This is the accessible text file for GAO report number GAO-14-623T entitled 'Federal Protective Service: Protecting Federal Facilities Remains A Challenge' which was released on May 21, 2014. This text file was formatted by the U. S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U. S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from gao.Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony: Before the Committee on Transportation and Infrastructure, Subcommittee on Economic Development, Public Buildings, and Emergency Management, House of Representatives: For Release on Delivery: Expected at 10 a.m. ET: Wednesday, May 21, 2014: Federal Protective Service: Protecting Federal Facilities Remains A Challenge: Statement of Mark Goldstein, Director: Physical Infrastructure Team: GAO-14-623T: GAO Highlights: Highlights of GAO-14-623T, testimony before the Committee on Transportation and Infrastructure, Subcommittee on Economic Development, Public Buildings, and Emergency Management, House of Representatives. Why GAO Did This Study: Recent incidents at federal facilities demonstrate their continued vulnerability to attacks or other acts of violence. As part of the Department of Homeland Security (DHS), FPS is responsible for protecting federal employees and visitors in approximately 9,600 federal facilities under the control and custody the General Services Administration (GSA). To help accomplish its mission, FPS conducts facility security assessments and has approximately 13,500 contract security guards deployed to federal facilities. FPS charges fees for its security services to federal tenant agencies. This testimony discusses challenges FPS faces in (1) ensuring contract security guards deployed to federal facilities are properly trained and certified and (2) conducting risk assessments at federal facilities. It is based on GAO reports issued from 2009 through 2014 on FPS's contract guard and risk assessment programs. To perform this work, GAO reviewed FPS and guard company data and interviewed officials about oversight of guards. GAO compared FPS's and eight federal agencies' risk assessment methodologies to ISC standards that federal agencies must use. GAO selected these agencies based on their missions and types of facilities. GAO also interviewed agency officials and 4 risk management experts about risk assessments. What GAO Found: The Federal Protective Service continues to face challenges ensuring that contract guards have been properly trained and certified before being deployed to federal facilities around the country. In September 2013, for example, GAO reported that providing training for active shooter scenarios and screening access to federal facilities poses a challenge for FPS. According to officials at five guard companies, their contract guards have not received training on how to respond during incidents involving an active shooter. Without ensuring that all guards receive training on how to respond to active-shooter incidents at federal facilities, FPS has limited assurance that its guards are prepared for this threat. Similarly, an official from one of FPS's contract guard companies stated that 133 (about 38 percent) of its approximately 350 guards have never received screener training. As a result, guards deployed to federal facilities may be using x-ray and magnetometer equipment that they are not qualified to use raising questions about their ability to fulfill a primary responsibility of screening access control points at federal facilities. GAO was unable to determine the extent to which FPS's guards have received active- shooter response and screener training, in part, because FPS lacks a comprehensive and reliable system for guard oversight. GAO also found that FPS continues to lack effective management controls to ensure its guards have met its training and certification requirements. For instance, although FPS agreed with GAO's 2012 recommendations that it develop a comprehensive and reliable system for managing information on guards' training, certifications, and qualifications, it still does not have such a system. Additionally, 23 percent of the 276 contract guard files GAO reviewed did not have required training and certification documentation. For example, some files were missing items such as documentation of screener training, CPR certifications, and firearms qualifications. Assessing risk at federal facilities remains a challenge for FPS. GAO found in 2012 that federal agencies pay FPS millions of dollars to assess risk at their facilities, but FPS is not assessing risks in a manner consistent with federal standards. In March 2014, GAO found that this is still a challenge for FPS and several other agencies. The Interagency Security Committee's (ISC) Risk Management Process for Federal Facilities standard requires federal agencies to develop risk assessment methodologies that, among other things, assess the threat, vulnerability, and consequence to undesirable events. Risk assessments help decision-makers identify and evaluate security risks and implement protective measures. Instead of conducting risk assessments, FPS uses an interim vulnerability assessment tool, referred to as the Modified Infrastructure Survey Tool (MIST) to assess federal facilities until it develops a longer-term solution. However, MIST does not assess consequence (the level, duration, and nature of potential loss resulting from an undesirable event). Three of the four risk assessment experts GAO spoke with generally agreed that a tool that does not estimate consequences does not allow an agency to fully assess risks. Thus, FPS has limited knowledge of the risks facing about 9,600 federal facilities around the country. FPS officials stated that consequence information in MIST was not part of the original design, but they are exploring ways to incorporate it. What GAO Recommends: Since fiscal year 2010, GAO has made 31 recommendations to improve FPS's contract guard and risk assessment processes, of which 6 were implemented, 10 are in process, and 15 have not been implemented. View [hyperlink, http://www.gao.gov/products/GAO-14-623T]. For more information, contact Mark Goldstein, (202) 512-2834 or GoldsteinM@gao.gov. [End of section] Chairman Barletta, Ranking Member Carson, and Members of the Subcommittee: We are pleased to be here to discuss the efforts of the Department of Homeland Security's (DHS) Federal Protective Service (FPS) to protect the nearly 9,600 federal facilities that are under the control and custody of the General Services Administration (GSA), including the challenges associated with FPS's use of contract guards and risk assessments. The 2012 shooting at the Anderson Federal Building in Long Beach, California, the results of our 2009 covert testing, [Footnote 1] and FPS's ongoing penetration testing demonstrate the continued vulnerability of federal facilities. The challenge of protecting federal facilities is one of the major reasons why we have designated federal real property management as a high-risk area. [Footnote 2] FPS is authorized to (1) protect the buildings, grounds, and property that are under the control and custody of GSA, as well as the persons on the property; (2) enforce federal laws and regulations aimed at protecting such property and persons on the property; and (3) investigate offenses against these buildings and persons. [Footnote 3] FPS conducts its mission by providing security services through two types of activities: * physical security activities--conducting risk assessments and recommending countermeasures aimed at preventing incidents--and: * law enforcement activities--proactively patrolling facilities, responding to incidents, conducting criminal investigations, and exercising arrest authority. To accomplish its mission, FPS currently has almost 1,200 full-time employees and about 13,500 contract guards deployed at federal facilities across the country. It expects to receive approximately $1. 2 billion in fees for fiscal year 2014. [Footnote 4] Since 2008, we have reported on the challenges FPS faces with carrying out its mission, including overseeing its contract guards and assessing risk at federal facilities. FPS's contract guard program is the most visible component of the agency's operations, and the agency relies on its guards to be its "eyes and ears" while performing their duties. However, we reported in 2010 and again in 2013 that FPS continues to experience difficulty ensuring that its guards have the required training and certifications. Before guards are assigned to a post (an area of responsibility) at a federal facility, FPS requires that they all undergo employee fitness determinations[Footnote 5] and complete approximately 120 hours of training provided by the contractor and FPS, including basic training and firearms training. Guards must also possess the necessary certificates, licenses, and permits as required by the contract, such as CPR and first-aid certifications. Among other duties, contract guards are responsible for controlling access to facilities; conducting screening at access points to prevent the introduction of prohibited items, such as weapons and explosives; and responding to emergency situations involving facility safety and security. [Footnote 6] FPS also faces challenges assessing risks at the 9,600 facilities under the control and custody of GSA. In 2012 and in 2014, we reported that FPS's ability to protect and secure federal facilities has been hampered by the absence of a risk assessment program that is consistent with federal standards. To address issues with overseeing contract guards and conducting risk assessments, we made several recommendations which FPS agreed to implement. These recommendations and their status are discussed later in this statement. This testimony discusses challenges FPS faces in (1) ensuring contract security guards deployed to federal facilities are properly trained and certified and (2) conducting risk assessments at federal facilities. It is based on our reports and testimonies issued from 2009 through 2014 on FPS's contract guard and risk assessment programs. [Footnote 7] A complete list of these related products appears at the end of my statement. As part of the work for these products, we reviewed relevant statutes and federal guidance, examined FPS contract guard and risk assessment processes and procedures, reviewed a sample of contract guard files, conducted site visits to FPS's 11 regions where we interviewed FPS officials, and conducted interviews with the 31 guard companies with which FPS has contracted and 4 risk management experts. In addition, we reviewed FPS's and eight other selected federal agencies' risk assessment methodologies and compared it to the Risk Management Process for Federal Facilities standard (RMP) that the Interagency Security Committee (ISC) issued. [Footnote 8] The eight selected agencies include: Department of Energy, Office of Health, Safety, and Security; Department of Interior; Department of Justice, Justice Protective Service; Department of State, Diplomatic Security; Department of Veterans Affairs; Federal Emergency Management Agency; Nuclear Regulatory Commission; and Office of Personnel Management. We selected these agencies to achieve diversity with respect to the number and types of agencies' facilities, as well as the agencies' missions. We conducted our work in accordance with generally accepted government auditing standards. These standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Additional details about the scope and methodology can be found in each of these related reports. FPS Faces Challenges Ensuring Contract Guards Have Been Properly Trained and Certified before Being Deployed to Federal Facilities: Some FPS Contract Guards Have Not Received Required Training on Responding to Active-Shooter Scenarios: According to FPS officials, the agency has required its guards to receive training on how to respond to an active-shooter scenario since 2010. [Footnote 9] However, as our 2013 report shows,[Footnote 10] FPS faces challenges providing active-shooter response training to all of its guards. We were unable to determine the extent to which FPS's guards have received active-shooter response training, in part, because FPS lacks a comprehensive and reliable system for guard oversight (as discussed below). When we asked officials from 16 of the 31 contract guard companies we contacted if their guards had received training on how to respond during active-shooter incidents, responses varied. [Footnote 11] For example, of the 16 contract guard companies we interviewed about this topic: * officials from eight guard companies stated that their guards had received active-shooter scenario training during FPS orientation; * officials from five guard companies stated that FPS had not provided active-shooter scenario training to their guards during the FPS- provided orientation training; and: * officials from three guard companies stated that FPS had not provided active-shooter scenario training to their guards during the FPS-provided orientation training, but that the topic was covered at some other time. * Without ensuring that all guards receive training on how to respond to active-shooter incidents, FPS has limited assurance that its guards are prepared for this threat. According to FPS officials, the agency provides guards with information on how they should respond during an active-shooter incident as part of the 8-hour FPS-provided orientation training. FPS officials were not able to specify how much time is devoted to this training, but said that it is a small portion of the 2- hour special situations training. [Footnote 12] According to FPS's training documents, this training includes instructions on how to notify law enforcement personnel, secure the guard's area of responsibility, and direct building occupants according to emergency plans as well as the appropriate use of force. Some FPS Contract Guards Have Not Received Required Screener Training: As part of their 120 hours of FPS-required training, guards must receive 8 hours of screener training from FPS on how to use x-ray and magnetometer equipment. However, in our September 2013 report, [Footnote 13] we found that FPS has not provided required screener training to all guards. Screener training is important because many guards control access points at federal facilities and thus must be able to properly operate x-ray and magnetometer machines and understand their results. In 2009 and 2010, we reported that FPS had not provided screener training to 1,500 contract guards in one FPS region. [Footnote 14] In response to those reports, FPS stated that it planned to implement a program to train its inspectors to provide screener training to all its contract guards by September 2015. Information from guard companies we contacted indicate that guards who have never received this screener training continue to be deployed to federal facilities. * An official at one contract guard company stated that 133 of its approximately 350 guards (about 38 percent) on three separate FPS contracts (awarded in 2009) have never received their initial x-ray and magnetometer training from FPS. The official stated that some of these guards are working at screening posts. * Officials at another contract guard company in a different FPS region stated that, according to their records, 78 of 295 (about 26 percent) guards deployed under their contract have never received FPS's x-ray and magnetometer training. These officials stated that FPS's regional officials were informed of the problem, but allowed guards to continue to work under this contract, despite not having completed required training. Because FPS is responsible for this training, according to guard company officials, no action was taken against the company. Consequently, some guards deployed to federal facilities may be using x-ray and magnetometer equipment that they are not qualified to use-- thus raising questions about the ability of some guards to execute a primary responsibility to properly screen access control points at federal facilities. FPS Lacks Effective Management Controls to Ensure Contract Guards Have Met Training and Certification Requirements: In our September 2013 report, we found that FPS continues to lack effective management controls to ensure that guards have met training and certification requirements. For example, although FPS agreed with our 2012 recommendations to develop a comprehensive and reliable system to oversee contract guards, it still has not established such a system. Without a comprehensive guard management system, FPS has no independent means of ensuring that its contract guard companies have met contract requirements, such as providing qualified guards to federal facilities. Instead, FPS requires its guard companies to maintain files containing guard-training and certification information. The companies are then required to provide FPS with this information each month. In our September 2013 report, we found that 23 percent of the 276 guard files we reviewed (maintained by 11 of the 31 guard companies we interviewed) lacked required training and certification documentation. [Footnote 15] As shown in table 1, some guard files lacked documentation of basic training, semi-annual firearms qualifications, screener training, the 40-hour refresher training (required every 3 years), and CPR certification. Table 1: Total Missing Documents Identified in 64 of 276 Guard Files GAO Reviewed in 2013: Requirement: Copy of driver's license/State ID; Number of instances of each missing document: 1. Requirement: Domestic Violence "Lautenberg" Form; Number of instances of each missing document: 1. Requirement: Medical certification; Number of instances of each missing document: 1. Requirement: Verified alien/immigration status; Number of instances of each missing document: 3. Requirement: Current baton certification; Number of instances of each missing document: 3. Requirement: Basic training; Number of instances of each missing document: 3. Requirement: Firearms qualifications; Number of instances of each missing document: 3. Requirement: First-aid certification; Number of instances of each missing document: 5. Requirement: FPS screener training--8 hours; Number of instances of each missing document: 5. Requirement: FPS orientation; Number of instances of each missing document: 8. Requirement: Contractor employee fitness determination; Number of instances of each missing document: 12. Requirement: CPR certification; Number of instances of each missing document: 12. Requirement: AED certification; Number of instances of each missing document: 12. Requirement: Refresher training; Number of instances of each missing document: 15. Requirement: Pre-employment drug testing; Number of instances of each missing document: 16. Requirement: Initial weapons training; Number of instances of each missing document: 17. Requirement: Total; Number of instances of each missing document: 117[A]. Source: GAO analysis of contract guard company data. Note: These results are non-generalizable and based on a review of 276 randomly selected guard files for 11 of 117 FPS guard contracts. [A] Some of the files that did not comply with requirements were missing more than one document, for a total of 117 missing documents. [End of table] FPS has also identified guard files that did not contain required documentation. FPS's primary tool for ensuring that guard companies comply with contractual requirements for guards' training, certifications, and qualifications is to review guard companies' guard files each month. From March 2012 through March 2013, FPS reviewed more than 23,000 guard files. [Footnote 16] It found that a majority of the guard files had the required documentation but more than 800 (about 3 percent) did not. FPS's file reviews for that period showed files missing, for example, documentation for screener training, initial weapons training, CPR certification, and firearms qualifications. As our September 2013 report explains, however, FPS's process for conducting monthly file reviews does not include requirements for reviewing and verifying the results, and we identified instances in which FPS's monthly review results did not accurately reflect the contents of guard files. For instance, FPS's review indicated that required documentation was present for some guard files, but for some of those files we were not able to find (for example) documentation of training and certification, such as initial weapons training, DHS orientation, and pre-employment drug screenings. [Footnote 17] As a result of the lack of management controls, FPS is not able to provide reasonable assurance that guards have met training and certification requirements. FPS Continues to Face Challenges with Assessing Risk at Federal Facilities: We found in 2012 that FPS did not assess risks at the 9,600 facilities under the control and custody of GSA in a manner consistent with federal standards, although federal agencies paid FPS millions of dollars to assess risk at their facilities. Our March 2014 report examining risk assessments at federal facilities found that this is still a challenge for FPS and several other federal agencies. Federal standards such as the National Infrastructure Protection Plan's (NIPP) risk management framework and ISC's RMP call for a risk assessment to include a threat, vulnerability, and consequence assessment. Risk assessments help decision-makers identify and evaluate security risk and implement protective measures to mitigate risk. Moreover, risk assessments play a critical role in helping agencies tailor protective measures to reflect their facilities' unique circumstances and enable them to allocate security resources effectively. Instead of conducting risk assessments, FPS uses an interim vulnerability assessment tool, referred to as the Modified Infrastructure Survey Tool (MIST), with which it assesses federal facilities until it develops a longer-term solution. According to FPS, MIST allows it to resume assessing federal facilities' vulnerabilities and recommend countermeasures--something FPS has not done consistently for several years. MIST has some limitations. Most notably, it does not assess consequence (the level, duration, and nature of potential loss resulting from an undesirable event). Three of the four risk assessment experts we spoke with generally agreed that a tool that does not estimate consequences does not allow an agency to fully assess risks. FPS officials stated that it intends to eventually incorporate consequence into its risk assessment methodology and is exploring ways to do so. MIST was also not designed to compare risks across federal facilities. Consequently, FPS does not have the ability to comprehensively manage risk across its portfolio of 9,600 facilities and recommend countermeasures to federal tenant agencies. As of April 2014, according to an FPS official, FPS had used MIST to complete vulnerability assessments of approximately 1,200 federal facilities in fiscal year 2014 and have presented approximately 985 of them to the facility security committees. [Footnote 18] The remaining 215 assessments were under review by FPS. FPS Has Begun Some Initiatives, but Most GAO Recommendations Have Not Been Fully Implemented: FPS has begun several initiatives that, once fully implemented, should enhance its ability to protect the more than 1 million federal employees and members of the public who visit federal facilities each year. Since fiscal year 2010, we have made 31 recommendations to help FPS address its challenges with risk management, oversight of its contract guard workforce, and its fee-based funding structure. DHS and FPS have generally agreed with these recommendations. As of May 2014, as shown in table 2, FPS had implemented 6 recommendations, and was in the process of addressing 10 others, although none of the 10 have been fully implemented. The remaining 15 have not been implemented. According to FPS officials, the agency has faced difficulty in implementing many of our recommendations because of changes in its leadership, organization, funding, and staffing levels. Table 2: Status of GAO's fiscal year 2010 through 2013 Recommendations to the Federal Protective Service: Report number: Federal Protective Service: Challenges with Oversight of Contract Guard Program Still Exist, and Additional Management Controls Are Needed, GAO-13-694, September 2013; Recommendation: Take immediate steps to determine which guards have not had screener or active-shooter scenario training and provide it to them and, as part of developing a national lesson plan, decide how and how often these trainings will be provided in the future; Status: Not Implemented. Recommendation: Require that contract guard companies' instructors be certified to teach basic and refresher training courses to guards and evaluate whether a standardized instructor certification process should be implemented; Status: Not Implemented. Recommendation: Develop and implement procedures for monthly guard- file reviews to ensure consistency in selecting files and verifying the results; Status: Not Implemented. Report number: Federal Protective Service: Actions Needed to Assess Risk and Better Manage Contract Guards at Federal Facilities, GAO-12- 739, August 2012; Recommendation: Incorporate NIPP's risk management framework-- specifically in calculating risk to include threat, vulnerability, and consequence information--in any permanent risk assessment tool; Status: Not Implemented. Recommendation: Coordinate with GSA and other federal tenant agencies to reduce any unnecessary duplication in security assessments of facilities under the custody and control of GSA; Status: Not Implemented. Recommendation: Address MIST's limitations (assessing consequence, comparing risk across federal facilities, and measuring performance) to better assess and mitigate risk at federal facilities until a permanent system is developed and implemented; Status: Not Implemented. Recommendation: Develop and implement a new comprehensive and reliable system for contract guard oversight; Status: Not Implemented. Recommendation: Verify independently that FPS's contract guards are current on all training and certification requirements; Status: Not Implemented. Report number: Federal Protective Service: Actions Needed to Resolve Delays and Inadequate Oversight Issues with FPS's Risk Assessment and Management Program GAO-11-705R, July 2011; Recommendation: Evaluate whether it is cost-beneficial to finish developing RAMP or if other alternatives for completing FSAs and managing security guards would be more appropriate; Status: Implemented. Recommendation: Increase the use of project management best practices by managing requirements and conducting user acceptance testing for any future RAMP development efforts; Status: In process. Recommendation: Establish a process for verifying the accuracy of federal facility and guard training and certification data before entering them into RAMP; Status: Not Implemented. Recommendation: Develop interim solutions for completing FSAs and guard inspections while addressing RAMP's challenges; Status: Not Implemented. Recommendation: Complete contract performance evaluations for the current RAMP contractor, and ensure that the evaluations and other required documents are maintained in the contract file in accordance with DHS's acquisition policy and the Federal Acquisition Regulation; Status: In process. Report number: Budget Issues: Better Fee Design Would Improve Federal Protective Service's and Federal Agencies' Planning and Budgeting for Security, GAO-11-492, May 2011; Recommendation: Conduct regular reviews of FPS's security fees and use this information to inform its fee setting; Status: In process. Recommendation: Include system-wide capital investments when estimating costs and include them when setting basic security fee rates; Status: Implemented. Recommendation: Make information on the estimated costs of key activities as well as the basis for these cost estimates readily available to affected parties to improve the transparency and credibility--and hence the acceptance by stakeholders--of the process for setting and using the fees; Status: In process. Recommendation: Assess and report to Congress on: (1) the current and alternative fee structures, to include the options and trade-offs discussed in this report, and, if appropriate (2) options to fund FPS through a combination of fees and direct appropriations, to include the options and trade-offs discussed in this report; Status: In process. Recommendation: Evaluate and report to Congress on options to mitigate challenges agencies face in budgeting for FPS security costs, such as: (1) an alternative account structure for FPS to increase flexibility, while retaining or improving accountability and transparency or (2) an approved process for estimating fee rates; Status: In process. Recommendation: Collect and maintain an accurate list of points of contact of customer agency officials responsible for budget and billing activities as well as facility designated points of contact as we previously recommended; Status: Implemented. Report number: Homeland Security: Addressing Weaknesses with Facility Security Committees Would Enhance Protection of Federal Facilities, GAO-10-901, August 2010; Recommendation: Develop and implement procedures that, among other things, outline the facility security committees' organization structure, operations, decision-making authority, and accountability; Status: Implemented. Report number: Homeland Security: Federal Protective Service's Contract Guard Program Requires More Oversight and Reassessment of Use of Contract Guards, GAO-10-341, April 2010; Recommendation: Identify other approaches and options that would be most beneficial and financially feasible for protecting federal facilities; Status: Not Implemented. Recommendation: Rigorously and consistently monitor guard contractors' and guards' performance and step up enforcement against contractors that are not complying with the terms of the contract; Status: In process. Recommendation: Complete all contract performance evaluations in accordance with FPS and Federal Acquisition Regulation (FAR) requirements; Status: In process. Recommendation: Issue a standardized record-keeping format to ensure that contract files have required documentation; Status: In process. Recommendation: Develop a mechanism to routinely monitor guards at federal facilities outside metropolitan areas; Status: Not Implemented. Recommendation: Provide building-specific and scenario-based training and guidance to its contract guards; Status: Not Implemented. Recommendation: Develop and implement a management tool for ensuring that reliable, comprehensive data on the contract guard program are available on a real-time basis; Status: Not Implemented. Recommendation: Verify the accuracy of all guard certification and training data before entering them into Risk Assessment Management Program (RAMP), and periodically test the accuracy and reliability of RAMP data to ensure that FPS management has the information needed to effectively oversee its guard program; Status: Not Implemented. Report number: Homeland Security: Greater Attention to Key Practices Would Improve the Federal Protective Service's Approach to Facility Protection, GAO-10-142, October 2009; Recommendation: Provide the Secretary with regular updates, on a mutually agreed-to schedule, on the status of the Risk Assessment and Management Program (RAMP) and the National Countermeasures Program, including the implementation status of deliverables, clear timelines for completion of tasks and milestones, and plans for addressing any implementation obstacles; Status: Implemented. Recommendation: In conjunction with the National Countermeasures Program, to develop a methodology and guidance for assessing and comparing the cost-effectiveness of technology alternatives; Status: Implemented. Recommendation: Reach consensus with GSA on what information contained in the building security assessment (BSA) is needed for GSA to fulfill its responsibilities related to the protection of federal buildings and occupants, and accordingly, establish internal controls to ensure that shared information is adequately safeguarded; guidance for employees to use in deciding what information to protect with sensitive but unclassified (SBU) designations; provisions for training on making designations, controlling, and sharing such information with GSA and other entities; and a review process to evaluate how well this information sharing process is working, with results reported to the Secretary regularly on a mutually agreed-to schedule; Status: In process. Source: GAO analysis of FPS data: Note: We received and reviewed information from FPS regarding our recommendations and, based on this information, categorized our recommendations accordingly. "In process" indicates that FPS has actions ongoing but has not completed them. "Not implemented" indicates that FPS has not yet taken any action to address our recommendations. [End of table] Contact Information: For further information on this testimony, please contact Mark Goldstein at (202) 512-2834 or by email at GoldsteinM@gao.gov. Individuals making key contributions to this testimony include Tammy Conquest, Assistant Director; Geoff Hamilton; Jennifer DuBord; and SaraAnn Moessbauer. [End of section] Related GAO Products: Federal Facility Security: Additional Actions Needed to Help Agencies Comply with Risk Assessment Methodology Standards. [hyperlink, http://www.gao.gov/products/GAO-14-86]. Washington, D.C.: March 5, 2014. Homeland Security: Federal Protective Service Continues to Face Challenges with Contract Guards and Risk Assessments at Federal Facilities. [hyperlink, http://www.gao.gov/products/GAO-14-235T]. Washington, D.C.: December 17, 2013. Homeland Security: Challenges Associated with Federal Protective Service's Contract Guards and Risk Assessments at Federal Facilities. [hyperlink, http://www.gao.gov/products/GAO-14-128T]. Washington, D.C.: October 30, 2013. Federal Protective Service: Challenges with Oversight of Contract Guard Program Still Exist, and Additional Management Controls Are Needed. [hyperlink, http://www.gao.gov/products/GAO-13-694]. Washington, D.C.: September 17, 2013. Facility Security: Greater Outreach by DHS on Standards and Management Practices Could Benefit Federal Agencies. [hyperlink, http://www.gao.gov/products/GAO-13-222]. Washington, D.C.: January 24, 2013. Federal Protective Service: Actions Needed to Assess Risk and Better Manage Contract Guards at Federal Facilities. [hyperlink, http://www.gao.gov/products/GAO-12-739]. Washington, D.C.: August 10, 2012. Federal Protective Service: Actions Needed to Resolve Delays and Inadequate Oversight Issues with FPS's Risk Assessment and Management Program. [hyperlink, http://www.gao.gov/products/GAO-11-705R]. Washington, D.C.: July 15, 2011. Federal Protective Service: Progress Made but Improved Schedule and Cost Estimate Needed to Complete Transition. [hyperlink, http://www.gao.gov/products/GAO-11-554]. Washington, D.C.: July 15, 2011. Homeland Security: Protecting Federal Facilities Remains a Challenge for the Department of Homeland Security's Federal Protective Service. [hyperlink, http://www.gao.gov/products/GAO-11-813T]. Washington, D.C.: July 13, 2011. Federal Facility Security: Staffing Approaches Used by Selected Agencies. [hyperlink, http://www.gao.gov/products/GAO-11-601]. Washington, D.C.: June 30, 2011. Budget Issues: Better Fee Design Would Improve Federal Protective Service's and Federal Agencies' Planning and Budgeting for Security, [hyperlink, http://www.gao.gov/products/GAO-11-492]. Washington, D.C.: May 20, 2011. Homeland Security: Addressing Weaknesses with Facility Security Committees Would Enhance Protection of Federal Facilities, [hyperlink, http://www.gao.gov/products/GAO-10-901]. Washington, D.C.: August 5, 2010. Homeland Security: Preliminary Observations on the Federal Protective Service's Workforce Analysis and Planning Efforts. [hyperlink, http://www.gao.gov/products/GAO-10-802R]. Washington, D.C.: June 14, 2010. Homeland Security: Federal Protective Service's Use of Contract Guards Requires Reassessment and More Oversight. [hyperlink, http://www.gao.gov/products/GAO-10-614T]. Washington, D.C.: April 14, 2010. Homeland Security: Federal Protective Service's Contract Guard Program Requires More Oversight and Reassessment of Use of Contract Guards. [hyperlink, http://www.gao.gov/products/GAO-10-341]. Washington, D.C.: April 13, 2010. Homeland Security: Ongoing Challenges Impact the Federal Protective Service's Ability to Protect Federal Facilities. [hyperlink, http://www.gao.gov/products/GAO-10-506T]. Washington, D.C.: March 16, 2010. Homeland Security: Greater Attention to Key Practices Would Improve the Federal Protective Service's Approach to Facility Protection. [hyperlink, http://www.gao.gov/products/GAO-10-142]. Washington, D.C.: October 23, 2009. Homeland Security: Preliminary Results Show Federal Protective Service's Ability to Protect Federal Facilities Is Hampered by Weaknesses in Its Contract Security Guard Program, [hyperlink, http://www.gao.gov/products/GAO-09-859T]. Washington, D.C.: July 8, 2009. [End of section] Footnotes: [1] GAO, Homeland Security: Preliminary Results Show Federal Protective Service's Ability to Protect Federal Facilities Is Hampered by Weaknesses in Its Contract Security Guard Program, [hyperlink, http://www.gao.gov/products/GAO-09-859T (Washington, D.C.: July 8, 2009). [2] GAO, High Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-13-283 (Washington, D.C.: February 14, 2013). [3] Section 1315(a) of title 40, United States Code, provides that: "To the extent provided for by transfers made pursuant to the Homeland Security Act of 2002, the Secretary of Homeland Security…shall protect the buildings, grounds, and property that are owned, occupied, or secured by the Federal Government (including any agency, instrumentality, or wholly owned or mixed-ownership corporation thereof) and the persons on the property. " [4] To fund its operations, FPS charges fees for its security services to federal tenant agencies in GSA-controlled facilities. [5] A contractor employee's fitness determination is based on the employee's suitability for work for or on behalf of the government based on character and conduct. [6] In general, contract guards may only detain, not arrest, individuals at their facility. Some contract guards may have arrest authority under conditions set forth by the individual states. [7] GAO, Federal Facility Security: Additional Actions Needed to Help Agencies Comply with Risk Assessment Methodology Standards, [hyperlink, http://www.gao.gov/products/GAO-14-86 (Washington, D.C.: March 2014); GAO, Federal Protective Service: Challenges with Oversight of Contract Guard Program Still Exist, and Additional Management Controls Are Needed, [hyperlink, http://www.gao.gov/products/GAO-13-694 (Washington, D.C.: September 2013); GAO, Federal Protective Service: Actions Needed to Assess Risk and Better Manage Contract Guards at Federal Facilities, [hyperlink, http://www.gao.gov/products/GAO-12-739 (Washington, D.C.: August 2012), GAO, Homeland Security: Federal Protective Service's Contract Guard Program Requires More Oversight and Reassessment of Use of Contract Guards, [hyperlink, http://www.gao.gov/products/GAO-10-341 (Washington, D.C.: April 2010), and [hyperlink, http://www.gao.gov/products/GAO-09-859T. [8] The ISC is a DHS-chaired organization that issues standards for facility protection. [9] According to DHS, an active shooter is an individual killing or attempting to kill people in a confined and populated area. [10] [hyperlink, http://www.gao.gov/products/GAO-13-694. [11] The remaining 15 guard companies did not respond to this question. [12] This training is provided during a block of training on special situations, which includes information on how guards should respond to situations other than their normal duties, such as reports of missing or abducted children, bomb threats, and active-shooter scenarios. FPS officials stated that guards hired before 2010 should have received this information during guard-company-provided training on the guards' post orders (which outline the guards' duties and responsibilities) as part of basic and refresher training. [13] [hyperlink, http://www.gao.gov/products/GAO-13-694. [14] GAO, Homeland Security: Federal Protective Service Has Taken Some Initial Steps to Address Its Challenges, but Vulnerabilities Still Exist, [hyperlink, http://www.gao.gov/products/GAO-09-1047T (Washington, D.C.: September 23, 2009) and [hyperlink, http://www.gao.gov/products/GAO-10-341. [15] See [hyperlink, http://www.gao.gov/products/GAO-13-694. During our non-generalizable review of 276 randomly selected guard files, we found that 64 files (23 percent) were missing one or more required documents. [16] FPS has approximately 13,500 contract guards, but FPS may review a guard file more than once annually. [17] For more information on this review and our methodology, see [hyperlink, http://www.gao.gov/products/GAO-13-694. [18] A facility security committee consists of representatives from each of the tenant agencies in the federal building and is responsible for addressing security issues at their respective building and approving the implementation of security countermeasures recommended by FPS. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO's actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO's website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]