The Interagency Security Committee and Security Standards for Federal Buildings

The Interagency Security Committee and
Security Standards for Federal Buildings
Shawn Reese
Analyst in Emergency Management and Homeland Security Policy
Government and Finance Division
Summary
The federal government owns or leases 3.7 billion square feet of office space,
which may be vulnerable to acts of terrorism and other forms of violence. The
Interagency Security Committee (ISC) was created by E.O. 12977 in 1995, following
the domestic terrorist bombing of the Alfred P. Murrah Federal Building in Oklahoma
City, OK, to address the quality and effectiveness of physical security requirements for
federal facilities. The September 2001 terrorist attacks on the Pentagon and the World
Trade Center renewed concerns about the vulnerability of federal buildings to bombing
or other forms of attack. On February 28, 2003, the chairmanship of the ISC was
transferred to the Secretary of Homeland Security from the Administrator of General
Services by E.O. 13286. In July 2004, based on Homeland Security Presidential
Directive/HSPD-7, the ISC began reviewing federal agencies’ physical security plans
to better protect the nation’s critical infrastructure and key resources. On December 13,
2006, the ISC issued its 2007-2008 Action Plan, which sets forth revised policy
recommendations for enhancing the quality and effectiveness of security in federal
facilities. This report will not be updated.
Background and Introduction¹
In FY2006, the federal government’s real property portfolio consisted of 3.87 billion
square feet of owned and leased office space.² The General Services Administration
(GSA), through its Public Buildings Service (PBS), is the primary federal real property
and asset management agency, with a real property portfolio consisting of 8,847 buildings

¹ This report was written by Stephanie Smith, CRS Analyst in American National Government,
who recently retired from CRS. The currently listed author is available for questions, but this
report will not be updated. It will be superceded by a new CRS report if developments warrant.
² U.S. General Services Administration, The Federal Real Property Council, FY2006 Federal
Real Property Report: An Overview of the U.S. Federal Government’s Real Property Assets
(Washington: July 2007), p. 4.

and structures with an estimated replacement value of $68.8 billion in FY2006.³ In
addition to GSA, 27 other federal agencies have independent landholding and leasing
authorities that enable them to acquire or construct specific types of buildings.⁴
GSA is responsible for the design and construction of its buildings, and for
alterations and repairs to existing facilities. One of its primary goals has always been to
assure the physical safety of federal employees who work in, and the private citizens who
visit, government-owned or leased buildings. However, the federal government had no
formally established building security standards for either federally owned or leased
buildings when the April 1995 domestic terrorist bombing of the Alfred P. Murrah
Federal Building occurred in Oklahoma City, OK.⁵
The Oklahoma City bombing brought a new awareness to the potential for violent
acts directed at federal buildings as symbolic attacks against the federal government as
a whole. The day following the April 19, 1995, bombing, President William Clinton
directed the Department of Justice (DOJ) to assess the vulnerability of federal facilities
to acts of terrorism or violence and to develop recommendations for minimum security
standards.⁶ Because of its expertise in federal courts’ security, the U.S. Marshals Service
(USMS) coordinated two working groups to accomplish these tasks, a Standards
Committee and a Profile Committee. The Standards Committee, composed of security
specialists and representatives from GSA, the Federal Bureau of Investigation, the U.S.
Secret Service, the Social Security Administration, and the Departments of Defense and
State, identified and evaluated the various types of security measures that could be used
to strengthen potential vulnerabilities. The committee compiled a list of proposed
minimum standards pertaining to secure perimeter buffer zones; the security of entrances
and exits and related access procedures; the identification and admittance of employees
and visitors; garage and vehicle service entrances; the location of day care centers; and
the use of closed-circuit television monitoring.
Because of the differences among federal buildings and their related security issues,
the Standards Committee categorized federal facilities into five different levels (with
corresponding security standards) based on factors such as building size, agency mission
and function, tenant population, and volume of public access. A Level I building is
defined as having not more than 2,500 square feet (sq. ft.) of space, with 10 or fewer
federal employees, and little public access. A Level II building contains between 2,500
to 80,000 sq. ft., and has between 11 and 150 federal employees engaged in routine
activities, with a moderate level of public access. An example of a Level II building is
the Social Security Administration Office in El Dorado, CO. A Level III building is

³ Ibid, p. 6. For further information, see CRS Report RL32368, The General Services
Administration and Federal Real Property Management: Overview and Current Legislation, by
Stephanie Smith.
⁴ Ibid.
⁵ U.S. Department of Justice, U.S. Marshals Service, Vulnerability Assessment of Federal
Facilities, June 28, 1995 (Washington: 1995), p. 1-1.
⁶ U.S. General Accounting Office, Building Security: Interagency Security Committee Has Had
Limited Success in Fulfilling Its Responsibilities, GAO Report GAO-02-1004 (Washington:
September 2002), p. 5.

defined as occupying between 80,000 to 150,000 sq. ft. of space, and housing between
151 and 450 federal employees, with a moderate to high volume of public access. Level
III facilities may house several federal tenants, law enforcement agencies, or court-related
or archival agencies. Level IV facilities are categorized as occupying more than 150,000
sq. ft. of space, and housing more than 450 federal employees. These Level IV facilities
are defined as having “high volume public contact” and include federal courthouses with
high-risk court chambers, judicial offices, and buildings that house highly sensitive
government records. Level V facilities are similar to Level IV buildings in size and
numbers of federal employees. However, the missions of Level V facilities are
considered “critical to national security.” The Central Intelligence Agency headquarters
and the Pentagon, for example, are both classified as Level V for security purposes.
The Profile Committee, composed of USMS deputies and GSA security specialists,
conducted inspections at more than 1,200 federal facilities to obtain security data on
buildings for use in upgrading existing conditions to comply with the proposed minimum
standards. Sixty days later, the working groups’ findings and recommendations were
published in a June 1995 report entitled Vulnerability Assessment of Federal Facilities.⁷
Security Standards and Design Criteria
The publication of the 1995 Vulnerability Assessment report was significant in that
it represented the first time that broad security standards were applied to federal facilities,
and they are still in effect. In conjunction with publication of the report, President Clinton
directed all executive branch agencies to begin immediately upgrading their facilities to
meet the recommended minimum security standards, to the extent possible within funding
limitations. Based on the DOJ recommendations, he also required GSA to establish
building security committees for all GSA facilities and called upon other landholding
agencies to establish programs for upgrading their facilities to appropriate minimum
security standards.⁸
Four months later, on October 19, 1995, President Clinton issued E.O. 12977, which
established a permanent Interagency Security Committee (ISC) within the executive
branch to address “continuing government-wide security” for federal facilities.⁹ Chaired
by the GSA Administrator, the ISC was composed of representatives from each of the
executive branch agencies, the Office of Management and Budget, the Environmental
Protection Agency, and the Central Intelligence Agency. Other members included the
following individuals or their designees: the Director of USMS; the Assistant
Commissioner of the Federal Protective Service (FPS);¹⁰ the Assistant to the President for

⁷ U.S. Department of Justice, U.S. Marshals Service, Vulnerability Assessment of Federal
Facilities.
⁸ U.S. President (Clinton), “Memorandum on Upgrading Security at Federal Facilities,” Public
Papers of the Presidents of the United States, vol. I, June 28, 1995, pp. 964-965.
⁹ U.S. President (Clinton), “Interagency Security Committee,” Executive Order 12977, Federal
Register, vol. 60, October 24, 1995, pp. 54411-54412.
¹⁰ The Federal Protective Service was transferred from GSA to DHS by the Homeland Security
Act of 2002(116 Stat. 2178), and is now part of DHS’s Bureau of Immigration and Customs
(continued...)

National Security Affairs; the Director of the Security Policy Board; and other federal
officials appointed by the President. The ISC was also authorized to consult with other
parties, including the Administrative Office of the U.S. Courts, in order to perform its
duties. Section 5 of E.O. 12977 required the ISC to develop and evaluate existing security
policies and to take necessary actions to enhance the quality of security and protection for
federal facilities. These actions might include encouraging agencies with security
responsibilities to share security-related intelligence in a timely manner; evaluating
technology and information systems to facilitate cost-effective security upgrades;
developing long-term construction standards for high-risk facilities that require blast-
resistant structures or have other specialized security requirements; evaluating standards
for the location and security of day care centers in federal facilities; and assisting the GSA
Administrator in creating and maintaining a centralized security database of all federal
facilities.
While the 1995 Vulnerability Assessment report provided guidance for overall
security standards for existing facilities, it did not provide criteria for the design and
construction of new federal buildings. In January 1997, GSA completed its first draft of
a document entitled GSA Security Criteria, which was revised and issued on October 8,
1997, to establish design standards for the protection of federal employees in civilian
facilities.¹¹ The GSA security document attempted to integrate security standards
throughout all functional and design phases of the building process, including site and
interior space planning, as well as structural and electrical design elements.
Building upon GSA’s 1997 Draft Security Criteria, the members of the ISC
established a series of working groups that addressed new technology developments, cost
considerations, the experience of architects and builders in applying GSA’s design
criteria, and the need to balance security standards with public access to federal buildings.
In May 2001, the ISC issued its Security Design Criteria for New Federal Office
Buildings and Major Modernization Projects, based on the five security levels for federal
facilities.¹² New ISC security requirements for future construction projects included the
use of glazing protection for windows, the establishment of distances that buildings
should be set back from the street, the control of vehicular access to the buildings, and the
location and securing of air intakes. In July 2001, the ISC issued a second product for
federal agencies to implement that set forth minimum standards for federal building
access procedures. Two draft documents, one that addressed entry security technology,
and the second, which pertained to preparedness for nuclear, biological, and chemical
attacks, were not officially issued by the ISC membership.

¹⁰ (...continued)
Enforcement (ICE), Border and Transportation Security Directorate. The FPS protects federally
owned or occupied facilities under GSA’s and DHS’s jurisdictions.
¹¹ U.S. General Services Administration, Public Buildings Service, Building Technologies
Division, Office of Property Development, GSA Security Criteria, October 8, 1997, Limited
Official Use Only. GSA also publishes The Facilities Standards for the Public Buildings Service,
which is updated on a regular basis, and contains a chapter on security design. A brief overview
can be found at [http://www.gsa.gov].
¹² Interagency Security Committee, ISC Security Design Criteria for New Federal Office
Buildings and Major Modernization Projects, May 28, 2001, available on a limited-access
website at [http://www.oca.gsa.gov].

The September 2001 terrorist attacks on the Pentagon and the World Trade Center
heightened concerns about the vulnerability of federal buildings to violence or bombing
attacks. In response to these events, the ISC issued revised procedures to respond to
potential vehicle bomb attacks by recommending that new federal buildings be
constructed at a minimum distance of between 20 to 50 feet from the nearest perimeter
barrier, depending upon the security level.¹³
Even though the ISC successfully completed its Security Design Criteria and related
draft documents, a 2002 General Accounting Office (GAO)¹⁴ report found that the
committee had made “little progress” in other mandated responsibilities. Although the
ISC had established 13 working groups since 1995, only two of the groups were still
active as of July 2002. Also, while GAO reported that the ISC was successfully
disseminating security information to member agencies, it also found that the group’s
effectiveness was hindered by GSA’s “lack of aggressive leadership and support,” in that
the agency failed to issue operating procedures, and did not provide sufficient staff
support and funding. GSA was also unable to provide any documention indicating that
the agency or the ISC had actually monitored agency compliance with the ISC’s security
recommendations.¹⁵
Recent Developments
Congressional enactment of the Homeland Security Act¹⁶ in 2002 and the associated
creation of the Department of Homeland Security centralized the federal government’s
efforts to respond to terrorism, including physical security for federal facilities. On
February 28, 2003, the chairmanship of the ISC was transferred from the GSA
Administrator to the Secretary of Homeland Security, and a representative from GSA was
added to the ISC’s membership.¹⁷ Within DHS, the chairmanship of the ISC was
subsequently delegated to the Director of the Federal Protective Service in January 2004.¹⁸
Given the challenges that the ISC faces to successfully integrate security initiatives
encompassing diverse agency needs, GAO recommended in September 2004 that DHS
direct the ISC to develop a plan that “identifies resource needs, implementation goals, and

¹³ U.S. General Services Administration, Public Buildings Service, Memorandum for Assistant
Regional Administrators, Implementation of the Interagency Security Committee (ISC) Design
Criteria Regarding Site Selection, April 26, 2002, pp. 1-2.
¹⁴ In 2004, Congress changed GAO’s name from the General Accounting Office to the
Government Accountability Office. 118 Stat. 811.
¹⁵ U.S. General Accounting Office, Building Security, GAO Report GAO-02-1004, pp. 7-11.
¹⁶ 116 Stat. 2135.
¹⁷ U.S. President (George W. Bush), “Amendment of Executive Orders, and Other Actions, in
Connection with the Transfer of Certain Functions to the Secretary of Homeland Security,”
Executive Order 13286, Federal Register, vol. 68, March 5, 2003, p. 10624.
¹⁸ U.S. Government Accountability Office, Homeland Security: Further Actions Needed to
Coordinate Federal Agencies’ Facility Protection Efforts and Promote Key Practices, GAO
Report GAO-05-49 (Washington: 2004), p. 9.

time frames for meeting the ISC’s ongoing and yet-unfulfilled responsibilities.”¹⁹ GAO
reported that standard operating procedures had been approved by agency members in
September 2004, and included new requirements for attendance and participation at ISC
meetings. DHS is also helping the ISC meet its requirement to create and maintain a
centralized security database of all existing federal facilities. The ISC issued updated
security standards for leased facilities in July 2003, as well as new recommendations to
member agencies pertaining to the use of escape hoods. The updated version of the ISC
Security Design Criteria for New Federal Office Buildings and Major Modernization
Projects was approved by concurrence of the ISC membership on September 29, 2004.
In addition to its duties to coordinate federal facility security efforts and to develop
security standards for the construction of new federal facilities, the ISC has been assigned
responsibilities to review federal agencies’ physical security plans. Homeland Security
Presidential Directive/HSPD-7, issued on December 17, 2003, established requirements
for federal agencies “to identify and prioritize United States critical infrastructure and key
resources and to protect them from terrorist attacks,” and assigned implementation
responsibilities to DHS.²⁰ In July 2004, the ISC was designated to oversee and review
each agency’s physical security plan pertaining to protection of the nation’s infrastructure
and key resources. According to GAO, the ISC’s successful completion of these new
responsibilities relating to homeland security issues would “represent a major step”
toward carrying out its existing duties pertaining to compliance and oversight.²¹
A fundamental ISC objective is to improve the management of security programs by
establishing policies and minimum standards for security operations. The successful
integration of the federal government’s facility protection standards is a formidable
challenge because it involves diverse agencies with varying perspectives on security
issues. On December 13, 2006, the ISC issued its 2007-2008 Action Plan, which included
operational procedures for identifying and applying updated security technologies.²²
Current ISC projects include the updating of the 1995 Vulnerability Assessment Report
to make the document more specific to agencies’ missions and strategic plans. The ISC
membership is also striving for better formulation of security policies and directives to
gain more consensus and compliance within the federal community. Through greater
accountability and oversight, the ISC hopes to provide one leadership voice to integrate
physical security initiatives successfully for the federal government.²³

¹⁹ Ibid., pp. 47-48.
²⁰ U.S. President (Bush), “Directive on Critical Infrastructure Identification, Prioritization, and
Protection, Homeland Security Presidential Directive/HSPD-7,” Weekly Compilation of
Presidential Documents, vol. 39, December 17, 2003, p. 1816.
²¹ U.S. Government Accountability Office, Homeland Security, GAO Report GAO-05-49 , p. 11.
²² U.S. Department of Homeland Security, Interagency Security Committee Action Plan for
Calendar Years 2007-2008 (Washington: December 2006), p. 1.
²³ Information based on telephone conversation with the ISC Executive Director on April 1, 2005.