Audit Reports

-A A +A
skip-to-content

DOT Does Not Fully Comply With Requirements of the Reducing Over-Classification Act

Required by the Reducing Over-Classification Act
Project ID: 
FI2013136

On September 19, 2013, we issued our report entitled DOT Not Fully Complying with Requirements of the Reducing Over-Classification Act.  Our objectives were to (1) determine whether DOT has implemented effective policies and procedures for classification of information that comply with Federal policy and regulations, and (2) identify any practices that may lead to continuous misclassification of information. We found that not all DOT classification related policies and procedures are effective or comply with Federal requirements, including the National Archives and Records Administration’s Information Security Oversight Office’s (ISOO) regulation. Specifically, the Office of the Secretary of Transportation (OST) did not conduct comprehensive self-inspections of spaces dedicated to storage of classified documents; the Department’s classified documents were not all correctly marked;  OST’s reports to ISOO are not accurate; and FAA’s Order on Safeguarding Classified National Security Information needs to be updated to comply with ISOO requirements. We could not conclude whether there are practices that led to continuous misclassification because the necessary security clearances are pending. We worked with the Department to request the necessary clearance and access. The Department has processed our request and forwarded it to the responsible agency. We are awaiting the response from this agency. Within two months of receiving this response, if favorable, we will complete our review of supporting documentation to determine if there are practices that contribute to continuous misclassification.  We made four recommendations to DOT and one recommendation to FAA. DOT and FAA officials concurred with all recommendations.

Recommendations

Open

Closed

Closed on 10.14.2014
No. 1 to OST

Take steps to develop a more comprehensive self-inspection program that will include greater coverage of derivative documents and inspections of spaces dedicated to storage of classified documents (e.g. the Crisis Management Center).

Closed on 10.14.2014
No. 2 to OST

Seek additional resources to complete comprehensive self-inspections, and to prepare accurate reports to the National Archives and Records Administration's Information Security Oversight Office.

Closed on 10.14.2014
No. 3 to OST

Take steps to implement policies and procedures that identify what documents need to be marked and how, and validate that these policies and procedures are consistently applied throughout the Department.

Closed on 10.01.2013
No. 4 to OST

Establish a procedure and communicate to the OAs clear definitions and requirements for ensuring that annual reporting to the National Archives and Records Administration's Information Security Oversight Office (ISOO) is accurate and complete.

Closed on 12.13.2016
No. 5 to FAA

Update FAA's policy to conform to the requirements of EO 13526.