Implementation of Physical Security Policies

(Report No. 04-021, June 15, 2004)

Summary

The Office of Inspector General (OIG) performed a follow-up to two prior OIG evaluations to assess the Federal Deposit Insurance Corporation's (FDIC) physical security program and implementation of physical security at the FDIC's Washington, D.C., metropolitan area facilities and regional and field offices.

The objective of the follow-up audit was to determine whether the FDIC's Division of Administration (DOA) implemented OIG-recommended physical security policies. Specifically, we examined whether DOA has: (1) implemented the recommended security policies for FDIC-owned and leased space in the Washington, D.C., and Virginia Square, Arlington, Virginia, locations; (2) taken recommended actions related to physical security at selected regional and field locations; and (3) incorporated the minimum security standards recommended by the Department of Justice (DOJ) into the FDIC Facilities Design Guide for the construction of the new buildings at Virginia Square.

We concluded that the FDIC had implemented the OIG-recommended improvements to security policies for FDIC-owned and leased space in the Washington, D.C., and Virginia Square locations and in the regional and field offices. However, we also found that the DOA could further improve the vulnerability assessment process for its regional offices, which are located in major metropolitan areas.

Recommendation

We recommended that DOA contract with a security consulting firm to conduct security vulnerability assessments for all FDIC regional offices.

Management Response

On June 2, 2004, the Director, DOA, provided a written response to the draft report. DOA management concurred with and proposed actions that are responsive to the recommendation. The recommendation is resolved but will remain undispositioned and open for reporting purposes.

This report addresses issues associated with critical infrastructure protection. Accordingly, we have not made, nor do we intend to make, public release of the specific contents of the report.

Last updated 10/04/2004