Summary: In response to a congressional request, GAO reviewed the extent to which the Arms Control and Disarmament Agency (ACDA) complied with standards governing the protection of classified documents.
GAO found that ACDA did not comply with regulations designed to protect classified material from unauthorized disclosure, since it: (1) improperly marked and stored classified documents; (2) did not regularly conduct close-of-business security checks; (3) did not change safe combinations; (4) did not have updated records on its safes and could not locate 62 headquarters safes; (5) could not locate all of its top secret documents at its headquarters; (6) did not have a top secret control officer or a system for controlling top secret documents at its Geneva office; and (7) had not implemented the Information Security Oversight Office's (ISOO) recommendations regarding ACDA information security weaknesses. GAO also found that, in May 1988, ACDA began to take corrective action to address some of its security deficiencies.