computer security Information resources management Proposed legislation Reporting requirements Testimony A03228 Information Security: Comments on the Proposed Federal Information Security Management Act of 2002 The Federal Information Security Management Act of 2002 reauthorizes and expands the information security, evaluation, and reporting requirements enacted in the National Defense Authorization Act for Fiscal Year 2001. Concerned that pervasive information security weaknesses place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosures of sensitive information, Congress enacted the Government Security Reform provisions (GISRA) for more effective oversight. The Federal Information Security Management Act also changes and clarifies information security issues noted in the first-year implementation of GISRA. In particular, the bill requires the development, promulgation of, and compliance with minimum mandatory management controls for securing information and information systems; requires annual agency reporting to both the Office of Management and Budget and the Comptroller General; and defines the evaluation responsibilities for national security systems. To ensure that information security receives appropriate attention and resources and that known deficiencies are addressed, it will be necessary to delineate the roles and responsibilities of the numerous entities involved; obtain adequate technical expertise to select, implement, and maintain controls; and allocate enough agency resources for information security. https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-02-677T/html/GAOREPORTS-GAO-02-677T.htm GAO-02-677T https://www.govinfo.gov/app/details/GAOREPORTS-GAO-02-677T Testimony GAO-02-677T; Information Security: Comments on the Proposed Federal Information Security Management Act of 2002; Computer security Information resources management Proposed legislation Reporting requirements United States Public Law 398 (106th Congress) Public Law 106-398