Information on Government Accountability Office Covered Computer Systems Pursuant to the Cybersecurity Act of 2015

This is a publication by GAO's Inspector General that concerns internal GAO operations. The Cybersecurity Act of 2015 requires Inspectors General to report on federal computer systems that are national security systems or that provide access to personally identifiable information. This report satisfies the requirement for the Government Accountability Office (GAO). Because GAO has no national security systems, our report is specific to its computer systems that provide access to personally identifiable information (PII). Our objective was to collect specific information on GAO's information security policies and practices governing systems that provide access to PII and to assess whether logical access policies and practices over these systems are appropriate and were being followed. We did not independently validate the information that GAO provided for this report, except to determine that appropriate logical access standards and guidance were being followed, as required.