Government Accountability Office

Overview
The U.S. Government Accountability Office (GAO) (formerly named the General Accounting Office) is an independent, nonpartisan agency that works for Congress. Often called the "congressional watchdog," the GAO investigates how the federal government spends taxpayer dollars. The head of GAO, the Comptroller General of the United States, is appointed to a 15-year term by the President from a slate of candidates Congress proposes.

The GAO's mission is to support Congress in meeting its constitutional responsibilities and to help improve the performance and ensure the accountability of the federal government for the benefit of the American people. It provides Congress with timely information that is objective, fact-based, nonpartisan, nonideological, fair, and balanced.

GAO reports
The following GAO reports are discussed in this wiki (in reverse chronological order):

2011

 * Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements (GAO-12-137) (Oct. 3, 2011).
 * Quadrennial Homeland Security Review (GAO-11-873) (Sept. 2011).
 * Electronic Government: Performance Measures for Projects Aimed at Promoting Innovation and Transparency Can Be Improved (GAO-11-775) (Sept. 2011).
 * Personal ID Verification: Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards (GAO-11-751) (Sept. 2011).
 * Data Mining: DHS Needs to Improve Executive Oversight of Systems Supporting Counterterrorism (GAO-11-742) (Sept. 2011).
 * Information Security: Federal Deposit Insurance Corporation Has Made Progress, but Further Actions Are Needed to Protect Financial Data (GAO-11-708) (Aug. 2011).
 * Cybersecurity: Continued Attention Needed to Protect Our Nation’s Critical Infrastructure (GAO-11-865T) (July 26, 2011).
 * Defense Department Cyber Efforts: DOD Faces Challenges In Its Cyber Activities (GAO-11-75) (July 2011).
 * Agencies Need Coordinated Guidance on Incorporating Telework into Emergency and Continuity Planning (GAO-11-628) (July 22, 2011).
 * Data Center Consolidation: Agencies Need to Complete Inventories and Plans to Achieve Expected Savings (GAO-11-565) (July 2011).
 * Information Security: State Has Taken Steps to Implement a Continuous Monitoring Application, but Key Challenges Remain (GAO-11-149) (July 2011)
 * Social Media: Federal Agencies Need Policies and Procedures for Managing and Protecting Information They Access and Disseminate (GAO-11-605) (June 2011).
 * Defense Department Cyber Efforts: More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities (GAO-11-421) (May 20, 2011).
 * Information Security: Agencies Make Progress in Implementation of Requirements, but Significant Weaknesses Persist (GAO-09-701T) (May 19, 2009).
 * Information Technology: Investment Oversight and Management Have Improved but Continued Attention Is Needed (GAO-11-454T) (Mar. 17, 2011).
 * Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure and Federal Information Systems (GAO-11-463T) (Mar. 16, 2011).
 * Combating Child Pornography: Steps Are Needed to Ensure That Tips to Law Enforcement Are Useful and Forensic Examinations Are Cost Effective (GAO-11-334) (Mar. 2011).
 * High-Risk Series: An Update (GAO-11-278) (Feb. 2011).
 * Electronic Prescribing: CMS Should Address Inconsistencies in Its Two Incentive Programs That Encourage the Use of Health Information Technology (GAO-11-159) (Feb. 2011).
 * Electricity Grid Modernization: Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed (GAO-11-117) (Jan. 12, 2011).

2010

 * Information Security: Federal Agencies Have Taken Steps to Secure Wireless Networks, but Further Actions Can Mitigate Risk (GAO-11-43) (Nov. 30, 2010).
 * Export Controls: Agency Actions and Proposed Reform Initiatives May Address Previously Identified Weaknesses, but Challenges Remain (GAO-11-135R) (Nov. 16, 2010).
 * Cyberspace Policy: Executive Branch Is Making Progress Implementing 2009 Policy Review Recommendations, but Sustained Leadership Is Needed (GAO-11-24) (Oct. 6, 2010).
 * Department of Homeland Security: Progress Made in Implementation and Transformation of Management Functions, but More Work Remains (GAO-10-911T) (Sept. 30, 2010).
 * Defense Exports: Reporting on Exported Articles and Services Needs to Be Improved (GAO-10-952) (Sept. 21, 2010).
 * Persian Gulf: U.S. Agencies Need to Improve Licensing Data and to Document Reviews of Arms Transfers for U.S. Foreign Policy and National Security Goals (GAO-10-918) (Sept. 20, 2010).
 * Information Security: Progress Made on Harmonizing Policies and Guidance for National Security and Non-National Security Systems (GAO-10-916) (Sept. 15, 2010).
 * Department of Homeland Security: Assessments of Selected Complex Acquisitions (GAO-10-588SP) (July 30, 2010).
 * Information Management: Challenges in Federal Agencies’ Use of Web 2.0 Technologies (GAO-10-872T) (July 22, 2010).
 * Critical Infrastructure Protection: Key Private and Public Cyber Expectations Need to Be Consistently Addressed (GAO-10-628) (July 15, 2010).
 * Cyberspace: United States Faces Challenges in Addressing Global Cybersecurity and Governance (GAO-10-606) (July 2, 2010).
 * Secure Border Initiative: DHS Needs to Follow Through on Plans to Reassess and Better Manage Key Technology Program (GAO-10-840T) (June 17, 2010).
 * Cybersecurity: Continued Attention Is Needed to Protect Federal Information Systems from Evolving Threats (GAO-10-834T) (June 16, 2010).
 * Cybersecurity: Key Challenges Need to Be Addressed to Improve Research and Development (GAO-10-466) (June 3, 2010).
 * Export Controls: Observations on Selected Countries' Systems and Proposed Treaties (GAO-10-557) (May 27, 2010).
 * Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing (GAO-10-513) (May 27, 2010).
 * Intellectual Property: Observations on Efforts to Quantify the Economic Effects of Counterfeit and Pirated Goods (GAO-10-423) (Apr. 12, 2010).
 * GAO Review of the Department of Homeland Security’s Certification of the Secure Flight Program—Cost and Schedule Estimates (GAO-10-535R) (Apr. 5, 2010).
 * Information Security: Agencies Need to Implement Federal Desktop Core Configuration Requirements (GAO-10-202) (Mar. 12, 2010).
 * Information Security: Concerted Effort Needed to Consolidate and Secure Internet Connections at Federal Agencies (GAO-10-237) (Mar. 12, 2010).
 * Cybersecurity: Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative (GAO-10-338) (Mar. 5, 2010).
 * Iran Sanctions: Complete and Timely Licensing Data Needed to Strengthen Enforcement of Export Restrictions (GAO-10-375) (Mar. 4, 2010).
 * Homeland Security: Better Use of Terrorist Watchlist Information and Improvements in Deployment of Passenger Checkpoint Technologies Could Further Strengthen Security (GAO-10-401T) (Jan. 27, 2010).

2009

 * Information Security: NASA Needs to Remedy Vulnerabilities in Key Networks (GAO-10-4) (Oct. 15, 2009).
 * Critical Infrastructure Protection: Current Cyber Sector-Specific Planning Approach Needs Reassessment (GAO-09-969) (Sept. 24, 2009).
 * Homeland Security: Despite Progress, DHS Continues to Be Challenged in Managing Its Multi-Billion Dollar Annual Investment in Large-Scale Information Technology Systems (GAO-09-1002T) (Sept. 15, 2009).
 * Information Security: Concerted Effort Needed to Improve Federal Performance Measures (GAO-09-617) (Sept. 14, 2009).
 * Information Security: Agencies Continue to Report Progress, but Need to Mitigate Persistent Weaknesses (GAO-09-546) (July 17, 2009).
 * Assessing the Reliability of Computer-Processed Data (GAO-09-680G) (July 1, 2009).
 * Cybersecurity: Continued Federal Efforts Are Needed to Protect Critical Systems and Information (GAO-09-835T) (June 25, 2009).
 * Export Controls: Fundamental Reexamination of System Is Needed to Help Protect Critical Technologies (GAO-09-767T) (June 4, 2009).
 * Military and Dual-Use Technology: Covert Testing Shows Continuing Vulnerabilities of Domestic Sales for Illegal Export (GAO-09-725T) (June 4, 2009).
 * Privacy and Security: Food and Drug Administration Faces Challenges in Establishing Protections for Its Postmarket Risk Analysis System (GAO-09-355) (June 1, 2009).
 * Defense Exports: Foreign Military Sales Program Needs Better Controls for Exported Items and Information for Oversight (GAO-09-454) (May 20, 2009).
 * Aviation Security: TSA Has Completed Key Activities Associated with Implementing Secure Flight, but Additional Actions Are Needed to Mitigate Risks (GAO-09-292) (May 13, 2009).
 * Information Security: Cyber Threats and Vulnerabilities Place Federal Systems at Risk (GAO-09-661T) (May 5, 2009).
 * Freedom of Information Act: DHS Has Taken Steps to Enhance Its Program, but Opportunities Exist to Improve Efficiency and Cost-Effectiveness (GAO-09-260) (Mar. 20, 2009).
 * Information Security: Securities and Exchange Commission Needs to Consistently Implement Effective Controls (GAO-09-203) (Mar. 16, 2009).
 * National Cybersecurity Strategy: Key Improvements are Needed to Strengthen the Nation’s Posture (GAO-09-432T) (Mar. 10, 2009).
 * Information Security: Further Actions Needed to Address Risks to Bank Secrecy Act Data (GAO-09-195) (Jan. 30, 2009).
 * Information Security: Continued Efforts Needed to Address Significant Weaknesses at IRS (GAO-09-136) (Jan. 9, 2009).

2008

 * Critical Infrastructure Protection: DHS Needs to Better Address Its Cyber Security Responsibilities (GAO-08-1157T) (Sept. 16, 2008).
 * Critical Infrastructure Protection: DHS Needs to Fully Address Lessons Learned from Its First Cyber Storm Exercise (GAO-08-825) (Sept. 9, 2008).
 * Information Security: Actions Needed to Better Protect Los Alamos National Laboratory’s Unclassified Computer Network (GAO-08-1001) (Sept. 9, 2008).
 * Cyber Analysis and Warning: DHS Faces Challenges in Establishing a Comprehensive National Capability (GAO-08-588) (July 31, 2008).
 * Information Security: Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, but Work Remains (GAO-08-525) (June 27, 2008).
 * Information Security: FDIC Sustains Progress but Needs to Improve Configuration Management of Key Financial Systems (GAO-08-564) (May 30, 2008).
 * Information Security: TVA Needs to Address Weaknesses in Control Systems and Networks (GAO-08-526) (May 21, 2008).
 * Information Security: TVA Needs to Enhance Security of Critical Infrastructure Control Systems and Networks (GAO-08-775T) (May 21, 2008).
 * Information Management: Challenges in Implementing an Electronic Records Archive (GAO-08-738T) (May 14, 2008).
 * Information Security: Progress Reported, but Weaknesses at Federal Agencies Persist (GAO-08-571T) (Mar. 12, 2008).
 * Intellectual Property: Federal Enforcement Has Generally Increased, but Assessing Performance Could Strengthen Law Enforcement Efforts (GAO-08-157) (Mar. 11, 2008).
 * Information Security: Securities and Exchange Commission Needs to Continue to Improve Its Program (GAO-08-280) (Feb. 29, 2008).
 * Electronic Government: Additional OMB Leadership Needed to Optimize Use of New Federal Employee Identification Cards (GAO-08-292) (Feb. 29, 2008).
 * Information Security: Although Progress Reported, Federal Agencies Need to Resolve Significant Deficiencies (GAO-08-496T) (Feb. 14, 2008).
 * Information Security: Protecting Personally Identifiable Information (GAO-08-343) (Jan. 25, 2008).
 * Information Security: IRS Needs to Address Pervasive Weaknesses (GAO-08-211) (Jan. 8, 2008).

2007

 * Critical Infrastructure Protection: Sector-Specific Plans/Coverage of Key Cyber Security Elements Varies (GAO-08-113) (Oct. 31, 2007).
 * Veterans Affairs: Sustained Management Commitment and Oversight Are Essential to Completing Information Technology Realignment and Strengthening Information Security (GAO-07-1264T) (Sept. 26, 2007).
 * Critical Infrastructure Protection: Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain (GAO-07-1036) (Sept. 10, 2007).
 * Information Security: Sustained Management Commitment and Oversight Are Vital to Resolving Long-standing Weaknesses at the Department of Veterans Affairs (GAO-07-1019) (Sept. 7, 2007).
 * Information Security: Selected Departments Need to Address Challenges in Implementing Statutory Requirements (GAO-07-528) (Aug. 31, 2007).
 * Information Security: Despite Reported Progress, Federal Agencies Need to Address Persistent Weaknesses (GAO-07-837) (July 27, 2007).
 * Information Security: Homeland Security Needs to Immediately Address Significant Weaknesses in Systems Supporting the US-VISIT Program (GAO-07-870) (July 13, 2007).
 * Transparent Government and Access to Information: A Role for Supreme Audit Institutions (GAO-07-1068CG) (June 26, 2007).
 * Information Security: Homeland Security Needs to Enhance Effectiveness of Its Program (GAO-07-1003T) (June 20, 2007).
 * Information Security: Agencies Report Progress, but Sensitive Data Remain at Risk (GAO-07-935T) (June 7, 2007).
 * Personal Information: Data Breaches Are Frequent, But Evidence of Resulting Identity Theft is Limited; However, the Full Extent is Unknown (GAO-07-737) (June 2007).
 * Cybercrime: Public and Private Entities Face Challenges in Addressing Cyber Threats (GAO-07-705) (June 2007).
 * Information Security: Federal Deposit Insurance Corporation Needs to Sustain Progress Improving Its Program (GAO-07-351) (May 18, 2007).
 * DHS Privacy Office: Progress Made but Challenges Remain in Notifying and Reporting to the Public (GAO-07-522) (Apr. 27, 2007).
 * Homeland Security: Continuing Attention to Privacy Concerns is Needed as Programs Are Developed (GAO-07-630T) (Mar. 21, 2007).
 * Data Mining: Early Attention to Privacy in Developing a Key DHS Program Could Reduce Risks (GAO-07-293) (Feb. 28, 2007).

2006

 * Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing (GAO-07-65) (Oct. 20, 2006).
 * Aviation Security: Management Challenges Remain for the Transportation Security Administration’s Secure Flight Program(GAO-06-864T) (June 2006).
 * Personal Information: Key Federal Privacy Laws Do Not Require Information Resellers to Safeguard All Sensitive Data (GAO-06-674) (June 26, 2006).
 * Personal Information: Agency and Reseller Adherence to Key Privacy Principles (GAO-06-421) (Apr. 4, 2006)
 * Aviation Security: Significant Management Challenges May Adversely Affect the Implementation of the Transportation Security Administration’s Secure Flight Program (GAO-06-374T) (Feb. 2006).
 * Internet Access Tax Moratorium: Revenue Impacts Will Vary by State (GAO-06-273) (Jan. 2006).

2005

 * A Glossary of Terms Used in the Federal Budget Process (GAO-05-734SP) (Sept. 2005).
 * Data Mining: Agencies Have Taken Key Steps to Protect Privacy in Selected Efforts, but Significant Compliance Issues Remain (GAO-05-866) (Aug. 15, 2005).
 * Information Security: Weaknesses Persist at Federal Agencies Despite Progress Made in Implementing Related Statutory Requirements (GAO-05-552) (July 15, 2005).
 * Aviation Security: Secure Flight Development and Testing Under Way, But Risks Should Be Managed as System is Further Developed (GAO-05-356) (Mar. 2005).

2004

 * Information Security: Agencies Face Challenges in Implementing Effective Software Patch Management Processes (GAO-04-816T) (June 2, 2004).
 * Information Security: Continued Action Needed to Improve Software Patch Management Processes (GAO-04-706) (June 2004).
 * Technology Assessment: Cybersecurity for Critical Infrastructure Protection (GAO-04-321) (May 2004).
 * Data Mining: Federal Efforts Cover a Wide Range of Uses (GAO-04-548) (May 4, 2004).
 * Aviation Security: Challenges Delay Implementation of Computer-Assisted Passenger Prescreening System (GAO-04-504T) (Mar. 17, 2004).
 * Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges (GAO-04-385) (Feb. 2004).

2003

 * Information Security: Challenges in Using Biometrics (GAO-03-1137T) (Sept. 9, 2003).
 * Privacy Act: OMB Leadership Needed to Improve Agency Compliance (GAO-03-304) (June 30, 2003).
 * Information Security: Continued Efforts Needed to Fully Implement Statutory Requirements (GAO-03-852T) (June 24, 2003).
 * Homeland Security: Information Sharing Responsibilities, Challenges, and Key Management Issues (GAO-03-715T) (May 8, 2003).

2002

 * Identity Fraud: Prevalence and Links to Alien Illegal Activities (GAO-02-830T) (June 25, 2002).
 * Internet Management: Limited Progress on Privatization Project Makes Outcome Uncertain (GAO-02-805T) (June 12, 2002).

2001

 * Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology (GAO-01-277) (Feb. 26, 2001).

1998

 * Executive Guide: Information Security Management: Learning from Leading Organizations (GAO/AIMD-98-68) (May 1998).
 * Year 2000 Computing Crisis: Business Continuity and Contingency Planning (GAO/AIMD-10.1.19) (Feb. 1998).

1997

 * Social Security Administration: Internet Access to Personal Earnings and Benefits Information (GAO/T-AIMD/HEHS-97-123) (May 6, 1997).
 * IRS Systems Security and Funding: Employee Browsing Not Being Addressed Effectively and Budget Requests for New Systems Development Not Justified (GAO/T-AIMD-97-82) (Apr. 15, 1997).
 * High Risk Series: Information Management and Technology (GAO/HR-97-9) (Feb. 1997).

1996

 * Information Security: Opportunities for Improved OMB Oversight of Agency Practices (GAO/AIMD-96-110) (Sept. 24, 1996).
 * Information Security: Computer Hacker Information Available on the Internet (GAO/T-AIMD-96-108) (June 5, 1996).
 * Information Security: Computer Attacks at Department of Defense Pose Increasing Risks (GAO/AIMD-96-84) (May 22, 1996).
 * Security Weaknesses at IRS' Cyberfile Data Center (GAO/AIMD-96-85R) (May 9, 1996).

1995

 * Federal Family Education Loan Information System: Weak Computer Controls Increase Risk of Unauthorized Access to Sensitive Data (GAO/AIMD-95-117) (June 12, 1995).
 * Department of Energy: Procedures Lacking to Protect Computerized Data (GAO/AIMD-95-118) (June 5, 1995).
 * Information Superhighway: An Overview of Technology Challenges (GAO/AIMD-95-23) (Jan. 23, 1995).

1994

 * Information Superhighway: Issues Affecting Development (GAO/RCED-94-285) (Sept. 30, 1994).
 * IRS Automation: Controlling Electronic Filing Fraud and Improper Access to Taxpayer Data (GAO/T-AIMD/GGD-94-183) (July 19, 1994).

1993

 * Communications Privacy: Federal Policy and Actions (GAO/OSI-94-2) (Nov. 4, 1993).
 * IRS Information Systems: Weaknesses Increase Risk of Fraud and Impair Reliability of Management Information (GAO/AIMD-93-34) (Sept. 22, 1993).
 * Document Security: Justice Can Improve Its Controls Over Classified and Sensitive Documents (GAO/GGD-93-134) (Sept. 7, 1993).

1984

 * Privacy Policy Activities of the National Telecommunications and Information Administration (GGD-84-93) (Aug. 31, 1984).