Federal Computer Security Act

Federal Computer Security Act

Directs the Inspector General of each executive agency that operates a federal computer system that provides access to classified information or personally identifiable information to submit to the Comptroller General and specified congressional committees a report that includes:

• a description of the logical access standards used by the agency to access such system, including whether the agency is using multi-factor logical access controls for such access;
• if the agency does not use such access controls, a description of the reasons for not doing so;
• a description of the data security management practices used by the agency, including the policies and procedures for conducting inventories of software and associated licenses, an indication that the agency has entered into a licensing agreement for the use of software security controls to monitor and detect threats, or an explanation for why it has not entered such an agreement; and
• a description of agency policies and procedures for ensuring that entities that provide services to the agency are implementing data security management practices.

Directs the Comptroller General to submit a report on any impediments to agency use of effective security software and security devices.