APPENDIX II
INFORMATION ON DOJ REPORT-RECOMMENDED CRITERIA FOR
FEDERAL BUILDING SECURITY
GSA USED CRITERIA IN DOJ REPORT FOR
ITS BUILDING SECURITY UPGRADE PROGRAM
In July 1995, the Federal Protective Service (FPS) began its process for identifying and prioritizing building security upgrade needs and cost estimates using the criteria, guidance, and timetable recommended by the DOJ report, which was issued on June 28, 1995. The DOJ report established 52 minimum security standards in 4 separate categories, which were to be considered for buildings under GSA's operation based on their assessed risk level. GSA assigned initial risk level designations to its buildings based on information it had on file. Building security committee (BSC) and FPS staff were to subsequently assign the buildings a risk level, using the DOJ report's more definitive criteria, and evaluate them to determine needed security upgrades and the estimated costs for the upgrades.
Building Risk Levels
Using DOJ report criteria, BSC and FPS staff were to place buildings under GSA's operation into risk levels. The DOJ criteria included tenant population, volume of public contact, size, and agency sensitivity, with level V the highest risk level and level I the lowest, as follows:
Level V: A building that contains mission functions critical to national security, such as the Pentagon or CIA Headquarters. A Level-V building should be similar to a Level-IV building in terms of number of employees and square footage. It should have at least the security features of a Level-IV building. The missions of Level-V buildings require that tenant agencies secure the site according to their own requirements.
Level IV: A building that has 451 or more federal employees; high volume of public contact; more than 150,000 square feet of space; and tenant agencies that may include high-risk law enforcement and intelligence agencies, courts, and judicial offices, and highly sensitive government records.
Level III: A building with 151 to 450 federal employees; moderate/high volume of public contact; 80,000 to 150,000 square feet of space; and tenant agencies that may include law enforcement agencies, court/related agencies and functions, and government records and archives. (According to GSA, at the request of the Judiciary, GSA changed the designation of a number of buildings housing agencies with court and court-related functions from Level III to Level IV.)
Level II: A building that has 11 to 150 federal employees; moderate volume of public contact; 2,500 to 80,000 square feet of space; and federal activities that are routine in nature, similar to commercial activities.
Level I: A building that has 10 or fewer federal employees; low volume of public contact or contact with only a small segment of the population; and 2,500 or less square feet of space, such as a small "store front" type of operation.
Facility Evaluations
BSCs were also to prepare facility evaluations based on the DOJ minimum standards. The facility evaluations, containing requested security upgrades, justifications, and estimated costs for each upgrade were to be submitted to the applicable FPS regional offices for review and approval. Security upgrades costing more than $100,000 to acquire or having an annual operating cost greater than $150,000 required final approval at FPS headquarters.
FPS regional staff focused their evaluation efforts on level-IV buildings first, followed by levels III through I, consistent with the timetable recommended by the DOJ report and endorsed by the President. Funding of upgrades generally followed this same progression, with FPS focusing first on level-IV buildings and then levels III through I. Each FPS region established its own building security upgrade implementation schedule based on coordination with other involved PBS components and the individual requirements of the various types of security upgrades. For example, some upgrades required design and engineering work before actual installation could proceed, and some required coordination and approvals from local governments and historical building societies before work could proceed.
In early 1996, FPS completed a computerized database system to track, by regional office and by building, all BSC-requested security upgrades. This tracking system was to include the date each upgrade was approved or disapproved; the estimated cost of acquiring, installing, and operating the upgrade; and its scheduled and actual completion status. Each FPS region was to have a database of its buildings and was responsible for maintaining its database. FPS headquarters staff periodically uploaded and entered data into each region's database to show headquarters' approval actions on requested upgrades, where required. FPS headquarters staff also consolidated the regional databases for its own use in tracking the nationwide security upgrade program.
Application of DOJ Standards to Security Risk Levels
The DOJ report established 52 minimum security standards in the categories of perimeter security, entry security, interior security, and security planning to be considered for a building based on its assessed risk level. Tables II.1 through II.4 show how the DOJ report's minimum security standards are to be applied to each building on the basis of its assessed risk level. For example, control of facility parking is recommended as a minimum standard for buildings in security level III through V and recommended as desirable for buildings in security levels I and II.
Table II.1: Recommended Minimum Security Standards--Perimeter Security
Level of security |
|||||
Perimeter Security |
I |
II |
III |
IV |
V |
Parking |
|||||
|
G |
G |
M |
M |
M |
|
G |
G |
G |
F |
F |
|
G |
G |
G |
G |
G |
|
G |
G |
G |
G |
G |
|
F |
F |
M |
M |
M |
|
G |
G |
M |
M |
M |
|
G |
G |
M |
M |
M |
Closed circuit television (CCTV) monitoring |
|||||
|
G |
F |
F |
M |
M |
|
G |
F |
F |
M |
M |
Lighting |
|||||
|
M |
M |
M |
M |
M |
Physical barriers |
|||||
|
N/A |
N/A |
G |
F |
F |
|
N/A |
N/A |
G |
F |
F |
Legend:
Minimum standard = M Standard based on facility evaluation = F
Desirable = G Not applicable = N/A
Source: Vulnerability Assessment of Federal Facilities, Department of Justice, June 28, 1995.
Table II.2: Recommended Minimum Security Standards--Entry Security
Level of security |
|||||
Entry Security |
I |
II |
III |
IV |
V |
Receiving/Shipping |
|||||
|
M |
M |
M |
M |
M |
|
G |
F |
M |
M |
M |
Access control |
|||||
|
G |
F |
M |
M |
M |
|
G |
G |
F |
F |
F |
|
G |
F |
M |
M |
M |
|
M |
M |
M |
M |
M |
Entrances/Exits |
|||||
|
N/A |
G |
F |
F |
M |
|
N/A |
G |
F |
M |
M |
|
F |
F |
N/A |
N/A |
N/A |
|
F |
F |
N/A |
N/A |
N/A |
|
G |
F |
N/A |
N/A |
N/A |
|
M |
M |
M |
M |
M |
Legend:
Minimum standard = M Standard based on facility evaluation = F
Desirable = G Not applicable = N/A
Source: Vulnerability Assessment of Federal Facilities, Department of Justice, June 28, 1995.
Table II.3: Recommended Minimum Security Standards--Interior Security
Level of security |
|||||
Interior Security |
I |
II |
III |
IV |
V |
Employee/Visitor identification |
|||||
|
N/A |
G |
F |
M |
M |
|
G |
M |
M |
M |
M |
|
N/A |
G |
F |
M |
M |
|
F |
F |
F |
M |
M |
Utilities |
|||||
|
F |
F |
M |
M |
M |
|
M |
M |
M |
M |
M |
Occupant emergency plans |
|||||
|
M |
M |
M |
M |
M |
|
M |
M |
M |
M |
M |
|
M |
M |
M |
M |
M |
|
M |
M |
M |
M |
M |
Daycare centers |
|||||
|
N/A |
M |
M |
M |
M |
|
N/A |
M |
M |
M |
M |
Legend:
Minimum standard = M Standard based on facility evaluation = F
Desirable = G Not applicable = N/A
Source: Vulnerability Assessment of Federal Facilities, Department of Justice, June 28, 1995.
Table II.4: Recommended Minimum Security Standards--Security Planning
Level of security |
|||||
Security Planning |
I |
II |
III |
IV |
V |
Intelligence Sharing |
|||||
|
M |
M |
M |
M |
M |
|
M |
M |
M |
M |
M |
|
M |
M |
M |
M |
M |
Training |
|||||
|
M |
M |
M |
M |
M |
|
M |
M |
M |
M |
M |
|
M |
M |
M |
M |
M |
Tenant assignment |
|||||
|
G |
G |
G |
G |
G |
|
G |
G |
G |
G |
G |
Administrative procedures |
|||||
|
F |
F |
G |
G |
G |
|
F |
F |
F |
F |
F |
|
M |
M |
M |
M |
M |
Construction/Renovation |
|||||
|
G |
G |
F |
M |
M |
|
M |
M |
M |
M |
M |
|
M |
M |
M |
M |
M |
|
F |
F |
M |
M |
M |
|
G |
G |
F |
M |
M |
Legend:
Minimum standard = M Standard based on facility evaluation = F
Desirable = G Not applicable = N/A
Source: Vulnerability Assessment of Federal Facilities, Department of Justice, June 28, 1995.