Objectives, Scope, and sensitive systems. In responding to the Committees' request, 5 of the 10 agencies-the Departments of Defense, Health and Human Services, Interior, Labor, and Treasury-reported 220 additional systems operated by contractors or other organizations and none by states. Four agencies-the Departments of Interior, Justice, Labor, and Treasury— said they reviewed computer security plans and verified the accuracy of their original responses. Appendix I describes the approaches used by the agencies to identify their sensitive systems operated by contractors or other organizations. As agreed with the Committees' offices, our objectives were (1) to obtain To accomplish these objectives, we obtained copies of the lists of sensitive computer systems that were submitted to the Committees. We interviewed officials of each of the 10 agencies to ascertain how they identified their sensitive systems operated by contractors, states, or other organizations and whether any additional approaches were used to revise the lists initially sent to the Committees. We performed our work between January and July 1989 in the Washing- In accordance with the Committees' wishes, we did not obtain agencies' comments on a draft of this report. This report was prepared under the direction of JayEtta Z. Hecker, Director, Resources, Community, and Economic Development Information Systems, (202) 275-9675. Other major contributors are listed in appendix II. Ralph V. Carlone Ralph V. Carlone Assistant Comptroller General |