Audit Reports

-A A +A
skip-to-content

Improvements Increase DOT’s Compliance With the Reducing Over-Classification Act

Required by the Reducing Over-Classification Act
Project ID: 
FI2017006

Information security is a top priority for the Department of Transportation (DOT) and other Federal agencies and requires accurate and accountable application of classification standards. In accordance with the Reducing Over-Classification Act, the Department of Transportation Office of Inspector General (DOT OIG) conducted a follow-up audit to (1) assess whether DOT has implemented policies and procedures to classify information effectively that comply with Federal policy and regulations and (2) identify any practices that may lead to persistent misclassification of information.

DOT OIG found that DOT has improved its compliance with Federal requirements for classification since our prior review through more comprehensive programs for employee training and agency self-inspections. However, some weaknesses persist at both the Office of the Secretary (OST) and the Federal Aviation Administration (FAA). For example, FAA’s policy on safeguarding classified national security information is outdated, and both DOT and OST had document-marking errors. We found few instances of overclassification—we estimate about 7.5 percent at OST and about 3.5 percent at FAA. We also noted a practice that, while conforming to Information Security Oversight Office guidance, could result in overclassification of information in derivative documents.

We made seven recommendations improve information classification practices at OST and FAA. DOT concurred with all seven recommendations. We are requesting additional information for two recommendations.

Recommendations

Open

Closed

Closed on 08.30.2019
No. 1 to OST

Implement protocols or practices to identify DOT employees outside FAA who are missing nondisclosure forms and have each of these employees complete the agreement.

Closed on 04.19.2017
No. 2 to OST

Implement protocols or practices to reinforce guidance on the marking of classified documents and to periodically assess compliance.

No. 3 to OST

Dedicate additional resources to oversee FAA's self-inspection program.

No. 4 to FAA

Implement protocols or practices to identify FAA employees who are missing nondisclosure forms and have each of these employees complete the agreement.

No. 5 to FAA

Implement protocols or practices to reinforce guidance on the marking of classified documents and to periodically assess compliance.

No. 6 to FAA

Identify all employees whose duties significantly involve the creation, handling, or management of classified information, and update any performance plan that is missing a critical element on management of classified information.

Closed on 05.15.2019
No. 7 to FAA

Implement protocols or practices to enhance the quality of self-inspection reports and to periodically assess compliance.