Skip to Highlights
Highlights

What GAO Found

The Department of Homeland Security's (DHS) Federal Protective Service (FPS) and the Department of Justice's (DOJ) United States Marshals Service (USMS) experience a range of challenges in their efforts to provide effective security screening, including:

Building characteristics and location may limit security options: many General Services Administration (GSA) buildings were designed and constructed before security screening became a priority.

Balancing security and public access: striking an appropriate balance between facilitating the public's access to government services and providing adequate security can be difficult, for example, when there is a high volume of visitors.

Operating with limited resources: some FPS protective security officers are not fully trained to conduct security screening, and FPS and USMS may have limited funding for additional training or additional security officers.

Working with multiple federal tenants: many tenant stakeholders at multi-tenant GSA buildings have differing needs and priorities that may not always align when trying to build consensus for security-screening decisions.

Effectively informing the public of prohibited items: prohibited items vary by building, and some signage did not effectively relay information to the public.

To assess security-screening efforts, both FPS and USMS have taken steps such as conducting covert and intrusion tests and collecting data on prohibited items. From fiscal years 2011 to 2013, FPS data show that protective security officers passed covert tests on security-screening procedures at a low rate. In October 2012, FPS reduced the number of screening scenarios used for covert testing, but has since reinstated some of them. USMS data show that court security officers passed intrusion tests on security screening at a higher rate. For example, USMS reported that court security officers passed 83 percent of intrusion tests on security screening in fiscal year 2010, 91 percent in fiscal year 2011, and 92 percent in fiscal years 2012 and 2013. Although USMS tests more frequently than FPS, it has not met its intrusion-test frequency requirement per building each year. In addition, FPS's and USMS's data on prohibited items show wide variations in the number of items identified across buildings. For example, FPS reported it had detected approximately 700,000 prohibited items in 2013; however, FPS data showed that there were 295 buildings with no reported data on prohibited items from fiscal years 2004 through 2013. While FPS and USMS may use the results of covert and intrusion tests to address problems at the individual building or FPS region or USMS district level, to some degree, they do not use the results to strategically assess performance nationwide. The benefits of using data in this manner are reflected in the Interagency Security Committee's (ISC) guidance, as well as key practices in security and internal control standards GAO has developed. Without a more strategic approach to assessing performance, both FPS and USMS are not well positioned to improve security screening nationwide, identify trends and lessons learned, and address the aforementioned challenges related to screening in a complex security environment.

Why GAO Did This Study

FPS and USMS conduct building security screening at thousands of GSA buildings across the country. Given continued concerns related to the security of federal buildings, GAO was asked to examine the: (1) challenges federal entities face in their efforts to prevent prohibited items and individuals who may pose a security threat from entering GSA buildings and (2) actions federal entities have taken to assess the effectiveness of their screening efforts, and the results of those actions. GAO conducted site visits to 11 selected buildings in three metropolitan areas based on a variety of criteria, including security level, agency officials' recommendations, and for FPS, possible inconsistencies in its data on prohibited items, and other factors. GAO analyzed FPS's and USMS's data, reviewed relevant documentation, and interviewed FPS and USMS officials in headquarters and the field.

Skip to Recommendations

Recommendations

GAO recommends that FPS and USMS each develop and implement a strategy for using covert and intrusion testing, and prohibited-items data to improve security-screening efforts. Specifically, for FPS, the strategy would, among other things, help determine which covert testing scenarios to use. For USMS, the strategy would, among other things, help determine the appropriate frequency of intrusion testing. DHS and DOJ concurred with GAO's recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Homeland Security 1. The Secretary of the Department of Homeland Security should direct FPS to develop and implement a strategy for using covert-testing data and data on prohibited items to improve FPS's security-screening efforts. The strategy should, at a minimum, aim to ensure that: (1) covert-testing data are used to systematically monitor, review, and improve performance nationwide; (2) covert-testing data are used to determine which testing scenarios will be implemented or reinstated; and (3) data on prohibited items are analyzed to determine the reasons for wide variations in the number of reported prohibited-items detected across buildings and to assist with managing the screening process and informing policy.
Closed - Implemented
The Federal Protective Service (FPS) conducts building security screening at federal buildings across the country. In 2015, GAO reported that FPS has taken steps to assess its security screening efforts such as conducting covert tests and collecting data on prohibited items. However, from fiscal years 2011 and 2013, FPS data showed that protective security officers passed covert tests on security-screening procedures at a low rate. GAO found issues FPS needed to address related to 3 areas: covert testing data, screening scenarios for covert testing, and data on prohibited items. More specifically, FPS officials said that they use covert testing to help determine weaknesses in personnel capabilities and performance, as well as gaps in screening, security countermeasures, and access control processes at the building level. However, FPS headquarters officials also said that they had difficulty determining how to use the test results for improving their security-screening efforts overall. Furthermore, in October 2012, FPS reduced the number of screening scenarios it used for covert testing, but then reinstated some of them. Finally, FPS data on prohibited items showed a wide variation in the number of items identified across federal buildings, but FPS did not conduct systematic analyses of the prohibited items data they collect. GAO found that FPS's difficulties resulted in large part from its lack of a strategy or systematic approach to linking performance data with corrective actions on a nationwide basis by determining trends and helping to inform which types of scenarios to use for the covert tests. Also, a more strategic approach to analyze data on prohibited items would allow FPS to determine the reasons for wide variations in data, whether the data are incomplete, and if there are lessons learned that could be applied nationwide. Therefore, GAO recommended that FPS develop and implement a strategy for using covert-testing data and data on prohibited items to improve FPS's security-screening efforts at federal buildings. The strategy should, at a minimum, aim to ensure that (1) covert-testing data is used to systematically monitor and review performance nationwide; (2) covert-testing data are used to determine which testing scenarios will be implemented or reinstated; and (3) data on prohibited items are analyzed to determine the reasons for wide variations in the number of reported prohibited-items detected across buildings and to assist with managing the screening process and informing policy. In 2017, GAO confirmed that FPS developed and implemented a strategy for addressing our recommendation. This included establishing a working group that would review performance data nationwide to identify trends and monitor, review, and improve FPS's screening process. Using an analysis of cover testing data, FPS also reinstated a number of screening scenarios used for covert testing. FPS also incorporated an analysis of data on prohibited items into these data analysis efforts. Also on a monthly basis, FPS conducts a collaborative data analysis and evaluation of its covert-testing data with several internal divisions to identify any trends and work to mitigate any issues that are uncovered through the screening process. As a result, FPS has enhanced its ability to strategically manage security screening at federal buildings to more systematically assess its performance and improve its security posture overall.
Department of Justice 2. The Attorney General should direct USMS to develop and implement a strategy for using intrusion-testing data and data on prohibited items to improve USMS's security-screening efforts at federal courthouses held by GSA. The strategy should, at a minimum, aim to ensure that: (1) intrusion-testing data is used to systematically monitor and review performance nationwide; (2) intrusion-testing data are used to determine, with stakeholders, what frequency of testing is appropriate; and (3) data on prohibited items are analyzed to determine the reasons for wide variations in the number of reported prohibited-items detected across buildings and to assist with managing the screening process and informing policy.
Closed - Implemented
The U.S. Marshals Service (USMS) conducts building security screening at courthouses across the country. USMS experiences a range of challenges in its efforts to provide effective security screening. In 2015, GAO reported that USMS has taken steps to assess its security screening efforts such as conducting intrusion tests and collecting data on prohibited items. From fiscal years 2012 and 2013, USMS data showed that court security officers passed 92 percent of intrusion tests on security screening. However, USMS had been unable to meet its intrusion-test frequency requirement per building each year. USMS headquarters officials said that they did not systematically analyze intrusion-testing data. Greater use of the data could help USMS determine the number and frequency of tests that would be adequate and attainable within its available resources. Also, USMS data on prohibited items showed a wide variation in the number of items identified across courthouses. Overall, USMS may use the results of intrusion tests to address problems at the individual courthouses or USMS district level, to some degree, but USMS did not readily use the results to strategically assess performance nationwide. The benefits of using performance data in this strategic manner are reflected in Interagency Security Committee guidance, as well as key practices in security and internal control standards GAO has developed. Without a more strategic approach to assessing performance, USMS was not well positioned to improve security screening nationwide, identify trends and lessons learned, and address the challenges related to screening in a complex security environment. Therefore, GAO recommended that USMS develop and implement a strategy for using intrusion-testing data and data on prohibited items to improve USMS's security-screening efforts at federal courthouses held by GSA. The strategy should, at a minimum, aim to ensure that (1) intrusion-testing data is used to systematically monitor and review performance nationwide; (2) intrusion-testing data are used to determine, with stakeholders, what frequency of testing is appropriate; and (3) data on prohibited items are analyzed to determine the reasons for wide variations in the number of reported prohibited-items detected across buildings and to assist with managing the screening process and informing policy. In 2017, GAO confirmed that USMS has developed and implemented a strategy to improve its security screening efforts by using intrusion test data to monitor and review performance nationwide. Each month, data are gathered and reviewed from each intrusion test and the results are presented to USMS management. The data are used to show potential trends and potential weaknesses in USMS's security posture to ultimately guide any needed adjustments to USMS's policies and training. In 2016, USMS also revised its policy directive and procedures manual for its unannounced intrusion-testing process to help ensure that unannounced intrusion tests are conducted on a regular basis throughout the year to better evaluate the effectiveness of security measures in place at federal courts. According to USMS, this policy is continuously being evaluated to identify if further program improvements are needed. Lastly, USMS has ongoing efforts to collect and analyze monthly facility data, including statistical information on prohibited items. Despite variations in what items are prohibited between districts and specific facilities, USMS monitors the data and additional information gathered during the screening process to share relevant updates regarding specific types of prohibited items through USMS notification protocols and bulletins to USMS management and its contract court security officers. As a result, USMS has enhanced its ability to strategically manage security screening at federal courthouses to more systematically assess its performance and improve its security posture overall.

Full Report

GAO Contacts