An audit from the Division of Justice’s Workplace of the Inspector Normal (OIG) recognized “significant weaknesses” in FBI’s stock administration and disposal of digital storage media containing delicate and labeled info.
The report highlights a number of points with insurance policies and procedures or controls for monitoring storage media extracted from units, and important bodily safety gaps within the media destruction course of.
The FBI has acknowledged these points and is within the strategy of implementing corrective actions based mostly on the suggestions from OIG.
OIG’s findings
OIG’s audit highlights a number of weaknesses in FBI’s stock administration and disposal procedures for digital storage media containing delicate however unclassified (SBU) in addition to labeled nationwide safety info (NSI).
The three key findings are summarized as follows:
- The FBI doesn’t adequately monitor or account for digital storage media, corresponding to inside onerous drives and thumb drives, as soon as they’re extracted from bigger units, which will increase the danger of those media being misplaced or stolen.
- The FBI fails to persistently label digital storage media with the suitable classification ranges (e.g., Secret, Prime Secret), which may result in mishandling or unauthorized entry to delicate info.
- The OIG additionally noticed inadequate bodily safety on the FBI facility the place media destruction happens. This contains insufficient inside entry controls, unsecured storage of media awaiting destruction, and non-functioning surveillance cameras, all of which heighten the danger of labeled info being compromised.
Supply: OIG
Suggestions and FBI’s response
The OIG has made three particular suggestions to the FBI to deal with the recognized issues.
- Revise procedures to make sure all digital storage media containing delicate or labeled info, together with onerous drives which can be extracted from computer systems slated for destruction, are appropriately accounted for, tracked, well timed sanitized, and destroyed.
- Implement controls to make sure its digital storage media are marked with the suitable NSI classification degree markings, in accordance with relevant insurance policies and tips.
- Strengthen the management and practices for the bodily safety of its digital storage media on the facility to stop loss or theft.
FBI acknowledged the audit’s findings and acknowledged it’s within the strategy of creating a brand new directive titled “Physical Control and Destruction of Classified and Sensitive Electronic Devices and Material Policy Directive.”
This new coverage is predicted to deal with the issues recognized within the storage media monitoring and classification markings.
Supply: OIG
Moreover, the FBI mentioned it’s within the strategy of  putting in protecting “cages” to make use of as storage factors for the media, which will probably be coated by video surveillance.
OIG expects the FBI to replace it on the standing of implementing the corrective actions inside 90 days.
