Skip to Highlights
Highlights

Pursuant to a congressional request, GAO reviewed the Department of Justice's protection of classified and sensitive documents, focusing on the: (1) security compliance review activities of the Security Compliance Review Group (SCRG); (2) Federal Bureau of Investigation's (FBI) nightly security inspections of its headquarters building; and (3) controls placed on classified documents sent between the Justice and FBI headquarters buildings.

Skip to Recommendations

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Justice 1. The Attorney General should direct SCRG to explore other alternatives for selecting and conducting the number of security compliance reviews done each year. For example, internal inspections reports and security violations summaries done by Justice components could be used by SCRG in its deliberations on what locations should be reviewed, and when and to what extent, thereby maximizing the use of its limited resources.
Closed - Implemented
The Department has developed a program which requires its agencies and bureaus to include security specialists in all of their inspections. It also is working closely with agencies' and bureaus' security program to conduct compliance reviews and in training component specialists to assist SCRG in conducting such reviews. The Department has also requested component inspection reports for use in considering locations for SCRG. As a result, SCRG has been able to increase the numbers of compliance reviews since the report was issued, and conduct more following and unscheduled reviews.
Department of Justice 2. The Attorney General should direct FBI to continue to work with SCRG in its efforts to review other FBI facilities to ensure that all FBI facilities are in full compliance with Justice security policies and procedures.
Closed - Implemented
FBI has agreed that SCRG will continue to conduct compliance reviews of FBI field offices and FBI has designated two security specialists to accompany SCRG teams on such reviews. Several offices have been inspected using the approach since the report was issued. In addition, FBI inspection laws using security specialists continues to conduct its own security reviews as part of its own overall field office inspections.
Department of Justice 3. The Attorney General should direct FBI to begin imposing disciplinary actions for security violations in accordance with its own internal guidelines.
Closed - Implemented
In November 1993, the FBI's Security Patrol began using a revised Security Violations Report (Form 3-589) to better distinguish between security and safety violations. Concurrently, FBI launched various security awareness and education initiatives to inform employees of recurring violations and to re-emphasize security regulations and procedures to ensure corrective actions and reduce the number of security violations. In December 1994, FBI published, and advised its employees of, revised guidelines regarding security accountability. The guidelines were expanded and modified to be consistent with what officials believed were appropriate actions for given security violations. However, FBI has not specifically stated what actions it has taken to apply its modified guidelines. Nevertheless, the above actions, overall, satisfy the spirit of this recommendation.
Department of Justice 4. The Attorney General should direct both the Justice and FBI mail management units to more strictly enforce the established procedures for sending classified documents through the interoffice courier mail systems.
Closed - Implemented
To ensure that established security requirements are properly implemented, SCRG conducted a review of the interoffice mail system in January 1994, focusing on the records for receipt, dispatch, and accountability of sensitive and classified documents in the system. A report was prepared for the Department Security Officer and appropriate component heads. A follow-up review is scheduled for late 1994.

Full Report