« PreviousContinue »
sensitive systems. In responding to the Committees' request, 5 of the 10 agencies—the Departments of Defense, Health and Human Services, Interior, Labor, and Treasury-reported 220 additional systems operated by contractors or other organizations and none by states. Four agencies—the Departments of Interior, Justice, Labor, and Treasurysaid they reviewed computer security plans and verified the accuracy of their original responses. Appendix I describes the approaches used by the agencies to identify their sensitive systems operated by contractors or other organizations.
Objectives, Scope, and
As agreed with the Committees' offices, our objectives were (1) to obtain the agencies' lists of sensitive systems that were provided in response to the Committees' request of November 29, 1988, and descriptions of the approaches used to identify the systems, and (2) review the 10 agencies' responses to the Committees' follow-up request of March 7, 1989, for any revisions to the original lists and obtain descriptions of how the agencies identified systems included in the revisions.
To accomplish these objectives, we obtained copies of the lists of sensi-
We performed our work between January and July 1989 in the Washing-
In accordance with the Committees' wishes, we did not obtain agencies' comments on a draft of this report.