Information Sharing: The Federal Government Needs to Establish Policies and Processes for Sharing Terrorism-Related and Sensitive but Unclassified Information
GAO-06-385
Published: Mar 17, 2006. Publicly Released: Apr 17, 2006.
Skip to Highlights
Highlights
A number of initiatives to improve information sharing have been called for, including the Homeland Security Act of 2002 and in the Intelligence Reform and Terrorism Prevention Act of 2004. The 2002 act required the development of policies for sharing classified and sensitive but unclassified homeland security information. The 2004 act called for the development of an Information Sharing Environment for terrorism information. This report examines (1) the status of efforts to establish government-wide information sharing policies and processes and (2) the universe of sensitive but unclassified designations used by the 26 agencies that GAO surveyed and their related policies and procedures.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Office of the Director of National Intelligence | To ensure effective implementation of the Intelligence Reform Act, the Director of National Intelligence should assess progress toward the milestones set in its Interim Implementation Plan. | In fiscal year 2006, we reviewed and reported on efforts to establish government-wide information sharing policies and processes. We found that one effort to establish these tools included the creation of an Information Sharing Environment (ISE), as mandated by the Intelligence Reform and Terrorism Prevention Act of 2004. Part of this effort included the development of an Interim Implementation Plan that included a schedule for completing a number of key milestones for implementing the ISE. We recommended that the Director of National Intelligence assess progress toward the milestones set in its Interim Implementation Plan. The Program Manager for the ISE, within the Office of the... Director of National Intelligence, subsequently issued a formal Implementation Plan in November 2006 and reported on the progress of the ISE in its 2007 Annual Report to Congress.
View More |
| Office of the Director of National Intelligence | To ensure effective implementation of the Intelligence Reform Act, the Director of National Intelligence should identify any barriers to achieving these milestones, such as insufficient resources and determine ways to resolve them. | In fiscal year 2006, we reviewed and reported on efforts to establish government-wide information sharing policies and processes. We found that one effort to establish government-wide information sharing policies and processes included the creation of an Information Sharing Environment (ISE) as mandated by the Intelligence Reform and Terrorism Prevention Act of 2004, and barriers, such as the availability of resources to meet the Act's mandates for the ISE may exist. While progress had been made towards implementing the ISE, the ISE Program Manager at the time expressed concern over resources, such as the budget for the ISE and number of staff available. Therefore, we recommended that...
|
| Office of the Director of National Intelligence | To ensure effective implementation of the Intelligence Reform Act, the Director of National Intelligence should recommend to the oversight committees with jurisdiction any necessary changes to the organizational structure or approach to creating the Information Sharing Environment. | In fiscal year 2006, we reviewed and reported on efforts to establish government-wide information sharing policies and processes. We found that one effort to establish these tools included the creation of an Information Sharing Environment (ISE) as mandated by the Intelligence Reform and Terrorism Prevention Act of 2004. While progress had been made towards implementing the ISE, the ISE Program Manager at the time expressed concern over resources, such as the budget for the ISE and number of staff available. Therefore, we recommended that the Director of National Intelligence recommend to the oversight committees with jurisdiction any necessary changes to the organizational structure or...
|
| Office of the Director of National Intelligence | In carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB should use the results of our work to validate the inventory of designations that agencies are required to conduct in accordance with the memo. | Among other things, our report recommended that in carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB use the results of our work to validate the inventory of designations that agencies are required to conduct in accordance with the memo. According the DHS co-chair of the interagency task force conducting this inventory and a senior official in the Office of the Director of National Intelligence--the organization that has ultimate responsibility for the results--our work has been very useful to the task force and helped them complete their inventory more expeditiously...
|
| Office of Management and Budget | In carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB should use the results of our work to validate the inventory of designations that agencies are required to conduct in accordance with the memo. | Among other things, our report recommended that in carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB use the results of our work to validate the inventory of designations that agencies are required to conduct in accordance with the memo. According the DHS co-chair of the interagency task force conducting this inventory and a senior official in the Office of the Director of National Intelligence--the organization that has ultimate responsibility for the results--our work has been very useful to the task force and helped them complete their inventory more expeditiously...
|
| Office of the Director of National Intelligence | In carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB should issue a policy that consolidates sensitive but unclassified designations where possible and addresses their consistent application across agencies. | On March 17, 2006, we reported on (1) the status of efforts to establish government-wide homeland security information sharing policies and processes, and (2) the universe of sensitive but unclassified (SBU) designations used by the 26 agencies that we surveyed to protect and restrict the dissemination of certain sensitive information, as well as the agencies' related policies and procedures. We reported, among other things, that the agencies that we reviewed were using 56 different sensitive but unclassified designations to protect information that they deemed critical to their missions. For most designations, there were no governmentwide policies or procedures that describe the basis...
|
| Office of Management and Budget | In carrying out the President's December 2005 mandates for standardizing sensitive but unclassified information, the Director of National Intelligence and the Director of OMB should issue a policy that consolidates sensitive but unclassified designations where possible and addresses their consistent application across agencies. | On March 17, 2006, we reported on (1) the status of efforts to establish government-wide homeland security information sharing policies and processes, and (2) the universe of sensitive but unclassified (SBU) designations used by the 26 agencies that we surveyed to protect and restrict the dissemination of certain sensitive information, as well as the agencies' related policies and procedures. We reported, among other things, that the agencies that we reviewed were using 56 different sensitive but unclassified designations to protect information that they deemed critical to their missions. For most designations, there were no governmentwide policies or procedures that describe the basis...
|
| Office of Management and Budget | The Director of OMB, in his oversight role with respect to federal information management, should work with other agencies to develop and issue a directive requiring that agencies have in place internal controls that meet the standards set forth in GAO's Standards for Internal Controls in the Federal Government. This directive should include guidance for employees to use in deciding what information to protect with sensitive but unclassified designations; provisions for training on making designations, controlling, and sharing such information with other entities; and a review process to determine how well the program is working. | In fiscal year 2006, we reviewed and reported on efforts to establish governmentwide information sharing policies and processes. We found that federal agencies we surveyed reported using a total of 56 different designations for information they determined to be sensitive but unclassified (SBU) and that no governmentwide policies or procedures were in place to describe the basis on which agencies should designate, mark, and handle this information. Moreover, governmentwide policies that required internal control practices were not in place. We concluded that by not providing guidance and monitoring, there is a probability that a designation might be misapplied, potentially restricting...
|
Full Report
Public Inquiries
Topics
Classified informationGovernment informationHomeland securityInformation accessInformation security managementInternal controlsStandardsStrategic planningTerrorismPolicies and proceduresInformation sharing