FBI Responds to GAO Report on Information Security

The majority of the issues and recommendations brought up in the GAO report have been previously identified by the FBI through our own audits and internal controls. The report omitted the fact that the FBI already has corrective action plans in place that proactively and aggressively address information security issues.

Since its inception in 2002, the FBI’s Information Assurance Section has taken the FBI from an agency wherein only 8 percent of its information systems were accredited to maintaining 100 percent of its accreditation of its major information systems.

At least three agencies, including the Office of the Director of National Intelligence, the Office of Management and Budget and the Department of Justice, have recently conducted audits and reviews of the Bureau’s information security systems. These agencies have recognized and commended the FBI’s efforts to protect critical networks.

The FBI routinely conducts its own penetration testing to test the security of our networks. The Bureau’s insider threat program is currently been adopted by other government and international agencies.

John Miller
Assistant Director for Public Affairs
Federal Bureau of Investigation
Washington, D.C.