The Environmental Protection Agency is updating its National Security Information (NSI) infrastructure in response to an inspector general report found the system lacking.
The IG said EPA should pay more attention to employee security-clearance control and should revise policy documents to line up with federal NSI regulations.
Auditors also recommended EPA improve its personnel procedures by:
Placing nondisclosure agreement forms in employees’ official personnel folders
Ensuring individuals with security clearances complete required training
Promptly withdrawing security clearances for departing employees
The report specifically cited the need to integrate recent guidelines such as the Dec. 2009 Executive Order 13526 into the National Security Information Handbook. As of early 2011, the report indicated EPA had seven classified documents but had failed to issue any classification guides.
EPA’s Office of Administration and Resources Management concurred with most of the findings in the IG’s Feb. 3 draft report. The only point of disagreement between the two regarded whether the Office of Personnel Management required EPA to include nondisclosure agreement forms in personnel folders. The report said yes, but EPA maintained the inclusion is optional. Regardless of the details, the final report stated EPA now is making a habit of including the files.
The IG’s office considered its recommendations resolved at the time of publishing its final report June 18.
Agencies faced challenges implementing effective classification policies in response to the President’s order. An Information Security Oversight Office report from April 2011 found that less than half of the agencies succeeded in creating uniform systems.