National Defense:

Further Improvements Needed in Department of Defense Oversight of Special Access (Carve-Out) Contracts

GGD-83-43: Published: Feb 18, 1983. Publicly Released: Feb 18, 1983.

Contact:

Martin M. Ferber
(202) 275-5140
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO completed a review of the security requirements and administration of Department of Defense (DOD) carve-out contracts as part of its continuing review of national security information. Carve-out contracts are those special access contracts for which the Defense Investigative Service (DIS) has been relieved of security inspection responsibility and the cognizant DOD component is responsible for security inspections and administration.

GAO found that an ever-increasing number of carve-out contracts has become a problem for contractor security administrators because the contracts result in a multiplicity of security requirements, in addition to those prescribed by the DOD Industrial Security Manual. The exact number of carve-out contracts is unknown, but GAO estimated that there are probably several thousand such contracts; some contracts were given carve-out status for reasons other than security, and other carve-out contracts were not inspected by anyone.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The Secretary of Defense should revise the Information Security Program regulation to require all components to annually: (1) inventory and report the status of all carve-out contracts to the Deputy Under Secretary of Defense for Policy; and (2) revalidate the need for renewed contracts or contracts that extend for more than 1 year. In addition, the Secretary should require the Office of the Deputy Under Secretary of Defense for Policy to make periodic inspections of components' central offices to evaluate compliance with the regulation.

    Agency Affected: Department of Defense

    Status: Closed - Implemented

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of Defense should: (1) direct the Defense Intelligence Agency (DIA) to revise its regulations to require that a threat analysis be made before sensitive compartmented information facilities (SCIF) are constructed or altered or an existing facility is approved for use as an SCIF; and (2) make DIA responsible for approving all industry facilities proposed for use as DOD SCIF's.

    Agency Affected: Department of Defense

    Status: Closed - Implemented

    Comments: DOD feels that an onsite threat analysis would be too expensive and proposes to amend the DIAM 50-3 instead. It also does not agree that DIA be made responsible for approving all industry facilities proposed for use as DOD SCIF. It proposes that DIA be given oversight responsibility to ensure that minimum standards are maintained when other components approve new SCIF in industry.

    Recommendation: The Secretary of Defense should make DIS responsible for: (1) inspecting all DOD-sponsored contractor SCIF; and (2) verifying accountability for all contract documents maintained in those SCIF and in SCIF sponsored by other agencies.

    Agency Affected: Department of Defense

    Status: Closed - Not Implemented

    Comments: DOD does not agree with this recommendation.

    Recommendation: The Secretary of Defense should: (1) issue instructions that will require advance DOD approval of contractors' requests for special access authorizations for employees who will be working on nonsensitive compartmented information special access contracts; (2) direct DIS to return to contractors any requests for special access authorizations that do not contain the advance approval of the cognizant DOD component; and (3) remind DOD components of their responsibility to review and approve, in a timely manner, contractor nominees for all special access authorizations.

    Agency Affected: Department of Defense

    Status: Closed - Implemented

    Comments: Instructions were issued and procedures for approving access were changed to incorporate the recommendations.

    Jul 28, 2014

    Jul 17, 2014

    Jul 14, 2014

    Jul 11, 2014

    Jul 9, 2014

    Jul 8, 2014

    Jun 30, 2014

    Jun 26, 2014

    Looking for more? Browse all our products here