About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

AIMD-00-193R 1 (2000-06-30)

handle is hein.gao/gaocrptaktw0001 and id is 1 raw text is: I GAO Accountability * Integrity * Reliability United States General Accounting Office Accounting and Information Washington, DC 20548 Management Division B-285549 June 30, 2000 Mr. George R. Molaski Chief Information Officer Department of Transportation Subject: Information Security: Software Change Controls at the Department of Transportation Dear Mr. Molaski: This letter summarizes the results of our recent review of software change controls at the Department of Transportation (DOT). Controls over access to and modification of software are essential in providing reasonable assurance that system-based security controls are not compromised. Without proper software change controls, there are risks that security features could be inadvertently or deliberately omitted or rendered inoperable, processing irregularities could occur, or malicious code could be introduced. If related personnel policies for background checks and system access controls are not adequate, there is a risk that untrustworthy and untrained individuals may have unrestricted access to software code, terminated employees may have the opportunity to compromise systems, and unauthorized actions may not be detected. DOT was 1 of 16 agencies included in a broader review of federal software change controls that we conducted in response to a request by Representative Stephen Horn, Chairman, Subcommittee on Government Management, Information and Technology, House Committee on Government Reform. The objectives of this broader review were to determine (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance and (2) the extent to which agencies contracted for Year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts. The aggregate results of our work were reported in Information Security: Controls Over Software Changes at Federal Agencies (GAO/AIMD-00-15 1R, May 4, 2000), which we are sending with this letter. For the DOT segment of our review, we interviewed officials in DOT's Chief Information Office and Year 2000 project staff at DOT headquarters and at 12 of 14 major DOT components responsible for remediation of software for Year 2000. These 12 components, GAO/AIMD-00-193R Software Change Controls at Transportation

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most