GSA Is Not Consistently Addressing Deficient Security Fixtures at GSA-Controlled Facilities

Why We Performed This Audit

We performed this audit because of long-standing concerns over security vulnerabilities at GSA-controlled facilities, which include government-owned and leased office buildings, courthouses, land ports of entry, and warehouses. GSA has a responsibility to protect these facilities, working with the U.S. Department of Homeland Security’s Federal Protective Service (FPS).

Our audit objectives were to determine if GSA: (1) took actions to resolve or mitigate security fixture vulnerabilities identified in facility security assessments and (2) installed physical access control systems (PACS) that grant access to employees and contractors by electronically authenticating personal identity verification credentials at all active entry points in GSA-controlled facilities. 

What We Found

The Interagency Security Committee’s Risk Management Process for Federal Facilities: An Interagency Security Committee Standard (RMP) establishes a single, formalized process for specifying the standards and guidelines to follow when determining federal facility security requirements. The RMP countermeasures outline the actions facilities must take to reduce the risk of a wide range of security threats unless a deviation is justified. Additionally, the RMP requires federal tenants to fund any approved countermeasures. In accordance with a 2023 memorandum of agreement between GSA and FPS, GSA is responsible for the installation, maintenance, and repair of security fixtures, such as [Redacted]*.

However, GSA is not consistently addressing deficient security fixtures at GSA-controlled facilities, leaving the facilities and occupants at risk from security threats. We found [Redacted]. We also found that at some facilities, [Redacted] and that, in some cases, [Redacted] . These deficiencies occurred because: (1) GSA staff were not consistently fulfilling their facility security responsibilities, (2) [Redacted] , and (3) funding constraints prevented the installation and upkeep of security fixtures.

What We Recommend

We recommend the GSA Administrator: 

1. Enforce internal procedures to ensure that the Office of Mission Assurance and Office of Facilities Management perform their required facility security responsibilities.
2. In conjunction with FPS:
   1. Conduct a nationwide assessment of outstanding deficient security fixtures.
   2. Develop and implement a plan to repair, replace, or install security fixtures identified through the nationwide assessment.
   3. [Redacted]
   4. If GSA cannot secure funding to repair, replace, or install security fixtures, work with the Office of Management and Budget to establish a consistent funding stream to address current and future security fixture deficiencies.

GSA agreed with our report recommendations. GSA’s response can be found in its entirety in Appendix D.

*Redactions in this report represent sensitive information related to federal building security.