Executive Office of the President:

Procedures for Acquiring Access to and Safeguarding Intelligence Information

NSIAD-98-245: Published: Sep 30, 1998. Publicly Released: Oct 8, 1998.

Additional Materials:

Contact:

Norman J. Rabkin
(202) 512-3610
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed whether the Executive Office of the President (EOP) has established procedures for: (1) acquiring personnel access to classified intelligence information, specifically sensitive compartmented information (SCI); and (2) safeguarding such information.

GAO noted that: (1) the EOP Security Officer told GAO that, for the period January 1993 until June 1996: (a) he could not find any EOP-wide procedures for acquiring access to SCI for the White House Office, the Office of Policy Development, the Office of the Vice President, the National Security Council, and the President's Foreign Intelligence Advisory Board for which the former White House Security Office provided security support; and (b) there were no EOP-wide procedures for acquiring access to SCI for the Office of Science and Technology Policy, the Office of the United States Trade Representative, the Office of National Drug Control Policy, and the Office of Administration for which the EOP security office provides security support; (2) the EOP-wide security procedures issued in March 1998 do not set forth security practices EOP offices are to follow in safeguarding classified information; (3) in contrast, the Office of Science and Technology Policy and the Office of the Vice President had issued office-specific security procedures that deal with safeguarding SCI material; (4) the remaining seven EOP offices that did not have office-specific procedures for safeguarding SCI and other classified information stated that they rely on Director of Central Intelligence Directive 1/19 for direction on such matters; (5) neither the EOP Security Office nor the security staff of the nine EOP offices GAO reviewed have conducted security self-inspections as described in Executive Order 12958; (6) EOP officials pointed out that security personnel routinely conduct daily desk, safe, and other security checks to ensure that SCI and other classified information is properly safeguarded; (7) these same officials also emphasized the importance and security value in having within each EOP office experienced security staff responsible for safeguarding classified information; (8) Executive Order 12958 gives the Director, Information Security Oversight Office, authority to conduct on-site reviews of each agency's classified programs; and (9) the Director of the Information Security Oversight Office said his office has never conducted an on-site security inspection of EOP classified programs.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Revised procedures containing additional guidance were issued in January 1999.

    Recommendation: To improve EOP security practices, the Assistant to the President for Management and Administration should direct the EOP Security Officer to revise the March 1998 Security Procedures for the EOP Security Office to include comprehensive guidance on the procedures EOP offices must follow in: (1) acquiring SCI access for its employees; and (2) safeguarding SCI material.

    Agency Affected: Executive Office of the President

  2. Status: Closed - Implemented

    Comments: The Office of Administration stated it was making the Security Office's personnel available to all EOP to coordinate and assist agency efforts to enhance self-inspection.

    Recommendation: To improve EOP security practices, the Assistant to the President for Management and Administration should direct the EOP Security Officer to establish and maintain a self-inspection program of EOP classified programs, including SCI in accordance with provisions in Executive Order 12958.

    Agency Affected: Executive Office of the President

  3. Status: Closed - Implemented

    Comments: The Information Security Oversight Office has resumed conducting security reviews of EOP agencies.

    Recommendation: To properly provide for external oversight, the Director, Information Security Oversight Office, should develop and implement a plan for conducting periodic on-site security inspections of EOP classified programs.

    Agency Affected: Information Security Oversight Office

 

Explore the full database of GAO's Open Recommendations »

Sep 18, 2014

Sep 16, 2014

Sep 8, 2014

Jul 17, 2014

Jun 25, 2014

May 30, 2014

Apr 17, 2014

Apr 2, 2014

Jan 28, 2014

Jan 8, 2014

Looking for more? Browse all our products here