Follow-up Audit of the Department of Justice’s Implementation of and Compliance with Certain Classification Requirements, September 2016

Follow-up Audit of the Department of Justice’s Implementation of and Compliance with Certain Classification Requirements, September 2016

Background

Excerpt from report:

In fiscal year (FY) 2010, Congress passed Public Law 111–258 (2010), the Reducing Over-Classification Act, which required the Inspectors General for all federal agencies and departments with officers and employees possessing original classification authority to conduct two evaluations – one in FY 2013 and another in FY 2016. In September 2013, the Department of Justice (DOJ or Department) Office of the Inspector General (OIG) issued its audit report on DOJ’s Implementation of and Compliance with Certain Classification Requirements.

For that first evaluation, Congress directed the Inspectors General to: (1) assess whether applicable classification policies, procedures, rules, and regulations have been adopted, followed, and are effectively administered within departments, agencies, or components; and (2) identify policies, procedures, rules, regulations, or practices that may contribute to persistent misclassification of material within such departments, agencies, or components. The OIG found that DOJ, through the Justice Management Division’s (JMD) Security and Emergency Planning Staff (SEPS), had established classification policies and procedures, but had not effectively administered them to ensure that information was classified and disseminated appropriately.

Although we did not find indications of widespread misclassification, we identified deficiencies relating to the implementation of DOJ’s classification program, including a persistent misunderstanding and lack of knowledge of certain classification processes by DOJ officials. We also identified weaknesses in DOJ’s implementation of classification standards, the limited distribution of automated tools designed to improve DOJ’s classification and marking processes, and weaknesses in the application of information security education and training programs.

In our FY 2013 report, we made 14 recommendations to help improve DOJ’s classification management program and its implementation of classification procedures. Pursuant to the requirements of the Reducing Over-Classification Act, in this report we evaluate DOJ’s progress made pursuant to the results of our FY 2013 report. We found that since our last audit SEPS has improved its administration of classification policies and procedures and enhanced the DOJ’s classification management program.

These improvements were evident in our review of DOJ’s classification authority delegations, classification decision designations, updated classification guidance, and classification reports. We believe that DOJ achieved these improvements because SEPS provided updated classification guidance, instruction, and training to DOJ components, which resulted in components having a clearer understanding of classification policies and procedures. As a result of SEPS’s progress in these areas, we have closed 11 of the 14 recommendations identified in our FY 2013 audit.

The appropriate use of original classification authority (OCA) reduces the risks of misclassifying and overclassifying information. In our FY 2013 report, we found that several DOJ components improperly classified information as “original” classification decisions, when the classification of this type of information previously had been decided. The improper use of original classification authority increases the risk that individuals could classify the same piece of information differently, resulting in the misclassification of information. In our current audit, we found significant improvements in this area, as evidenced by DOJ reducing the number of officials with Original Classification Authority from 64 in FY 2013 to 46 in FY 2016 and eliminating original classification decisions, as shown in the number of reported original classification decisions decreasing from 4,455 in FY 2013 to 0 in FY 2015. In our FY 2013 audit, we found that the high number of original classification decisions was primarily due to a misunderstanding of the differences between original and derivative classification decisions within several Department components. We believe that the dramatic reductions are indicative of DOJ personnel now having a better understanding of the classification types, as well as an improved knowledge of how to classify information using security classification guides. In addition, in 2015 SEPS incorporated comprehensive classification marking instructions in the DOJ Marking Classified National Security Information, implemented a software application to improve classified marking procedures for electronic files processed on classified information systems, and mandated usage of these tools for all DOJ classifiers. Security Programs Managers throughout the Department told us that these changes have resulted in classifiers more appropriately marking classified work products, in particular electronic documents.

The IG Investigation

 Follow-up Audit of the Department of Justice’s Implementation of and Compliance with Certain Classification Requirements, September 2016 [45 Pages, 0.8MB]

Comments

comments

, , , , ,