Information Security: Progress Made on Harmonizing Policies and Guidance for National Security and Non-National Security Systems, Report to the Chairwoman, Subcommittee on Government Management, Organization, and Procurement, Committee on Oversight and Government Reform, House of Representatives   [open pdf - 397KB]

"Historically, civilian and national security-related information technology (IT) systems have been governed by different information security policies and guidance. Specifically, the Office of Management and Budget and the Department of Commerce's National Institute of Standards and Technology (NIST) established policies and guidance for civilian non-national security systems, while other organizations, including the Committee on National Security Systems (CNSS), the Department of Defense (DOD), and the U.S. intelligence community, have developed policies and guidance for national security systems. GAO was asked to assess the progress of federal efforts to harmonize policies and guidance for these two types of systems. To do this, GAO reviewed program plans and schedules, analyzed policies and guidance, assessed program efforts against key practices for cross-agency collaboration, and interviewed officials responsible for this effort. [...] GAO is recommending that the Secretary of Commerce and the Secretary of Defense, among other things, update plans for future collaboration, establish timelines for implementing revised guidance, and fully implement key practices for interagency collaboration in the harmonization effort. In comments on a draft of this report, Commerce and DOD concurred with GAO's recommendations."

Report Number:
Public Domain
Retrieved From:
Government Accountability Office: http://www.gao.gov/
Media Type:
Help with citations