What GAO Found
FPS faces challenges ensuring that contract guards have been properly trained and certified before being deployed to federal facilities around the country. In its September 2013 report, GAO found that providing active shooter response and screener training is a challenge for FPS. For example, according to officials at five guard companies, their contract guards have not received training on how to respond during incidents involving an active shooter. Without ensuring that all guards receive training on how to respond to incidents at federal facilities involving an active-shooter, FPS has limited assurance that its guards are prepared for this threat. Similarly, an official from one of FPS's contract guard companies stated that 133 (about 38 percent) of its approximately 350 guards have never received screener training. As a result, guards deployed to federal facilities may be using x-ray and magnetometer equipment that they are not qualified to use which raises questions about their ability to screen access control points at federal facilities--one of their primary responsibilities. GAO was unable to determine the extent to which FPS's guards have received active-shooter response and screener training, in part, because FPS lacks a comprehensive and reliable system for guard oversight. FPS agreed with GAO's 2013 recommendation that they take steps to identify guards that have not had required training and provide it to them. GAO also found that FPS continues to lack effective management controls to ensure its guards have met its training and certification requirements. For instance, although FPS agreed with GAO's 2012 recommendation that it develop a comprehensive and reliable system for managing information on guards' training, certifications, and qualifications, it does not yet have such a system.
FPS also continues to face challenges assessing risk at federal facilities. GAO reported in 2012 that FPS is not assessing risks at federal facilities in a manner consistent with federal standards. GAO's preliminary results from its ongoing work on risk assessments at federal facilities indicate that this is still a challenge for FPS and several other federal agencies. Federal standards, such as the National Infrastructure Protection Plan's risk management framework and ISC's risk assessment provisions, state that a risk assessment should include threat, vulnerability, and consequence assessments. Risk assessments help decision-makers identify and evaluate security risks and implement protective measures to mitigate the risk. Instead of conducting risk assessments, FPS is using an interim vulnerability assessment tool, referred to as the Modified Infrastructure Survey Tool (MIST) to assess federal facilities until it develops a longer-term solution. However, MIST does not assess consequence (the level, duration, and nature of potential loss resulting from an undesirable event). Three of the four risk assessment experts GAO spoke with generally agreed that a tool that does not estimate consequences does not allow an agency to fully assess risks. Thus, FPS has limited knowledge of the risks facing about 9,600 federal facilities around the country. FPS officials stated that they did not include consequence information in MIST because it was not part of the original design. GAO will continue to monitor this issue and plans to report its final results early next year.
Why GAO Did This Study
As part of the Department of Homeland Security (DHS), the Federal Protective Service (FPS) is responsible for protecting federal employees and visitors in approximately 9,600 federal facilities under the control and custody of the General Services Administration (GSA). Recent incidents at federal facilities demonstrate their continued vulnerability to attacks or other acts of violence. To help accomplish its mission, FPS conducts facility security assessments and has approximately 13,500 contract security guards deployed to federal facilities.
This testimony discusses challenges FPS faces in (1) ensuring contract security guards deployed to federal facilities are properly trained and certified and (2) conducting risk assessments at federal facilities. It is based on GAO work issued from 2008 through 2013 on FPS's contract guard and risk assessment programs, and preliminary results of GAO's ongoing work to determine the extent to which FPS and select federal agencies' facility risk assessment methodologies align with federal risk assessment standards. To perform this work, GAO reviewed FPS's and eight federal agencies' risk assessment documentation and compared it to the Interagency Security Committee (ISC) standards. These agencies were selected based on their missions and types of facilities.
DHS and FPS agreed with the recommendations in GAO's 2012 and 2013 reports to improve FPS's contract guard and risk assessment processes.