An audit from the Division of Justice’s Workplace of the Inspector Common (OIG) recognized “vital weaknesses” in FBI’s stock administration and disposal of digital storage media containing delicate and categorised data.
The report highlights a number of points with insurance policies and procedures or controls for monitoring storage media extracted from units, and vital bodily safety gaps within the media destruction course of.
The FBI has acknowledged these points and is within the means of implementing corrective actions primarily based on the suggestions from OIG.
OIG’s findings
OIG’s audit highlights a number of weaknesses in FBI’s stock administration and disposal procedures for digital storage media containing delicate however unclassified (SBU) in addition to categorised nationwide safety data (NSI).
The three key findings are summarized as follows:
- The FBI doesn’t adequately monitor or account for digital storage media, equivalent to inner exhausting drives and thumb drives, as soon as they’re extracted from bigger units, which will increase the chance of those media being misplaced or stolen.
- The FBI fails to constantly label digital storage media with the suitable classification ranges (e.g., Secret, Prime Secret), which may result in mishandling or unauthorized entry to delicate data.
- The OIG additionally noticed inadequate bodily safety on the FBI facility the place media destruction happens. This consists of insufficient inner entry controls, unsecured storage of media awaiting destruction, and non-functioning surveillance cameras, all of which heighten the chance of categorised data being compromised.
Supply: OIG
Suggestions and FBI’s response
The OIG has made three particular suggestions to the FBI to handle the recognized issues.
- Revise procedures to make sure all digital storage media containing delicate or categorised data, together with exhausting drives which might be extracted from computer systems slated for destruction, are appropriately accounted for, tracked, well timed sanitized, and destroyed.
- Implement controls to make sure its digital storage media are marked with the suitable NSI classification degree markings, in accordance with relevant insurance policies and pointers.
- Strengthen the management and practices for the bodily safety of its digital storage media on the facility to stop loss or theft.
FBI acknowledged the audit’s findings and said it’s within the means of creating a brand new directive titled “Bodily Management and Destruction of Categorised and Delicate Digital Units and Materials Coverage Directive.”
This new coverage is predicted to handle the issues recognized within the storage media monitoring and classification markings.
Supply: OIG
Moreover, the FBI stated it’s within the means of putting in protecting “cages” to make use of as storage factors for the media, which will likely be coated by video surveillance.
OIG expects the FBI to replace it on the standing of implementing the corrective actions inside 90 days.
