Skip to main content

Information Sharing: The Federal Government Needs to Establish Policies and Processes for Sharing Terrorism-Related and Sensitive but Unclassified Information

GAO-06-385 Published: Mar 17, 2006. Publicly Released: Apr 17, 2006.
Skip to Highlights

Highlights

A number of initiatives to improve information sharing have been called for, including the Homeland Security Act of 2002 and in the Intelligence Reform and Terrorism Prevention Act of 2004. The 2002 act required the development of policies for sharing classified and sensitive but unclassified homeland security information. The 2004 act called for the development of an Information Sharing Environment for terrorism information. This report examines (1) the status of efforts to establish government-wide information sharing policies and processes and (2) the universe of sensitive but unclassified designations used by the 26 agencies that GAO surveyed and their related policies and procedures.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Office of the Director of National Intelligence To ensure effective implementation of the Intelligence Reform Act, the Director of National Intelligence should assess progress toward the milestones set in its Interim Implementation Plan.
Closed – Implemented
In fiscal year 2006, we reviewed and reported on efforts to establish government-wide information sharing policies and processes. We found that one effort to establish these tools included the creation of an Information Sharing Environment (ISE), as mandated by the Intelligence Reform and Terrorism Prevention Act of 2004. Part of this effort included the development of an Interim Implementation Plan that included a schedule for completing a number of key milestones for implementing the ISE. We recommended that the Director of National Intelligence assess progress toward the milestones set in its Interim Implementation Plan. The Program Manager for the ISE, within the Office of the...
Office of the Director of National Intelligence To ensure effective implementation of the Intelligence Reform Act, the Director of National Intelligence should identify any barriers to achieving these milestones, such as insufficient resources and determine ways to resolve them.
Closed – Implemented
In fiscal year 2006, we reviewed and reported on efforts to establish government-wide information sharing policies and processes. We found that one effort to establish government-wide information sharing policies and processes included the creation of an Information Sharing Environment (ISE) as mandated by the Intelligence Reform and Terrorism Prevention Act of 2004, and barriers, such as the availability of resources to meet the Act's mandates for the ISE may exist. While progress had been made towards implementing the ISE, the ISE Program Manager at the time expressed concern over resources, such as the budget for the ISE and number of staff available. Therefore, we recommended that...
Office of the Director of National Intelligence To ensure effective implementation of the Intelligence Reform Act, the Director of National Intelligence should recommend to the oversight committees with jurisdiction any necessary changes to the organizational structure or approach to creating the Information Sharing Environment.
Closed – Implemented
In fiscal year 2006, we reviewed and reported on efforts to establish government-wide information sharing policies and processes. We found that one effort to establish these tools included the creation of an Information Sharing Environment (ISE) as mandated by the Intelligence Reform and Terrorism Prevention Act of 2004. While progress had been made towards implementing the ISE, the ISE Program Manager at the time expressed concern over resources, such as the budget for the ISE and number of staff available. Therefore, we recommended that the Director of National Intelligence recommend to the oversight committees with jurisdiction any necessary changes to the organizational structure or...
Office of the Director of National Intelligence In carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB should use the results of our work to validate the inventory of designations that agencies are required to conduct in accordance with the memo.
Closed – Implemented
Among other things, our report recommended that in carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB use the results of our work to validate the inventory of designations that agencies are required to conduct in accordance with the memo. According the DHS co-chair of the interagency task force conducting this inventory and a senior official in the Office of the Director of National Intelligence--the organization that has ultimate responsibility for the results--our work has been very useful to the task force and helped them complete their inventory more expeditiously...
Office of Management and Budget In carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB should use the results of our work to validate the inventory of designations that agencies are required to conduct in accordance with the memo.
Closed – Implemented
Among other things, our report recommended that in carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB use the results of our work to validate the inventory of designations that agencies are required to conduct in accordance with the memo. According the DHS co-chair of the interagency task force conducting this inventory and a senior official in the Office of the Director of National Intelligence--the organization that has ultimate responsibility for the results--our work has been very useful to the task force and helped them complete their inventory more expeditiously...
Office of the Director of National Intelligence In carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB should issue a policy that consolidates sensitive but unclassified designations where possible and addresses their consistent application across agencies.
Closed – Implemented
On March 17, 2006, we reported on (1) the status of efforts to establish government-wide homeland security information sharing policies and processes, and (2) the universe of sensitive but unclassified (SBU) designations used by the 26 agencies that we surveyed to protect and restrict the dissemination of certain sensitive information, as well as the agencies' related policies and procedures. We reported, among other things, that the agencies that we reviewed were using 56 different sensitive but unclassified designations to protect information that they deemed critical to their missions. For most designations, there were no governmentwide policies or procedures that describe the basis...
Office of Management and Budget In carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB should issue a policy that consolidates sensitive but unclassified designations where possible and addresses their consistent application across agencies.
Closed – Implemented
On March 17, 2006, we reported on (1) the status of efforts to establish government-wide homeland security information sharing policies and processes, and (2) the universe of sensitive but unclassified (SBU) designations used by the 26 agencies that we surveyed to protect and restrict the dissemination of certain sensitive information, as well as the agencies' related policies and procedures. We reported, among other things, that the agencies that we reviewed were using 56 different sensitive but unclassified designations to protect information that they deemed critical to their missions. For most designations, there were no governmentwide policies or procedures that describe the basis...
Office of Management and Budget The Director of OMB, in his oversight role with respect to federal information management, should work with other agencies to develop and issue a directive requiring that agencies have in place internal controls that meet the standards set forth in GAO's Standards for Internal Controls in the Federal Government. This directive should include guidance for employees to use in deciding what information to protect with sensitive but unclassified designations; provisions for training on making designations, controlling, and sharing such information with other entities; and a review process to determine how well the program is working.
Closed – Implemented
In fiscal year 2006, we reviewed and reported on efforts to establish governmentwide information sharing policies and processes. We found that federal agencies we surveyed reported using a total of 56 different designations for information they determined to be sensitive but unclassified (SBU) and that no governmentwide policies or procedures were in place to describe the basis on which agencies should designate, mark, and handle this information. Moreover, governmentwide policies that required internal control practices were not in place. We concluded that by not providing guidance and monitoring, there is a probability that a designation might be misapplied, potentially restricting...

Full Report

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

Classified informationGovernment informationHomeland securityInformation accessInformation security managementInternal controlsStandardsStrategic planningTerrorismPolicies and proceduresInformation sharing