How The NSA Spends Your Tax Dollars

Some snips from the:

Policy and Oversight Report 
Intelligence Review Directorate

Final Report on the Verification Inspection of the National
Security Agency Report Number IR 96-03 February 13, 1996

National Security Agency

COMPUTER SYSTEMS
The NSA does not comply with DoD security requirements for
accreditation of systems and networks and periodic training of
personnel, thus permitting security vulnerabilities and
potential compromise of national security data...  Through
interviews we learned that the key components are reluctant to
use their personnel assets to do the AIS accreditations. The key
components believe AIS accreditation is a primary responsibility
of the Office of Operational Computer Security.

EQUIPMENT ACCOUNTABILITY
The NSA failure to meet DoD equipment management and
accountability standards has resulted in equipment losses worth
millions of dollars and wasted warehousing space...  The NSA
Property Accountability Office has made significant improvement
in its processes for controlling NSA assets since our 1991
inspection. However, additional corrective action is required to
ensure accountability of the NSA assets. The IG, NSA Audit
Report, "Advisory Report Personal Property Accountability
Audit," July 21, 1994, confirmed this issue. This report stated
that the key components property accountability efforts have not
been effective as evidenced by continuing requests for large
write-offs for unreconciled assets ($82 million from Fiscal
Years 1991 and 1992).

The physical protection of NSA assets is hampered by a
procedural shortfall.  Applicable NSA logistics directives
describe how packaging and storing requirements will be
prescribed by the key component wishing to store items. However,
at the time of our inspection, we found that the key components
were not providing proper directions for the storage of NSA
assets.

During our inspection, we did not physically inspect the
warehouses used to store equipment because two warehouses with
the worst conditions were no longer in use. We are highlighting
this concern to ensure that the NSA continues to protect
Government assets from deterioration or damage.

Disposition of TEMPEST Equipment
Last, we found that the National Security Telecommunications
and Information Systems Security Advisory Memorandum (NSTISSAM),
TEMPEST/3-91, "Maintenance and Disposition of TEMPEST
Equipment," December 20, 1991, provides guidance to personnel
responsible for the maintenance and disposition of TEMPEST
equipment. Basically, this memorandum corrected the shortcoming
identified in our 1991 inspection. The NSA no longer destroys
TEMPEST hardware. However, another procedural shortcoming was
identified during our inspection. The NSTISSAM TEMPEST/3-91
states, "Disposition/resale should be consistent with
established export control/technology transfer policy." The NSA
could not provide evidence that it alerts the recipients of
excess TEMPEST hardware of current technology transfer
policy.

REVOKING SECURITY CLEARANCES
The NSA is lax in disciplining and revoking security clearances
for its employees and contractor affiliates.


All content COPYRIGHT SOFTWAR (C) 2000. Any reproduction or use of content herein must be approved by SOFTWAR.