Improvements Increase DOT’s Compliance With the Reducing Over-Classification Act
Information security is a top priority for the Department of Transportation (DOT) and other Federal agencies and requires accurate and accountable application of classification standards. In accordance with the Reducing Over-Classification Act, the Department of Transportation Office of Inspector General (DOT OIG) conducted a follow-up audit to (1) assess whether DOT has implemented policies and procedures to classify information effectively that comply with Federal policy and regulations and (2) identify any practices that may lead to persistent misclassification of information.
DOT OIG found that DOT has improved its compliance with Federal requirements for classification since our prior review through more comprehensive programs for employee training and agency self-inspections. However, some weaknesses persist at both the Office of the Secretary (OST) and the Federal Aviation Administration (FAA). For example, FAA’s policy on safeguarding classified national security information is outdated, and both DOT and OST had document-marking errors. We found few instances of overclassification—we estimate about 7.5 percent at OST and about 3.5 percent at FAA. We also noted a practice that, while conforming to Information Security Oversight Office guidance, could result in overclassification of information in derivative documents.
We made seven recommendations improve information classification practices at OST and FAA. DOT concurred with all seven recommendations. We are requesting additional information for two recommendations.