Executive Office of the President: Procedures for Acquiring Access to and Safeguarding Intelligence Information

Citation
Executive Office of the President: Procedures for Acquiring Access to and Safeguarding Intelligence Information (NSIAD-98-245) (Sept. 30, 1998) (full-text).

Overview
Pursuant to a congressional request, the GAO reviewed whether the Executive Office of the President (EOP) had established procedures for: (1) acquiring personnel access to classified intelligence information, specifically sensitive compartmented information (SCI); and (2) safeguarding such information.

The GAO noted that: (1) the EOP Security Officer told the GAO that, for the period January 1993 until June 1996: (a) he could not find any EOP-wide procedures for acquiring access to SCI for the White House Office, the Office of Policy Development, the Office of the Vice President, the National Security Council, and the President's Foreign Intelligence Advisory Board for which the former White House Security Office provided security support; and (b) there were no EOP-wide procedures for acquiring access to SCI for the Office of Science and Technology Policy, the Office of the U.S. Trade Representative, the Office of National Drug Control Policy, and the Office of Administration for which the EOP security office provides security support; (2) the EOP-wide security procedures issued in March 1998 do not set forth security practices EOP offices are to follow in safeguarding classified information; (3) in contrast, the Office of Science and Technology Policy and the Office of the Vice President had issued office-specific security procedures that deal with safeguarding SCI material; (4) the remaining seven EOP offices that did not have office-specific procedures for safeguarding SCI and other classified information stated that they rely on Director of Central Intelligence Directive 1/19 for direction on such matters; (5) neither the EOP Security Office nor the security staff of the nine EOP offices GAO reviewed have conducted security self-inspections as described in Executive Order 12958; (6) EOP officials pointed out that security personnel routinely conduct daily desk, safe, and other security checks to ensure that SCI and other classified information is properly safeguarded; (7) these same officials also emphasized the importance and security value in having within each EOP office experienced security staff responsible for safeguarding classified information; (8) Executive Order 12958 gives the Director, Information Security Oversight Office, authority to conduct on-site reviews of each agency's classified programs; and (9) the Director of the Information Security Oversight Office said his office has never conducted an on-site security inspection of EOP classified programs.