A GAO report released Wednesday said the FTC...
A GAO report released Wednesday said the FTC “has complied with all” information security requirements it examined, said a response the FTC sent the GAO (http://1.usa.gov/1mqUq5U). The FTC was one of six federal agencies whose information security practices GAO investigated, including a review of the agencies’ compliance with the Privacy Act, the E-Government Act and the Federal Information Security Management Act. Because of the sensitive nature of information protected by federal agency security measures, the report discussed the agencies only generally. The FTC’s response, however, provides more insight. “While the GAO found that the FTC has written policies in place for the required elements of its information security program, it noted several areas where we could improve the documentation of our procedures,” said the response, which is an appendix issued with the GAO report, noting the FTC will complete all improvements by the end of June. “For example, although we continually conduct risk assessments -- both formal and informal -- on our systems, by the end of this month we will have standardized the formats of these assessments to align with guidance from the National Institute of Standards and Technology.” The response also noted the FTC would improve the tracking of annual training it provides for “individuals with specific security responsibilities."