One of the Department of Homeland Security's (DHS) priorities is the protection of Federal employees and private citizens who work within and visit U.S. Government-owned or leased facilities. The Interagency Security Committee (ISC), chaired by DHS, consists of 53 Federal departments and agencies, has as its mission the development of security standards and best practices for nonmilitary Federal facilities in the United States. As Chair of the ISC, I am pleased to introduce the new ISC document titled The Risk Management Process: An Interagency Security Committee Standard (Standard). This ISC Standard defines the criteria and processes that those responsible for the security of a facility should use to determine its facility security level and provides an integrated, single source of physical security countermeasures for all nonmilitary Federal facilities. The Standard also provides guidance for customization of the countermeasures for Federal facilities.

" The 2012 shooting at the Anderson Federal Building in Long Beach, California, demonstrates that federal facilities and their employees as well as the public who visit federal buildings continue to be the targets of violence. The Federal Protective Service and about 30 other federal agencies are responsible for protecting civilian federal facilities and their occupants from potential threats, in part, by assessing risks to their facilities. ISC-an interagency organization led by the Department of Homeland Security- issues standards for facility protection. GAO was asked to examine how federal agencies assess risk to their facilities. This report assesses (1) the extent to which selected ISC member agencies' facility risk assessment methodologies align with ISC's risk assessment standards, and (2) how ISC assists member agencies in developing risk assessment methodologies and monitors compliance with these standards. GAO selected 9 of 53 ISC member agencies based on their missions and number of facilities. GAO compared each selected agency's risk assessment methodology to ISC's risk assessment standards. ISC is required to enhance security in and protection of federal facilities government-wide; recommendations GAO makes are to ISC and not its member agencies. "

The 2012 shooting at the Anderson Federal Building in Long Beach, California, demonstrates that federal facilities and their employees as well as the public who visit federal buildings continue to be the targets of violence. The Federal Protective Service and about 30 other federal agencies are responsible for protecting civilian federal facilities and their occupants from potential threats, in part, by assessing risks to their facilities. ISC, an interagency organization led by the Department of Homeland Security, issues standards for facility protection. GAO was asked to examine how federal agencies assess risk to their facilities. This report assesses (1) the extent to which selected ISC member agencies' facility risk assessment methodologies align with ISC's risk assessment standards, and (2) how ISC assists member agencies in developing risk assessment methodologies and monitors compliance with these standards. GAO selected 9 of 53 ISC member agencies based on their missions and number of facilities. GAO compared each selected agency's risk assessment methodology to ISC's risk assessment standards. ISC is required to enhance security in and protection of federal facilities government-wide; recommendations GAO makes are to ISC and not its member agencies. GAO recommends that ISC take action to assess member agencies' compliance and provide additional risk- assessment methodology guidance. DHS concurred with GAO's recommendations.

The fed. government's reliance on leased space underscores the need to physically secure this space and help safeguard employees, visitors, and gov¿t. assets. In April 2010 the Interagency Security Comm., comprised of 47 fed. agencies and departments, issued Physical Security Criteria for Fed. Facilities (the 2010 standards) which supersede previous ISC standards. This report: (1) identifies challenges that exist in protecting leased space; and (2) examines how the 2010 standards address these challenges. To conduct this work, the auditor interviewed fed. officials, four fed. departments selected as case studies based on their large square footage of leased space, and the Fed. Protective Service. Illustrations. This is a print on demand report.

In November 1999, GSA and the U.S. Department of State convened a symposium to discuss the apparently conflicting objectives of security from terrorist attack and the design of public buildings in an open society. The symposium sponsors rejected the notion of rigid, prescriptive design approaches. The symposium concluded with a challenge to the design and security professions to craft aesthetically appealing architectural solutions that achieve balanced, performance-based approaches to both openness and security. In response to a request from the Office of the Chief Architect of the Public Buildings Service, the National Research Council (NRC) assembled a panel of independent experts, the Committee to Review the Security Design Criteria of the Interagency Security Committee. This committee was tasked to evaluate the ISC Security Design Criteria to determine whether particular provisions might be too prescriptive to allow a design professional "reasonable flexibility" in achieving desired security and physical protection objectives.

The federal government owns or leases 3.7 billion square feet of office space, which may be vulnerable to acts of terrorism and other forms of violence. The Interagency Security Committee (ISC) was created by E.O. 12977 in 1995, following the domestic terrorist bombing of the Alfred P. Murrah Federal Building in Oklahoma City, OK, to address the quality and effectiveness of physical security requirements for federal facilities. The September 2001 terrorist attacks on the Pentagon and the World Trade Center renewed concerned about the vulnerability of federal buildings to bombing or other forms of attack. On February 28, 2003, the chairman of the ISC was transferred to the Secretary of Homeland Security from the Administrator of General Services by E.O. 13286. In July 2004, based on Homeland Security Presidential Directive/HSPD-7, the ISC began reviewing federal agencies' physical security plans to better protect the nation's critical infrastructure and key resources. On December 13, 2006, the ISC issued its 2007-2008 Action Plan, which sets forth revised policy recommendations for enhancing the quality and effectiveness of security in federal facilities.

Attacks on federal facilities in the U.S. have highlighted the need to identify lessons learned from prior security incidents and apply that knowledge to security procedures government-wide. Dozens of federal law enforcement agencies provide physical security services for domestic non-military federal facilities. The Interagency Security Committee (ISC) is responsible for developing government-wide physical security standards and co-ordinating agencies to improve the protection of federal facilities. This book examines the practices used to identify and apply lessons learned and how agencies have used these practices; the actions the ISC has taken to identify and apply lessons learned from attacks on federal facilities; and the challenges to developing a government-wide lessons learned process and the strategies agencies have used to mitigate those challenges. The Government Accountability Office (GAO) has reviewed documents and interviewed officials from 35 security and law enforcement agencies with experience protecting selected tourist sites in cities in Greece, Israel, Italy and the United States.