<mods xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.loc.gov/mods/v3" version="3.3" xsi:schemaLocation="http://www.loc.gov/mods/v3 http://www.loc.gov/standards/mods/v3/mods-3-3.xsd" ID="P0b002ee180387f4c">
<name type="corporate">
 <namePart>United States Government Publishing Office</namePart>
 <role>
  <roleTerm authority="marcrelator" type="text">publisher</roleTerm>
  <roleTerm authority="marcrelator" type="code">pbl</roleTerm>
</role>
 <role>
  <roleTerm authority="marcrelator" type="text">distributor</roleTerm>
  <roleTerm authority="marcrelator" type="code">dst</roleTerm>
</role>
</name>
<name type="corporate">
 <namePart>United States</namePart>
 <namePart>Government Accountability Office</namePart>
 <role>
  <roleTerm authority="marcrelator" type="text">author</roleTerm>
  <roleTerm authority="marcrelator" type="code">aut</roleTerm>
</role>
 <description>Government Organization</description>
</name>
<typeOfResource>text</typeOfResource>
<genre authority="marcgt">government publication</genre>
<language>
 <languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</language>
<extension>
 <collectionCode>GAOREPORTS</collectionCode>
 <category>Legislative Agency Publications</category>
 <waisDatabaseName>gao</waisDatabaseName>
 <branch>legislative</branch>
 <dateIngested>2010-08-12</dateIngested>
</extension>
<originInfo>
 <publisher>U.S. Government Printing Office</publisher>
 <dateIssued encoding="w3cdtf">2006-10-20</dateIssued>
 <issuance>monographic</issuance>
</originInfo>
<physicalDescription>
 <note type="source content type">deposited</note>
 <digitalOrigin>born digital</digitalOrigin>
 <extent>28 p.</extent>
</physicalDescription>
<classification authority="sudocs">GA 1.13:GAO-07-65</classification>
<identifier type="uri">https://www.govinfo.gov/app/details/GAOREPORTS-GAO-07-65</identifier>
<identifier type="local">P0b002ee180387f4c</identifier>
<identifier type="former package identifier">f:d0765</identifier>
<recordInfo>
 <recordContentSource authority="marcorg">DGPO</recordContentSource>
 <recordCreationDate encoding="w3cdtf">2010-08-12</recordCreationDate>
 <recordChangeDate encoding="w3cdtf">2011-03-24</recordChangeDate>
 <recordIdentifier source="DGPO">GAOREPORTS-GAO-07-65</recordIdentifier>
 <recordOrigin>machine generated</recordOrigin>
 <languageOfCataloging>
  <languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</languageOfCataloging>
</recordInfo>
<accessCondition type="GPO scope determination">fdlp</accessCondition>
<extension>
 <docClass>REPORT</docClass>
 <accessId>GAOREPORTS-GAO-07-65</accessId>
 <reportNumber>GAO-07-65</reportNumber>
 <subject>Documentation</subject>
 <subject>Government information</subject>
 <subject>Information management</subject>
 <subject>Information security</subject>
 <subject>Information technology</subject>
 <subject>Internal controls</subject>
 <subject>Policy evaluation</subject>
 <subject>Security assessments</subject>
 <subject>Systems evaluation</subject>
 <subject>Systems testing</subject>
 <type>Other Written Product</type>
 <accountNo>A62544</accountNo>
 <law congress="107" isPrivate="false" number="347"></law>
</extension>
<titleInfo>
 <title>Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing</title>
</titleInfo>
<abstract>Agencies rely extensively on computerized information systems and
electronic data to carry out their missions. To ensure the	 
security of the information and information systems that support 
critical operations and infrastructure, federal law and policy	 
require agencies to periodically test and evaluate the		 
effectiveness of their information security controls at least	 
annually. GAO was asked to evaluate the extent to which agencies 
have adequately designed and effectively implemented policies for
testing and evaluating their information security controls. GAO  
surveyed 24 major federal agencies and analyzed their policies to
determine whether the policies address important elements for	 
periodic testing. GAO also examined testing documentation at 6	 
agencies to assess the quality and effectiveness of testing on 30
systems.</abstract>
<location>
 <url displayLabel="HTML rendition" access="raw object">https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-07-65/html/GAOREPORTS-GAO-07-65.htm</url>
 <url displayLabel="PDF rendition" access="raw object">https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-07-65/pdf/GAOREPORTS-GAO-07-65.pdf</url>
</location>
<identifier type="preferred citation">GAO-07-65</identifier>
<location>
 <url displayLabel="Content Detail" access="object in context">https://www.govinfo.gov/app/details/GAOREPORTS-GAO-07-65</url>
</location>
<note>Other Written Product</note>
<extension>
 <searchTitle>GAO-07-65; Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing;
            </searchTitle>
</extension>
<subject>
 <topic>Documentation</topic>
 <topic>Government information</topic>
 <topic>Information management</topic>
 <topic>Information security</topic>
 <topic>Information technology</topic>
 <topic>Internal controls</topic>
 <topic>Policy evaluation</topic>
 <topic>Security assessments</topic>
 <topic>Systems evaluation</topic>
 <topic>Systems testing</topic>
</subject>
<relatedItem type="isReferencedBy">
 <titleInfo>
  <title>United States Public Law 347 (107th Congress)</title>
</titleInfo>
 <identifier type="public law citation">Public Law 107-347</identifier>
</relatedItem>
</mods>