Home > GAO-17-679 > Recommendations

National Mall:
Actions Needed to Better Manage Physical Security Risks

GAO-17-679, Published: Jul 27, 2017. Publicly Released: Jul 27, 2017.

Recommendations

Recommendations for Executive Action

  1. Recommendation: The Secretary of the Interior should direct the Director of the National Park Service to direct the U.S. Park Police to ensure that performance measures linked to program goals are included as part of its updated strategic plan and direct it to develop a timeline for completion of this plan.
  2. Agency Affected: Department of the Interior
  3. Status: Closed - Implemented
  4. Comments: The National Mall in Washington, D.C., is a destination for more than 24-million people each year and home to numerous monuments and memorials to our nation's history and heritage. The open spaces of the National Mall, along with the Washington Monument and the Jefferson and Lincoln Memorials, are administered and maintained by the Department of the Interior's National Park Service and patrolled by the U.S. Park Police (Park Police). In 2017, GAO reported that the Park Police was collecting information on various aspects of the performance of its physical security program on the National Mall and using that information to manage its program. However, at the time of GAO's review, the Park Police's efforts aligned with a strategic plan that covered fiscal years 2006-2009. This plan contains several goals and action steps needed to implement these goals, although it had not been updated since 2006. GAO has previously reported that monitoring and evaluating actions taken against strategic objectives and performance measures is important, and a key part of performance measurement is setting meaningful goals and measuring progress toward those goals. As a result, GAO recommended that the Park Police ensure that performance measures linked to program goals were included as part of its next strategic plan and develop a timeline for completion of this plan. In 2018, GAO confirmed that the Park Police had developed a strategic plan for 2017-2021, which eliminated the need for a timeline. As part of its strategic plan, the Park Police identified goals, sub-goals, and performance measures for its program. For example, one of the goals the Park Police established is ensuring that critical existing technology works effectively and delivers consistent results across all Park Police locations, and related performance measures include tracking information on the number of repairs of screening equipment. By taking these steps, the Park Police has enhanced its ability to monitor and evaluate its efforts while developing a more strategic view of its physical security program on the National Mall and better position itself to prioritize security needs.

  1. Recommendation: The Secretary of the Interior should direct the Director of the National Park Service to direct the U.S. Park Police to seek additional input from federal entities with expertise regarding ways to enhance testing of its physical security program.
  2. Agency Affected: Department of the Interior
  3. Status: Closed - Implemented
  4. Comments: The National Mall in Washington, D.C., is home to numerous monuments and memorials to our nation's history and heritage. The open spaces of the National Mall, along with the Washington Monument and the Jefferson and Lincoln Memorials, are administered and maintained by the Department of the Interior's National Park Service and patrolled by the U.S. Park Police (Park Police). In 2017, GAO reported that the Park Police was taking steps to test aspects of its physical security program on the National Mall and had reached out to other entities to help improve its overall program but had not made testing a focus of its efforts. Testing is a key practice for physical security programs. Testing-both covert and planned-can help determine whether security staff and equipment are adequate under real and simulated conditions, and the results of testing can provide insight into the effectiveness of efforts to mitigate potential vulnerabilities. GAO has also reported that the Department of Justice's U.S. Marshals Service (Marshals Service), which has primary responsibility for the security of federal courthouses, have years of experience in testing security-screening efforts in federal buildings-places where balancing public access and security is an important factor. Marshals Service officials told GAO they would be willing to share their expertise in planning and conducting testing with entities on the National Mall. As a result, GAO recommended that the Park Police seek additional input from federal entities with expertise regarding ways to enhance testing of its physical security program. In 2019, GAO confirmed that the Park Police took steps to implement that recommendation. Specifically, beginning in late 2017, the Park Police worked with other federal entities located on or around the National Mall to adapt guidance provided by the Marshals Service to develop standard operating procedures for testing the Park Police's physical security on the National Mall. In October 2019, those procedures were approved and put into effect. By taking this step, the Park Police is better positioned to assess the effectiveness of its physical security program on the National Mall.

  1. Recommendation: The Secretary of the Smithsonian Institution should direct the Office of Protection Services to develop program goals and ensure that performance measures linked to those goals are included as part of the strategic plan for security and develop a timeline for completion of this plan.
  2. Agency Affected: Smithsonian Institution
  3. Status: Closed - Implemented
  4. Comments: The National Mall in Washington, D.C., is home to some of the most visited museums and galleries in the world. Various federal entities, such as the Smithsonian Institution (Smithsonian), are responsible for the physical security of the National Mall, which includes conducting risk assessments of their assets and implementing measures to protect those assets, employees, and the visiting public. In 2017, GAO reported that the Smithsonian was taking steps to assess the risks to its assets on the National Mall but could benefit from taking additional steps. Specifically, GAO reported that the Smithsonian was using performance measures to monitor various aspects of its physical security program and planned to link those performance measures to program goals, but had not yet identified those goals. At the time, Smithsonian officials told GAO that they planned to establish goals and address this need as part of an effort the Smithsonian was undertaking to develop a strategic plan for security. However, Smithsonian officials also told GAO that they did not know when this effort would be completed and that prior efforts to develop a strategic plan for security had been delayed due to other priorities. While measuring the performance of physical security programs can be challenging, GAO has reported that monitoring and evaluating actions taken against strategic objectives and performance measures is part of the "loop" of risk management and helps ensure that an entity's objectives are being accomplished. A key part of performance measurement is setting meaningful goals and measuring progress toward those goals. Also, developing a timeline for completion could help the Smithsonian take a more strategic approach to performance measurement and better position it to prioritize its needs. As a result, GAO recommended that the Smithsonian develop goals for its physical security program and ensure that performance measures linked to those goals are included as part of its strategic planning efforts and develop a timeline for completing those efforts. In 2019, GAO confirmed that the Smithsonian had taken steps to implement this recommendation. First, following issuance of GAO's report the Smithsonian completed its strategic plan for security and the plan included goals. Second, the Smithsonian's plan included strategies to achieve those goals and the Smithsonian developed timeframes for implementing related performance measures. By taking these steps, the Smithsonian is better positioned to assess the effectiveness of its physical security program on the National Mall.

  1. Recommendation: The Secretary of the Smithsonian Institution should direct the Office of Protection Services to seek additional input from federal entities with expertise regarding ways to enhance testing of the physical security program.
  2. Agency Affected: Smithsonian Institution
  3. Status: Closed - Implemented
  4. Comments: The National Mall in Washington, D.C., is home to some of the most visited museums and galleries in the world. Various federal entities, such as the Smithsonian Institution (Smithsonian), are responsible for the physical security of the National Mall, which includes conducting risk assessments of their assets and implementing measures to protect those assets, employees, and the visiting public. In 2017, GAO reported that the Smithsonian was taking steps to test aspects of its physical security program on the National Mall and had reached out to other entities to help improve its overall program but had not made testing a focus of its efforts. Testing is a key practice for physical security programs. Testing-both covert and planned-can help determine whether security staff and equipment are adequate under real and simulated conditions, and the results of testing can provide insight into the effectiveness of efforts to mitigate potential vulnerabilities. Further, physical security standards for nonmilitary federal facilities in the United States state that nonmilitary federal entities should use testing to assess and document the effectiveness of their physical security programs. GAO has also reported that the Department of Justice's U.S. Marshals Service (Marshals Service), which has primary responsibility for the security of federal courthouses, have years of experience in testing security-screening efforts in federal buildings-places where balancing public access and security is an important factor. Marshals Service officials told GAO they would be willing to share their expertise in planning and conducting testing with entities on the National Mall. As a result, GAO recommended that the Smithsonian seek additional input from federal entities with expertise regarding ways to enhance testing of its physical security programs. In 2019, GAO confirmed that the Smithsonian took steps to implement that recommendation. Specifically, beginning in late 2017, the Smithsonian worked with other federal entities located on or around the National Mall to adapt guidance provided by the Marshals Service to develop standard operating procedures for testing the security of its facilities. In October 2019, those procedures were approved and put into effect. By taking this step, the Smithsonian is better positioned to assess the effectiveness of its physical security program on the National Mall.

  1. Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to develop a process for documenting risk management decisions.
  2. Agency Affected: National Gallery of Art
  3. Status: Closed - Implemented
  4. Comments: The National Mall in Washington, D.C., is one of the most recognizable landscapes in the United States. It is home to our nation's Capital as well as home to some of the most visited museums in the world. Various federal entities, including the National Gallery of Art (National Gallery), are responsible for the physical security of the National Mall. This includes conducting risk assessments of their assets and implementing measures to protect those assets, employees, and the visiting public from threats that range from theft to active shooter. In 2017, GAO reported that the National Gallery was taking steps to assess its security risks on the National Mall but did not have complete documentation of its risk management decisions, such as decisions to defer actions to mitigate risk due to cost or other factors. Documenting risk management decisions is important for several reasons. First, physical security standards for nonmilitary federal facilities in the United States issued by the Interagency Security Committee (an interagency organization chaired by the Department of Homeland Security) state that the threat to federal facilities is significant and that decisions to accept risk could have serious consequences. To that end, the Interagency Security Committee requires that risk management decisions be documented. Second, GAO has previously reported that risk management, as it pertains to facility protection, relies heavily on having accurate and timely information. Third, documenting risk management decisions is also a necessary part of an effective internal-control system and important in order to retain institutional knowledge and inform decision-making. Without documentation, decision makers may not effectively understand the rationale behind decisions-or, in the case of risk management-make important security-related decisions. As a result, GAO recommended that the National Gallery take steps to document its risk management decisions. In 2018, GAO confirmed that the National Gallery had taken steps to implement that recommendation. Specifically, the National Gallery adopted a tool the Interagency Security Committee provides federal agencies to document their risk management decisions. As part of this process, the National Gallery is now documenting its risk management decisions, including the rationale for accepting risk, and those decisions are reviewed and approved by the National Gallery's management. By taking this step, the National Gallery is better positioned to ensure that it is complying with federal physical security standards. It is also helping the National Gallery address gaps in its institutional knowledge and assisting its decision makers make important physical security risk management decisions.

  1. Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to ensure that program goals and performance measures linked to those goals are included as part of the master security plan and develop a timeline for completion of this plan.
  2. Agency Affected: National Gallery of Art
  3. Status: Open
  4. Comments: The National Gallery concurred with this recommendation and said it would take steps to implement it. In February 2019, the National Gallery approved the Office of Protection Services' 5-year strategic plan, which included goals for security. However, as of June 2020, work to establish performance measures was not yet complete. We will continue to monitor the National Gallery's progress in implementing this recommendation

  1. Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to seek additional input from federal entities with expertise regarding ways to enhance testing of the physical security program.
  2. Agency Affected: National Gallery of Art
  3. Status: Closed - Implemented
  4. Comments: The National Mall in Washington, D.C., is home to some of the most visited museums and galleries in the world. Various federal entities, such as the National Gallery of Art (National Gallery), are responsible for the physical security of the National Mall, which includes conducting risk assessments of their assets and implementing measures to protect those assets, employees, and the visiting public. In 2017, GAO reported that the National Gallery was taking steps to test aspects of its physical security program on the National Mall and had reached out to other entities to help improve its overall program but had not made testing a focus of its efforts. Testing is a key practice for physical security programs. Testing-both covert and planned-can help determine whether security staff and equipment are adequate under real and simulated conditions, and the results of testing can provide insight into the effectiveness of efforts to mitigate potential vulnerabilities. Further, physical security standards for nonmilitary federal facilities in the United States state that nonmilitary federal entities should use testing to assess and document the effectiveness of their physical security programs. GAO has also reported that the Department of Justice's U.S. Marshals Service (Marshals Service), which has primary responsibility for the security of federal courthouses, have years of experience in testing security-screening efforts in federal buildings-places where balancing public access and security is an important factor. Marshals Service officials told GAO they would be willing to share their expertise in planning and conducting testing with entities on the National Mall. As a result, GAO recommended that the National Gallery seek additional input from federal entities with expertise regarding ways to enhance testing of its physical security programs. In 2019, GAO confirmed that the National Gallery took steps to implement that recommendation. Specifically, beginning in late 2017, the National Gallery worked with other federal entities located on or around the National Mall to adapt guidance provided by the Marshals Service to develop standard operating procedures for testing the security of its facilities. In October 2019, those procedures were approved and put into effect. By taking this step, the National Gallery is better positioned to assess the effectiveness of its physical security program on the National Mall.