• Military
• WMD
• Intelligence

• Homeland Security

• Systems
• Industry
• Operations
• Profiles
• Hot Documents
• News
• Reports
• Policy
• Budget
• Congress
• Links

• Space
• Public Eye

Government Accountability Office
General Accounting Office
Security-related Reports

Information Security

• Information Security: Federal Deposit Insurance Corporation Needs to Sustain Progress Improving Its Program GAO-07-351, May 18, 2007
• Information Security: FBI Needs to Address Weaknesses in Critical Network GAO-07-368, April 30, 2007
• Information Security: Persistent Weaknesses Highlight Need for Further Improvement GAO-07-751T, April 19, 2007
• Information Security: Further Efforts Needed to Address Significant Weaknesses at the Internal Revenue Service GAO-07-364,March 30, 2007
• Information Security: Sustained Progress Needed to Strengthen Controls at the Securities and Exchange Commission GAO-07-256, March 27, 2007
• Information Security: Veterans Affairs Needs to Address Long-Standing Weaknesses GAO-07-532T, February 28, 2007
• Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing GAO-07-65, October 20, 2006
• Information Security: Coordination of Federal Cyber Security Research and Development GAO-06-811, September 29, 2006
• Information Security: Federal Deposit Insurance Corporation Needs to Improve Its Program GAO-06-620, August 31, 2006
• Information Security: The Centers for Medicare & Medicaid Services Needs to Improve Controls over Key Communication Network GAO-06-750, August 30, 2006
• Information Security: Federal Reserve Needs to Address Treasury Auction Systems GAO-06-659, August 30, 2006
• Information Security: Leadership Needed to Address Weaknesses and Privacy Issues at Veterans Affairs GAO-06-897T, June 20,2006
• Data Mining: Agencies Have Taken Key Steps to Protect Privacy in Selected Efforts, but Significant Compliance Issues Remain. GAO-05-866, August 15, 2005.
• Information Security: Weaknesses Persist at Federal Agencies Despite Progress Made in Implementing Related Statutory Requirements. GAO-05-552, July 15, 2005.
• Identity Theft: Some Outreach Efforts to Promote Awareness of New Consumer Rights Are Under Way. GAO-05-710, June 30, 2005.
• Information Security: Key Considerations Related to Federal Implementation of Radio Frequency Identification Technology, by Gregory C. Wilshusen, director, information security issues, before the Subcommittee on Economic Security, Information Protection, and Cybersecurity, House Committee on Homeland Security. GAO-05-849T, June 22, 2005.
• Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program. GAO-05-700, June 17, 2005.
• Information Security: Radio Frequency Identification Technology in the Federal Government. GAO-05-551, May 27, 2005.
• Information Security: Federal Agencies Need to Improve Controls over Wireless Networks. GAO-05-383, May 17, 2005. [PDF 1.5MB]
• Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems. GAO-05-231, May 13, 2005.
• Information Security: Improving Oversight of Access to Federal Systems and Data by Contractors Can Reduce Risk. GAO-05-362, April 22, 2005.
• Information Security: Internal Revenue Service Needs to Remedy Serious Weaknesses over Taxpayer and Bank Secrecy Act Data. GAO-05-482, April 15, 2005.
• Information Security: Department of Homeland Security Faces Challenges in Fulfilling Statutory Requirements, by Gregory C. Wilshusen, director, information security, before the Subcommittee on Management, Integration, and Oversight, House Committee on Homeland Security. GAO-05-567T, April 14, 2005.
• Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements, by Gregory C. Wilshusen, director, information technology, before the House Committee on Government Reform. GAO-05-483T, April 7, 2005.
• Information Security: Securities and Exchange Commission Needs to Address Weak Controls Over Financial and Sensitive Data. GAO-05-262, March 23, 2005.
• Information Security: Agencies Need to Implement Consistent Processes in Authorizing Systems for Operation. GAO-04-376, June 28, 2004.
• Information Security: Continued Actions Needed to Improve Federal Software Patch Management. GAO-04-706, June 2, 2004.
• Information Security: Agencies Face Challenges in Implementing Effective Software Patch Management Processes, by Robert F. Dacey, director, information security, before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Reform. GAO-04-816T, June 2, 2004.
• SECURITY CLEARANCES FBI Has Enhanced Its Process for State and Local Law Enforcement Officials (GAO-04-596), April 2004 [PDF 1.3 Mb]
• Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements, by Robert F. Dacey, director, information security, before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Reform. (GAO-04-483T), March 16, 2004 [PDF 574 KB]
• Information Security: Technologies to Secure Federal Systems. (GAO-04-467), March 9, 2004 [PDF 1.05 MB]
• Information Security: Further Efforts Needed to Address Serious Weaknesses at USDA. (GAO-04-154), January 30, 2004 [PDF 354 KB]
• Information Security: Status of Federal Public Key Infrastructure Activities at Major Departments and Agencies. (GAO-04-157, ), December 15, 2004 [PDF 534 KB]
• Information Security: Improvements Needed in Treasury's Security Management Program, (GAO-04-77), November 14, 2003 [PDF 493 Kb]
• Posthearing Questions from the September 10, 2003, Hearing on Worm andVirus Defense: How Can We Protect Our Nation's Computers from These Serious Threats?, (GAO-04-173R), October 17, 2003 [PDF 76 Kb]
• Information Security: Computer Controls Over Key Treasury Internet Payment System (GAO-03-837) July 30, 2003 [PDF 405 Kb]
• Information Security: Continued Efforts Needed to Fully Implement Statutory Requirements, by Robert F. Dacey, director, information security, before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Reform, June 24, 2003, (GAO-03-852T) [PDF 477 Kb]
• Information Technology: Homeland Security Needs to Improve Entry Exit System Expenditure Planning, June 9, 2003 (GAO-03-563) [PDF 932 Kb]
• Information Security: Progress Made, but Challenges Remain to Protect Federal Systems and the Nation's Critical Infrastructure, by Robert F. Dacey, director, information security issues, before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Operations, April 8, 2003 (GAO-03-564T) [PDF 776 Kb]
• COMPUTER SECURITY: Progress Made, But Critical Federal Operations and Assets Remain at Risk -- Statement of Robert F. Dacey, Director, Information Security Issues, November 19, 2002, (GAO-03-303T) [PDF 285 Kb]
• CRITICAL INFRASTRUCTURE PROTECTION: Federal Efforts Require a More Coordinated and Comprehensive Approach for Protecting Information Systems, July 2002 (GAO-02-474) [PDF 1.12 Mb]
• INFORMATION SECURITY: Corps of Engineers Making Improvements, But Weaknesses Continue, June 2002 (GAO-02-589) [PDF 237 Kb]
• CRITICAL INFRASTRUCTURE PROTECTION: Significant Challenges in Safeguarding Government and Privately Controlled Systems from Computer-Based Attacks -- Statement of Joel C. Willemssen Managing Director, Information Technology Issues, September 26, 2001 (GAO-01-1168T) [PDF 244 Kb]
• INFORMATION SECURITY: Code Red, Code Red II, and SirCam Attacks Highlight Need for Proactive Measures -- Statement of Keith A. Rhodes Chief Technologist, August 29, 2001 (GAO-01-1073T) [PDF 142 Kb]
• INFORMATION SECURITY: Weaknesses Place Commerce Data and Operations at Serious Risk, August 2001 (GAO-01-751) [PDF 288 Kb]
• INFORMATION SECURITY: Weaknesses Place Commerce Data and Operations at Serious Risk -- Statement of Robert F. Dacey Director, Information Security Issues, August 3, 2001 (GAO-01-1004T) [PDF 205 Kb]
• Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology, (Chapter Report, 02/26/2001, GAO/GAO-01-277). [PDF 742 Kb]
• Computer Security: Weaknesses Continue to Place Critical Federal Operations and Assets at Risk -- Statement of Robert F. Dacey Director, Information Security Issues, (05-APR-01, GAO-01-600T). [PDF 147 Kb]
• Critical Infrastructure Protection: Challenges to Building a Comprehensive Strategy for Information Sharing and Coordination [T-AIMD-00-268] 07/26/2000. [PDF Version]
• Information Security: Software Change Controls at the Department of Energy [AIMD-00-189R] 06/30/2000
• Critical Infrastructure Protection: Comments on the Proposed Cyber Security Information Act of 2000 [T-AIMD-00-229] 06/22/2000. [PDF Version]
• Critical Infrastructure Protection: "ILOVEYOU" Computer Virus Highlights Need for Improved Alert and Coordination Capabilities [T-AIMD-00-181] 05/18/2000. [PDF Version]
• Information Security: "ILOVEYOU" Computer Virus Emphasizes Critical Need for Agency and Governmentwide Improvements [T-AIMD-00-171] 05/10/2000
• Critical Infrastructure Protection: Comments on the National Plan for Information Systems Protection [T-AIMD-00-072] 02/01/2000
• Information Security: Comments on Proposed Government Information Act of 1999 [T-AIMD-00-107] 03/02/2000
• Computer Security: FAA Needs to Improve Controls Over Use of Foreign Nationals to Remediate and Review Software [AIMD-00-055] 12/23/1999
• Critical Infrastructure Protection: Fundamental Improvements Needed to Assure Security of Federal Operations [T-AIMD-00-007] 10/06/1999. [PDF Version]
• Critical Infrastructure Protection: Comprehensive Strategy Can Draw on Year 2000 Experiences [AIMD-00-001] 10/01/1999. [PDF Version]
• Information Security: Serious Weaknesses Place Critical Federal Operations and Assets at Risk. AIMD-98-92. 63 pp. plus 4 appendices (10 pp.) September 23, 1998. [PDF Version]
• Information Security: Strengthened Management Needed to Protect Critical Federal Operations and Assets, by Gene L. Dodaro, Assistant Comptroller General for Accounting and Information Management Issues, before the Senate Committee on Governmental Affairs. GAO/T-AIMD-98-312, Sept. 23. [PDF Version]
• Information Security: Serious Weaknesses Put State Department and FAA Operations at Risk. T-AIMD-98-170. 14 pp. May 19, 1998. [PDF Version]
• Pervasive, Serious Weaknesses Jeopardize State Department Operations (AIMD-98-145) May 19, 1998.
• Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety (Letter Report, 05/18/98, GAO/AIMD-98-155).
• Information Security: Opportunities for Improved OMB Oversight of Agency Practices GAO/AIMD-96-110, September 24, 1996. [PDF Version]
• Information Security: Computer Attacks at Department of Pose Increasing Risks (Chapter Report, GAO/AIMD-96-84, 05/22/96)
• Information Security: Computer Hacker Information Available on the Internet (Stmnt. for the Rec., 06/05/96, GAO/T-AIMD-96-108).
• COMPUTER SECURITY: Hackers Penetrate DOD Computer Systems GAO/T-IMTEC-92-5 November 20, 1991 [PDF]
• COMPUTER SECURITY: Governmentwide Planning Process Had Limited Impact GAO/IMTEC-90-48 May 10, 1990 [PDF 1.76 Mb]