Information Security: Impact of the Governmentwide Computer Security Planning and Review Process

Citation
General Accounting Office, Information Security: Impact of the Governmentwide Computer Security Planning and Review Process (T-IMTEC-90-11) (July 10, 1990) (full-text).

Overview
The GAO discussed the governmentwide computer security planning and review process implemented under the Computer Security Act of 1987. The GAO found that: (1) agency plans developed under the Act are reporting requirements, rather than tools for managing agency security programs; and (2) the National Institute of Standards and Technology and National Security Agency review comments on agency plans were general and of limited use with regard to specific computer security problems. The GAO believes that the planning and review process has little impact on agency computer security programs.