NCJ Number
127565
Date Published
1990
Length
17 pages
Annotation
As a result of its investigation into the Department of Justice's computer security program, the US General Accounting Office (GAO) found many disturbing weaknesses which caused it to recommend the reporting of these deficiencies as violations under the Federal Managers' Financial Integrity Act of 1982.
Abstract
The GAO maintained in its report that, collectively, the identified weaknesses posed a threat to the integrity of the Department of Justice's computer system. Three of Justice's litigating organizations had performed risk analyses that did not adequately assess security deficiencies. Four other litigating organizations had completed risk analyses which pointed out serious computer security vulnerabilities; at the time of the GAO report, these had not been rectified. Contingency plans for emergency response, backup, and recovery procedures had either not been prepared or tested. None of the Department's litigating organizations had established mandatory computer security training for their employees as mandated by Federal law. Long-standing computer security weaknesses identified at the Department's main data center included inadequate physical security, inadequate contingency planning and risk assessment, and computer operation weaknesses. The report recommends several specific corrective actions to the Attorney General. 6 notes and 2 appendixes