Processing Classified Information on Portable Computers in the Department of Justice

Audit Report 05-32
July 2005
Office of the Inspector General

EXECUTIVE SUMMARY INTRODUCTION Government-wide Policy on the Certification and Accreditation of IT Systems DOJ Policy FINDINGS AND RECOMMENDATIONS STANDARD 1.6 HAS INAPPROPRIATE REFERENCES AND IS INCOMPLETE Inappropriate References in Standard 1.6 Separate Authority Governing Classified National Security Information and Sensitive Compartmented Information Incomplete Guidance and Instructions Conclusion Recommendations INCREASING EFFICIENCY WHEN PROCESSING CLASSIFIED INFORMATION ON PORTABLE COMPUTERS Removable Hard Drives and Operating System Type Accreditations Safeguards for Lost or Stolen Computers Labeling Requirements for Classified Information Media Recommendations STATEMENT ON INTERNAL CONTROLS APPENDICES Objectives, Scope, and Methodology Voting Members of the Committee on National Security Systems Classified Laptop and Standalone Computers Security Policy, Standard 1.6 Chief Information Officer’s Response to the Audit Recommendations Office of the Inspector General, Audit Division, Analysis and Summary of Actions Necessary to Close Report