<mods xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.loc.gov/mods/v3" version="3.3" xsi:schemaLocation="http://www.loc.gov/mods/v3 http://www.loc.gov/standards/mods/v3/mods-3-3.xsd" ID="P0b002ee18038ae88">
<name type="corporate">
 <namePart>United States Government Publishing Office</namePart>
 <role>
  <roleTerm authority="marcrelator" type="text">publisher</roleTerm>
  <roleTerm authority="marcrelator" type="code">pbl</roleTerm>
</role>
 <role>
  <roleTerm authority="marcrelator" type="text">distributor</roleTerm>
  <roleTerm authority="marcrelator" type="code">dst</roleTerm>
</role>
</name>
<name type="corporate">
 <namePart>United States</namePart>
 <namePart>Government Accountability Office</namePart>
 <role>
  <roleTerm authority="marcrelator" type="text">author</roleTerm>
  <roleTerm authority="marcrelator" type="code">aut</roleTerm>
</role>
 <description>Government Organization</description>
</name>
<typeOfResource>text</typeOfResource>
<genre authority="marcgt">government publication</genre>
<language>
 <languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</language>
<extension>
 <collectionCode>GAOREPORTS</collectionCode>
 <category>Legislative Agency Publications</category>
 <waisDatabaseName>gao</waisDatabaseName>
 <branch>legislative</branch>
 <dateIngested>2010-08-12</dateIngested>
</extension>
<originInfo>
 <publisher>U.S. Government Printing Office</publisher>
 <dateIssued encoding="w3cdtf">2007-11-30</dateIssued>
 <issuance>monographic</issuance>
</originInfo>
<physicalDescription>
 <note type="source content type">deposited</note>
 <digitalOrigin>born digital</digitalOrigin>
 <extent>24 p.</extent>
</physicalDescription>
<classification authority="sudocs">GA 1.13:GAO-08-232R</classification>
<identifier type="uri">https://www.govinfo.gov/app/details/GAOREPORTS-GAO-08-232R</identifier>
<identifier type="local">P0b002ee18038ae88</identifier>
<identifier type="former package identifier">f:d08232r</identifier>
<recordInfo>
 <recordContentSource authority="marcorg">DGPO</recordContentSource>
 <recordCreationDate encoding="w3cdtf">2010-08-12</recordCreationDate>
 <recordChangeDate encoding="w3cdtf">2011-03-28</recordChangeDate>
 <recordIdentifier source="DGPO">GAOREPORTS-GAO-08-232R</recordIdentifier>
 <recordOrigin>machine generated</recordOrigin>
 <languageOfCataloging>
  <languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</languageOfCataloging>
</recordInfo>
<accessCondition type="GPO scope determination">fdlp</accessCondition>
<extension>
 <docClass>REPORT</docClass>
 <accessId>GAOREPORTS-GAO-08-232R</accessId>
 <reportNumber>GAO-08-232R</reportNumber>
 <subject>Federal regulations</subject>
 <subject>Government information</subject>
 <subject>Government information dissemination</subject>
 <subject>Homeland security</subject>
 <subject>Information classification</subject>
 <subject>Information disclosure</subject>
 <subject>Information management</subject>
 <subject>Information security</subject>
 <subject>Information security management</subject>
 <subject>Information security regulations</subject>
 <subject>Policy evaluation</subject>
 <subject>Security policies</subject>
 <subject>Security threats</subject>
 <subject>Terrorism</subject>
 <subject>Policies and procedures</subject>
 <type>Correspondence</type>
 <accountNo>A78548</accountNo>
 <law congress="109" isPrivate="false" number="90"></law>
 <law congress="109" isPrivate="false" number="295"></law>
 <statuteAtLarge volume="120">
                      <pages pages="1355"></pages>
                </statuteAtLarge>
</extension>
<titleInfo>
 <title>Transportation Security Administration&apos;s Processes for Designating and Releasing Sensitive Security Information</title>
</titleInfo>
<abstract>Since the September 11, 2001, terrorist attacks, federal agencies
have faced the challenge of protecting sensitive information from
terrorists and others without a need to know while sharing this  
information with parties who are determined to have such a need. 
One form of protection involves identifying and marking such	 
information sensitive but unclassified--information that is	 
generally restricted from public disclosure but not designated as
classified national security information. The Department of	 
Homeland Security&apos;s (DHS) Transportation Security Administration 
(TSA) requires that certain information be protected from public 
disclosure as part of its responsibility for securing all modes  
of transportation. TSA, through its authority to protect	 
information as sensitive security information (SSI), prohibits	 
the public disclosure of information obtained or developed in the
conduct of security activities that, for example, would be	 
detrimental to transportation security. According to TSA, SSI may
be generated by TSA, other DHS agencies, airports, aircraft	 
operators, and other regulated parties when they, for example,	 
establish or implement security programs or create documentation 
to address security requirements. Section 525 of the DHS	 
Appropriations Act, 2007 (Public Law 109-295), required the	 
Secretary of DHS to revise Management Directive (MD) 11056, which
establishes DHS policy regarding the recognition, identification,
and safeguarding of SSI, to (1) review requests to publicly	 
release SSI in a timely manner and establish criteria for the	 
release of information that no longer requires safeguarding; (2) 
release certain SSI that is 3 years old, upon request, unless it 
is determined the information must remain SSI or is otherwise	 
exempt from disclosure under applicable law; and (3) provide	 
common and extensive examples of the 16 categories of SSI to	 
minimize and standardize judgment by persons identifying	 
information as SSI. In addition to answering this mandate, we are
following up on a June 2005 report in which we recommended that  
DHS direct the Administrator of TSA to establish (1) guidance and
procedures for using TSA regulations to determine what		 
constitutes SSI, (2) responsibility for the identification and	 
determination of SSI, (3) policies and procedures within TSA for 
providing training to those making SSI determinations, and (4)	 
internal controls4 that define responsibilities for monitoring	 
compliance with SSI regulations, policies, and procedures and	 
communicate these responsibilities throughout TSA. To respond to 
the mandate and update the status of all four of our		 
recommendations, we assessed DHS&apos;s status in establishing	 
criteria and examples for identifying SSI; efforts in providing  
training to those that identify and designate SSI; processes for 
responding to requests to release SSI, including the legislative 
mandate to review various types of requests to release SSI; and  
efforts in establishing internal controls that define		 
responsibilities for monitoring SSI policies and procedures.</abstract>
<location>
 <url displayLabel="HTML rendition" access="raw object">https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-08-232R/html/GAOREPORTS-GAO-08-232R.htm</url>
 <url displayLabel="PDF rendition" access="raw object">https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-08-232R/pdf/GAOREPORTS-GAO-08-232R.pdf</url>
</location>
<identifier type="preferred citation">GAO-08-232R</identifier>
<location>
 <url displayLabel="Content Detail" access="object in context">https://www.govinfo.gov/app/details/GAOREPORTS-GAO-08-232R</url>
</location>
<note>Correspondence</note>
<extension>
 <searchTitle>GAO-08-232R; Transportation Security Administration&apos;s Processes for Designating and Releasing Sensitive Security Information;
            </searchTitle>
</extension>
<subject>
 <topic>Federal regulations</topic>
 <topic>Government information</topic>
 <topic>Government information dissemination</topic>
 <topic>Homeland security</topic>
 <topic>Information classification</topic>
 <topic>Information disclosure</topic>
 <topic>Information management</topic>
 <topic>Information security</topic>
 <topic>Information security management</topic>
 <topic>Information security regulations</topic>
 <topic>Policy evaluation</topic>
 <topic>Security policies</topic>
 <topic>Security threats</topic>
 <topic>Terrorism</topic>
 <topic>Policies and procedures</topic>
</subject>
<relatedItem type="isReferencedBy">
 <titleInfo>
  <title>United States Statutes at Large</title>
  <partNumber>Volume 120 Page 1355</partNumber>
</titleInfo>
 <identifier type="Statute citation">120 Stat. 1355</identifier>
</relatedItem>
<relatedItem type="isReferencedBy">
 <titleInfo>
  <title>United States Public Law 90 (109th Congress)</title>
</titleInfo>
 <identifier type="public law citation">Public Law 109-90</identifier>
</relatedItem>
<relatedItem type="isReferencedBy">
 <titleInfo>
  <title>United States Public Law 295 (109th Congress)</title>
</titleInfo>
 <identifier type="public law citation">Public Law 109-295</identifier>
</relatedItem>
</mods>