Building Security:

New Federal Standards Hold Promise, But Could Be Strengthened to Better Protect Leased Space

GAO-10-873: Published: Sep 22, 2010. Publicly Released: Sep 22, 2010.

Additional Materials:

Contact:

Mark L. Goldstein
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The federal government's reliance on leased space underscores the need to physically secure this space and help safeguard employees, visitors, and government assets. In April 2010 the Interagency Security Committee (ISC), comprised of 47 federal agencies and departments and chaired by the Department of Homeland Security (DHS), issued Physical Security Criteria for Federal Facilities (the 2010 standards) which supersede previous ISC standards. In response to Congress' direction to review ISC standards for leased space, this report (1) identifies challenges that exist in protecting leased space and (2) examines how the 2010 standards address these challenges. To conduct this work, GAO analyzed agency documents and interviewed federal officials from ISC, four federal departments selected as case studies based on their large square footage of leased space, and the Federal Protective Service (FPS). GAO also consulted prior work on federal real property and physical security, including key practices in facility protection.

Limited information about risks and the inability to control common areas and public access pose challenges to protecting leased space. Leasing officials do not always have the information needed to employ a risk management approach for allocating resources--a key practice in facility protection. Early risk assessments--those conducted before a lease is executed--can provide leasing officials with valuable information; however, FPS, which is the General Service Administration's (GSA) physical security provider, generally does not perform these assessments for leased space under 10,000 square feet--which constitutes a majority of GSA's leases. Under its memorandum of agreement (MOA) with GSA, FPS is not expected to perform these assessments and does not have the resources to do so. Another challenge in protecting leased space is tenant agencies' lack of control over common areas (such as elevator lobbies, loading docks, and the building's perimeter) which hampers their ability to mitigate risk from public access to leased space. In leased space, lessors, not tenant agencies, typically control physical security in common areas. To implement measures to counter risks in common areas, tenant agencies must typically negotiate with and obtain consent from lessors, who may be unwilling to implement countermeasures because of the potential burden or undue effect on other, nonfederal tenants. For example, tenant agencies in a high-risk, multitenant leased facility we visited have been unable to negotiate changes to the common space, including the installation of X-ray machines and magnetometers, because the lessor believed that the proposed countermeasures would inconvenience other tenants and the public. The 2010 standards show potential for addressing some challenges with leased space. These standards align with some key practices in facility protection because they prescribe a decision making process to determine, mitigate, and accept risks using a risk management approach. Further, by requiring that decision making be tracked and documented, the standards facilitate performance measurement that could help enable agency officials to determine if the most critical risks are being prioritized and mitigated. With its emphasis on the uniform use of early risk assessments, the 2010 standards provide a baseline requirement for agencies to consider as they develop protocols and allocate resources for protecting leased space. For example, GSA and FPS must now consider this requirement, which represents an expansion of the services currently expected of FPS, as they renegotiate their MOA. In contrast, a shortfall within the 2010 standards is that they offer little means for addressing tenant agencies' lack of control over common areas and public access. While the 2010 standards outline specific countermeasures for addressing public access, they lack in-depth discussion and guidance--such as best practices--that could provide a framework for working with lessors to implement these countermeasures. Given the critical role that lessors play, such guidance is warranted. As the government's central forum for exchanging information on facility protection, ISC is well positioned to develop and share this guidance. GAO recommends that DHS instruct ISC to establish a working group or other mechanism to determine guidance for working with lessors, and to incorporate this guidance into a future ISC standard or other product, as appropriate. DHS concurred with the report's recommendation.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: To enhance the value of ISC standards for addressing challenges with protecting leased space, the Secretary of Homeland Security should instruct the Executive Director of the ISC, in consultation, where appropriate, with ISC member agencies to establish an ISC working group or other mechanism to determine guidance for working with lessors, which may include best practices to secure common areas and public access.

    Agency Affected: Department of Homeland Security

    Status: Open

    Comments: On July 19, 2012, ISC sent GAO a draft copy of best practices for working with lessors that was circulated to ISC members for comment. This met our recommendation that the Secretary of Homeland Security instruct the Executive Director of the ISC, in consultation, where appropriate, with ISC member agencies to establish an ISC working group or other mechanism to determine guidance for working with lessors, which may include best practices to secure common areas and public access.

    Recommendation: To enhance the value of ISC standards for addressing challenges with protecting leased space, the Secretary of Homeland Security should instruct the Executive Director of the ISC, in consultation, where appropriate, with ISC member agencies to subsequently incorporate these findings into a future ISC standard or other product, as appropriate.

    Agency Affected: Department of Homeland Security

    Status: Open

    Comments: On July 19, 2012, ISC emailed GAO a draft copy of best practices for working with lessors. This met our recommendation that the Secretary of Homeland Security instruct the Executive Director of the ISC, in consultation, where appropriate, with ISC member agencies to (1) establish an ISC working group or other mechanism to determine guidance for working with lessors, which may include best practices to secure common areas and public access, and (2) subsequently incorporate these findings into a future ISC standard or other product, as appropriate.

    Aug 7, 2014

    Jul 30, 2014

    Jul 29, 2014

    Jul 22, 2014

    Jun 17, 2014

    Jun 11, 2014

    Jun 10, 2014

    May 28, 2014

    May 21, 2014

    May 12, 2014

    Looking for more? Browse all our products here