About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

GAO-18-391 [i] (2018-07-01)

handle is hein.gao/gaobacpog0001 and id is 1 raw text is: Federal Law and Guidance Provide a Framework for Protecting Federal Information and Systems challenges for the agency for fiscal year 2018.9 Furthermore, since 1997, we have designated federal information security as a government-wide high-risk area. 10 Information security programs and practices performed by an agency are essential to creating and maintaining effective internal controls within an organization's critical information technology infrastructure. The Federal Managers' Financial Integrity Act11 requires the Comptroller General to issue standards for internal control in the federal government. These standards provide the overall framework for establishing and maintaining an effective internal control system and describe internal control as a process put in place by an entity's oversight body, management, and other personnel that provides reasonable assurance that the objectives (operations, reporting, and compliance) of an entity will be achieved. 12 Information system security controls consist of those internal controls that are dependent on information systems processing, and include general controls (such as managing security, appropriately restricting access to data and systems, securely configuring systems, segregating incompatible duties, and planning for continuity of operations) at the entity-wide, system, and business process application levels; business process application controls (input, processing, output, interface, and data management system controls); and user controls (controls performed by people interfacing with information systems). Federal law and guidance specify requirements for protecting federal information and systems. The Federal Information Security Modernization 9Department of the Treasury, Treasury Inspector General for Tax Administration, Management and Performance Challenges Facing the Internal Revenue Service for Fiscal Year 2018, Memorandum for Secretary Mnuchin (Washington, D.C.: October 2017). 10GAO, High-Risk Series: Information Management and Technology, GAO/HR-97-9 (Washington, D.C.: February 1997) and High-Risk Series: Progress on Many High-Risk Areas, While Substantial Efforts Needed on Others, GAO-i 7-317 (Washington, D.C.: February 2017). 11Pub. L. No. 97-255, 96 Stat. 814 (1982). The Federal Managers' Financial Integrity Act (FMFIA) was codified at 31 U.S.C. § 3512. 12GAO, Standards for Internal Control in the Federal Government, GAO-I 4-704G (Washington, D.C.: September 2014). GAO-18-391 Information Security Page 5

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most