Senser, Assistant Director, Security Division,
April 3, 2002
the FBI Security Program"
Strong Management, Policy, Training, and Infrastructure
the role of security within the FBI.
security expertise to the FBI from other Intelligence
a Security Division, which for the first time
in FBI history, will serve as a point of integration
for all Bureau security matters.
the programmatic responsibility for facility
protection and police services to Security
Division, as well as the operational responsibility
for protecting FBI headquarters and the Washington
the Polygraph Unit to the Security Division.
the development of a joint "business
plan" with the Laboratory Division to
ensure technical security resources are properly
directed against Security Division requirements.
a Director of Security, at the Assistant Director
level, who serves as the senior security executive.
This AD has the full support of and access to
Director Mueller who has communicated his support
for the Security Program to all FBI employees.
needed infrastructure support to the Security
internal resources to the Security Division
as part of the on-going FBI restructuring plan.
additional "detail" assignments to
the Security Division from the Central Intelligence
Agency (CIA) and the National Security Agency
resources received in the fiscal year 2002 budget
process to security requirements.
a fiscal year 2003 budget request that includes
significant resources for the Security Division.
a comprehensive review of national, Director of
Central Intelligence, Department of Justice, and
FBI policy directives to establish a traceability
matrix that will be used to establish the effectiveness
of existing security policy.
the development of a comprehensive security education,
awareness, and training program. The initial objective
of this program will be to address information
systems security issues followed by an expansion
to all other elements of the Security Program.
a professional Security Officer cadre through
the establishment of a comprehensive career program
that identifies and hires candidates with appropriate
skills, successfully retains them via a competitive
pay and reward structure, builds expertise through
appropriate training and assignment opportunities,
and prepares them to assume program and management
roles of increasing responsibility. Elements of
this initiative will include:
of a Security Career Service Board that focuses
executive attention on all elements of the
professional Security Officer career track.
of proficiency for security professionals
and key non-security personnel, such as system
administrators, in critical job-related skills.
the field Security Officer program to:
less on agents and more on the professional
Security Officer cadre we intend to build
the field offices so that all security responsibilities
fall under the control of the Security Officer.
more resources to the field to support the
the operation of the FBI Security Council to ensure
it is appropriately staffed by senior executives
and addresses security policy issues of significance
to the Bureau.
an Effective Information Assurance Program
a policy requiring regular access reviews of the
FBI's most sensitive cases.
the development of a formal Information Assurance
an aggressive certification and accreditation
effort to discover and address vulnerabilities
within existing and proposed FBI IT systems.
with the Trilogy Program and the Virtual Case
File team to deliver, upon deployment, enhanced
security measures and to provide the framework
for improved information systems security measures
in the future.
the modernization of cryptographic key management
to improve the security of FBI information and
to facilitate the immediate deployment of Trilogy
Assigning an experienced IA professional from
the Intelligence Community to run the FBI's IA
Program and adding strategic "consulting"
resources from the IC, as appropriate.
a comprehensive IT security architecture for FBI
systems. As part of this architecture, identifying
the baseline for IA tools or techniques, such
as PKI, virtual private networks and LANs, single
sign-on, intrusion detection, network scanning,
auditing, and other methods to identify anomalous
activity and system vulnerabilities.
an Enterprise Security Operations Center to centrally
manage the security of FBI IT systems and networks.
and improving the certification and accreditation
process so that it mirrors best practices and
is tied to the IT system development life cycle.
a number of experienced Information Systems Security
Managers as customer focal points for expeditious
handling of IT security questions and issues.
the close collaboration between IA and Trilogy
Program personnel to implement improved IT system
security as part of the on-going Trilogy effort.
the Vetting Used to Establish Trustworthiness
the use of the polygraph for personnel security
Polygraph Unit from the Laboratory to the Security
the analytical capability afforded to those persons
with access to the most sensitive FBI information.
a written case summary format for reviewing security
the requirements for an integrated security information
management system and data integration efforts,
as well as, executing a limited number of "pilot"
efforts using funds received in the fiscal year
with the Records Management Division to improve
control of FBI security files and ensure they
contain the necessary information. Eventually,
as part of the effort to develop an integrated
security management system, transitioning to an
electronic security file.
security data collection processes in a web-enabled
new sources of information that add value to the
vetting process and assist in the determination
a Financial Disclosure Program and developing
the capability to conduct security-related financial
the use of a specific-issue polygraph examination
to address the issue of deliberate unauthorized
disclosure of FBI information.
Against the Compromise of Information
access procedures for FBI facilities eliminating
special exemptions afforded executives with "Gold
the position of Special Security Officer for the
FBI and selected an Intelligence Community officer
to serve in this role as a detailee.
a review of handling procedures for sensitive
Conducted a comprehensive review of sensitive
accesses resulting in a net decrease of FBI employees
with such access.
a "Back-to-Basics" day for all employees
where security was one of the key areas of focus.
a Security Incident Reporting Program that includes
management of all potential information compromises
through a central, Security Division component.
This component will ensure the security incidents
are properly investigated; assessments are conducted
of potential damage to the national security or
FBI operations; remedial action is taken, as necessary,
to ensure the compromise does not happen again;
and personal accountability is assigned, if appropriate.
a capability to resolve security anomalies, no
matter their source, and to integrate information
resulting from the investigation of these anomalies
into the FBI CI Division.
an enhanced capability to securely process sensitive
an appropriate accountability and tracking system
for sensitive hard copy documents.
technology to better account for and track sensitive
information and the media, paper or magnetic,
on which it is stored.
and conducting training on the proper classification
of, accounting for, and control of classified