5 C.F.R. § 1312.31

Current through September 30, 2024
Section 1312.31 - Security violations
(a) A security violation notice is issued by the United States Secret Service when an office/division fails to properly secure classified information. Upon discovery of an alleged security violation, the USSS implements their standard procedures which include the following actions:
(1) Preparation of a Record of Security Violation form;
(2) When a document is left on a desk or other unsecured area, the officer will remove the classified document(s) and deliver to the Uniformed Division's Control Center; and
(3) Where the alleged violation involves an open safe, the officer will remove one file bearing the highest classification level, annotate it with his or her name, badge number, date and time, and return the document to the safe, which will then be secured. A description of the document will be identified in the Record of Security Violations and a copy of the violation will be left in the safe.
(b)Office of record. The EOP Security Office shall serve as the primary office of record for OMB security violations. Reports of violations will remain in the responsible individual's security file until one year after the individual departs the Executive Office of the President, at which time all violation reports will be destroyed.
(c)Compliance. All Office of Management and Budget employees will comply with this section. Additionally, personnel on detail or temporary duty will comply with this section, however, their parent agencies will be provided with a copy of any security violation incurred during their period of service to OMB.
(d)Responsibilities for processing security violations -
(1)EOP Security Officer. The EOP Security Officer shall provide OMB with assistance regarding Agency security violations. Upon receipt of a Record of Security Violation alleging a security violation, the EOP Security Officer shall:
(i) Prepare a memorandum to the immediate supervisor of the office/division responsible for the violation requesting that an inquiry be made into the incident. Attached to the memorandum will be a copy of the Record of Security Violation form. The receiving office/division will prepare a written report within five working days of its receipt of the Security Officer's memorandum.
(ii) Provide any assistance needed for the inquiry conducted by the office/division involved in the alleged violation.
(iii) Upon receipt of the report of inquiry from the responsible office/division, the EOP Security Officer will:
(A) Consult with the OMB Associate Director (or Assistant Director) for Administration and the General Counsel;
(B) Determine if a damage assessment report is required. A damage assessment will be made by the agency originating the classified information, and will be prepared after it has been determined that the information was accessed without authorization; and
(C) Forward the report with a recommendation to the OMB General Counsel.
(2)Immediate supervisors. Upon receipt of the EOP Security Officer's security violation memorandum, the immediate supervisor will make an inquiry into the alleged incident, and send a written report of inquiry to the EOP Security Officer. The inquiry should determine, and the related report should identify, at a minimum:
(i) Whether an actual security violation occurred;
(ii) The identity of the person(s) responsible; and
(iii) The probability of unauthorized access.
(3) Deputy Associate Directors (or the equivalent) will:
(i) Review and concur or comment on the written report; and
(ii) In conjunction with the immediate supervisor, determine what action will be taken to prevent, within their area of responsibility, a recurrence of the circumstances giving rise to the violation.
(e)Staff penalties for OMB security violations. When assessing penalties in accordance with this section, only those violations occurring within the calendar year (beginning January 1) will be considered. However, reports of all previous violations remain in the security files. These are the standard violation penalties that will be imposed. At the discretion of the Director or his designee, greater or lesser penalties may be imposed based upon the circumstances giving rise to the violation, the immediate supervisor's report of inquiry, and the investigation and findings of the EOP Security Officer and/or the OMB Associate Director (or Assistant Director) for Administration.
(1) First violation:
(i) Written notification of the violation will be filed in the responsible individual's security file; and
(ii) The EOP Security Officer and/or the Associate Director (or Assistant Director) for Administration will consult with the respective immediate supervisor, and the responsible individual will be advised of the penalties that may be applied should a second violation occur.
(2) Second violation:
(i) Written notification of the violation will be filed in the responsible individual's security file;
(ii) The EOP Security Officer and/or the Associate Director (or Assistant Director) for Administration will consult with the respective Deputy Associate Director (or the equivalent) and immediate supervisor and the responsible individual who will be advised of the penalties that may be applied should a third violation occur; and
(iii) A letter of Warning will be placed in the Disciplinary Action file maintained by the Office of Administration, Human Resources Management Division.
(3) Third violation:
(i) Written notification of the violation will be filed in the responsible individual's security file;
(ii) The EOP Security Officer and/or the Associate Director (or Assistant Director) for Administration will consult with the OMB Deputy Director, General Counsel, the respective Deputy Associate Director (or equivalent), and the immediate supervisor and the responsible individual who will be advised of the penalties that may be applied should a fourth violation occur; and
(iii) A Letter of Reprimand will be placed in the Disciplinary Action file maintained by the OA/HRMD.
(4) Fourth violation:
(i) Written notification of the violation will be filed in the responsible individual's security file;
(ii) The EOP Security Officer and/or the Associate Director (or Assistant Director) for Administration will consult with the OMB Director, Deputy Director, General Counsel, the respective Deputy Associate Director (or the equivalent), and immediate supervisor;
(iii) The responsible individual may receive a suspension without pay for a period not to exceed 14 days; and
(iv) The responsible individual will be advised that future violations could result in the denial of access to classified material or other adverse actions as may be appropriate, including dismissal.

5 C.F.R. § 1312.31