Building Security

The federal government's reliance on leased space underscores the need to physically secure this space and help safeguard employees, visitors, and government assets. In April 2010 the Interagency Security Committee (ISC), comprised of 47 federal agencies and departments and chaired by the Department of Homeland Security (DHS), issued Physical Security Criteria for Federal Facilities (the 2010 standards) which supersede previous ISC standards. In response to Congress' direction to review ISC standards for leased space, this report (1) identifies challenges that exist in protecting leased space and (2) examines how the 2010 standards address these challenges. To conduct this work, GAO analyzed agency documents and interviewed federal officials from ISC, four federal departments selected as case studies based on their large square footage of leased space, and the Federal Protective Service (FPS). GAO also consulted prior work on federal real property and physical security, including key practices in facility protection.

Limited information about risks and the inability to control common areas and public access pose challenges to protecting leased space. Leasing officials do not always have the information needed to employ a risk management approach for allocating resources--a key practice in facility protection. Early risk assessments--those conducted before a lease is executed--can provide leasing officials with valuable information; however, FPS, which is the General Service Administration's (GSA) physical security provider, generally does not perform these assessments for leased space under 10,000 square feet--which constitutes a majority of GSA's leases. Under its memorandum of agreement (MOA) with GSA, FPS is not expected to perform these assessments and does not have the resources to do so. Another challenge in protecting leased space is tenant agencies' lack of control over common areas (such as elevator lobbies, loading docks, and the building's perimeter) which hampers their ability to mitigate risk from public access to leased space. In leased space, lessors, not tenant agencies, typically control physical security in common areas. To implement measures to counter risks in common areas, tenant agencies must typically negotiate with and obtain consent from lessors, who may be unwilling to implement countermeasures because of the potential burden or undue effect on other, nonfederal tenants. For example, tenant agencies in a high-risk, multitenant leased facility we visited have been unable to negotiate changes to the common space, including the installation of X-ray machines and magnetometers, because the lessor believed that the proposed countermeasures would inconvenience other tenants and the public. The 2010 standards show potential for addressing some challenges with leased space. These standards align with some key practices in facility protection because they prescribe a decision making process to determine, mitigate, and accept risks using a risk management approach. Further, by requiring that decision making be tracked and documented, the standards facilitate performance measurement that could help enable agency officials to determine if the most critical risks are being prioritized and mitigated. With its emphasis on the uniform use of early risk assessments, the 2010 standards provide a baseline requirement for agencies to consider as they develop protocols and allocate resources for protecting leased space. For example, GSA and FPS must now consider this requirement, which represents an expansion of the services currently expected of FPS, as they renegotiate their MOA. In contrast, a shortfall within the 2010 standards is that they offer little means for addressing tenant agencies' lack of control over common areas and public access. While the 2010 standards outline specific countermeasures for addressing public access, they lack in-depth discussion and guidance--such as best practices--that could provide a framework for working with lessors to implement these countermeasures. Given the critical role that lessors play, such guidance is warranted. As the government's central forum for exchanging information on facility protection, ISC is well positioned to develop and share this guidance. GAO recommends that DHS instruct ISC to establish a working group or other mechanism to determine guidance for working with lessors, and to incorporate this guidance into a future ISC standard or other product, as appropriate. DHS concurred with the report's recommendation.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Mark L. Goldstein Team: Government Accountability Office: Physical Infrastructure Phone: No phone on record