The DEA uses computer systems to process highly sensitive investigative data such as names of drug violators and informants, intelligence on drug trafficking organizations, and details of ongoing DEA operations to counter illegal drug smuggling. Unauthorized disclosure of this information could disrupt DEA operations and adversely affect drug law enforcement. The Computer Security Act of 1987 requires Federal agencies to identify and develop security plans for protecting computer systems designated as containing sensitive information and to establish mandatory computer security training to make employees aware of their specific responsibilities. Federal policies further direct agencies to protect access to and operation of sensitive computer systems by conducting risk analyses, implementing contingency plans, and establishing security safeguards. The GAO review indicates that DEA has not fully complied with the Computer Security Act or with basic Federal and departmental computer security requirements. As a result, DEA has serious and fundamental computer security weaknesses that collectively pose a significant risk to the integrity of DEA's computer systems and the sensitive data they contain. The GAO recommends that the DEA Administrator establish and implement a computer security program that complies with all Federal and departmental computer security directives, strengthen DEA's monitoring and oversight of computer security, and ensure that computer security weaknesses are corrected. 3 tables