Automated Systems Security--Federal Agencies Should Strengthen Safeguards Over Personal and Other Sensitive Data: Report to the Congress |
Common terms and phrases
administrative security ADP operations ADP security ADP systems agencies we reviewed agencies we surveyed agency heads agency's APPENDIX I APPENDIX assure audit trails automated systems Automatic Data Processing Bureau Circular A-71 computer data security computer operations computer security audit computer security programs computer systems security conducted contractor data base data security program data systems defined departments and agencies effective employees established Federal agencies Government guidance guidelines heads of agencies information systems integrity internal audit organizations issued lack management control ment monitoring and reporting OMB's directive passwords personnel physical security policies potential Privacy Act procedures risk analysis risk management rity program secu security measures security plans security requirements security responsibility security safeguards selected sensitive data separation of duties specific standards Stanford Research Institute Systems Security Administrator systems security programs tape task force test penetrations tion top management Transmittal Memorandum users vulnerability
Popular passages
Page 70 - The level of screening required by these policies should vary from minimal checks to full background investigations commensurate with the sensitivity of the data to be handled and the risk and magnitude of loss or harm that could be caused by the individual. These policies should be established for government and contractor personnel. Personnel security policies for Federal employees shall be consistent with policies issued by the Civil Service Commission. c. Establish a management control process...
Page 54 - Act be maintained with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarassment, inconvenience, or unfairness to any individual on whom information is maintained, 5 USC 552a(e)(10).
Page 68 - EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON. DC 20503 CIRCULAR NO.
Page 70 - The Manual incorporates a wide range of Federal requirements, including those established by the Office of Management and Budget, the General Services Administration, the Department of the Treasury, the General Accounting Office and the Department of Commerce. In addition to specific policy requirements of these agencies, the Manual includes recommended policies and procedures for grantees to use in submitting a grant application.
Page 70 - ... to a management official knowledgeable in data processing and security matters. b. Establish personnel security policies for screening all individuals participating in the design, operation or maintenance of Federal computer systems or having access to data in Federal computer systems. The level of screening required by these policies should vary from minimal checks to full background investigations commensurate with the sensitivity of the data to be handled and the risk and magnitude of loss...
Page 72 - This individual must certify that the security requirements specified are reasonably sufficient for the intended application and that they comply with current Federal computer security policies, procedures, standards and guidelines. f. Assign responsibility for the conduct of periodic risk analyses for each computer installation operated by the agency, including installations operated directly by or on behalf of the agency.
Page 73 - The Administrator of General Services shall: a. Issue policies and regulations for the physical security of computer rooms in Federal buildings consistent with standards and guidelines issued by the Department of Commerce . b. Assure that agency procurement requests for computers, software packages, and related services include security requirements which have been certified by a responsible agency official. Delegations of procurement authority to agencies...
Page 68 - Establishes a requirement for agencies to implement a computer security program and defines a minimum set of controls to be incorporated into each agency computer security program. d. Requires the Department of Commerce to develop and issue computer security standards and guidelines. e. Requires the General Services Administration to issue policies and regulations for the physical security of computer rooms consistent with standards and guidelines issued by the Department of Commerce; assure that...
Page 71 - Upon completion of the system test, an official of the agency shall certify that the system meets the documented and approved system security specifications, meets all applicable Federal policies, regulations and standards, and that the results of the test demonstrate that the security provisions are adequate for the application.