This is the accessible text file for GAO report number GAO-09-1047T 
entitled 'Homeland Security: Federal Protective Service Has Taken Some 
Initial Steps to Address Its Challenges, but Vulnerabilities Still 
Exist' which was released on September 24, 2009. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Subcommittee on Economic Development, Public Buildings and 
Emergency Management, Committee on Transportation and Infrastructure: 

United States Government Accountability Office: 
GAO: 

For Release on Delivery: 
Expected at 2:00 p.m. EDT:
Wednesday, September 23, 2009: 

Homeland Security: 

Federal Protective Service Has Taken Some Initial Steps to Address Its 
Challenges, but Vulnerabilities Still Exist: 

Statement of Mark L. Goldstein, Director: 
Physical Infrastructure Team: 

GAO-09-1047T: 

GAO Highlights: 

Highlights of GAO-09-1047T, a testimony to Subcommittee on Economic 
Development, Public Buildings and Emergency Management, House Committee 
on Transportation and Infrastructure. 

Why GAO Did This Study: 

To accomplish its mission of protecting federal facilities, the Federal 
Protective Services (FPS), within the Department of Homeland Security 
(DHS), currently has a budget of about $1 billion, about 1,200 full-
time employees, and about 15,000 contract security guards. 

This testimony is based on completed and ongoing work for this 
Subcommittee and discusses: (1) challenges FPS faces in protecting 
federal facilities and (2) how FPSs actions address these challenges. 
To perform this work, GAO visited FPSs 11 regions, analyzed FPS data, 
and interviewed FPS officials, guards, and contractors. GAO also 
conducted covert testing at 10 judgmentally selected level IV 
facilities in four cities. Because of the sensitivity of some of the 
information, GAO cannot identify the specific locations of incidents 
discussed. A level IV facility has over 450 employees and a high volume 
of public contact. 

What GAO Found: 

FPS faces challenges that hamper its ability to protect government 
employees and members of the public who work in and visit federal 
facilities. First, as we reported in our June 2008 report, FPS does not 
have a risk management framework that links threats and vulnerabilities 
to resource requirements. Without such a framework, FPS has little 
assurance that its programs will be prioritized and resources will be 
allocated to address changing conditions. Second, as discussed in our 
July 2009 report, FPS lacks a strategic human capital plan to guide its 
current and future workforce planning efforts. FPS does not collect 
data on its workforces knowledge, skills, and abilities and therefore 
cannot determine its optimal staffing levels or identify gaps in its 
workforce and determine how to fill these gaps. Third, as we testified 
at a July 2009 congressional hearing, FPSs ability to protect federal 
facilities is hampered by weaknesses in its contract security guard 
program. GAO found that many FPS guards do not have the training and 
certifications required to stand post at federal facilities in some 
regions. For example, in one region, FPS has not provided the required 
8 hours of X-ray or magnetometer training to its 1,500 guards since 
2004. GAO also found that FPS does not have a fully reliable system for 
monitoring and verifying whether guards have the training and 
certifications required to stand post at federal facilities. In 
addition, FPS has limited assurance that guards perform assigned 
responsibilities (post orders). Because guards were not properly 
trained and did not comply with post orders, GAO investigators with the 
components for an improvised explosive device concealed on their 
persons, passed undetected through access points controlled by FPS 
guards at 10 of 10 level IV facilities in four major cities where GAO 
conducted covert tests. 

FPS has taken some actions to better protect federal facilities, but it 
is difficult to determine the extent to which these actions address 
these challenges because many of the actions are recent and have not 
been fully implemented. Furthermore, FPS has not fully implemented 
several recommendations that GAO has made over the last couple of years 
to address FPSs operational and funding challenges, despite the 
Department of Homeland Securitys concurrence with the recommendations. 
In addition, most of FPSs actions focus on improving oversight of the 
contract guard program and do not address the need to develop a risk 
management framework or a human capital plan. To enhance oversight of 
its contract guard program FPS is requiring its regions to conduct more 
guard inspections at level IV facilities and provide more x-ray and 
magnetometer training to inspectors and guards. However, several 
factors make these actions difficult to implement and sustain. For 
example, FPS does not have a reliable system to track whether its 11 
regions are completing these new requirements. Thus, FPS cannot say 
with certainty that the requirements are being implemented. FPS is also 
developing a new information system to help it better protect federal 
facilities. However, FPS plans to transfer data from several of its 
legacy systems, which GAO found were not fully reliable or accurate, 
into the new system. 

What GAO Recommends: 

GAO has ongoing work on FPS and plans to report its complete evaluation 
along with any recommendations at a later date. 

View [hyperlink, http://www.gao.gov/products/GAO-09-1047T] or key 
components. For more information, contact Mark Goldstein at (202) 512-
2834 or goldsteinm@gao.gov. 

[End of section] 

Madam Chair and Members of the Subcommittee: 

We are pleased to be here to discuss the Federal Protective Service's 
(FPS) efforts to ensure the protection of the over 1 million government 
employees, as well as members of the public, who work in and visit the 
nation's 9,000 federal facilities each year.[Footnote 1] There has not 
been a large-scale attack on a domestic federal facility since the 
terrorist attacks of September 11, 2001, and the 1995 bombing of the 
Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma. 
Nevertheless, the recent shooting death of a guard at the U.S. 
Holocaust Memorial Museum--though not a federal facility--demonstrates 
the continued vulnerability of public buildings to domestic terrorist 
attack. To accomplish its mission of protecting federal facilities, FPS 
currently has a budget[Footnote 2] of about $1 billion, about 1,200 
full time employees, and about 15,000 contract security guards deployed 
at federal facilities across the country. 

As the primary federal agency that is responsible for protecting and 
securing General Services Administration (GSA) facilities and federal 
employees and visitors across the country, FPS has the authority to 
enforce federal laws and regulations aimed at protecting federally 
owned and leased properties and the persons on such property. FPS 
conducts its mission by providing security services through two types 
of activities: (1) physical security activities--conducting threat 
assessments of facilities and recommending risk-based countermeasures 
aimed at preventing incidents at facilities--and (2) law enforcement 
activities--proactively patrolling facilities, responding to incidents, 
conducting criminal investigations, and exercising arrest authority. 

This testimony is based on completed[Footnote 3] and ongoing work 
[Footnote 4] for this Subcommittee and discusses (1) challenges FPS 
faces in protecting federal facilities and (2) how FPS's actions 
address these challenges. To perform this work, we visited FPS's 11 
regions, analyzed FPS data, and interviewed FPS officials, guards, and 
contractors. We also conducted covert testing at 10 judgmentally 
selected high risk facilities in four cities. Because of the 
sensitivity of some of the information in our report, we cannot 
specifically identify the locations of the incidents discussed. We 
conducted this performance audit from April 2007 to September 2009 in 
accordance with generally accepted government auditing standards. Those 
standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe that 
the evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives. 

FPS Faces Several Challenges That Hamper Its Ability to Protect Federal 
Facilities: 

FPS faces a number of challenges that hamper its ability to protect 
government employees and the public in federal facilities. For example, 
these challenges include (1) developing a risk management framework, 
(2) developing a human capital plan, and (3) better oversight of its 
contract security guard program. 

FPS Has Not Implemented a Risk Management Framework for Identifying 
Security Requirements and Allocating Resources: 

In our June 2008 report we found that in protecting federal facilities, 
FPS does not use a risk management approach that links threats and 
vulnerabilities to resource requirements. We have stated that without a 
risk management approach that identifies threats and vulnerabilities 
and the resources required to achieve FPS's security goals, there is 
little assurance that programs will be prioritized and resources will 
be allocated to address existing and potential security threats in an 
efficient and effective manner. While FPS has conducted risk related 
activities such as building security assessments (BSAs), we have 
reported several concerns with the Facilities Securities Risk 
Management system FPS currently uses to conduct these assessments. 
First, it does not allow FPS to compare risks from building to building 
so that security improvements to buildings can be prioritized across 
GSA's portfolio. Second, current risk assessments need to be 
categorized more precisely. According to FPS, too many BSAs are 
categorized as high or low risk, which does not allow for a refined 
prioritization of security improvements. Third, the system does not 
allow for tracking the implementation status of security 
recommendations based on assessments. 

BSAs are the core component of FPS's physical security mission. 
However, ensuring the quality and timeliness of them is an area in 
which FPS continues to face challenges. Many law enforcement security 
officers (LESOs)[Footnote 5] in the regions we visited stated that they 
do not have enough time to complete BSAs. For example, while FPS 
officials have stated that BSAs for level IV facilities[Footnote 6] 
should take between 2 to 4 weeks, several LESOs reported having only 1 
or 2 days to complete assessments for their buildings, in part, because 
of pressure from supervisors to complete BSAs as quickly as possible. 
Some regional supervisors have also found problems with the accuracy of 
BSAs. One regional supervisor reported that an inspector was repeatedly 
counseled and required to redo BSAs when supervisors found he was 
copying and pasting from previous assessments. Similarly, one regional 
supervisor stated that in the course of reviewing a BSA for an address 
he had personally visited, he realized that the inspector completing 
the BSA had not actually visited the site because the inspector 
referred to a large building when the actual site was a vacant plot of 
land owned by GSA. 

Moreover, some GSA and FPS officials have stated that LESOs lack the 
training and physical security expertise to prepare BSAs according to 
the standards. Currently, LESOs receive instructions on how to complete 
BSAs as part of a 4-week course at the Federal Law Enforcement Training 
Center's Physical Security Training Program. However, many LESOs and 
supervisors in the regions we visited stated that this training is 
insufficient and that refresher training is necessary to keep LESOs 
informed about emerging technology, but that this refresher training 
has not been provided in recent years. Regional GSA officials also 
stated that they believe the physical security training provided to 
LESOs is inadequate and that it has affected the quality of the BSAs 
they receive. 

Further complicating FPS's ability to protect federal facilities is the 
building security committee structure. Building Security Committees 
(BSC) are composed of representatives from each tenant agency who 
generally are not security professionals but have responsibility for 
approving the countermeasures FPS recommends. However, in some of the 
facilities that we visited, security countermeasures were not 
implemented because BSC members could not agree on what countermeasures 
to implement or were unable to obtain funding from their agencies. For 
example, an FPS official in a major metropolitan city stated that over 
the last 4 years LESOs have recommended 24-hour contract guard coverage 
at one high-risk building located in a high crime area multiple times, 
but the BSC is not able to obtain approval from all its members. 

In addition, FPS faces challenges in ensuring that its fee-based 
funding structure accounts for the varying levels of risk and types of 
services provided at federal facilities. FPS funds its operations 
through security fees charged to tenant agencies. However, FPS's basic 
security fee, which funds most of its operations, does not account for 
the risk faced by specific buildings, the level of service provided, or 
the cost of providing services, raising questions about 
equity.[Footnote 7] FPS charges federal agencies the same basic 
security fee regardless of the perceived threat to a particular 
building or agency. In fiscal year 2009, FPS is charging 66 cents per 
square foot for basic security. Although FPS categorizes buildings 
according to security levels[Footnote 8] based on its assessment of 
each building's risk and size, this assessment does not affect the 
security fee FPS charges. For example, level I facilities typically 
face less risk because they are generally small storefront-type 
operations with a low level of public contact, such as a small post 
office or Social Security Administration office. However, these 
facilities are charged the same basic security fee of 66 cents per 
square foot as a level IV facility that has a high volume of public 
contact and may contain high-risk law enforcement and intelligence 
agencies and highly sensitive government records. 

FPS's basic security rate has raised questions about equity because 
federal agencies are required to pay the fee regardless of the level of 
service FPS provides or the cost of providing the service. For 
instance, in some of the regions we visited, FPS officials described 
situations where staff are stationed hundreds of miles from buildings 
under its responsibility, with many of these buildings rarely receiving 
services from FPS staff and relying mostly on local law enforcement 
agencies for law enforcement services. However, FPS charges these 
tenant agencies the same basic security fees as buildings in major 
metropolitan areas where numerous FPS police officers and LESOs are 
stationed and are available to provide security services. Consequently, 
FPS's cost of providing services is not reflected in its basic security 
charges. We also have reported that basing government fees on the cost 
of providing a service promotes equity, especially when the cost of 
providing the service differs significantly among different users, as 
is the case with FPS. In our July 2008 report, we recommended that FPS 
improve FPS's use of the fee-based system by developing a method to 
accurately account for the cost of providing security services to 
tenant agencies and ensuring that its fee structure takes into 
consideration the varying levels of risk and service provided at GSA 
facilities. While DHS agreed with this recommendation, FPS has not 
fully implemented it. 

FPS Does Not Have A Strategic Human Capital Plan to Guide Its Current 
and Future Workforce Planning Efforts: 

In our July 2009 report,[Footnote 9] we reported that FPS does not have 
a strategic human capital plan to guide its current and future 
workforce planning efforts. Our work has shown that a strategic human 
capital plan addresses two critical needs: It (1) aligns an 
organization's human capital program with its current and emerging 
mission and programmatic goals, and (2) develops long-term strategies 
for acquiring, developing, and retaining staff to achieve programmatic 
goals. In 2007, FPS took steps toward developing a Workforce Transition 
Plan to reflect its decision to move to a LESO-based workforce and 
reduce its workforce to about 950 employees. However, in 2008, FPS 
discontinued this plan because the objective of the plan--to reduce FPS 
staff to 950 to meet the President's Fiscal Year 2008 Budget--was no 
longer relevant because of the congressional mandate in its Fiscal Year 
2008 Consolidated Appropriations Act to increase its workforce to 1,200 
employees.[Footnote 10] FPS subsequently identified steps it needed to 
take in response to the mandate. However, we found that these steps do 
not include developing strategies for determining agency staffing 
needs, identifying gaps in workforce critical skills and competencies, 
developing strategies for use of human capital flexibilities, or 
strategies for retention and succession planning. 

Moreover, we found FPS's headquarters does not collect data on its 
workforce's knowledge, skills, and abilities. Consequently, FPS cannot 
determine what its optimal staffing levels should be or identify gaps 
in its workforce needs and determine how to modify its workforce 
planning strategies to fill these gaps. Effective workforce planning 
requires consistent agencywide data on the skills needed to achieve 
current and future programmatic goals and objectives. Without 
centralized or standardized data on its workforce, it is unclear how 
FPS can engage in short-and long-term strategic workforce planning. 
Finally, FPS's human capital challenges may be further exacerbated by a 
proposal in the President's 2010 budget to move FPS from Immigration 
and Custom Enforcement to the National Protection and Programs 
Directorate within DHS. If the move is approved, it is unclear which 
agency will perform the human capital function for FPS, or how the move 
will affect FPS's operational and workforce needs. We also recommended 
that FPS take steps to develop a strategic human capital plan to manage 
its current and future workforce needs. FPS concurred with our 
recommendation. 

FPS's Ability to Protect Federal Facilities Is Hampered by Weaknesses 
in Its Contract Guard Program: 

FPS's contract guards are the most visible component of FPS's 
operations as well as the public's first contact with FPS when entering 
a federal facility. Moreover, FPS relies heavily on its guards and 
considers them to be the agency's "eyes and ears" while performing 
their duties. However, as we testified at a July 2009 congressional 
hearing, FPS does not fully ensure that its guards have the training 
and certifications required to be deployed to a federal facility. While 
FPS requires that all prospective guards complete approximately 128 
hours of training, including 8 hours of x-ray and magnetometer 
training, FPS was not providing some of its guards with all of the 
required training in the six regions we visited. For example, in one 
region, FPS has not provided the required 8 hours of x-ray or 
magnetometer training to its 1,500 guards since 2004. X-ray and 
magnetometer training is important because the majority of the guards 
are primarily responsible for using this equipment to monitor and 
control access points at federal facilities. According to FPS 
officials, the 1,500 guards were not provided the required x-ray or 
magnetometer training because the region does not have employees who 
are qualified or have the time to conduct the training. Nonetheless, 
these guards continue to control access points at federal facilities in 
this region. In absence of the x-ray and magnetometer training, one 
contractor in the region said that they are relying on veteran guards 
who have experience operating these machines to provide some "on-the- 
job" training to new guards. Moreover, in the other five regions we 
visited where FPS is providing the x-ray and magnetometer training, 
some guards told us that they believe the training, which is computer 
based, is insufficient because it is not conducted on the actual 
equipment located at the federal facility. 

Lapses and weaknesses in FPS's x-ray and magnetometer training have 
contributed to several incidents at federal facilities in which the 
guards were negligent in carrying out their responsibilities. For 
example, at a level IV federal facility in a major metropolitan area, 
an infant in a carrier was sent through the x-ray machine. 
Specifically, according to an FPS official in that region, a woman with 
her infant in a carrier attempted to enter the facility, which has 
child care services. While retrieving her identification, the woman 
placed the carrier on the x-ray machine.[Footnote 11] Because the guard 
was not paying attention and the machine's safety features had been 
disabled,[Footnote 12] the infant in the carrier was sent through the x-
ray machine. x-ray machines are hazardous because of the potential 
radiation exposure. FPS investigated the incident and dismissed the 
guard. However, the guard subsequently sued FPS for not providing the 
required x-ray training. The guard won the suit because FPS could not 
produce any documentation to show that the guard had received the 
training, according to an FPS official. In addition, FPS officials from 
that region could not tell us whether the x-ray machine's safety 
features had been repaired. 

Moreover, FPS's primary system--Contract Guard Employment Requirements 
Tracking System (CERTS)--for monitoring and verifying whether guards 
have the training and certifications required to stand post at federal 
facilities is not fully reliable. We reviewed training and 
certification data for 663 randomly selected guards in 6 of FPS's 11 
regions maintained either in CERTS, which is the agency's primary 
system for tracking guard training and certifications, databases 
maintained by some regions, or contractor information. We found that 62 
percent, or 411 of the 663 guards who were deployed to a federal 
facility had at least one expired certification, including for example, 
firearms qualification, background investigation, domestic violence 
declaration, or CPR/First Aid training certification. Without domestic 
violence declarations certificates, guards are not permitted to carry a 
firearm. In addition, not having a fully reliable system to better 
track whether training has occurred may have contributed to a situation 
in which a contractor allegedly falsified training records. In 2007, 
FPS was not aware that a contractor who was responsible for providing 
guard service at several level IV facilities in a major metropolitan 
area had allegedly falsified training records until it was notified by 
an employee of the company. According to FPS's affidavit, the 
contractor allegedly repeatedly self-certified to FPS that its guards 
had satisfied CPR and First Aid training, as well as the contractually 
required bi-annual recertification training, although the contractor 
knew that the guards had not completed the required training and was 
not qualified to stand post at federal facilities. According to FPS's 
affidavit, in exchange for a $100 bribe, contractor officials provided 
a security guard with certificates of completion for CPR and First Aid. 
The case is currently being litigated in U.S. District Court. 

FPS has limited assurance that its 15,000 guards are complying with 
post orders once they are deployed to federal facilities. At each guard 
post, FPS maintains a book, referred to as post orders, that describes 
the duties that guards are to perform while on duty. According to post 
orders, guards have many duties, including access and egress control, 
operation of security equipment, such as x-ray and magnetometer, 
detecting, observing and reporting violations of post regulations, and 
answering general questions and providing directions to visitors and 
building tenants, among others. We found that in the 6 regions we 
visited that guard inspections are typically completed by FPS during 
regular business hours and in cities where FPS has a field office. In 
most FPS regions, FPS is only on duty during regular business hours and 
according to FPS, LESOs are not authorized overtime to perform guard 
inspections during night shifts or on weekends. However, on the few 
occasions when LESOs complete guard inspections at night or on their 
own time, FPS has found instances of guards not complying with post 
orders. For example, at a level IV facility, an armed guard was found 
asleep at his post after taking the pain killer prescription drug 
Percocet during the night shift. FPS's guard manual states that guards 
are not permitted to sleep or use any drugs (prescription or non- 
prescription) that may impair the guard's ability to perform duties. 

Finally, we identified substantial security vulnerabilities related to 
FPS's guard program. Each time they tried, our investigators 
successfully passed undetected through security checkpoints monitored 
by FPS guards, with the components for an IED concealed on their 
persons at 10 level IV facilities in four cities in major metropolitan 
areas. The specific components for this device, items used to conceal 
the device components, and the methods of concealment that we used 
during our covert testing are classified, and thus are not discussed in 
this testimony. Of the 10 level IV facilities we penetrated, 8 were 
government owned and 2 were leased facilities. The facilities included 
field offices of a U.S Senator and U.S. Representative as well as 
agencies of the Departments of Homeland Security, Transportation, 
Health and Human Services, Justice, State and others. The two leased 
facilities did not have any guards at the access control point at the 
time of our testing. Using publicly available information, our 
investigators identified a type of device that a terrorist could use to 
cause damage to a federal facility and threaten the safety of federal 
workers and the general public. The device was an IED made up of two 
parts--a liquid explosive and a low-yield detonator--and included a 
variety of materials not typically brought into a federal facility by 
employees or the public. Although the detonator itself could function 
as an IED, investigators determined that it could also be used to set 
off a liquid explosive and cause significantly more damage. To ensure 
safety during this testing, we took precautions so that the IED would 
not explode. For example, we lowered the concentration level of the 
material[Footnote 13]. To gain entry into each of the 10 level IV 
facilities, our investigators showed photo identification (state 
driver's license) and walked through the magnetometer machines without 
incident. The investigators also placed their briefcases with the IED 
material on the conveyor belt of the x-ray machine, but the guards 
detected nothing. Furthermore, our investigators did not receive any 
secondary searches from the guards that might have revealed the IED 
material that we brought into the facilities. At security checkpoints 
at 3 of the 10 facilities, our investigators noticed that the guard was 
not looking at the x-ray screen as some of the IED components passed 
through the machine. A guard questioned an item in the briefcase at one 
of the 10 facilities but the materials were subsequently allowed 
through the x-ray machines. At each facility, once past the guard 
screening checkpoint, our investigators proceeded to a restroom and 
assembled the IED. At some of the facilities, the restrooms were 
locked. Our investigators gained access by asking employees to let them 
in. With the IED completely assembled in a briefcase, our investigators 
walked freely around several floors of the facilities and into various 
executive and legislative branch offices, as described above. 

Despite increased awareness of security vulnerabilities at federal 
facilities, recent FPS penetration testing--similar to the convert 
testing we conducted in May 2009--showed that weaknesses in FPS's 
contract guard training continue to exist. In August 2009, we 
accompanied FPS on a test of security countermeasures at a level IV 
facility. During these tests, FPS agents placed a bag on the x-ray 
machine belt containing a fake gun and knife. The guard failed to 
identify the gun and knife on the x-ray screen and the undercover FPS 
official was able to retrieve his bag and proceed to the check-in desk 
without incident. During a second test, a knife was hidden on a FPS 
officer. During the test, the magnetometer detected the knife, as did 
the hand wand, but the guard failed to locate the knife and the FPS 
officer was able to gain access to the facility. According to the FPS 
officer, the guards who failed the test had not been provided the 
required x-ray and magnetometer training. Upon further investigation, 
only two of the eleven guards at the facility had the required x-ray 
and magnetometer training. However, FPS personnel in its mobile command 
vehicle stated that the 11 guards had all the proper certifications and 
training to stand post. It was unclear at the time, and in the after 
action report, whether untrained guards were allowed to continue 
operating the x-ray and magnetometer machines at the facilities or if 
FPS's LESOs stood post until properly trained guards arrived on site. 

FPS Has Recently Taken Some Actions to Better Protect Federal 
Facilities, However Many are Not Fully Implemented: 

While FPS has taken some actions to improve its ability to better 
protect federal facilities, it is difficult to determine the extent to 
which these actions address these challenges because most of them 
occurred recently and have not been fully implemented. It is also 
important to note that most of the actions FPS has recently taken focus 
on improving oversight of the contract guard program and do not address 
the need to develop a risk management framework and a human capital 
plan. In response to our covert testing, FPS has taken a number of 
actions. For example, in July 2009, 

* the Director of FPS instructed Regional Directors to accelerate the 
implementation of FPS's requirement that two guard posts at Level IV 
facilities be inspected weekly. 

*FPS also required more x-ray and magnetometer training for LESOs and 
guards. For example, FPS has recently issued an information bulletin to 
all LESOs and guards to provide them with information about package 
screening, including examples of disguised items that may not be 
detected by magnetometers or x-ray equipment. Moreover, FPS produced a 
15-minute training video designed to provide information on bomb- 
component detection. According to FPS, each guard was required to read 
the information bulletin and watch the DVD within 30 days. 

However, there are a number of factors that will make implementing and 
sustaining these actions difficult. First, FPS does not have adequate 
controls to monitor and track whether its 11 regions are completing 
these new requirements. Thus, FPS cannot say with certainty that it is 
being done. According to a FPS regional official implementing the new 
requirements may present a number of challenges, in part, because new 
directive appears to be based primarily on what works well from a 
headquarters or National Capital Region perspective, and not a regional 
perspective that reflects local conditions and limitations in staffing 
resources. In addition, another regional official estimated that his 
region is meeting about 10 percent of the required oversight hours and 
officials in another region said they are struggling to monitor the 
delivery of contractor-provided training in the region. Second, 
according to FPS officials, it has not modified any of its 129 guard 
contracts to reflect these new requirements, and therefore the 
contractors are not obligated to implement these requirements. One 
contractor stated that ensuring that its guards receive the additional 
training will be logistically challenging. For example, to avoid 
removing a guard from his/her post, one contractor plans to provide 
some of the training during the guards'15 minute breaks. Third, FPS has 
not completed any workforce analysis to determine if its current staff 
of about 930 law enforcement security officers will be able to 
effectively complete the additional inspections and provide the x-ray 
and magnetometer training to 15,000 guards, in addition to their 
current physical security and law enforcement responsibilities. Our 
previous work has raised questions about the wide range of 
responsibilities LESOs have and the quality of BSAs and guard 
oversight. According to the Director of FPS, while having more 
resources would help address the weaknesses in the guard program, the 
additional resources would have to be trained and thus could not be 
deployed immediately. 

In addition, as we reported in June 2008, FPS is in the process of 
developing a new system referred to as the Risk Assessment Management 
Program (RAMP). According to FPS, RAMP will be the primary tool FPS 
staff will use to fulfill their mission and is designed to be a 
comprehensive, systematic, and dynamic means of capturing, accessing, 
storing, managing, and utilizing pertinent facility information. RAMP 
will replace several legacy GSA systems that FPS brought to DHS, 
including CERTS, Security Tracking System, and other systems associated 
with the BSA program. We are encouraged that FPS is attempting to 
replace some of its legacy GSA systems with a more reliable and 
accurate system. However, we are not sure FPS has fully addressed some 
issues associated with implementing RAMP. For example, we are concerned 
about the accuracy and reliability of the information that will be 
entered into RAMP. According to FPS, the agency plans to transfer data 
from several of its legacy systems including CERTS into RAMP. In July 
2009, we reported on the accuracy and reliability issues associated 
with CERTS. FPS subsequently conducted an audit of CERTS to determine 
the status of its guard training and certification. However, the 
results of the audit showed that FPS was able to verify the status for 
about 7,600 of its 15,000 guards. According to an FPS official, one of 
its regions did not meet the deadline for submitting data to 
headquarters because its data was not accurate or reliable and 
therefore about 1,500 guards were not included in the audit. FPS was 
not able to explain why it was not able to verify the status of the 
remaining 5,900 guards. FPS expects RAMP to be fully operational in 
2011, however until that time FPS will continue to rely on its current 
CERTS system or localized databases that have proven to be inaccurate 
and unreliable. 

Finally, over the last couple of years we have completed a significant 
amount of work related to challenges described above and made 
recommendations to address these challenges. While DHS concurred with 
our recommendations, FPS has not fully implemented them. In addition, 
in October 2009, we plan to issue a public report on FPS key practices 
involving risk management, leveraging technology and information 
sharing and coordination. 

This concludes our testimony. We are pleased to answer any questions 
you might have. 

Contact Information: 

For further information on this testimony, please contact Mark 
Goldstein at 202-512-2834 or by email goldsteinm@gao.gov. Individuals 
making key contributions to this testimony include Tida Barakat, 
Jonathan Carver, Tammy Conquest, Bess Eisenstadt, Daniel Hoy, Susan 
Michal-Smith, and Lacy Vong. 

[End of section] 

Footnotes: 

[1] For the purposes of this report, federal facilities are the 9,000 
buildings under the control or custody of General Services 
Administration (GSA). 

[2] Funding for FPS is provided through revenues and collections 
charged to building tenants in FPS-protected property. The revenues and 
collections are credited to FPS's appropriation and are available until 
expended for the protection of federally owned and leased buildings and 
for FPS operations. 

[3] GAO, Homeland Security: Preliminary Results Show Federal Protective 
Service's Ability to Protect Federal Facilities Is Hampered By 
Weaknesses in Its Contract Security Guard Program, [hyperlink, 
http://www.gao.gov/products/GAO-09-859T] (Washington, D.C.: July 8, 
2009), GAO, Homeland Security: Federal Protective Service Should 
Improve Human Capital Planning and Better Communicate with Tenants, 
[hyperlink, http://www.gao.gov/products/GAO-09-749], (Washington, D.C.: 
July 30, 2009), and GAO, Homeland Security: The Federal Protective 
Service Faces Several Challenges That Hamper Its Ability to Protect 
Federal Facilities, [hyperlink, http://www.gao.gov/products/GAO-08-683] 
(Washington, D.C.: June 11, 2008). 

[4] We plan to provide Congress with our complete evaluation at a later 
date. 

[5] LESOs who are also referred to as inspectors are responsible for 
completing building security assessments and oversight of contract 
guards. 

[6] The level of security FPS provides at each of the 9,000 federal 
facilities varies depending on the building's security level. Based on 
the Department of Justice's (DOJ) 1995 Vulnerability Assessment 
Guidelines, there are five types of security levels. A level I facility 
is typically a small storefront -type operation such as military 
recruiting office which has 10 or fewer employees and a low volume of 
public contact. A level II facility has from 11 to 150 employees, a 
level III facility has from 151 to 450 federal employees and moderate 
to high volume of public contact, a level IV facility has over 450 
employees, a high volume of public contact, and includes high risk law 
enforcement and intelligence agencies. FPS does not have responsibility 
for a Level V facility which include the White House and the Central 
Intelligence Agency. The Interagency Security Committee has recently 
promulgated new security level standards that will supersede the 1995 
DOJ standards. 

[7] Some of the basic security services covered by this fee include law 
enforcement activities at GSA facilities, preliminary investigations, 
the capture and detention of suspects, and completion of BSAs. 

[8] These levels range from I (lowest risk) to IV (highest risk). 

[9] [hyperlink, http://www.gao.gov/products/GAO-09-749]. 

[10] Pub. L. No. 110-161, Division E, 121 Stat. 1844, 2051-2052 (2007). 

[11] X-ray machines are hazardous because of the potential radiation 
exposure. In contrast, magnetometers do not emit radiation and are used 
to detect metal. 

[12] With this safety feature disabled, the x-ray machine's belt was 
operating continuously although the guard was not present. 

[13] Tests that we performed at a national laboratory in July 2007 and 
in February 2006, demonstrated that a terrorist using these devices 
could cause severe damage to a federal facility and threaten the safety 
of federal workers and the general public. Our investigators obtained 
the components for these devices at local stores and over the Internet 
for less than $150. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAOs actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAOs Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: