NCJ Number
87534
Date Published
1982
Length
40 pages
Annotation
The Office of Management and Budget (OMB), which is responsible for Federal information policy, must clarify guidance for automated information security and take a stronger oversight role, and executive agencies must establish and maintain comprehensive information system controls.
Abstract
As of April 21, 1982, OMB Circular A-71, Transmittal Memorandum No. 1, is not sufficiently comprehensive to provide needed policy and guidance to executive agencies for establishing a reasonable level of protection over their automated information systems. Moreover, the central agencies have not been effective in fulfilling their automated information security program responsibilities, and executive agencies are doing little to implement information security program policy and guidance. Further, executive agencies have not developed and maintained a total system of controls to eliminate the fraudulent, wasteful, abusive, and illegal practices to which their automated information system have been and are being subjected. OMB Circular A-71, Transmittal Memorandum No. 1, should be revised to (1) identify the minimum control necessary for ensuring a reasonable level of protection for sensitive information, (2) clarify the interrelationship between this memorandum and policy and guidance on safeguarding information classified for national security, (3) clarify when the same level of protection must be accorded sensitive information as is given national security information, and (4) establish policy and guidance for achieving protection of those systems (using telecommunication networks). Also, executive agencies should submit to OMB for approval new plans for establishing and maintaining protection of their automated information systems. Also, procedures for implementing security plans must be developed. Overall, central agencies must cooperate in coordinating policies, principles, standards, and guidelines for information protection. A detailed description of the evaluation methodology used for this report is appended. (Author summary modified)