Federal security guidance too often ignored, GAO says

The Interagency Security Committee responsible for federal facility standards needs to help governmental agencies understand how to employ and customize their basic set of standards to improve physical security, the General Accountability Office says in a recently released report (.pdf).
Standards developed by the ISC, part of the Homeland Security Department, include a decision-making process that can help agencies determine the effectiveness of their security programs, the GAO said in its report summary.
But a check of 32 agencies found compliance with the standards and use of its best practices varied widely. Only 22 of the 32 agencies had an agency-level security manager, the GAO says, or had documented performance measures to evaluate security effectiveness and correct deficiencies. Even fewer – 13 – had a manager responsible for allocating resources based on risk assessment.
The auditors dismissed arguments by some agencies that their unique facilities or existing physical security requirements limit their need to follow the standards, which the ISC says are highly customizable.
The auditors recommended the ISC proactively reach out to executive-branch agencies and provide a better explanation of how its standards should be used. They also said the organization should develop supplemental guidance to help managers determine how to allocate resources. DHS concurred with the recommendations.
For more:
-read the report summary
-download the report, GAO-13-222 (.pdf)
Related Articles: