Page images
PDF
EPUB

Objectives, Scope, and
Methodology

sensitive systems. In responding to the Committees' request, 5 of the 10 agencies-the Departments of Defense, Health and Human Services, Interior, Labor, and Treasury-reported 220 additional systems operated by contractors or other organizations and none by states. Four agencies—the Departments of Interior, Justice, Labor, and Treasury— said they reviewed computer security plans and verified the accuracy of their original responses. Appendix I describes the approaches used by the agencies to identify their sensitive systems operated by contractors or other organizations.

As agreed with the Committees' offices, our objectives were (1) to obtain the agencies' lists of sensitive systems that were provided in response to the Committees' request of November 29, 1988, and descriptions of the approaches used to identify the systems, and (2) review the 10 agencies' responses to the Committees' follow-up request of March 7, 1989, for any revisions to the original lists and obtain descriptions of how the agencies identified systems included in the revisions.

To accomplish these objectives, we obtained copies of the lists of sensitive computer systems that were submitted to the Committees. We interviewed officials of each of the 10 agencies to ascertain how they identified their sensitive systems operated by contractors, states, or other organizations and whether any additional approaches were used to revise the lists initially sent to the Committees.

We performed our work between January and July 1989 in the Washing-
ton, D.C., area at the 10 agencies requested to respond to the Commit-
tees. These agencies are the Departments of Agriculture, Defense,
Energy, Health and Human Services, Interior, Justice, Labor, Treasury,
as well as the Environmental Protection Agency and the National Aero-
nautics and Space Administration. We also contacted one organizational
component of each of the 10 agencies to ascertain how they identified
sensitive systems in response to the Committees' November 1988
request.

In accordance with the Committees' wishes, we did not obtain agencies' comments on a draft of this report.

This report was prepared under the direction of JayEtta Z. Hecker, Director, Resources, Community, and Economic Development Information Systems, (202) 275-9675. Other major contributors are listed in appendix II.

Ralph V. Cerlone

Ralph V. Carlone

Assistant Comptroller General

[blocks in formation]
« PreviousContinue »