Improving security for unclassified information systems is one of the top issues facing government organizations today. This issue developed as Federal agencies migrated from a closed architecture, limited-access, mainframe
environment to a web-based, client/server architecture, where literally the world may access government systems. The U.S. General Accounting Office (GAO) confirmed this reality in a series of reports to the Congress culminating
in the designation of information system security as a “new Government-wide high-risk area.”
