09/11/2008 A080081 #1 FY 2008 Office of Inspector General FISMA (Federal Information Security Management Act) Review of GSA’s Information Technology Security Program: “Management oversight of contractor-supported systems reviewed this year had not ensured that risks were adequately managed, since task-order requirements and deliverables were not comprehensive. To protect sensitive information, steps are needed to implement encryption of mobile devices and two-factor authentication for remote access, and to establish a complete breach notification policy. GSA has not consistently secured its public web presence through: the protection of login credentials, support for required encryption, and consistent use of government domains.”