26-AUD-02 - Recommendation 1

Update the Facility Security Risk Management Program Internal Operating Procedure (IOP) to include.
• Additional guidance on how to implement the Interagency Security Committee’s (ISC) Standard’s Facility Security Level (FSL) criteria.
• A process for documenting the Chief, Physical Security’s approval of the FSL.
• A requirement for supporting documentation and justification for each assigned score, including source references or observed conditions that could impact certain criteria.
• A requirement for documented justifications for any deviations from the Design Basis Threat (DBT) baseline scores identified by ISC.
• A requirement that security incident data be reviewed, analyzed, and attached as part of the Facility Security Assessment (FSA) process.