The Computer Security Act (P.L. 100-235), enacted January 8, 1988, provides for improving the security and privacy of sensitive information in Federal computer systems. Section 5(a) of the act requires periodic training in computer security awareness and accepted computer security practice for all employees who are involved with the management, use, or operation of each Federal computer system containing sensitive information within or under the supervision of that agency. A questionnaire was sent to Federal agencies in regard to their compliance with this regulation. Of the 81 agencies that responded, 45 reported having started computer security training programs as required by the act. Nineteen agencies reported plans to start the required training programs during the period November 1988 through April 1989, while two reported having none of the required training programs and did not say when they would start. 6 tables, 1 figure, and 4 appendixes.