Document Security:

Justice Can Improve Its Controls Over Classified and Sensitive Documents

GGD-93-134: Published: Sep 7, 1993. Publicly Released: Sep 20, 1993.

Contact:

Norman J. Rabkin
(202) 512-3610
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed the Department of Justice's protection of classified and sensitive documents, focusing on the: (1) security compliance review activities of the Security Compliance Review Group (SCRG); (2) Federal Bureau of Investigation's (FBI) nightly security inspections of its headquarters building; and (3) controls placed on classified documents sent between the Justice and FBI headquarters buildings.

GAO found that: (1) Justice has established and distributed guidance on handling and safeguarding classified and sensitive documents; (2) Justice routinely reviews compliance with its policies and procedures for classified and sensitive documents and identifies security deficiencies; (3) SCRG reviews of 54 Justice locations have revealed numerous and recurring security weaknesses and noncompliance with security policies; (4) SCRG needs to find alternative methods for reviewing security compliance, since its limited resources allow it to do only 27 security compliance reviews per year; (5) Justice officials expect that the results of the limited SCRG reviews will deter other Justice units from committing common security violations; (6) FBI officials have been reluctant to allow SCRG to do reviews of FBI offices, since they believe that it duplicates its own inspections; (7) FBI has not followed its internal guidance on disciplinary actions for security violations or reported the violations to the proper FBI office; and (8) the Justice and FBI interoffice mail systems do not adequately track the handling of classified and sensitive documents due to incomplete records and poor filing systems.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The Attorney General should direct SCRG to explore other alternatives for selecting and conducting the number of security compliance reviews done each year. For example, internal inspections reports and security violations summaries done by Justice components could be used by SCRG in its deliberations on what locations should be reviewed, and when and to what extent, thereby maximizing the use of its limited resources.

    Agency Affected: Department of Justice

    Status: Closed - Implemented

    Comments: The Department has developed a program which requires its agencies and bureaus to include security specialists in all of their inspections. It also is working closely with agencies' and bureaus' security program to conduct compliance reviews and in training component specialists to assist SCRG in conducting such reviews. The Department has also requested component inspection reports for use in considering locations for SCRG. As a result, SCRG has been able to increase the numbers of compliance reviews since the report was issued, and conduct more following and unscheduled reviews.

    Recommendation: The Attorney General should direct FBI to continue to work with SCRG in its efforts to review other FBI facilities to ensure that all FBI facilities are in full compliance with Justice security policies and procedures.

    Agency Affected: Department of Justice

    Status: Closed - Implemented

    Comments: FBI has agreed that SCRG will continue to conduct compliance reviews of FBI field offices and FBI has designated two security specialists to accompany SCRG teams on such reviews. Several offices have been inspected using the approach since the report was issued. In addition, FBI inspection laws using security specialists continues to conduct its own security reviews as part of its own overall field office inspections.

    Recommendation: The Attorney General should direct FBI to begin imposing disciplinary actions for security violations in accordance with its own internal guidelines.

    Agency Affected: Department of Justice

    Status: Closed - Implemented

    Comments: In November 1993, the FBI's Security Patrol began using a revised Security Violations Report (Form 3-589) to better distinguish between security and safety violations. Concurrently, FBI launched various security awareness and education initiatives to inform employees of recurring violations and to re-emphasize security regulations and procedures to ensure corrective actions and reduce the number of security violations. In December 1994, FBI published, and advised its employees of, revised guidelines regarding security accountability. The guidelines were expanded and modified to be consistent with what officials believed were appropriate actions for given security violations. However, FBI has not specifically stated what actions it has taken to apply its modified guidelines. Nevertheless, the above actions, overall, satisfy the spirit of this recommendation.

    Recommendation: The Attorney General should direct both the Justice and FBI mail management units to more strictly enforce the established procedures for sending classified documents through the interoffice courier mail systems.

    Agency Affected: Department of Justice

    Status: Closed - Implemented

    Comments: To ensure that established security requirements are properly implemented, SCRG conducted a review of the interoffice mail system in January 1994, focusing on the records for receipt, dispatch, and accountability of sensitive and classified documents in the system. A report was prepared for the Department Security Officer and appropriate component heads. A follow-up review is scheduled for late 1994.

    Jul 17, 2014

    Jun 25, 2014

    May 30, 2014

    Apr 17, 2014

    Apr 2, 2014

    Jan 28, 2014

    Jan 8, 2014

    Sep 26, 2013

    Feb 20, 2013

    Feb 1, 2013

    Looking for more? Browse all our products here