Government Accountability Office

Overview
The U.S. Government Accountability Office (GAO) (formerly named the General Accounting Office) is an independent, nonpartisan agency that works for Congress. Often called the "congressional watchdog," the GAO investigates how the federal government spends taxpayer dollars. The head of GAO, the Comptroller General of the United States, is appointed to a 15-year term by the President from a slate of candidates Congress proposes.

The GAO's mission is to support Congress in meeting its constitutional responsibilities and to help improve the performance and ensure the accountability of the federal government for the benefit of the American people. It provides Congress with timely information that is objective, fact-based, nonpartisan, nonideological, fair, and balanced.

GAO reports
The GAO reports discussed in this wiki are organized by year in reverse chronological order:


 * GAO Reports - 2011
 * GAO Reports - 2010
 * GAO Reports - 2009
 * GAO Reports - 2008
 * GAO Reports - 2007
 * GAO Reports - 2006
 * GAO Reports - 2005
 * GAO Reports - 2004
 * GAO Reports - 2003
 * GAO Reports - 2002
 * GAO Reports - 2001
 * GAO Reports - 2000

2009

 * Information Security: NASA Needs to Remedy Vulnerabilities in Key Networks (GAO-10-4) (Oct. 15, 2009).
 * Critical Infrastructure Protection: Current Cyber Sector-Specific Planning Approach Needs Reassessment (GAO-09-969) (Sept. 24, 2009).
 * Homeland Security: Despite Progress, DHS Continues to Be Challenged in Managing Its Multi-Billion Dollar Annual Investment in Large-Scale Information Technology Systems (GAO-09-1002T) (Sept. 15, 2009).
 * Information Security: Concerted Effort Needed to Improve Federal Performance Measures (GAO-09-617) (Sept. 14, 2009).
 * Information Security: Agencies Continue to Report Progress, but Need to Mitigate Persistent Weaknesses (GAO-09-546) (July 17, 2009).
 * Assessing the Reliability of Computer-Processed Data (GAO-09-680G) (July 1, 2009).
 * Information Technology: Federal Agencies Need to Strengthen Investment Board Oversight of Poorly Planned and Performing Projects (GAO-09-566) (June 30, 2009).
 * Cybersecurity: Continued Federal Efforts Are Needed to Protect Critical Systems and Information (GAO-09-835T) (June 25, 2009).
 * Export Controls: Fundamental Reexamination of System Is Needed to Help Protect Critical Technologies (GAO-09-767T) (June 4, 2009).
 * Military and Dual-Use Technology: Covert Testing Shows Continuing Vulnerabilities of Domestic Sales for Illegal Export (GAO-09-725T) (June 4, 2009).
 * Privacy and Security: Food and Drug Administration Faces Challenges in Establishing Protections for Its Postmarket Risk Analysis System (GAO-09-355) (June 1, 2009).
 * Defense Exports: Foreign Military Sales Program Needs Better Controls for Exported Items and Information for Oversight (GAO-09-454) (May 20, 2009).
 * Aviation Security: TSA Has Completed Key Activities Associated with Implementing Secure Flight, but Additional Actions Are Needed to Mitigate Risks (GAO-09-292) (May 13, 2009).
 * Information Security: Cyber Threats and Vulnerabilities Place Federal Systems at Risk (GAO-09-661T) (May 5, 2009).
 * Freedom of Information Act: DHS Has Taken Steps to Enhance Its Program, but Opportunities Exist to Improve Efficiency and Cost-Effectiveness (GAO-09-260) (Mar. 20, 2009).
 * Information Security: Securities and Exchange Commission Needs to Consistently Implement Effective Controls (GAO-09-203) (Mar. 16, 2009).
 * National Cybersecurity Strategy: Key Improvements are Needed to Strengthen the Nation’s Posture (GAO-09-432T) (Mar. 10, 2009).
 * Information Security: Further Actions Needed to Address Risks to Bank Secrecy Act Data (GAO-09-195) (Jan. 30, 2009).
 * Information Security: Continued Efforts Needed to Address Significant Weaknesses at IRS (GAO-09-136) (Jan. 9, 2009).

2008

 * Critical Infrastructure Protection: DHS Needs to Better Address Its Cyber Security Responsibilities (GAO-08-1157T) (Sept. 16, 2008).
 * Critical Infrastructure Protection: DHS Needs to Fully Address Lessons Learned from Its First Cyber Storm Exercise (GAO-08-825) (Sept. 9, 2008).
 * Information Security: Actions Needed to Better Protect Los Alamos National Laboratory’s Unclassified Computer Network (GAO-08-1001) (Sept. 9, 2008).
 * Cyber Analysis and Warning: DHS Faces Challenges in Establishing a Comprehensive National Capability (GAO-08-588) (July 31, 2008).
 * Information Security: Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, but Work Remains (GAO-08-525) (June 27, 2008).
 * Federal Records: National Archives and Selected Agencies Need to Strengthen E-Mail Management (GAO-08-742) (June 13, 2008).
 * Information Security: FDIC Sustains Progress but Needs to Improve Configuration Management of Key Financial Systems (GAO-08-564) (May 30, 2008).
 * Information Security: TVA Needs to Address Weaknesses in Control Systems and Networks (GAO-08-526) (May 21, 2008).
 * Information Security: TVA Needs to Enhance Security of Critical Infrastructure Control Systems and Networks (GAO-08-775T) (May 21, 2008).
 * Information Management: Challenges in Implementing an Electronic Records Archive (GAO-08-738T) (May 14, 2008).
 * Freedom Of Information Act: Agencies Are Making Progress in Reducing Backlog, but Additional Guidance Is Needed (GAO-08-344) (Mar. 14, 2008).
 * Information Security: Progress Reported, but Weaknesses at Federal Agencies Persist (GAO-08-571T) (Mar. 12, 2008).
 * Intellectual Property: Federal Enforcement Has Generally Increased, but Assessing Performance Could Strengthen Law Enforcement Efforts (GAO-08-157) (Mar. 11, 2008).
 * Information Security: Securities and Exchange Commission Needs to Continue to Improve Its Program (GAO-08-280) (Feb. 29, 2008).
 * Electronic Government: Additional OMB Leadership Needed to Optimize Use of New Federal Employee Identification Cards (GAO-08-292) (Feb. 29, 2008).
 * Information Security: Although Progress Reported, Federal Agencies Need to Resolve Significant Deficiencies (GAO-08-496T) (Feb. 14, 2008).
 * Information Security: Protecting Personally Identifiable Information (GAO-08-343) (Jan. 25, 2008).
 * Information Security: IRS Needs to Address Pervasive Weaknesses (GAO-08-211) (Jan. 8, 2008).

2007

 * Critical Infrastructure Protection: Sector-Specific Plans/Coverage of Key Cyber Security Elements Varies (GAO-08-113) (Oct. 31, 2007).
 * Veterans Affairs: Sustained Management Commitment and Oversight Are Essential to Completing Information Technology Realignment and Strengthening Information Security (GAO-07-1264T) (Sept. 26, 2007).
 * Critical Infrastructure Protection: Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain (GAO-07-1036) (Sept. 10, 2007).
 * Information Security: Sustained Management Commitment and Oversight Are Vital to Resolving Long-standing Weaknesses at the Department of Veterans Affairs (GAO-07-1019) (Sept. 7, 2007).
 * Information Security: Selected Departments Need to Address Challenges in Implementing Statutory Requirements (GAO-07-528) (Aug. 31, 2007).
 * Information Security: Despite Reported Progress, Federal Agencies Need to Address Persistent Weaknesses (GAO-07-837) (July 27, 2007).
 * Information Technology: Treasury Needs to Strengthen Its Investment Board Operations and Oversight (GAO-07-865) (July 23, 2007).
 * Information Security: Homeland Security Needs to Immediately Address Significant Weaknesses in Systems Supporting the US-VISIT Program (GAO-07-870) (July 13, 2007).
 * Transparent Government and Access to Information: A Role for Supreme Audit Institutions (GAO-07-1068CG) (June 26, 2007).
 * Information Security: Homeland Security Needs to Enhance Effectiveness of Its Program (GAO-07-1003T) (June 20, 2007).
 * Information Security: Agencies Report Progress, but Sensitive Data Remain at Risk (GAO-07-935T) (June 7, 2007).
 * Personal Information: Data Breaches Are Frequent, But Evidence of Resulting Identity Theft is Limited; However, the Full Extent is Unknown (GAO-07-737) (June 2007).
 * Cybercrime: Public and Private Entities Face Challenges in Addressing Cyber Threats (GAO-07-705) (June 2007).
 * Information Security: Federal Deposit Insurance Corporation Needs to Sustain Progress Improving Its Program (GAO-07-351) (May 18, 2007).
 * DHS Privacy Office: Progress Made but Challenges Remain in Notifying and Reporting to the Public (GAO-07-522) (Apr. 27, 2007).
 * Information Technology: DHS Needs to Fully Define and Implement Policies and Procedures for Effectively Managing Investments (GAO-07-424) (Apr. 27, 2007).
 * Homeland Security: Continuing Attention to Privacy Concerns is Needed as Programs Are Developed (GAO-07-630T) (Mar. 21, 2007).
 * Data Mining: Early Attention to Privacy in Developing a Key DHS Program Could Reduce Risks (GAO-07-293) (Feb. 28, 2007).

2006

 * Border Security: US-VISIT Program Faces Strategic, Operational, and Technological Challenges at Land Ports of Entry (GAO-07-248) (Dec. 6, 2006).
 * Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing (GAO-07-65) (Oct. 20, 2006).
 * Aviation Security: Management Challenges Remain for the Transportation Security Administration’s Secure Flight Program(GAO-06-864T) (June 2006).
 * Personal Information: Key Federal Privacy Laws Do Not Require Information Resellers to Safeguard All Sensitive Data (GAO-06-674) (June 26, 2006).
 * Privacy: Preventing and Responding to Improper Disclosures of Personal Information (GAO-06-833T) (June 8, 2006).
 * Information Sharing: The Federal Government Needs to Establish Policies and Processes for Sharing Terrorism-Related and Sensitive but Unclassified Information (GAO-06-385) (Mar. 17, 2006).
 * Privacy: Key Challenges Facing Federal Agencies (GAO-06-777T) (May 17, 2006).
 * Personal Information: Agencies and Resellers Vary in Providing Privacy Protections (GAO-06-609T) (Apr. 4, 2006).
 * Personal Information: Agency and Reseller Adherence to Key Privacy Principles (GAO-06-421) (Apr. 4, 2006).
 * Information Sharing: The Federal Government Needs to Establish Policies and Processes for Sharing Terrorism-Related and Sensitive but Unclassified Information (GAO-06-385) (Mar. 17, 2006).
 * Aviation Security: Significant Management Challenges May Adversely Affect the Implementation of the Transportation Security Administration’s Secure Flight Program (GAO-06-374T) (Feb. 2006).
 * Internet Access Tax Moratorium: Revenue Impacts Will Vary by State (GAO-06-273) (Jan. 2006).

2005

 * Information Technology: Centers for Medicare & Medicaid Services Needs to Establish Critical Investment Management Capabilities (GAO-06-12) (Oct. 28, 2005).
 * A Glossary of Terms Used in the Federal Budget Process (GAO-05-734SP) (Sept. 2005).
 * Chief Information Officers: Responsibilities and Information Technology Governance at Leading Private-Sector Companies (GAO-05-986) (Sept. 14, 2005).
 * Information Technology: Management Improvements Needed on Immigration and Customs Enforcement’s Infrastructure Modernization Program (GAO-05-805) (Sept. 7, 2005).
 * Data Mining: Agencies Have Taken Key Steps to Protect Privacy in Selected Efforts, but Significant Compliance Issues Remain (GAO-05-866) (Aug. 15, 2005).
 * Aviation Security: Transportation Security Administration Did Not Fully Disclose Uses of Personal Information during Secure Flight Program Testing in Initial Privacy Notices, but Has Recently Taken Steps to More Fully Inform the Public (GAO-05-864R) (July 22, 2005).
 * Information Security: Weaknesses Persist at Federal Agencies Despite Progress Made in Implementing Related Statutory Requirements (GAO-05-552) (July 15, 2005).
 * Identity Theft: Some Outreach Efforts to Promote Awareness of New Consumer Rights are Under Way (GAO-05-710) (June 30, 2005).
 * Information Security: Radio Frequency Identification Technology in the Federal Government (GAO-05-551) (May 27, 2005).
 * Paperwork Reduction Act: New Approach May Be Needed to Reduce Government Burden on Public (GAO-05-424) (May 2005).
 * Aviation Security: Secure Flight Development and Testing Under Way, But Risks Should Be Managed as System is Further Developed (GAO-05-356) (Mar. 2005).

2004

 * Electronic Government: Federal Agencies Have Made Progress Implementing the E-Government Act of 2002 (GAO-05-12) (Dec. 10, 2004).
 * Social Security Numbers: Governments Could Do More to Reduce Display in Public Records and on Identity Cards (GAO-05-59) (Nov. 9, 2004).
 * Federal Chief Information Officers: Responsibilities, Reporting Relationships, Tenure, and Challenges (GAO-04-823) (July 21, 2004).
 * Information Security: Agencies Face Challenges in Implementing Effective Software Patch Management Processes (GAO-04-816T) (June 2, 2004).
 * Information Security: Continued Action Needed to Improve Software Patch Management Processes (GAO-04-706) (June 2004).
 * File Sharing: Selected Universities Report Taking Action to Reduce Copyright Infringement (GAO-04-503) (May 28, 2004).
 * Technology Assessment: Cybersecurity for Critical Infrastructure Protection (GAO-04-321) (May 2004).
 * Data Mining: Federal Efforts Cover a Wide Range of Uses (GAO-04-548) (May 4, 2004).
 * Aviation Security: Challenges Delay Implementation of Computer-Assisted Passenger Prescreening System (GAO-04-504T) (Mar. 17, 2004).
 * Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges (GAO-04-385) (Feb. 12, 2004).

2003

 * Information Technology: Departmental Leadership Crucial to Success of Investment Reforms at Interior (GAO-03-1028) (Sept. 12, 2003).
 * Information Security: Challenges in Using Biometrics (GAO-03-1137T) (Sept. 9, 2003).
 * Privacy Act: OMB Leadership Needed to Improve Agency Compliance (GAO-03-304) (June 30, 2003).
 * Information Security: Continued Efforts Needed to Fully Implement Statutory Requirements (GAO-03-852T) (June 24, 2003).
 * Homeland Security: Information Sharing Responsibilities, Challenges, and Key Management Issues (GAO-03-715T) (May 8, 2003).
 * Data Mining: Results and Challenges for Government Programs, Audits, and Investigations (GAO-03-591T) (Mar. 25, 2003).

2002

 * Technology Assessment: Using Biometrics for Border Security (GAO-03-174) (Nov. 15, 2002).
 * United States Postal Service: Opportunities to Strengthen IT Investment Management Capabilities (GAO-03-3) (Oct. 15, 2002).
 * Information Management: Selected Agencies’ Handling of Personal Information (GAO-02-1058) (Sept. 30, 2002).
 * Identity Theft: Greater Awareness and Use of Existing Data Are Needed (GAO-02-766) (June 28, 2002).
 * Identity Fraud: Prevalence and Links to Alien Illegal Activities (GAO-02-830T) (June 25, 2002).
 * Internet Management: Limited Progress on Privatization Project Makes Outcome Uncertain (GAO-02-805T) (June 12, 2002).
 * Social Security Numbers: Government Benefits from SSN Use but Could Provide Better Safeguards (GAO-02-352) (May 31, 2002).
 * Information Technology: Inconsistent Software Acquisition Processes at the Defense Logistics Agency Increase Project Risks (GAO-02-9) (Jan. 10, 2002).

2001

 * Information Technology: Leading Commercial Practices for Outsourcing of Services (GAO-02-214) (Nov. 30, 2001).
 * Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology (GAO-01-277) (Feb. 26, 2001).
 * HUD Information Systems: Immature Software Acquisition Capability Increases Project Risks (GAO-01-962) (Sept. 14, 2001).
 * Executive Guide: Maximizing the Success of Chief Information Officers: Learning From Leading Organizations (GAO-01-376G) (Feb. 1, 2001).

1998

 * Year 2000 Computing Crisis: Business Continuity and Contingency Planning (GAO/AIMD-10.1.19) (Aug. 1998).
 * Executive Guide: Information Security Management: Learning from Leading Organizations (GAO/AIMD-98-68) (May 1998).

1997

 * Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14) (Sept. 1997).
 * Social Security Administration: Internet Access to Personal Earnings and Benefits Information (GAO/T-AIMD/HEHS-97-123) (May 6, 1997).
 * IRS Systems Security and Funding: Employee Browsing Not Being Addressed Effectively and Budget Requests for New Systems Development Not Justified (GAO/T-AIMD-97-82) (Apr. 15, 1997).
 * High Risk Series: Information Management and Technology (GAO/HR-97-9) (Feb. 1997).

1996

 * Information Security: Opportunities for Improved OMB Oversight of Agency Practices (GAO/AIMD-96-110) (Sept. 24, 1996).
 * Information Security: Computer Hacker Information Available on the Internet (GAO/T-AIMD-96-108) (June 5, 1996).
 * Information Security: Computer Attacks at Department of Defense Pose Increasing Risks (I) (GAO/AIMD-96-84) (May 22, 1996).
 * Information Security: Computer Attacks at Department of Defense Pose Increasing Risks (II) (GAO/T-AIMD-96-92) (May 22, 1996).
 * Security Weaknesses at IRS' Cyberfile Data Center (GAO/AIMD-96-85R) (May 9, 1996).

1995

 * Federal Family Education Loan Information System: Weak Computer Controls Increase Risk of Unauthorized Access to Sensitive Data (GAO/AIMD-95-117) (June 12, 1995).
 * Department of Energy: Procedures Lacking to Protect Computerized Data (GAO/AIMD-95-118) (June 5, 1995).
 * Information Superhighway: An Overview of Technology Challenges (GAO/AIMD-95-23) (Jan. 23, 1995).

1994

 * Information Superhighway: Issues Affecting Development (GAO/RCED-94-285) (Sept. 30, 1994).
 * IRS Automation: Controlling Electronic Filing Fraud and Improper Access to Taxpayer Data (GAO/T-AIMD/GGD-94-183) (July 19, 1994).
 * Executive Guide: Improving Mission Performance through Strategic Information Management and Technology (GAO/AIMD-94-115) (May 1, 1994).

1993

 * Communications Privacy: Federal Policy and Actions (GAO/OSI-94-2) (Nov. 4, 1993).
 * IRS Information Systems: Weaknesses Increase Risk of Fraud and Impair Reliability of Management Information (GAO/AIMD-93-34) (Sept. 22, 1993).
 * Document Security: Justice Can Improve Its Controls Over Classified and Sensitive Documents (GAO/GGD-93-134) (Sept. 7, 1993).

1992

 * FBI: Advanced Communications Technologies Pose Wiretapping Challenges (GAO/IMTEC-92-66BR) (July 17, 1992).
 * Economic Espionage: The Threat to U.S. Industry (GAO T-OSI-92-6) (Apr. 29, 1992).

1991

 * Justice’s Weak ADP Security Compromises Sensitive Data (GAO/T-IMTEC-91-6) (Mar. 21, 1991).

1990

 * Computers and Privacy: How the Government Obtains, Verifies, Uses, and Protects Personal Data (GAO/IMTEC-90-70BR) (Aug. 3, 1990).
 * Justice Automation: Tighter Computer Security Needed (GAO/lMTEC-90-69) (July 30, 1990).

1989

 * National Institute of Standards and Technology and the National Security Agency's Memorandum of Understanding on Implementing the Computer Security Act of 1987 (GAO/T-IMTEC-847) (May 4, 1989).
 * Export Promotion: Status of Commerce’s Worldwide Automated Commercial Information Management System (GAO/NSIAD-89-100) (Jan. 23, 1989).

1984

 * Privacy Policy Activities of the National Telecommunications and Information Administration (GGD-84-93) (Aug. 31, 1984).