Summary

The federal government currently relies on the services of about 9,000 computers in its day-to-day operations, and this equipment is valued at billions of dollars. The value of some of the data which are processed on these computers is immeasurable. Consequently, protecting the equipment and data from unauthorized or inadvertent acts of destruction, alteration, or misuse is a matter of inestimable importance.

Catastrophic losses to government-sponsored data processing installations, such as the loss of human life, irreplaceable data, and equipment, have occurred. Information on the physical security measures employed by 28 federal data processing facilities led GAO to believe that many federal data processing assets and much valuable data are not protected properly. Less than half of the 28 installations visited had developed and put into operation contingency plans to provide for continuity of operations if a loss occurred. The impact from losses at data processing installations which did not have contingency plans could: (1) interfere seriously with efficient and economical operations of the government; (2) have an immeasurable impact on individuals and organizations relying on government data; and (3) result in costly reconstruction efforts. In 1974, the National Bureau of Standards issued guidelines for establishing physical security measures for data processing activities. However, the guidelines are only a reference document, and there is no requirement that agencies must use them when determining their security needs.