U.S. Department of Justice
United States Attorney
Southern District of New York
86 Chambers Street
New York, New York 10007

August 11, 2015
By Electronic Mail
David E. McCraw, Esq.
Jeremy A. Kutner, Esq.
The New York Times Company
620 Eighth Avenue
New York, NY 10018
E-mail:
mccrad@nytimes.com
jeremy.kutner@nytimes.com
Re:

The New York Times Co. and Charlie Savage v. National Security Agency,
15 Civ. 2383 (KBF)

Dear David and Jeremy:
This Office represents the National Security Agency (“NSA”), the defendant in the
above-referenced matter. Pursuant to the Scheduling Order, dated May 15, 2015, NSA has
completed its review and processing of the attached documents. NSA is releasing 16 documents
with redactions. Information has been redacted from these documents pursuant to 5 U.S.C.
§§ 552(b)(1), (b)(3), and (b)(6). Each redacted document being released has been marked with
the applicable FOIA exemption or exemptions.
If you have any questions, please do not hesitate to contact us.
Sincerely,
PREET BHARARA
United States Attorney for the
Southern District of New York
By:

Enclosures

/s/ John Clopper
JOHN D. CLOPPER
ANDREW E. KRAUSE
Assistant United States Attorneys
Telephone: (212) 637-2716/2769
Facsimile: (212) 637-0033
E-mail: john.clopper@usdoj.gov
andrew.krause@usdoj.gov

 DOCID:

REF ID: A417724:9
4230.241
TOP SECi:tETtlCOldlNT-STE.LLARlVIN'DllORC0.7N~1'lOJ!OR1V!fld.R

!Furl her dissemination of tbis i'eport outside the Office
of the Inspector General, NSA is PIWHIBITED
without the approval of the Inspector Ge11ernl.

(TS//Sl//NF) REPORT ON THE ASSESSJ\1ENT C~F
MANAGEIVJENT CONTROliS FOR IMPLEMENTING~ 'THE
FOREIGN INTELLIGENCE SURVEILLANCE COURT
ORDER: TELEPl-IONY BUSINESS lffiCORDS
ST~06-0018

5 SEPTEMBER 2006

DERIVED fi'ROl'vl!: NSAJCSSM 1-5:2
DA'fED: 20041123
DECLASSIFY ON: MR

~pproved for Release by NSA on 08-06-2015. FOIA Case# 80120 (litigation)
TOP BECR.E'fYiCOMINT~S'FELL...4RWll\lDfl-ORCOh~,l1tlOFO.RN1/AfR

 REF ID:A4177249

4230241

DOC ID

nn ffl·~~1-1·<,'"iY•{l hv ]"ho Pirpt>t·c11·
'\. '- J

... .1.

i."-•

._ _.,_'-

,,...

-.!.A'l..• .!....>'J ....... "-'. ""':;

-!·l'
l'-"-.": Of-1''ic·p
rrf' t'Lw
(-'~"''"'e"l'~t·l
((Hn)
i..
~.•
·'
.._, 1-,.., 111.::1v:;..-•t<•1··
- .
~l....·li.Jl ... ~
'\.. J.\ •-r.;

l\J'~,.~
f''..~;:Q
l t. :·:t.,if'hic:f
...
~,"-"-.ti
.. ~,

i..

..1 •••\ •• \ ,

".:'l-a·· 1.. ".,...,"t.1··~·~""..;:t·'.t•:>b'"',,,+-1' ')'""'
<.:!
c .IL-.

'':1'!1.. 1r']·[·t···t-,
.. 1" 'l·~·"'·~ar·tl ,...>:. ..... S "'UHi.:;.::i..~
G_.v
-~! ...... u::;. H>'.'l}'t<,..,1.,i_t,, -:, ~11.~,, «H

0

·a·h·· .•i'\17s
''
;.r..:i
.,, ,::·1·0I'
. ·'.1· ::i
•)
'
0

:''-"'..,

••.••

l<'\.......
t.:1 !~1 ~
··11ra
.1..l'"\·e 1. ·o-f.~c~lr1·1"r\1
... <..· L·.c . . J....... ~!'
"··,

•
•
... ,
•
•'
ernc.1ency,
ancr.J e. ff'_ecttveness
ot 1-~c:;PJ..1 1.....0:-3
operations;
to provwe mtcc1}'1ge:nce overs1gnt;
to
prntect against fraud, 'iYHste., and m.ismanagement of resnun::;e3; m~d to ensure that
NSA/CSS activities are cow..ir~cted in compliance ·with the Constil:ntion, lrrws, e·,;·ecutive
orclers, regulatj~~11s, a.!J.tl <li1·ectives. 1~1~e ()I(~ also sen.res as orr1tn1ds111ar1~ 19ssisting a11
r~

'O,Yf.'~11··1··

N<~A /l--:0c1 ~1··-)]cr:-~c·"l ...,.nji ·1.t-:'.'t:".•'i1"~~t-p•"t rjr-n;-,...l r.; ..·rl 1n1~kit·1~"",
- 1.~A/ ,.,,;:,'-·-Ill Jj'.;··~b <L1.l•. < .UJ.i ca ..":.;,;. iH,;;t~ <~1L.1. - < 1:.1'.f•

(U) The 1nspection function conducts Irmnagem.ent and program evah.1ations in the fortn
•
'
'
'
·1
"
1
. l
... '
ot' orgamzatmnat
anuA f·nnctiona.1.
re·v1c1Ns,
ri.rn..1erti:tti:en
eri·
1er r:.s part o:t' t 1lt': ()T
1... 1i3
s annua11
plan or by management request The inspection tearn''s findings are designed to y:i~ld
·::in..:J
l1

a

.._ f'f'''11'~'·t·c.
~,....,.t;. ... d ....... (..._

n1·o·n1"'''7)'1
.t-.
;:,-cu...L- ..... ,

1
7
7 ·1.:'-l()-1
··i
P \r,1
''1'1~'1';\j·~
i:;.,f'.fill'}
"'l'l"''U nt"
'·'"''"}
L ...t·'
. ....1"~1
Cr, ...
...... _ \.}
. . L.:..t.- •.J,'I'!Tl
.. _,. fl'\
...... ..L.! l·hc~
" ..... ~.,.· cifl=<->o•.+-1'~!f'.nC·>i•··
~ ••\.\::;•'l... L ' ~ -·- .,... ,~· r''J"(j
..ll.~. ·- .....
, .... _. \..• ~ ~..... r
.... ;>r1··t~1J·.;,-,,~
.,> ~
.J.\...•,, t.:~.
il\..
0

1 '1 ....r·~,:-q1J:::i1"1·,·,1"J>:"
,,,l,.•r111·
~v;t'1
.. , ;n)
::::<:.;:;.oq<:'·1-.·ir-:n+·
-la;,rn~
<:~
1 • .!. .....
-i...~.
4,.1:.u
.... .._._..,_, ~- ........ t. nf
.,_ (•f'••r1n}1·,..,.,...,1f'P
..... J"". ·t.t. (Li~_ .... , '\!Vl,·l-}·;
.• .v~.
'~1I1
. \..
r.:i.., .. 1.-, _ .,, •• _,_.,, "L·'hc.1
.tJ.,_.

t:J..J.'l_,r

recommendations for corrections or Jmprove1nents are subject to follcnvup.
1
~fJ'.·'I)Pc··t;PT.
J. ·~'
•.,
.t ··'

,.J,

u··fl:;r:.::.v
•••• - ·..

::.r1......
'15~(1
• .•. na1·t•1orq
r- ... .#. t. .• c. .•.

urit1·1
t't'Je Tl'1"pecto":.:.?
t"V
.a._.1::J
• ·1. ~ (''"'11"1"'1]
u'l,..._ c_ c_ ,...,f
v._ t'l-1n S""l"';1'(':1'".
v
v. '-""""
J!

••

•

. ..

-.L

'-'

The

1"J"lff}i'n10 2',f'
'\...J ·J

.t ...... 1.vt':.>t-···-·

Elements to conduct joint inspections of th~:; corrnolidated cryptologic facilities.

t;) provide an indspend~nt ,:issessrnerri: uf
i--rnoTa'.1-)1''
~·1Jc1.. C••'t)'::~n
izat1'q·r1.c•
~>'['"('·'"
1p_.._(.·1t•-' 1·h·~
,;;~';«.!
1'J...1'.r-,:~11cv
of'
•. -r.J ''-'·
. JLf':J'.-.1.I....L
'U!'. ·"-'" l\:.vfnT''"...,
.-. ...... J. ..,..._, ..... ll.J.•..!.
\ .• ,_ ;;n1dit~
.. •. e·v·"
V.•
•,. C·r.rf1"'1..'Y1-l"V
\.,. _.1,.; L.l .
·"-...
\-i..l
,\.. ,..,•.....
·'-'

(U) Tlie internal audit furn::.tirn.1 is designed
J:!··'->C"'•

,,..~.

an entity or program, a.s weU ns

~-

V•'hr.~ther

.~•

.t.

)

•- r.

program ohjcetives are ·being rnet nnd

1
'pl.l··r-t·1~J-.,...•ri
""~'Y"" Lt
• .. l "''ill}').l1"-l'l..:-1·",... ·i; ·1~.:..1, r··•i"'···ti,. ....~.l' ,-1c•
fJ". r>·-'l(.'l.'.J ~l'':IJ't· 1 ,:l.-~t·)-''1'}1~1'j .. 1'.h•"'- •" """''ll'J~.- "'"_T
(.•_-'-'U:L
..)11., ,,,.r_:
'.-'J '. «l.i_.•='. "'" L•'- · "-·i~t:.~aL~ ..r ,~ . .i:kil6.L<J
«.la H! .:-:: , ,_. l: ..1, t .e :.i~: ..u.:......Ld'1..)

of an entity's financia! st<:iternent,.
'=;'(. C'll.,rJ_,,,;!<;
egy·
'1l1'[;.;:.'l11>rl
1-n;
.L<.i:i.(.t.l.L!.t-·
•t.~ .(.'\.
lur.,·~·~i Li.J

'··

l~_l. . ',=',i
, •. ,,~...
'<..ll

AJJ audits are c.ond.ur.ted in accon.lo.nce 1.vith

-L·h:.:>.
'r t)l'.'· (!·".:.
Q-L· ":1·Lp..;:
t(.... c·'C•"1·"rl·,.,.,il;:.,.I·
,,,J..1 ·!...... ~<(..•J.J: •..,. ("..c.ne·
--~\..
.. 1·;.:1
.....
... _J.~ iT•1~ted
.,.\. J,. ~'\.
i..1 t..
~ ..... ,,,

1 ·~,-1 {'l'~ ..~ :::l-,·r ·."'..tS'.·=:.!.~. .••i.:.-1•1 •C4=..·
1 r)0·~
1 ···-1 'J"r...
'1.,...'..r1r::-_1• (._·,i1--r._.,: •.!)f1.·t·,,_'.1.·~r1J'•.·-~~.-f..,·.-.'.·1·.•.,~
··:i
"'°f.1i.::•·'1·P.1~...1.1
"1i"n.~~1·n,-.P~
. . ,1tti.J' (1
•,..
u i•_;o>.-•.
;. .... _ _ ,.,, ..:.l.'<«••·l:'J
t. ..,tU
.- '···lJ.fli.-'
-;:. "··•t
•.. 1.1. -i··,..,.l'J
,.,.
u,;,.,(,; l .•
__ .
"' .
~

- ..,..... 'r..,.

t ·-1~

-i:-·tf' (_1i.l•
{ ; ..... ,-.h··c~
t,.... r·
.. J•.< i..uJ,S

\.-U.<-!I_~"!<:l. l! .•:,

r, '•J '11·· "l1°'".:""\ -·11 ....
,j[J. \. !J.L!.1U co'.>

f·'.
...- c .,)
1.1p,•.

·t·

'l J.n111t·
.• t •.
1f-'~~"·11
..<.:., ;....i,,

.,;'\·(••'.'L,,
'7•:l C..t.1..l

<.,

I11vesti~gat~£;ns ar~d

".':'1-·~('3

'I'~ 1'., .... ,. r . .....,\., ·~·-·1·~. · r"i

<.<li.J. '.d..,HL<Hl«,'.;':>.ti:;'.• lr..

S1;;ccia1 I1!c111irics .n1;~y~ he u.Ddertr:d\en as a res-ult \Jf s11cl1 reccuests or
;::ompiaint.s; at the r~~quest of n1anageu11..:mt; a.s the resnh d b--regnlarihes that Stt:rface
1h1)"i"l'J
::it ·ll10
nf·th'" ~-···
Tn<::n~>•'l'PT
r:;.f"-f"""l.• ~
~.a. t..t·J ·~·•
t_. i11q-··
--...... µet··'·1(·,·n
.. t. . . _.\;..n~· ""'lf1"'1,
~:t'-· "" ., r·i·
~"" ......
·- _...frt1"ri<~fr'.P
- .....
.t..V-......
·.t-""·"""·-J- \._..,.11_~1,,...i
........

cnEATIVE

••

IMAGiNG-5~198:31

i.: ....

I iOHJ340

i_

1.'\ .......

Ji.

•

\.,..

...

 DOCID:
OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENTRAL SECURITY SEHVICE

5 September 2006
IG- J. 0693-06
TO: DISTRlBlITION

SUBJECT: (TS/ /SI//UF') Report on the Assessment of Management Controls
for Implementing the Foreign Intemgence Surveillance Cour'£ (FISC} Order:
Telephony Business Records (ST-06-0018)-ACTION MEMORAl\TDTJJ\1
1. {TS//Si//NF) 'This report summarizes fue results of our assessment
of l\/Ianagemeni Controls for !n1plen1entLng the F'ISC Order: Telephony
Business Records. The report incorporates management's response to the
draft renort.
~-

2. (U/ /FOUG) .A..s required by NSA/CSS Policy 1··60, NSA/CSS OJ.,Tice of
the Inspector General. actions on OIG audit recom.m.endatlons are suI~ject to
monitming and fo11owup u.ntH completion. Consequently, we ask that you
provide a wiitten status report concerning each planned corrective action
categorized as "OPEN." The status report sh.ould provide sufficient
information to shm:v tl1.at corrective actions have been completed. If a planned.
action V\Till not be con1pleted by the 01iginal target completion date, please state
the reason for the delay and give a revised target completion date. Status
reports should be sent tol
IAsS.~~!..ant Inspector General, at
OPS 2B. Suite 6247, within 15 calendar days aftet·eachJarget completion
date.
· · ..
.....:.:::::>-(b )(3)-P. L. 86-36

3. (U/ /FOUO) \Ve app:reci.ate the courtesy and. GoofJ~ration extended to
the auditors thr01.1ghout the review. If vou ne ri danflcation or addition.al
infonnation, please contact
· A.ssistan.t Inspector General,
on 963-2988 or via e--rnail at ,__

_____

Derived From: NSA./CSSM l-52
Dated: 20041 J.23
Dedassify On: M.R

' ....... .t: __., v; : }.. - . •

 DIS'TRIBU110N:
DIR
D/DiR
SIGINT Dil:ector

SID Program Manager for CT Special Projects, S
Chief, SID O&C
SSGl,I

······· ................... ········ ·····

I·········

SID Deputy Director for Custom.er Relationships
SID Deputy Director for Analysis an.d Production
Chief, S2l5
SID Deputy Director for Data Acquisition
Chief. 8332

GC
AGC(O)

ij

.(b)(3)-P.L. 86-:

 ST'..06-0018

#:XI:!'!! Ii /C'J;i' f .fil"';.&ll1;7!r. Ill ~il1.':~rl1"'~~1l1$.l~ll!..~'Tr
{Tl$/
t .,;,1,lt j h4Fi "} &'11.~.;;;z;t1':~:Jl1i""~w;;n !ii

CONTROtS fOR,

Pd. ir•.H "'~~El l'l!!.!:::lli.Q~·
. iir-- r.rr1l.t'.ianAu~~Vil~!i~ Ii

I~QliPlEMEll\1TING

'il!'~MiTtr.'~ 1i1 "ili''l1'"1re!!r0.llif"'!lt'

.~fr~

o-~ !!i&il

i£'."m "l}."lll\\f.fr.::wrn Ill &, !full•""'!!!:
lbt~ik.1¥.~!fr.;;;~\;lr;i.,.~ ~1Uhr\l, -w·rr.;;.;11:i,,.~n11l,..;lk

1"ElEPHOt~Y-

THE FOREIGN
ro~ H})T
'W'"""""')
f'il!l'%f,"t,~trJi
~ Uri\.~
~~~. · (,.p·!Ji~,u ..... !t'!!.~

B.USl]\HESS RE(;ORDS<bW)
(b)(3).~P.L. 86-36
(b)(3)~'so
3024(i)

use

(TS//SI//STLWh'OCrI»!F) Bad{gli't!nm1d~ The Order of the FlSC issued 24 Ivi~~&-2006
in. In re Application qf the Fede';;:.:r::.:;al;;:;..:.;B:=,:u;;!;!.1..::;·e:.:.::.a;::::;u;;...:o~I~n.~v.lo;;es~·~·~=~.:.:..;~~~;.:.....i.~u.r.IJ~~~
Production o "Tornil:Jl . 'T'l ·

No. BR-06-05 (i:he Order) states that "[t]he Inspector General and tb.e General
Counsel shall submit a report to the Director of NSA (DIRNSA) 45 days aft.er the
initiation of activity [permitted by t.he Order} assessing t.he adequacy of

management controls for the processing and dissemination of U.S. person
information. DIP.NSA shall provide the fmdings of that report to the Attorney
General." The Office of the Inspector General (OIG), \lirith the Office of the General
Counsel's (OGC) concurrence, issued the aforementi.oned report on 10 .July 2006
in a memorandum v,rith the sut~ject FISA Court Order: Telephony Business Records
(ST-06-0018}. Subsequently, DTRNSA sent the memorandum to foe Atton1ey
General. This report provides the details of our assessment of management
controls that was reported to DlRNSA and makes form.al recomm.endations to
Agency management.

7"5.'~'J'i;r·cc~¥,l
,..~ lf<i!lFJ rt
· .
·
:r
.r........ a • · •
,,,.v
r..
l""f5:r~.a7
Jlh~ /~nil
/1 :lie mllil"tt!iif1ffiFTlefD1!. C0/!1u rw5S t{lfI!Slf/f'f!&IM t.J!,~ UIJ:JJi
Agency to govern f:f'le proces!!Jint,"l,f dissetrJlna!~ion, data securitrr and
oveFs~qht a f' telephony nui!tadata and IJhS.. person l1"!Jfortnat.fo.n obtained
under the Otrier .iJ!i"'ICJ ad.<S'f/Mlite and in sevnr:r.:!.JJI aspects exceed 'l:l7!i?J termtt~ !lrf
the Order. DEile to the risk t-"JIS§J(JC/a£~oo witl1 the collecl:lan .~nd fJf'OCf!;-WEfliny
af t"f!:ilepho1J1y n'"tef:awd~ta involving ups.: pe1"t;v.n infonnation,,. th1Y~e; addltit.uta!
tXJi:ntrols shoM.fttl !Je put in1 place. Specif'ically, Agency man@gement sitt:n.1/d;
fj..,.

.....

1

{1)

r.lesifl.:rn pn.:~c,edutn.'!!S! to provide a .hig!Per ft;~~/-el of'a.c;t_.;u;iJince tf'iat
no!!P=>con<tp!iant data wi!f irifat />(f.j (.."O/.!ect'f!:d. t..'fnlf,, if'it/!if?!#tl~,tet'b1~nii'Jl
c0tlfea)f:d,.. wlli be .'$wlftly expa!t?ged and 1u;t :,Wad~'"' #iVaflai.Me· ftN'
iJJ!!"Biil'jlSi:!~•

.~1t.."fparate tbe- lJJMtl'Gotiiy to iilpprove l'luff: ta!tiatf.i t;MtNrie~~ ft'tt/.ii!F'lt
1

1.~he

c@pa/Jiflty to CtfitndM'lt: querietS tJ'f n~etadata u11der f:!Iti! Order&

1

 DOCID:

JREF ID: A41 77249

4230.241

ST-06~0018

(3)

condut..1: periodic .reconci!.iatit.m ofappn:ntetl ·;;elephone
numbe;r,1'P B-With t:l'#e fogs or qaeriel!:I nunilberrs to verify ittuat only
authorized q11eries have been .made under the On/er~

!l5//~l//f!:i'fCN//OC,li.Pj Thr:; On:!et·. The Order authorizes NSA. to
collect and retain telephony metadata to protect against intem.ationa(

ten-01is1n and to iroces!" 2r ·

......·
(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

~·<:.sF. l"

·~

·

To protectJJ.S, privacy rJ.ghts, fae Order states specifi.c terrr.u~~
._3_1_1..,L_,. ._J-_....
,StrieltufiiS°
f'
reganilng the Collection, prOCE'SSL."'1g, retention, l
dfssemjnation, data seculity, and oversight of telephony metado.ta
a...'1.d U.S. person inforr.nation obtained under the Order. To ensu.r{::
compliance 1.vith these terms and restrictions, the Order a.lso
mandates ,L\.ge:n(y rnanagement to hnplement a se1ies of procedures
to control the access to and use of the <..rchived data collected
pursuanl to the Order. 1hese conh*ol procedures are dearly stated
in the Order. Appendix B inch1des a sumn1ary of the key tenus of
the Order and the related mandated control procedures.

fD1 St:andards o~· 6ntemai Cc1nrl:rol. Internal control. or 1rn.magement
control, comprises the plans, methods, and procedures used to meet
mi.sslons, goals, Rnd olajectives. It provides :reasonable assur;;m.ce
that an entity is eftectlve and efficient in its operations, reliable in its
reporting, and compltant v;ifh applicable laws and regulati.ons. TI1e
General Accounting Office's Stc:nd.a.rrLs for Inf"em.o.l Con.iro1. in the
Federal Govemment November 1999 (t.1--ie Standards), presents the
sfandaTds that defL.1e the rr.li:ntmum level of quality acceptable for
mai.-i.agement control in government. NSA/CSS Polic;y 7-3. lntemoI
Control Pro~;JroJn., advises that evaluaiions of internal control should
consider the requiren1ents outlined by th.e Standards. The OlG uses

th::: Standards as the basis agamst which management control is
evsluated.

(TSf /Sl{/it'!F) 0!l)CUirnented PrntllJ.::edmres are Needed to

(iOil.fferr~

the

.if:o~~e~J-~ut_ \l~.T~~e~!!~~~l-~-~-?~d~!:a ·-----··--··---·--···--------··----·--

nr.

l'nr·,·;'rn"I
')!'OC'e"''1·r·"f"
...... ; i ; '':)(
' . 1,' 1n'IFJ
J.4
-·\. . .,..t_._,,.~ .t
-~ ..... 1r...
c,_, r"c,r
v~

f'Oll"ctlnrs
~~
G
.0

L'..:•l·"pr1riP~•
'-· v
_ .... -.i.....,Y

•Y1rt··.;,,··1·-_,-J··.-,

.......... 1.:A."-'-:it.L-V.

under the Order -;,vere not forrnal\y designed and are not dearly
documented. .As a result. management controls do not provide
reason.able assurance that NS.A will comply with the fol1o1.v:tr1g terms
of the Order:

~'@/.'EHrWe did not assess the control:; over retention at this time as the Oder. a.Hows data i:o be retH!ned fm

five years.

2

 :DOCID:
ST-06-0018
NSA may obtain telephony metadata, wb5ch includes
comprehensive commm.1-ications, routing infonnati.on.
including but not limited to session identifying :informaUon.
tnmk identifier, and time and duration of a f'.ali. Telephony
rnetadata does not :lndud.e the substai-i.tive content of any
communications. or the name. address, or financial.
information of a subscriber or cu.stomei-.

(TS//3f//T<ff.1 As required by the Order, OGC plans to exan:Une
periodicaily a sample of call deta:i1 records to ensure NSA is receiving
only data a.uth01ized by the court. (This is fue onJy control
.procedure related to collection that is mandated by the Order.)
Although th1s will detect unauthori.?;f",d data that has been loaded
into the archived database, U1ere should aJso be controls .ln piace to
prevent unauthorized data from being loaded into the database. fn
addition, good internal control practices require that documentation
of internal control appear in management direcUves, administrative
policies, or operating manuals. At a. mm.tmum. procedures should
be established to:

.;.

monltor incoming data on a regular basis,

ill

upon discovery of lli-iauthorlzed data. suppress 1mauthonzed
data from analysts' View, and

&>

enmn-iate unauthorized data from the incoming data stream.

f,FG//SI//S11Nl/ /NF} With these proposed control procedures in
place, the risk that .Agency personnel will mistakenly collect types of
data that ar.e not auU101ized under the Order \Vill be minimized.
P.Jthou§f).1 llie primary and secondary orders prohibit tbe providers
from passing speci.fi.c types of data to NSA rrlistakes are possible.
For exa.TI1ple. in responding to our request for inforrnation, Agency
management discovered that NSA w-as obta.JruJ1g two cypes of data
that may have been :in violation of the Order: a 16-digit credjt card
number and name/partial name in. the record of Operat.or-asststed
ml1s. (It should be noted that the name/partial name was not foe
narrie of the subscriber from the provider's records: rather, a
telephone operator entered naxne at the time of an Operator-assisted
call)
(Tei/SI//fITI.JV//T'JE} Jn the c..qse of the credit card number, OGC
advised thRt. ln i.ts opinion, collecti.ng this dat'.1 ts not what the Court
sought to protJ.bit in the Order; but recominended that H st..tll be
suppressed on the incoming data t1ow if not needed for contact
chaining purposes. In the case of the name or partial name, OG·C
advised lliat, while not what it believed the Comi. was concerned
about when it issued the Order, collecting this informatlon was not
in keeping ·wtfu the Order's specific terms m1d that it should also be
suppressed from the incoming dat.a flow. OGC indic..ated that H 1.vil.1
report these issues to the Court when it seeks renewal of the
authorization. Agency management noted that these dat.a type..'".: were

3

 4
DOCI:O: 4230.2~ ·' ",·:;,·--~·; ~'"',.'.', · ·:".;J.. '.~;r.,":"~,~;.~~~l;·~,,~?!·~,
\:.-.,<~J.~ :V,"}.ffr")T"j'~.'/t;,n.;·
,.J.Jfl
l.i.\.
.,,• ..._..#.}:..

t._..;.;"\ •.--J.~ ...···"·

,• /

V

.•J,f-....

~.11.J

L .. ..t1••.....;J.• .t,!J.....:...;.,,r.•.i.-V'

.;..,_

•-I.<:.'\

..,.·..,,./..i.\J.1•"-'l\....'- ~••.r.P."\. ... ~//_! ..

ST-06-0018
blocked from. foe analysts' view. Management also statefl that it '\Vill
take inimediate steps to suppress the data from foe incoming data
flow . These steps should be con1pleted by .July 31, 2006.

~,¥1Si;~~{,~~;~:£~!lfi;:::,·.··,,~]:1~,i~:!I~''.~"~~"·· -;,~~I
' (TSNS!)

Oe$ig~~ arr.d dtJcurnu~i'lli pro©edtn'es to provide a highew ~eve! of

assurance theit r~oil"M~omp!iant data ·wm not be collected and, if ~ru:l!dv~wte~Uy
collected, wm be swUUy expm1gsd ~nd not made avaUab~e for an~iys~$,

II
!

!

L__________________ (A.CTION~ ·~---------·~:_::-=~
(b)(;)-P.L. 86-36
CONCUR. eIS//::I//G11~W/NF} Management concurred vrith the
finding and recommendation and has already partially implemented
the .recommended proceduxes to block the questionable data from
the providers' incoming data.flow. A final system upgrade to block
'(b)'(3)"'PJ,,~::~!?.~~~
the uesti.onable data from one remaining provider is scheduled for
....... ::::::::::: ..
Testing is currently ongoing.
Qi·~· " ·:· ......

•.:n.ci.tus, OPEN

......

Target Completim-l'fJ'ate:a..1_______.

(U) OIG Comment
[t.Jl Planned action meets the intent of the recorn.1.-nendatton.

ff!ll /Sl//Nr) Additior~a~ C@;nt~"t1l~!$ are Needed to Gov~rn the
!.!~ces~ing of' r~leph(m~tt_ft!~~~d-~--·---·------·------·-..----·""·--·--fT8/i'EI//PJFJ Agency n:IBnagement designed, and 1n some ways
exceeded, tl1e series of control procedures over the processing of
telephony met.ada.ta that were: n1andated by the Order: ho'ivc~rer.
there are cmTe:n.tly no means to pno;vent an indi\r!dua.l who ls
author:l.zed access the telephony rnetadat.a from querying, either by
error or intent. a telephone number thal is not compHant "Ni.th tht"
Order. Therefore, additlonal controls <me needed to reduce the risk of
m1author.ized proce;:::..si.ng.
{TO/ /Cl/ /GTV.V//OG ..NV) Process.lr1g refers to the queryiT,;g, search,
and analysis of telephony meta.data. To protect the privacy of U.S,
persons; the Order restricts the telephone numbers that may he
queri·:::d:

4

 DOCID:
S'I'-·06-0018
Based on the factual and p:ra.cticai considerati.ons of
everyday life on which reasonable and prudent persons act,
there .are facts gi.v'tng 1is_e to a reaso:P...able. artlc 1. a')1 .
sus Jicion....tha:t..the.tele ~hone .."".' .. ~ t-. ff"

(6)(1'f""""":::::::::::::

........ .

(b)(3)~Fi"I:: .. ae-36...
( b)(3)-SO use 3 o24{i) ...

....
.... . ..

..j.~·tei:e})hO:iie"t.1mnber.belieyi=..9J? be used:, 8;Tr s

· · .. ·

shall not be refl.arded as as""

·atedwithl_ __

nersn11

j
solely on t"""'"e,...,,,.~aP~~i~s~o~t-__.
ac IVJ. es · 1at are prn ecte by the First Amendment to the
ConsUtuti.on.

tIS//81//r\fA Agency management designed the series of control
procedw~es

over fue processing of telephony metadata that were
mandat(:d by fue Order. In. a short amount of time, Agency
management modified f'.ldsting systems and designed new processes
to:
~

document justifications for querying a parocul.rn·
telephone number.

~

obtain and document OGC and otl1er au.thorlzed.
approvals to quenJ a particuiar telephone number., and

'"'

maintain automatic audit logs of all queries of the
telephony meta.data.

(TS//SI//NF) These controls are adequate to provide reasonable
assurance thatjustificati.ons·are sou..D.d, approvals are given and
documented, and that there is a record of all queries made. .A.gency
management even exceeded t.he intent of the Order by fully
documenting the newly developed processes in Standard Operating
Procedures and by developing enhanced logging capabili'1¥ that ·will,
once com.pleted, generate additional reports that are n:1ore usable for
audit purposes.
(TB/ /Sf://N:P) Two additional control procedw~es are needed to
provide reasonabie assurance t.hat only telephone numbers that
meet the terms of the Order are queried.

(FSAtSilfNr) The r.N.J!thorif.y to approve met·adata queries should be
segre.gatt-Jd from the capabiiit11 tr.Ji conduct mst.·a'daiT:!!. queries.

ffSi /01//NF) The Chief and Deputy Chief of the Advanced .t'\.I18Jysi1:1
Div-lsion (A.AD) and flve Shift Coordinato:rs2 each have both the
authority to approve the que1yirig of telephone numbers under the
Order ::u1d the capability to conduct queries. The Standards of
'{T3;'/:5L'1Nf) The Order gnmts approval authority to seven individuals: the SU1 Program .M.anager for CT
Special Projects. the Cluef and Depm:y Chief of the AJ\.D, and four Shift Coordinators in A.AD. In practice,
Agency management transferred the authority of the SL") Program Mmw.ger for CT Special P;-c~jems to one
additional Shift Coordinatm ..Approval authority therefore remains l:i.mited to seven individual:> as intended by
the Order.

5

 DOCID:

42302"4.l,"~'"'· ''".''·'
., ..,,,, .. ,~.! . .,:~P?. ?~~~,~,?_7__?.~.~.>. /
.J. \..l.il

?.,]-...( ..._,"" }....... ,

j

'"~-~~ ..... _J_l•.J\ ):.~'I;~

l'~l . ..:.. ;.i.L.Ji<~.f· '

')

y •

ST-06-0018
Internal Control in the Federal Government require th;.;rt key du1ies
and responsibilities be di.vided among cllfterent people to reduce the
risk of error or fraud. J.n pm·tk'ti.1ar, responsibilit!es for authori.z".1.ng

transacUons should be separate from p:rocesstng and reconHng
them. 1hi.s lack of segregation of duties increases t.'1e risk that SbHt
Coordh1ators and the Chief and Deputy Chief of AA.D will approve
and query, eJ.ther by enor or intent, telephone numbers that do not
meet the terrns of the Order·.

H1~~H Sep.m·a~e

the

ai1..~t!~011·ity

cap,abmty 1¢'.D ccmdl~c·~

to ~lpprove metadata quer;es from the
queries of metadata ILmde~ the Orde~-.
(ACT~ON: Chlf~f~ t\dvam~ed Am~~ysis Oivis~o~)

IL ____

·------·-------------····-----·-l

COMCUR. ff8 //Eit.//STL\V/UF} Management conc1.m-r~d vliU1 the
Bnding but stated that it could not implement the recommendati.on
because of constraints ill manpower and analytic expertise. As an
~lternative, management reconunended that SlD Oversight &
Compliance {O&C) rouHnely review the audit logs of the Chi.ef .::i..nd
Deputy Chief of the Advanced A:n..aJ~sls Division &"1.d Shift
Coordin.ators to verify that their queries comply 1;i;7:1.t11 "t11e Order. This
a1tem.ative would be developed rr1 conjunction with actions taken to

adclress Recommendation 3 and is contingent on the apprnval of a
pending request to SID management to detail Dqmputer
progran1mers to the team. Ma..""la.gemeni: is also negofiaqng vvith
O&C to accept the responsibility for conducting the :reci:n:rlm\:nded
reconciliations.

Status:

· ..

OP~N

Target Completion Date: l._______....luuummm

u .. mum

mu. uU (6)(3)-P.L. 86-36

(U) OIG Comment
fY3,.'/5l//GTflN//NF) J.\lthough not ideal, management's a.tte:rnattve
recommendation to mnnitor audit 1og;s to detect enors v:.UL at a
m:Lnimum, mitigate t.he risk o:f querying telephone numbers that do
not :rneet the terms of the Or<ler. Therefore. gi.veD the e:dr:iting
manpovver constraints. management's suggested altemattve
recmnmendation meets the intent of the recommendation.

6

 DOCID:

{TBllSlllAJf1 Audit fogs s!u;f!Ufd be routinely reccmcifed i'f) ttu~ .rret:-tJrds ot
t·elepf'uon.e. r.u.1n1bers approv.red for qw:.~uyhng"

ITS//31//Nf'l l\fanagement controls ci.re not in place to verify that
those telephone numbers approved for querying pursuant to the
Order are the only numbers queried. Although audit logs document
all queries of the archived metadata as mandated by the Order, the
logs are not ctm·ently generated in a usable fonnat. and .Agency
management does not routinely use tlmse logs to audit the telephone
numbers quelied. The Standards of Internal Control in the Federal
Govennnent recommends ongoing reconciliations to "make
management aware of jnaccuracies or exceptions that could H1f!Jcate
internal control problems." The lack of routine reconciliai:Jon
procedures increases the :ri.sk that errors v11ll go undetected.

(TSfi·'SO Conduct !::Periodic reconcmatkm ot ritpproved. telephone nv.Hlfibers 'iMith
v~r.'ify thart only authorized quei'ies h.ava· been

the iogs of queried rnJmbers to
ma~e unc\i(~r the Order.
(AC1~cON:

SHl Speiciai Program Manfiiger for CT Specia~ Projects)

·--.J
(U) Management Response
CONCUR. (TS//G!//GTIJ'l\1/NI1 Management concurred 'With the
flnding and recommendation and presented a plan to develop the
necessmy tools and procedures to :implement the reconm.1endati.on.
Hov.rever, management sfa.ted that completion of the planned actions
is contingent on the approval of a pen.rung request to SID
...................
management to detailllcompt.1terprogra.trrifiera to fhe 1:carn.
(6)(3)-P L 86-36
Management is also negotl.aiing with O&C to accept tt1e
responsibility for conducting th.e recornn1ended reconciliati.ons.
Status: OPEN
Target Con1pletion Date:._I_______...

(U) O!G Comrl'tfH1t.
(U} Plann.ed acti.on meets the intent of the reeonnnendati.on.
However, should SID management not f'.,rant U1e request for
additional computer prngrct..Uli11.ers or O&C not accept responsfbHity
for conducting the reconciliations, management must promptly
mform i11e OlG and present as1 alternative plan.

7

(6)(3)-P.L. 86-36

 DOCID:
ST'-06-00W

·--,

.
Ii

{TEit/8{/f4F) At the time of our review, there was no policy in pla.c$
to periodically review teiephone numbers i-;pptoved for qLmrying
und€~r the Order i'o ensure tltat the telephone numbers stiff met the
crii'eria of ttw Order. Although the Order i.s silent on the length or
tirne a tefr-jphone number may be queried once approved, due
dli£gence requir6s that Agency management issue a po/fay
dec~s~on on this matter and develop procedures to execute the
deC!S!Or?.

!.....-------..---~------~---~---~----~~.

(TSJlSJfh'JF} ,Mtin;:ggement Controls Governing the DisseJr1#ru£tffon of
U.S. Perscm lntorm«':iticm are Adequate
fFG //GI//filfi".l Agency management iinpkmented the serles of control
procedures govemtng the di.ssernJr1ation of U.S. person info:rrnati.on
mrmdated by tbe Order. O&C desjgns and implements controls to
ensure USSlD SP0018 co:mpliance across the Agency, to in.dude
obtaining the approval of the Cruef of Information Sharing Senrlces
and maintaining records of dissemination approvais, as requ1red by

the Order. No additional procedures are needed to meet the intent of
the Order. Fmthen:nore, these procedures are adequate to provide
reasonable assurance tl:i.:tt the follmvtng terms of fhe Order are md:
Digr;eminat.ion of U.S. person infonnatlon shall follow the
standard NS.A mi:rrln1ization procedures found in the
Attorney (':renerai-approved gt1:idelines (USSID 18).

(TSHSlli''Nr) Manag~m(!Jrtt Ccmtrols Governing Data Security are

Adequate
[R:1 / /8I/ O!F) Agenc:v mai.1.agement implemented the series of control

procedures goveming the data securily of U.S. person Hlionnatim t as
mandated by the Order, such as tl1e use of user IDs and passvvords.
Agcnc_:y rn.anagen1ent exceeded the terms of the Order tiy mainta\ni.:ng
addttlonal control proeedures tb.at provide an even higher level of
aissu.ram::e r.hat access to telephony ni.etadata "ltv'.J1 be limited to
authorized anafyE>ts, Mot3t of tbese controls had been in place prior
to and aside from the tssuance of the Order. On!y the requtremr::nt
that OGC periodiC<3iliy monitor indivi,duals wlth sccess to the archivi::

was desig,ned in response to the Order. Combined, these procedures
.are adequate to provide reasonable assurance that Agency
:management complies with the foHmN.lng terms oft.he Order:
DIRNSA. shall establish mandatory procedures stri.ctiy to
c::mh'Ol access to and use Qf the arcb.Ived metadata collected
pursuant to tlJj.s Order.

8

!
li

,!

l
,

Ji1

 :OOCID:

42 302Al-1
,_,.,... \~J-~·'
1.-•.-r., (.-., ... ,~ r··-, .;~:g, .. l:Q.~-~~l.J,'f.2. 4,S',, · , ·n r·~rl.,
.. e·>
} :, ./ k :..ii_,_:.
1 j / '<....· \~·~ L I . .:
.1 •
.r...~,: :; ..
.J/ / \: ..,....·.~ \. l_.·\.../ :J- V '-.. ..·-.•!' 1~J'.i\...! ;' / i ). 1 J.·-.
·t ,,,\.

':I'

.J.. '·f

Li .;; .'-:.-..1.••

t "- t· J' ; .( 'If ;.

.i \

r)

ST-06··001.8
(TS//CV/HF) Additionally, O&C plans to reconcile tl1e li.st of
approved analysts ·with a list of authorized users to ensure
only approved analysts have access to the metadata.

(TS/18:M'AfF) fil1aruigenuini· C(:tr(!;trols Governing the O'fle.rsigf'd of
Activities Conducted Pursuant' to tbe Order are Adequate
(TO//CI//MF) J1.s mandated by the Order, Agency management
designed plans to provide general oversight of actlvmes conducted
pursuant to the Order. The Order states that,
The NSi\. Inspector General, the NSA General Counsel, and
the Signals Intelligence Directorate Ove.-rsight and
Compliance Office shall pe1iodically review this progra1n..
S
ili'cal11y, _,Arr
,;:in,;:io'
· d-'
:d; y"'f'
. .rn '•mnr'
..:.;rcfr/ r'86 .i'Wj
" 1 ,_pee.
, "fienc-y m~~emen1
csjo~·
g..1.eu
the follov.ling· plans that are adequate to ens.urn compliance ·with the
Order.
fr~'

,.:i

~·

'>

0

(TS//91//IJF} 11:1e OGC will report on the operations of
the prograrn for each renewal of the Order.
(TG//Sf / /Mf?) O&C pl<ms to conduct pe1iodic audits of
ihe queries.
('ffi//Sf//fi!f?} OIG planned to au.cUt telephony
metadata collected and processed under the
Presidential Authorization. Upon issuance of the
Order. the audit wa-s put on hold to complete the
court-ordered report. OIG will modify the: audit plan to
include the new requirements of the Order. Once
sufficient operations have occuned under the Order to
aJlow for a full rc.mge of cornpliance and/or substantive
testing, the audit will proceed.

9

 DOCID: 42 302,-~f,

·ic:'nn '"'''"" ·'''"'
...

- ..t ....·_.•-J...f.

/

l

~'-~··t,..-~E,, f:P,_.:}~;.~,?.:.? ?.~1-~.

·-~···-"~·•'..:i..

.._

.~.(.()i..J.1'.

.~.f'tr-i.~-'.'.'l...·iJ

......~ .. ·:.._..· ... .,l'.J...

t,i·k

ST-06-0018

---·--·---·--------------'----·--·-·-··----1he acti-\i:tties conducted under the Order are
extremely sensitive given the r.isk of encou.nteri.ng U.S. person
inionnation. The Agen.cy must take thls resporn:;ibilt~y seriously and
show good faJth :in. lts execuiion. Much of the founclaHo:n. for a strong
contTol system is set up by the Order itse1f, in t.,_e form of nmndated
control procedw:es. In many ways, i\genli:'..y management has :made
-U1e controls even stronger. Our recornmendations will address
control weakn.esses not covered by the Order or Agency mam:Jgement
and v:ill rn.eet Federal sta.."'ldards for inte:mal control. Once the noted
weaknesses ::m'! addxessed, and additional control.8 are implemented,
the management control system 1vill provide reasonable af.:.s111.an.ce
that tJ1e ten11.s of the Order '<l'lill not be violated.

10

 DOCID4.230.2??3213;  --

.- 

 

 
 




(t 2n,

L271,

   

3%

 

.J

 

I.


. usual ?1 La:

?513}? Maw-mm  ?g

,4 

Fr 1" Tr?? r: 

1, .





1?f?r a.
nun. 



 

 

 

. .- 



.

Sfl??m??IS

 

DOCID·

f ,.--·1,;···~

REF ID:A4177249

"'.". .'' c· ·r..., ·trf'"!"

.--t"lr~r.,,1;"r-,-

•·

.• -a· r. 7' /· r1:-:'- :-·,'""': •' /' .,~
•~

:.

I

'!-~

·"":.:'....

w.

/

ST-06-0018

This page inteniionally left blank

12

 DQCID ::

4.230.2.4)1. '"'•·y1r'""'
•r»•·=;~·'f'"~E,.,)P?,~.~~,1.77.-~.'!~~'
.'..rl....}\j_l.,j / / l_,._U:.:
.f. -:..~ . ..f.:U}-~(~ :u r ; "...t'/ / ~- - '-~··
~-'

a

;

'-...,.' /

'c. ....

t,.)..t•

L .! Y

.L.

t..

•i: ••

.l."..

·_! J. ';,'

,..,,-,,,

., "·'"''•

: •-...).A \.-4t . '... l, \'/

j .L•-J:..£

ST-06-0018

(U)

Oill]fii~thv~s

(1'£//SD ]'he overaJl objective of this reviev.r was to deienni:ne
whether mai."1agement controls will provide reasonable assuran.cE;
that Agency management complies \vi.th the tenns of the Order.
Specific objectives were to:
!;>

G'>

verify that Agency man.-J.gement. has designed the control
procedures mandated by t..~e Order.

assess the adequacy of all management controls in
accordance \vith the Stcmdards oflntemal Control in the
Federal. Grmernmeni..

(U) Sccip® 3',Btnid

____

MethodoD@~y
,..;...,.

.

(U/ /t?CUGj-The audit was conducted. from May 24, 2006 to July 8,

2006.
(U //FOUO} Vile interviewed Agency personnel and reviev.red
documentation to satisfy th.e review objectives.

(ffi//St} "\Tile did not conduct a full range of compliance and/or
substan:tive tesurig that would allow us to draw conclusions on Ule
efilcac-y of management controls. Our assessment was .lirx:dted to the
overall adequacy ofmru.1agement controls, as directed by the Order.

(T8//Cffl As footnoted, we did not assess contrnls related to the
retention o:f telephony metadata pursuant to the Order. A.s the Order
au.thorizes NSA to retain data. for up to five years, such controls
would not be applicable at this time.
(U) ~rrs@tr ~owera{l'l®
--------------------------------

__ ____ __

...,

,.

,.

1. (1J //f'OUO) Intmim Heport of the STELLA.t':\.WIND Program:
Needjor Documentat:ion and Develc~pn-i.en.t qfKey Processes, 14
May 2004

2.

Report of the STEU ARVVlND Program: Need Jar
I11creasedAttention to Security-Related Aspects oft:he
STELLARWIND Program, 13 September 2004·

~Interim

13

 REF ID:A4177249

DOCID·

-,.~

/ /

~·

·i;•\;:";'1 ·::

•,,~,· .. .?.•. ::J. .i.'. \I .t ~-J:i .1.

>·

J

i:"'4 ~·

.::.:..1 .....;.i._d'"J_/f.>..

.1

~J

~,.·~- M .,, ":""-

....

f .i.•

I

. ' .... .._ .,..,. ,...,., ,,.~ ... ""

/I ... ,I.. •. . J(./ \! ':t- lf ~ .....~.{'•

,)'Ji."...

'l;I /

/

.1.~:.~

f\.

S'T-06-0018

This page intentionally 1eft blank

l l

.....

~

~·

...

'· l .......

..t - . ./

14

·"--~~

.

 ST-·06·-0018

(UllfGUO) Telephony B~1u~h1e$S Records F~SC OrdE~r .,,
Mandated Terms and C@n~t"'om !Proce«h,1ire$

15

 DOC ID 



4230;41,  REF 

1 my?. awqw-gr 1433,?, I u? . . x1itMI. Sup}. g; Lulu ?1 J. 2? Sr 1.1: v:er Mr. "um v; I 



 page inte?tiuna?y lair. blank

 

i

!

'
DOCID:

F ID:A4177249

ST-06-0018

(U) Business Records FISC Order
(U) Mandated Terms and Control Procedures
(TSHS f//~ ff)

...----·---..------------------·
Control.

Area

Responsible

----+-NSA may obtain telephony metadata, which
includes comprehensive communications routing
infonna!ion, iuclnding but not limited to session
identifying infonnation (e.g .. originating and
terminating telephone number, communications
device i.dentifier, etc.), tnmk identifier, and ti.me
and duration of call. Telephony metadata does
not include the substantive contt-nl of any
communication, as defined by 18 USC 2510(8) or
the name. address, or financial information of a
__,_ subscriber or customer (pg. 2, para 2).

Collection of
Metadata

L___

----·-----------·--·----~

Terms of the Order

Control Procedm·cs

EnW:y
OGC

Al least twice every 90 days, OGC shall conduct random spot
checks, consisting of an examination of a sample of call detail
records obtained, lo ensure that NSA is receiving oniy data as
authorized by the Comi and not receiving the rnbstantive
cl1nt.ent oftl1c communications (pg. l 0, parH (4).1).

J

__

17

 DOCID:

REF ID:A4177249

4230.241

:

' ·•• ' ..•• •, ! .

·, !

. " .. 'J. '·.fl\.'-.! ' ..:. '.~_'

ST-06-0018

! ' 1·-'1 l·+

('fSNSL','fJF)
-~---------------------------

Contro~

Terms of the Order

Arca
Processing
(Search&
Analysis, or
Querying of
Archived
Metadata)

Although data collected under this order will be
broad, the use of that infommlion for analysis
shall be suictly tailored lo identitying terrorist
conununications and shall occur solely according
to the procedLLrcs described in :he application
(pg. 6, para (4)D).

_

OGC shall review and approve proposed queries of archived
metadata based on seed account numbers reasonably believed to
be used by U.S. persons (pg. 6, para (4)C).
Queries of archived data must be approved by one of seven
persons: SID PM for CT Special Projects, the Chier or Deputy
Chief-: Coumencmorism Advanced Analysis Division, or one of
. th<:: four specially authorized CT Advnnct!d Analysis Shifi
Coordinators in the Analysis and Production Directorate of SID
{pg. 7, para (4)D).

I

,....__

I ,. . . . · . . ·

I

PM; Chief& I SID PM for CT Special Prnjects; Chief and Deputy ChieC CT
D/C:hief of
Advanced Analysis Division, and CT Advanced Analysis Shift
A1\D, & Shift
Coordinators shall establish appropriate management controls
(e.g., records of all tasking decisions, audit and review
Coordinators
procedures) for a~ccss to the archived data (pg. S. para (4)G).

I AAD Analysts

Maintai11 a record ofjustifications because at least every ninety
days, the Departmcnl of .Tllstice shall review a sample ofNSA' s
justificarions fell' querying the archived data (pg. 8, para (4)E).

(b (3)-P .L. 86-36

I

A-telephone number believed to be used
by a U.S> py1·son shall not be re rardecl as
associated with
..__ _.,...,_____.·olely on the asis
of activities that arc protected by the First
Amemlrm:nt to the Constitution (pg. 5,
para (4)A).

When th<:: metadata archive is accessed, !ht: Ltser·s login, IP
address, date and time, and retrieval request shall be
automatically loggt:d for auditing capability (pg. 6, para (4 )C).

and Technical
Support

OGC will monitor the fonctioning of this automatic logging
capability(pg. 6, parn (4)C).
OGC

DIRNSA shall establish mandatory proceclLtres
strictly to control nccess to and use of the archived
dafa collected pursuant to this Order (pg. 5. para

~~----~---~~(4~)_A~)·-~-

OGC

D/Cbief of
AAD, Shill
Coordinators

occur only after a particular known tele >hone
number has been associal ct\ witl
.
___,,.,.------' <r'"g-1."""s=-,-1,-a-r-a'""c.4 )A).
·
· • · ·B~-~~d on the factual and practical
considerations of everyday life on which
.,,.:,o J::·::::: : . . ·: . . .
reasonable and prudent persons act, there
(b)(1J... .. .. ·.. .
arc facts givin° ris<:: to a reasonable.
(b)(3)~PL 86"~6
... · ·· · iirticulabk S\l~~i_cion that the tell! h~me
(b) 3)-50 USC -~024(i)
number is associat~:'d 'Vi th

0

Control Procedures

PM, Chief or

IAny search or analysis ofthe dnta archive shall

~p-a-u-,1~(.~.)~.~)~;~-------'·pg. 5 ,

Responsible
Entity

j

OGC

I

Analysts shall be briefed by OGC concerning the autl!orization
granted by this Order and the limited circumstance:s in which
queries to the archiw ar" pennitted. as well a!; other procedure:-;
and restrictions regarding tile ret!ieval. storage, and
'
oftbe archived data (pg. 6, para (4JG)

·---~dissemination

I

J

 DOCIIl:

42°30241

ST-06-0018

(fS//SL'J1<if')

Contl·ol
Area
Dissemination
of U.S. Person
Information

-

Torms of the Order

----------------·~

Control Prnccdures

Responsibfo

Entity
Disseruination of U.S. per8on infonnation shall

follo>:v the standard NSA minimization procedures
found in the Attorney General-approved
guidelines (lJSSID 18) (pgs. 6-7, para (4)D) & pg.

Chief of
Infonuation
Sharing
Services in SID

8, para (4)G).

Metadata
Retention

Metadatii collected under this Order may be kept
online (that is, accessible for queries by cle.ared
anal.y sls) for five years, at which time it shall be
dt~SlrO yed (pg. 8, para (4)F).

--------+·-Data Security

('J'Ji'/ OWrw+ Dl.RNSA shail establish mandatory
procc<lures strictly to control access to and use of
the archived data collected pursuant to this Order
(pg.;;., para (4)A).

I

and Technical
Support

-I

L.________ _

The[G, GC, and the SID Overnight and
Com1'Hance Office shall periodically review this
program (pg. 8, para (4)H).

-------

-

A record shail be 11iade of ·~very such determination (pg. 7, para
(4)D).

------------------

None
i(b)(3)-P.L. 86-36

-------·---------

stored and processed on a secure private
Iand Technicalr The metadata shall be lusively
will operate (pg. 5, parn (4)B).
network that NSA exc

Support

Access to the metadat a archive shail be accomplished through a
softwnrc interface that will limit access to this data to
authorized analysts co ntrolled by user name and password
(pg. 5, para (4)C).

OGC

OGC shall monitor th e designation of individuals with access
the archive (pgs. 5-6, para (4)C).

IG, GC,and
SID Oversight
m-1d Compliance
Office

The IG and GC shall •submit a report to D!RNSA 45 days after
the initiation of the ac tivity assessing the adequacy of the
management controls for the processing and dissemination of
U.S. person infom1ati on (pg. 8, para (4)H).

--------+-Oversight

Prior to the disscmina tion of any U.S. person identifying
infbmiation, the Cbie f oflnfonnation Sharing Scnrices in SID
must delcnnine that the information identifying the U.S. person
is in facl related to Counterterrorism information And that it is
necessB.ry to understa nd the Counterlerrotism information or
assess its importance (pg. 7, parn (4)D).

DIRNSA shal! provid e the ~:1di11g~ of that report to the
DIR..~SA ~tto~11ey ('~.='.:~al (pg. ,0 , parn (4)!1).

10

J

--------------------··-·-

19

 :OOCI:O·
ST-06-0018

1'1.ii$ page .Intentionally left bJank

.JL/

~t.

l.

. .1... •••

1~ ... ~ ....

••••• -:..

20

'

.............., .

 

1 Yr? w" ?(ft/1 aw: frw. Tan! ,5 3* a r" law} 

.
3.91.? .f .l '33. in T5. 4 Litwho. Ln .w Luv- .r an?: 5.45.; arm?

 

wam??m?gm gm  5mg

 

{a  ~1213'5de g" MW: :1 3 Ir?? a 3 4 '1 an? z?rtrr?rr?r 3? a 5? riirrw?? I 

I N4 ?xzfl:     1L1 x" null ca ii  

 

241
Tr?? ?r

Lif . 

           

    

mam: 423g, .. Ml?g?? .. 

mum .-. v. ?1.1

SIB-066018

    

   

- ,l a. h;

This paga inteniiana?y left blank

an ?an Writ-n 'mw - ?:wr'n :t'nu?ET? "f A r' If?: 7m 


1
.5. wilt'i?ll?hlixx?: 2mm?; 4 v.4. 1.1. 1r .. 

22

DOCI:O:

r

REF I:O:A4177249

4230241
TOP

8EC~RET/,'C'Ofv1H cJ"T/,'SrPI_/V\t//~40FOR.T<//:-:030 ~]

r··

I .5

PROGRAl\1 ME1VZ:ORANDU1V.i.

I

r·

PM-031-06 Reissued

29 Aug2006
To:

Office of the Inspector Gencra4....___I·
·············
..... ····

;,,;;;;:::;;w/(b)(3)-P. L. 86-36

SUBJECT: (TS//St//Hr) PMO Response to IG-·10681-06, Subject Draft Report on the
Assessment of Management Controls for implementing the F!SA Court Order: Telephony
Business Records {ST-06-0018)
1. (U/,T-OUO) The SIGII-.JT Directorate Program Office appreciates mid welcomes the
Inspector General Office's review of program operations as required by the su~ject court
order. The Program Office offers the following response.
2. (TS/:'SfNl'iff) This report presents three findings/recommendations. Finding one
pertains to procedures to provide a higher level of assuranc<~ that non-compliant data wiU
not be collected and, if inadvertently collected, will b~ swiftly expunged and not made
available for analysis. Finding two pertains to the goal to separate the authority to
approve metadata queties from the capability to conduct queries. Finding three pertains
to the requirement to conduct periodic reconciliation of approved telephone numbers with
the logs of queried numbers to verify that only authorized queries have been made.

3. C.'S//Si//STLll/i',Cf4F) With resp{:ct to Finding One, the Program Office ack:nowh.",dges
that !he item is factually correct and concurs with the assessment with comment. It
should be noted that internal management controls,, known as software rules that a.re part
(]>f.thd
dafabase, do prevent the data in question from ever being loaded into
....... ······the operational contact cbaiD.ing databases. Still, the data in question did exist in the
... ·· · /
dataflow and should be suppressed on the provider-end as the OIG recommends.

I

(b)(3)-P.L 86-36

·..
· ... ·· .. ·.

I

·

-

a. (T£//Sli4£STU.-Vh'l'ffi') Corrective Actions: Although already partia1iy imple:mente<l
among the providers, the final system upgrade necessary to block the data in question
from one provider on the incoming dataflow is scheduled to be in place!
!Testing continues at this time.

I ······· ··

4·. (T8//8t'/l'!P) Finding Two recommends two additional controls. Viith respect to the
first, "The authmity to approve metadata que1ies should be set,,rregated from the capabiliJ:y
to conduct metadata queries", the Program Office agrees the assessment has merit, bm
cannot implement the required con-ective actions. Jn theory, the OIG recommendation if>
sound :md confom1s fully to the standards of internal controi in the Federal GovemmenL
In practical terms, it is not something that can be easily implemented given the
Derived From: NSA/CSSM J.• 52
Dated: 20041123
Declassify On: 2030 l l I 5
1'()11 8ECFtE1'//C()l\~.IlJT//STL?~1l//f'~OFORfc4'/'20JOl l :.s

u

(b)(3)-P.L. 8

 IDOCID:

I

REF ID:A4177249

4.230.241

TOP SECRETh'COMIHT//3TL\iiirr'i9'<l0;-'0fOM'203el1l15

I
1isl</oenefit tradeoff and real \1\rorld constraints. Manpower ceilings and available analytic
expertise are the t'vo most significant limiting factors.
5. (TS//St//NF) The Advanced Analysis Division (S2I5) is comprised of personnel of
varying grades ar1<l experience levels. Given the requirements of the comt order, the Shift
Coordinators are required to be the most experienced intelligence analysts, have the most
training and consequently hold the most senior grade levels. They therefore are given the
authority to approve data quelies, and because of their status can also execute queries.
Removing this dimension of their authorities would severely limit the versatility ofthe
most experienced operations personnel. Also, as their title implies, they are also the most
senior personnel present during each operational shift and in effi~ct control the ops tempo
on th.e operations floor. Replicating that senior stmcture to accommodate the OIG
recommendation is not possible given current manning authorizations and ops tempo.
a. (TSl/Sif,CHF) However, there are chec!r..s and baJances already in place to help
mitigate the risks cited. For exai.-nple, the Shift Coordinators routinely approve queries
into the database based on selectors meeting a reasonable articulable suspicion standard
IAW with NSA OGC vvritten guidelines and verbal briefings. Any queries iriitiated from
probable U.S. selectors must be individually approved by the: OGC. In this way., ihe risk
of error or fraud associated with the requirements of the court order fa ar...ceptably
mitigated ·.x.rithin available manning and analytic talent constraints.
b. (TSHSWP'TF) Corrective Actions: Con-ective actions cannot be implemented
without significantly increasing ma.."1.Iling levels of senior, highly skilled analysts. In om·
view, the benefit gained will not justify the manpower increase required. However, it
may be possible to implement additional checks and audits on the query approval
process. As re\.-0011.-n.ended in the response to Finding Tbree below, Oversight and
Compliance could, if1hey accept an expanded role, use (yet to be developed) new
automated software tools to regularly review the audit logs of all shift coordinators. With
sofuvare cha..'lges to the audit logs it would be possible to easily compare numbers
approved and fhei.r accompanying justifications against numbers chained. In this way, it
would be possible to review the shift c..oordinator's actions against the standards
established by the comt. The Program Ofiice recommet1ds that this corrective action be
p:nrsued as part of the long ten11 goal discussed below.

6. (T£N8I/'l'JF) Finding Three reads "conduct periodic reoonci1iation of approved
telephone numbers with the logs of queried numbers to verify that only authorized
queries have been made under the order". The Program Office agrees with this
assessment. l:-fowever, competing priorities for the software prog,rnmm.ing talent
necessary to imjJlement improvements to the audit logs, as well as to pertorm the
pror:,•rnmming necessary lO create automated reconciliation reports, require that this issue
be addressed as a long tenn goal.
a.
. ~·-' T ~ , If SID management approves a pending Program Office reque$t to
detail
c.prnputer programmers to the team for siK-to-nine month rotations, suitable
procedures s.l1d s9ftware tools could be ·implemented. Also, the Program Office has
approached the office of Oversight and Compliance about accepting the responsibility of
conducting the recommenct~d audits. That negotiation is ongoing:
···· ...

··· ... (b)(3)-P.L. 86-36

TOP SECRETNCOMHIT/.'ff::'LV/HNOfCR1"1/,'?C3011 l !"i

.. 1••

 DOCID:

REF ID': A417724:9

4.230.241

.T

l

_.::.:_~:.::::.;:.:::.:::.:.::...:;:;..:...::;.;:;;:;.:;.:::;;:;,:,:;..;..:::.~:;:;;;;;:.;:.;;...;:.;.;==~""""'........slnd procedures

can be developed
·Ass unin ·be rogram team's

request rn granted, this initiative can be completed
::Th~ com:~ctive
L-~~~~~~-acti on will include:
.....
·:·

(b)(3)-P.L. 86-36

r·

L (U//fOUG.1 Improvements to the audit logs to make them more user friendly
2. (U/JPOUQ) Reports lbat provide a useable audit trail from requester, to approver,
to any resulting reports. These reports·wiH be used to automatically identify any
discrepancies i..n the query process (i.e. queries made, but not approve.d).
3. (U/ff.OUO) Complete the negotiations with SID Oversight & Compliance
7.

(U/JFOUGf Please contact me if you have additional questions.

(b)(3):P.. L. 86-36
············..

IJ SID Program Manager
CT SpecfoJ Programs

 REF 

4230241


DI



m?
IlrLnr?



*9



"i 155'"
a

'f?T
.8.






1 - 
i .13.


in- 3

ED

86.36

 

 

 

 

in,?


Egmhk

~15.



a .



u. 

.  
Aa?u





i



a



r.


7 an

:DOCID: 4230241

REF ID:A4177249 ·

...';.,.,.

••••-1

TOP 8EC.RET/1€0MIN'f1-SPE.L.L.ARWTP.lDl/ORCON,NOFORN!/JlfR

 DOCID: 4230244

REF ID:A4197238
TOP S'EC11.ETJ'J'COlu".1.'lv1Wf'ir'()F0R}\7

NATIONAL SECURITY AGENCY/CENTRAL SECURITY
SERVICE

INSPECTOR GENERAL REPORT

(TS//SI//NF) NSA Controls for FISC Business Records Orders
ST-10-0004
12 May 2010
Derived from: NSA/CSSM 1-52
Dated: 20070108
Declassify on: 20320108

rOP SECRE1J'J'COMlN1J'J'f'J'OFOR1¢

~pp roved for Release by NSA on 08-06-2015. FOIA Case # 80120 (litigation 1

 DOCID: 4230244

REF ID:A4197238
'f'OP SECRE'fYJ'CO.lrilI'lT!t!vYJJfORlv

(U) OFFICE OF THE INSPECTOR GENERAL
(U) Chartered by the Director, NSA/Chief, CSS, the Office of the Inspector General (OIG)
conducts audits, investigations, and inspections. Its mission is to ensure the integrity, efficiency,
and effectiveness of NSA/CSS operations, provide intelligence oversight, protect against fraud,
waste, and mismanagement of resources, and ensure that NSA/CSS activities are conducted in
compliance with the law, executive orders, and regulations. The OIG also serves as
ombudsman, assisting NSA/CSS employees, civilian and military.

(U) AUDITS
(U) The audit function provides independent assessments of programs and organizations.
Performance audits evaluate the effectiveness and efficiency of entities and programs and
assesses whether program objectives are being met and whether operations comply with law
and regulations. Financial audits detennine the accuracy of an entity's financial statements. All
audits are conducted in accordance with standards established by the Comptroller General of the
United States.

(U) INVESTIGATIONS AND SPECIAL INQUIRIES
(U) The OIG administers a system for receiving and acting upon requests for assistance or
complaints (including anonymous tips) about fraud, waste, and mismanagement. Investigations
and Special Inquiries may be undertaken as a result of such requests, complaints, at the request
of management, as the result of irregularities that surface during inspections and audits, or at the
initiative of the Inspector General.

(U) Fl ELD INSPECTIONS
(U) The inspection function consists of organizational and functional reviews undertaken as part
of the OIG's annual plan or by management request. Inspections yield accurate, up-to-date
infonnation on the effectiveness and efficiency of entities and programs, along with an
assessment of compliance with law and regulations. The Office of Field Inspections also
partners with Inspectors General of the Service Cryptologic Elements to conduct joint
inspections of consolidated cryptologic facilities.

TOP SECRE'IYlCOMlN1WNOFORlil

 ~''

J-bocI:o:

· REF I:O: A41:97238

4230244

rofl Si?CRET//CoMt1v¥/J~"ofldt<1v

1

,_I
- ...

OFFICE OF THE INSPECTOR GENERAL·
NATIONAL SECURITY AGENCY
. CENTRAL SECl.JRITY SERVlCE

.

12 Mf3.y·gp10
. IG..:1'1154-10

1
J.
1·
l
1

TO: OISTRIBUTION
".

·i.

. SUBJECT: ('fSf{Sf/fNF) Advisory Report on the Audit of NSA Controls to Comply ~th
the· Foreign fu.telligeJice Surv~illance Court Order Regarcf#lg Bushiess Records· (ST-:1.0- .
0004)~ACTION MEMORANDUM

· ..

.

.

l
l

l
l
]

l

mation. Because we found no incidents of non-conl. . ; . -. :~'a.ha the

'.l\fsl~~t~1i~ JR~i~!i?~

,,_; ~. . ·

. . ·' ~ ·. .
e Will not make formal recommendatio~ at this ·
tjipei·Clifl.Po p.o management response is.required. However, we will.monito! th('! situation
and make formal recommendcitions as appropriate. Also, while the IG Will no~ formally
.track these suggestions in accordance With our cuirer)t policyi they Wilt be subject to
review in future audits.
·
· ·
·

l

:I

.·lfl'*91IBm~1ff~m~~ ,~, ~,/('",.)
:as well as concern.S related to the· . . . . . . .

nfri...

].

, .. ·,

..

1. {fS//81//NF) This advisory r~port summarizes resuJ.;ts pf pilot testjpg by, the
Office of the Inspector ·General in support of the Audit of NSA Controls to Comply with
·the Foreign Intelligence.Surveillance Court Qrder Regarding Business Recot~s (S'f.Jp0004);.
'
.

•. i.:
]
...

)

··.·

'.

. . 3 .. (U//FOUO) To discuss this report fur
... th~, please ~ontad Al>sistanllnSpecfor
lon·963-2988(s) or by. e..-mailat
f:::,,,,.
Generalf
·

.

·

·

.

(b)(3)-P.L. 86-36

4. (U) We appreciate the courtesy and cooperation extended to the audit team
throughout the review.
·

Yr
.
eoJLcuA
GEO~LARD
Inspector General .

.

 REF ID:A4197238

DOCID: 4230244

SECRET;)ccg},fINrI)~(''l0FOZl.7'l

lOP
DISTRIBUTION:

------------.

D / GC(O) L...,.r-----------1
Chief, SV42,..___ ___..
Chief, S 12 .,___ _ _....__....___ __
Chief, S2I.,.:.4.....__ _ _ _ _ _ __...._;;.__ _ _ __
Chief/TD
DoJ/NSDT--------:-~_-._-~'~\-------.:i,
.....__
...,...........-;;;..___.

___

·······

·········

'

(b)(6)

cc:
IG
D/IG
D13
D14
D 1 AIG for Follow-up
Chief, SV
Chief, Sl
Chief, 821
Chief, 83
Chief 833
Chief, 8332
Chief, T12
Chief, T122
Chief, T1222
OGC IG POC

·.
'

'

'

~

.......

"\<:\:. //
··:xb)(3)-P.L. 86-36

,/ /f

!

i

'
'

'
'

..

:

'
'

/

-----.J/

.-1

sm

IG

Pocl

,

f

TDIGPOC~I-------------f1--~

TOF

1

SECRET1)'COMHff1) }~'0FORI'cl
ii

 DOCID:

JREF ID: A4197238

4230244

SECR£T//COivifl<J 1//NOFOR:N

TOI'

i·[ () i;r . i;(IJ))~~l;CUTI VE
'.~·,~~:·:.~:···'.::>'\·, ?~\=<->·
·-::__-"-'>

SUMMARY

:·.,.·.

:.:.:/:~ ·<::_;:.: \: ·. -.

:.'.ff:S/5'$.b~'fJff:j'fhisY(epoitprovides the results and related findings
}\\ ·. i;,fpl/q{te~t/hg•qtN$A controls to comply with the Foreign
.·
;./:~;}. ~; •. ~Jbt~flig~i)q~:§iJl'y~i,ll~pce Qou(t (FISC) Order regarding Businf:jss
·.·.•o:.'~. ·'.·.B~go(q$'.·.(£3RJ;,.JJ!~$~resufts will be used to design test objectives·
.~~I .i.• {g~'r[lpptf1JY't~$t!f}.g:frorrrJapuary to December 2010. NSA
[/ ;;i¢6rfipl~e<fltWi,(hfh.e;'.BRQrder for the six pilot test objectives tested
'~.· •.• · :~f')ttwit/JiiJ}he tifJl~p~riqds covered. Although we found no
·· < ~:ine'/C/ef)ts~.olnon;.i:;ornplielnce; pilot testing disclosed weaknesses in
) ) .cq11t(ofs(ov?rth~ querying of certain types of selectors, as well as
•. C:P~S~~,j~ rf!fatt;,qJOf.f1e cJi~semination of BR information that
·.~~·t; J}§Jtdp/g~q~~r9uf!hf to ([l~.f1agemrmt 's attention. .Because
.
.· :•. · ::w~~«Q~~~f=J$[~IEJ.ie9•tp querying should be resolved with NSA's
·<O ·~kn.~leff!~qf?tiod/pfEJ.11ewapplicationto track BR selectors in
:/ii : . ifYB.Q~()f O{'w~:}Yif! c[osf3{Y monitor the implementation of this
>{\.'. '.appJiq~ti9b~?p~rt~t'outrnonthlytesting and make formal
··:;,,: ·°' j,t~r/c)lr.w.~~~Att0.f1$ ~$ necess[3ry.

>·'

· , . ·:- 0 _" •. O(~

i:. :~:::r.I ~'.\:::<·:;r :::/::::~- ·:.- ....

(U) Background
('f8//5I//NF) The Business Records Order
('f'S//SI//NF) Pursuant to a series of Orders issued by the FISC
beginning in May 2006, NSA has been receiving and analyzing certain
call detail records or t~~~PP9PY metadatal....__ _ _ _ _ _ _ _ _ ___,
......""''·''"'''"' :•I
l"NSAfefors. to the Orders collectively as the "BR Order" or "BR
fb)t1}::::::·: :.
FISA."
(b)(~J~e:~~~··8.!;>-36

(b)(3k50

U~¢ 3024:(i)

········· ············

jTS/fsij/~fl?}TheBROrd~!' provides NSA access to bulk call detail
. records that primarily include records ofteleph.qne calls between the
Uh:ited States and abroad or wholl within the u:;:tl.ted States

__

..._

_, To access this data, NSA must conclude that, based on the
factual and practical considerations of everyday life on which reasonable
and prudent persons act, facts give rise to a reasonable articulable
s
t at n 'de ti er ·s

This collection of information is not
available to NSA through its other foreign intelligence information
collection. It is valuable to NSA analysts tasked with identifying potential
threats to the U.S. homeland and interest abroad by enhancing the
analyst's ability to identify, prioritize, and track terrorist operatives and

,__--:'!'......,__,._,.,~-,....---.--.,..,.-,.,.--,!

TOP SECRET//COMH<ft'//fli"Ofl0ftl1l

 DOCID: 4230244
TOP

..........................................

REF ID: A41:97238

SECRET/0 CO:NiH'v'liilV01~0RN
1

their support networks in the United States and abroad using call
.....chaining-I
techniques .

(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 use 3024(i)

('f~//SI//Nfi') The primary BR Order in effect during pilot testing was
signed on 16 December 2009 and expired on 12 March 2010. Because
the bulk call detail records provided to NSA include primarily records of
telephone calls that either have one end in the United States or are
purely domestic, the Order defines a series of requirements NSA must
follow to protect the privacy rights of U.S. persons.

(U) Continuous Auditing
(TS//SI//WF) To assess NSA's controls for complying with the BR Order,
we will use a continuous auditing methodology by performing monthly
testing of NSA's compliance with certain requirements for a period of
12 months. Continuous auditing is one of many tools used within the
audit profession to provide reasonable assurance that the control
structure surrounding an operational environment is suitably designed,
established, and operating as intended. The results of pilot testing
reported here will be used to design monthly test objectives.

(U) Pilot Test Results and Related Findings
(TS//SI/OtF) NSA complied with the BR Order for the six pilot test
objectives within the stated time periods and scope limitations. 1
Appendix B includes detailed test results and related scope limitations
for each test objective. Although we found no instances of
non-compliance, we identified control weaknesses related to querying
that increase NSA's risk of non-compliance and will limit future testing if
not addressed. We also identified concerns related to dissemination that
should be brought to management's attention.
('fS//SI//MF) Control Weaknesses Related to Querying
(TS/fSI/OtF) The BR FISA Database used to track the approval status
and justifications of BR selectors does not adequately track information
necessary to implement effective preventive and detective controls to
ensure compliance with the following requirements:
('PS//BI//P*F) The NSA Office of General Counsel (OGC) must
review selectors associated with U.S. persons to verify that RAS
determinations are not based solely on activities protected by the
First Amendment to the Constitution;
(T~// 5)I//l>Ili') Authorized officials must revalidate RAS
determinations of foreign and U.S. selectors within one year and
180 days, respectively; and

(b)(3)-P.L. 86-36

hereC:]i11sfo;~~~~ ~f

1

We do not include
non-compliance with dissemination rules that NSA had already reported
in June 2009 and for which NSA had taken appropriate corrective action.

TOP

SECWT;) 1COM»rF;) ~VOHJRlJ
2
1

 DOCID:

REF ID: A4197.238

4230244
TOF

SI3CRET;'/COJi.'iJJ:>.Jl;i;IJ'l0FOP.N

•

(TS//SI//'[}JF) Analysts who query time-restricted selectors must
be made aware of the time period for which the RAS
determination applies so that the information may be minimized.

('f'O//SI//WF) Specifically, the database is not designed to tag and track
selectors associated with U.S. persons, revalidation dates, or timerestricted selectors as separate and distinct fields. Though analysts
might include such information in the "comments" field, that field is not
easily searchable or usable in designing controls. Separate fields are
needed to integrate preventive control_i:;jntol
and ensure the
completeness of detective c9ntrols·;··such as weekly audits by the SIG INT
Directorate (SID).Qffice-·of"Oversight and Compliance. As a result, NSA
increa.i:;~s itsYiSk of non-compliance with these requirements, and the
.-sc6f>"e of testing on selectors associated with U.S. persons and
revalidation dates may be limited. 2

I

···················

f~l(3)•P-.L..§6-36
ITS//SI//nF) Management stated that the Homeland Security Analysis
·:::::::::......
.. ·· ... ··. · ·· ... _genter (HSAC / S214) and Technology Directorate representatives decided
-. . ·'>'····
1-i"ofto·corre..c::t control weaknesses because such modifications could take
·... "''=::,,,
enough time s·o a:s··to.ov~r.:lap with the release of a new selector
· · · · · . . ·.·.· .·.· ·:::
management application
lnow planned for May 2010.
··:-....
Initial demonstrations and requirements documents suggest that
· . ··::::j
lwill resolve these weaknesses. Not only will key data be
·. ·.. frapked to enable controls that will detect instances of non-compliance,
·... but coµtrols will also be added to prevent querying of selectors that have
rtot beeit·woperly approved by OGC or revalidated within appropriate
·.. tim·ef{ames>l
Ihas also been designed to track time-restricted
selectcfri:;, and SIGINT managers are defining related requirements to
2-o,nfigurcH
lwith appropriate preventive and detective controls.s

called!

ITS/J~_O//WF) Bec~use NSA recognize.s these weaknesses and plans to
May 2010, we will not make formal
release!
recommendations to correct control deficiencies in the existing database.
Time-restricted selectors are not currently a compliance risk because
i:p,ap.J;i,ge.menLremovedallOtime-restricted selectors from querying as
(bj(1")wmu . mm uumU they were determined to no longer have intelligence value. We suggest
(b)(3)-P.L. 86-36
that management not reinstate time-restricted selectors until
is in place anctJ
can be copfi:g1;iE~d with appropriate preve.ntive
and detective controls.
·

Im

I

I

.I

(b)(3)-P.L. 86-36

(TS//SI//WF) The HSAC/8214 is managing the risk associated with
revalidations by implementing temporary manual processes to track
revalidations and by using more stringent timeframes than those
required by the Order. We will use the manual process to test
revalidation dates as part of our monthly testing and will make formal
recommendations as necessary.
i(b)(3)-P.L. 86-36

'(TS/.'Slh'Mf) We did not incJ~1de time-restricted selectors in pilot testing because determining compliance with the
requirement was too subjective to apply the continuous auditing methodology.
3
('fSh'Sl/MF') I
lls NSA's corporate contact chaining system used to store and analyze BR data.

TOP
3

 :OOCID: 4230244
T01

REF ID:A4197238
SECR:ET//COM1iv 17/NOFOitN

(TSf/SI//PlF) ....1.\ft.~:r.. . NS.A.reporte<l·Oincidents in 2009 when selectors
.......................... ···associated\vith U.S. persons had been queried without having been
('bfriF. ..........
reviewed by OGC, HSAC/S2I4 reiterated this requirement in its
(b)(3)~PJ. ,~ 86-36 ·· ........p.1"_ocedures and training. However, without preventive controls in place,
· ·· ·. . ··.
~o~~~:~~n~-~~f~~-~!or non-com liance, and our monthl testin will

· · · ·. . ..--==----------..;;;;.;;=--="---------..-----...---..----'
We will closely monitor

.... ···
..·······················

...... ·············"''

.... ··············'

(b)(3)-P.L. 86-36

{&n1r· ··· · ··············
(b)(3)-P.L. 86-36

.,_-----.-~-------.-----'
.___ _ _-!- release as part of our monthly

testing and make formal

recommendations as necessary .
('fS//Si//NF) Concerns Related to Dissemination
(T8//81//~W) With the exception of exculpatory material used in
litigation, the BR Order requires that all disseminations of U.S. person
information derived from BR metadata made outside NSA, whether in
formal reporting or in response to requests for information or other forms
of communication, be approved by one of five NSA officials. The BR
Order does not state that the authority may be further delegated. The
Order also requires that NSA provide the FISC with a weekly report of all
dissemination.
(T8//81/f WF) As described in Appendix B, pilot testing showed NSA to be
cojplijnt for the two dissemination objectives tested, with the exception
·· ·of
instances in which the Deputy Chief of Information Sharing
Services (ISS/S12) signed dissemination authorizations in the Chiefs
absence. Because these instances were known and reported by NSA in
2009, we are not reporting them as compliance incidents here. However,
we found two areas for improvement and management consideration:
('PS//SI//NF) The process to obtain and document dissemination
authorizations for serialized SIGINT reports signed by the Chief of
ISS/S12 and compile Weekly Dissemination Reports was largely
manual and, therefore, dependent on the diligence of the staff and
the strength of standard operating procedures. Because of the
relatively small amount of information disseminated
during 2009), the risks of using a manual process were ./•
manageable, but management should consider automating
d~ssem~na~on ~pprovals and tracking, should BR-relai~~~~-P.L. 86 _36
dissemmation mcrease.

I

...·I

(TS//EH//WF) ISS/S12 did not maintain individual dissemination
authorizations for non-serialized disseminations made outside
NSA, such as briefmgs, as required by its standard operating
procedures. Though such approvals could be tracked to e-mails,
it would be more prudent to maintain formal documentation, as
required in the procedures, so that NSA can easily demonstrate
compliance with the BR Order.

'fO?

SECR£T;}'C02ifFNT;}'NOFORtcl
4

 REF ID:A4197238

DOCID: 4230244
TOF

SECRET/;/COttifH':f1/;/l'iOf'OfUef

(U) Plans to Continue Monthly Testing
(TS//81//~fF) We will continue to test these objectives as part of monthly
testing starting with January 2010 data and with the following additions:

•

('fS//SI//NF} Verify that RAS approvals are made by Homeland
Mission Coordinators or other authorized officials.
('FSf/Sif/Mfi') Verify that RAS approval or revalidation dates are
within authorized timeframes (180 days for domestic selectors and
one year for foreign).

..
('FS//OI//NF} Because the transition tol
lwilr<freafo···a:·n:·~;·· ''"'"(~)(3)-P.L. 86-36
control environment, we might extend testing past the planned year to \
ensure the reliability of results. We will test selector revalidations using \
the temporary manual process currently in place. However, limitations ·
to test selectors associated with U.S. persons will remain untilj
"J
is implemented.
-----

5

 DOCID:

4.230244

REF ID: A4197238

-"'tl"f""U1+i'..__ _ _ _ _ _ _ _ _...,..SwE+E'"'+TH<:E.-,Tio.;.,</~/L,_;.....,HQ'*}dH7i:~·,~~·1.;.,i.i).,t.iq~,iU,;..i-·~f',;..iQ~Rl~\.i--r

This page intentionally left blank

 DOCID: 4230244
TOT

REF ID:A4197238

SECREI/4 1COMJ.b11//NOFORl\T

APPENDIX A
(U) About the Audit

TOP

SECRET;} 1COJfJ}'ffl} 1NOf'ORN

 DOCID:

4230244

u....

JREF ID: A41:97238

-m~1 ~...,r----------'<S+o£~c'k'Rt*'~'+1;""'·/,iri.·'C~o;+iiM·t>f;+,iIJ...,..,r+.:1i....,).:.P.~\.++1~04'1""*·0;+ffi"'"..ll..i"T_

This page intentionally left blank

'f(JP

SECRET;)'COMLVIj)('>lOFOR1'l

 REF ID:A4197238

DOCID: 4230244
TOF

SECR:ET//COMH'<11//1VOF011N

(U) ABOUT THE AUDIT
(U) Objectives
('fS//SI//NF) The objective of this audit is to test whether controls to
ensure NSA compliance with key terms of the BR Order are operating as
intended. Specifically, we tested the following objectives to determine
NSA compliance and assess the feasibility and reasonableness of
including these objectives in monthly testing:

1. (TSf/SI//l>TF) Only authorized individuals accessed BR
data in December 2009.
2. (T8//8I/0IF) Selectors queried in December 2009 were
documented as either approved to have met the RAS
standard or were queried for data integrity purposes.

3. (T8//8I//W¥) Selectors queried in December 2009 that
were associated with a U.S. person were documented as
having been verified by OGC that RAS determinations
were not based solely on activities protected by the First
Amendment to the Constitution.
4. (T5//:SI//PrFt-Selectors queried in December 2009 were
chained to no more than three hops.

5. (T£//8I//W¥) BR-related information disseminated
outside NSA in serialized SIGINT reports during 2009
was approved by the Chief of Information Sharing
Services or other authorized official.

6. (TS//SI//RF) Weekly Dissemination Reports issued in
2009 completely and accurately reported BR-related
information that was disseminated in serialized SIG INT
reports.
(TS//SI//NF) Of the 58 NSA requirements in the BR Order signed on
16 December 2009, we decided to pilot test these six objectives because
they were relatively stable, at risk for technical non-compliance or
violation of privacy rights, and testable using the continuous auditing
methodology. For a requirement to be testable, compliance must be
clearly objective and verifiable by supporting data.

(U) Scope
(U//FOUO) We conducted pilot testing from January to March 2010.
W.e.xe:v.iewed. the following-data: I
Iaudit logs for
December 2009, RAS approval dates from the BR FISA database,
RAS-approved U.S. person selectors, and access lists maintained on the

mh_fff)..// f?~h'N.F.)
(b)(3)-P.L. 86-36

TOP SECRET//C~fFfff;'/f<lOflOJ.t/\l

 DOCID:

REF ID:A4197238

4.230.244

SEC1tt;1 /1 'COM11··n //1V01 Vi<i'v'

JUI'

.·I
....···
.... ·············
... -·····

..·····

lsharePoint website. We verified that serialized SIGINT
reports issued in 2009 were supported by dissemination authorizations .
We also reviewed Weekly Dissemination Reports and supporting
documentation .

........ (JJ/.fFOUO) We met with individuals from OGC, SID, and the Technology
DireCtorate;ineluding.:t:he SID Office of Oversight and Compliance (SV),
ISS/Sl2, HSAC/S2I4, sttfISsues . Supp.o.r.t.Sta:ff (S02321), Analytic
Capabilities (Tl2), Structured Repositories (iT32);andl
Operations (T1222).

I

(U) Scope Limitations
(U / /fi'OUGt As described in the findings and Appendix B, we had three
significant scope limitations during pilot testing:

•

ffS//Oi//MF) We did not test whether OGC had reviewed RAS
determinations of queried non-U .S. selectors associated with
U.S. persons, as mandated by the Order, because existing
databases did not definitively identify these selectors.

•

('fS//SI//PiF) We did not test whether selectors had been
revalidated within the authorized timeframes because existing
databases did not track revalidation dates.
('FS//BI//NF) We did not test whether non-serialized
dissemination was approved by the Chief, ISS / S 12, or other
authorized officials because approvals were documented in
e-mails rather than formal dissemination authorizations. For the
same reason, we did not test whether Weekly Dissemination
Reports accurately and completely reported non-serialized
dissemination.

lbmr···· ··· ·············

I

(b)(3)-P.L. 86-36
····· ..... ········· .,
I
(b)(3)-SOU.~C 3024(i)
....,;.._-~_._
::::/,_,··:_.·.....; .....
··;_
,,_:;-.....

·i"'----------------------..1----,

··...

(U) Methodology
('f8//8I//ffl"j To test NSA's compliance with guerying requirements, we
. c.?.1?.P?:!~d. . ajL§S!Ji;;.ctors documented inl
audit logs that had
·····been queried in December 2009 against access lists, RAS approvals
documented in the BR FISA database, and OGC reviews documented in
the Homeland Requests Database. We also counted the number of hops

I

(b)(3)-P.L. 86-36

TOP SECR:tf'f'//COMINt';';N"tffOlt1<l

 REF ID:A4197238

DOCID: 4230244

SECRE n/'COMll<J n/7vTJ:N31"tN

lUY

.. . ..
(b)(3)-P.L..~.86-36
...

..

thel

I

chained .for each.sele0tor in
audit logs. We researched any
anomalies to make a final determination of compliance .

················

·. ······ .... .(1~//'AI//NE) To test NSA's compliance with dissemination
re.qiiitement.~, we identified all serialized SIGINT reports with the
···h·h· ....... hhhhmh···· ......BR::-related...SiGIN'Fj·..........
that were issued in
(b)(1)
2009 and documented in thej
jNSA's management information
(b)(3)-P.L. 86-36
system that contains statistical information about serialized SIGINT
reports. We verified that each report had been documented in a
dissemination authorization signed by the Chief, ISS/S12 or other
authorized individual. We then used this information to verify the
completeness and accuracy of the Weekly Dissemination Reports.

I

(U) We conducted this performance audit in accordance with generally
accepted government auditing standards. Those standards require that
we plan and perform the audit to obtain sufficient, appropriate evidence
to provide a reasonable basis for our findings and conclusions based on
our audit objectives. We believe that the evidence obtained provides a
reasonable basis for our findings and conclusions based on our audit
objectives.

(U) Prior Coverage
!'fS//81/f RF) On 10 July 2006, in a memorandum entitled FISA Court
Order: Telephony Business Records (ST-06-0018), the OIG issued "a
report to the Director of NSA 45 days after the initiation of the activity
[permitted by the Order] assessing the adequacy of the management
controls for the processing and dissemination of U.S. person
information." We issued this report with the OGC's concurrence and as
mandated by the Order. We issued a separate report on 5 September
2006 that provided the details of the findings and made formal
recommendations to management.

TO't' SECttE'f'/;'COl'fffNT//NOF01Zi.Y

 DOCID: 4230244
TOF

REF ID:A4197238
SECRE1 i/CQI',fl::LYl //1'l0F0i.'(l'i

This page intentionally left blank

'f'O? 3ECRE'f'//COMfNT//:f<lOFORN

 DOCID: 4230244
TOP

REF ID:A4197238
Stt:RET//COMil'li 1/;11lOrOKN

APPENDIX B
(U) Pilot Test Results

TOF SECR:E't'//COMINf;'/t,lOt'Ottl•l

 DOCID: 4230244
TO:P

REF ID:A4197238
SECREI)'/COi"ifH'.,'1 //NOFORi'i

This page intentionally left blank

TOP SECRE'f/7'COMI'Nf';'/lvTJfl01?:1v

 DOCID:

REF ID:A4197238

4.230244
TOF

8ECRETi/COMii<J 17}NO:FORN

(U) PILOT TEST RESULTS
Test Results

Area

Using.Cl unique seed selectors,
a]Jc:::Jqueries were made by
."'-uthorized personnel.

1. Access

Test
Period

Scope Limitations
None; however, we limited our
testing to g_ueries made in
I
Jand did not test queries
made to el
1.

I

AU0seed selectors queried for
..·i:htelligence analysis purposes were
documented as RAS approved.

I .. __

.

Dec 2009

·.

We verified RAS ;,;:pptbvais,:not_
revalidation dates, and did "ii:bt::: ··
verify that the approving official '.-:~f:(l~)(3)-P.L. SE-36
was a Homeland Mission
.:'"/!
Coordinator or other official
..........' .
authorized to make RAS apprqv(tl~. j
We also limited our testj~ t9'.i/. / / Dec 2009
queries made in)
__ :and did.!
not test queries made to .: eiz:z:::J
'.·.!

2.

Of tl;J.en seed selectors. not RAS
~pprov'ed, all were queried for
··"demonstration or data integrity
purposes and only one resulted in
contact chaining. The exception
was conducted by a Data Integrity
Analyst who had permission to
query outside the existing control
structure.

E,A'i{ f.Pp~oval

~f:seieetors

;::::=·

,~;:::::/

(b~f~l~~ .L ::ae

I

I / ;

We limited testing to se~~ctor,~
presumed toh,, "'"~ .... :~·~·· "liiith
TT~
·I
/
I
I
I Therefore,
::.3s:: :::: ::::::::: ::: .........
we aia not test uuc reviews of
········· ···· : :::A,:J,J.:Qqueried seed selector.s that
non-U.S. selectors associated with
3. OGC Review of wete···pre..~umed to be associated
U.S. persons because the existing
Selectors
with U.s.··p·erson§. were reviewed by database does not track this
OGC. In one case·;··the ..approval
.·A.ssociated with
information. Management has
"lfS,_ Persons
was documented as ''verbal:"····
ce estimated there to be about
··
of these selectors.
We a.lso limite~ gur testjn~ to
.
.
queries made ml
_-~-~
not test nueries made to e··L-J

Dec 2009

.
LJ

"
"
·.

·.

~

I

\

I

..._I----"""----'-..--'
..... ""'. . +
. ---------------i.--N_o_n_e_;_h_o_w_e_v-er_,_w_e_lim_i-te....d"'"··.-9-u"""~-\._-"""\--l------1

4._. Chaining·

··... All._ queries

were chained to no
..mote. than three hops from the
se.ed ·se.lector.

·.

tes:·ng t~tueries made in "-. ·. ._
l : a n d did not test gueri~s
ma e to e I

L. _

!····················

\...
\..

5. Dissemihation
of Serialized·.
SIGINT Reports

6. Weekly
Dissemination
Reports

\

···········....

Dec 2009

·•..........

We limited our tes~g fo serlruizec(:\l

~f thi I I ~~rifiQ SIGINT reports
_1ssued;a:Il but
were approved
~19'g~f~aJei'etr ~aGked· :::,.~; b)(3)-P.L. ~()-36
·qy the Chief or cting Chief of
~ation, such as briefings /
IS~v:2j· We are not considering
and responses to requests for
i
the
mstances as noncomp ant because they were
information, were not easily
.
testable because ISS/ Sl 2 used /
known and reported by NSA in the
end-to-end report issued in 2009.
e-mails rather than dissemination
authorizations to document
·
In those instances, the Deputy
2009
approvals formally.
Chief ofISS/S12, who was not
stated in the BR Order as being
authorized to approve BR-related
dissemination outside NSA, signed
the dissemination authorizations in
the Chief's absence. ISS/S12 has
since revised procedures to
designate the Deputy Chief as
\Acting Chief in the Chief's absence.
Weekly Dissemination Reports
c6.Qtely and accurately reported
all
serialized SIGINT reports
issue , except for one issued before
weekly reports became mandated
in June 2009.

To maintain consistency with our
tests of dissemination
authorizations, we limit1:id testing
to serialized SI~'orts that
were tracked inL__J

2009

(TS// SI//PW)

TOP SECRET;) 1COMJNT;)(\TQFOR..t>l

 DOCID: 4230244
TOF

REF ID:A4197238
3ECRE 17/COM11\J 1//WOFO:RN

This page intentionally left blank

'TOP SECttE'f;'/COMfllff'/JN fY!lOtt/'•l

 REF ID:A4197240

DOCID: 4230247
WP

SECREWC02'~%'!-;F0f'ORN

NATIONAL SECURITY AGENCY/CENTRAL SECURITY
SERVICE

INSPECTOR GENERAL REPORT

(TSh'Slh'NF) Audit of NSA Controls to Com ply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records January to March 201 O Test Results
(ST-10-0004A)
28 May 2010

~pproved for Release by NSA on 08-06-2015. FOIA Case # 80120 (litigation)

 DOCID: 4230247

:JREF JI:D: A41:97240
'f'OP SECRErn'COMINTh'NOFOR:N

(U) OFFICE OF THE INSPECTOR GENERAL
(U) Chaitered by the Director, NSA/Chief, CSS, the Office of the Inspector General (OIG)
conducts audits, investigations, and inspections. Its mission is to ensure the integrity, efficiency,
and effectiveness ofNSA/CSS operations, provide intelligence oversight, protect against fraud,
waste, and mismanagement of resources, and ensure that NSA/CSS activities are conducted in
compliance with the law, executive orders, and regulations. The OIG also serves as
ombudsman, assisting NSA/CSS employees, civilian and military.

(U) AUDITS
(U) The audit function provides independent assessments of programs and organizations.
Perfonnance audits evaluate the effectiveness and efficiency of entities and programs and
assesses whether program objectives are being met and whether operations comply with law
and regulations. Financial audits determine the accuracy of an entity's financial statements. All
audits are conducted in accordance with standards established by the Comptroller General of the
United States.

(U) INVESTIGATIONS AND SPECIAL INQUIRIES
(U) The OIG administers a system for receiving and acting upon requests for assistance or
complaints (including anonymous tips) about fraud, waste, and mismanagement. Investigations
and Special Inquiries may be undertaken as a result of such requests, complaints, at the request
of management, as the result of irregularities that surface during inspections and audits, or at the
initiative of the Inspector General.

(U) FIELD INSPECTIONS
(U) The inspection function consists of organizational and functional reviews undertaken as part
of the OIG 's annual plan or by management request. Inspections yield accurate, up-to-date
information on the effectiveness and efficiency of entities and programs, along with an
assessment of compliance with law and regulations. The Office of Field Inspections also
partners with Inspectors General of the Service Cryptologic Elements to conduct joint
inspections of consolidated cryptologic facilities.

TOP SECRE1WCOA£R.J'I;$'.NOFOR..'\r

 DOCID: 4230247

REF ID:A4197240
'f'OP SECRE'f#COMThi7fi'NOf'ORN

'f'OP SECRE'l)J'COMIN't»'f\lOFORN

 REF ID:A4197240

DOCID: 4230247

TOP SECRET17'CO1vf1l,lT!75'VOf?ORltl
OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE

01June2010
IG-11160-10
TO: DISTRIBUTION
SUBJECT: (T£//SI//Rfr) Audit of NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records - January
to March 2010 Test Results (ST-10-0004A)
1. (U / /POUO~ This report summarizes the results of our January, February,
and March 2010 testing using the continuous auditing methodology.
2. (TI'//SI//NT') Audit Objectives We are conducting monthly testing of
NSA controls to comply with the Foreign Intelligence Surveillance Court Business
Records (BR) Order to determine whether these controls are operating as intended.
3. (TS//SI//HF) Pilot Testing The Pilot Test Report (IG-11154-10) was
issued on 12 May 2010. It concluded that NSA had complied with the BR Order for
the six pilot test objectives tested and within the time periods covered. Although no
incidents of non-compliance were found, pilot testing disclosed weaknesses in
controls over querying certain types of selectors, as well as concerns related to the
dissemination of BR information. Weaknesses related to querying should be
resolved with NSA's implementation of a new application to track BR selectors,
which NSA now hopes to release in June 2010. We will monitor the situation as part
of our monthly testing and make formal recommendations as needed.
4. (U / /FOUO) Monthly Test Objectives See Appendices A - C for details of
January, February, and March 2010 monthly test results for the following objectives:
('fS//8f//NF) Access: Were all queries to the Business Records FISA
BRF metadata made by authorized individuals (e.g., analysts and data
integrity analysts)?
(U / /FOUO} Reasonable Articulable Suspicion RAS Approval of
Queried Selectors: Did all queries use RAS-approved seed selectors?

TOP gJiCRETi!COM!l'lT:W\[OFOR.¥
1

 REF :ID:A4197240

DOCID: 4230247

TOF 8ECREIWCOlvf1N'f17'NO-FOR1{

ST-I 0-0004A

•

(U/ /FOUO? OGC Review of U.S. Person Selectors: Did OGC verify that
RAS determinations of all queried seed selectors associated with U.S.
persons had not been based solely on activities protected by the First
Amendment to the Constitution?

•

(C//REL TO USA, FVEY) Oiaining: Were all queries chained to no
more than three hops?
(U //FOUO) Revalidation of Queried Selectors: Were all queried foreign
and U.S.-person seed selectors revalidated within the Court's
timeframes-one year and 180 days, respectively-and approved by
an authorized Homeland Mission Coordinator (HMC)?
(TS//51//Nli') Weekly Dissemination Reports: Did NSA accurately and
completely report serialized dissemination of BRF metadata outside
NSA?
(TS//51//Jl>W) Dissemination of Serialized SIGINT Reports with BRF
Metadata: Was all information disseminated through serialized SIGINT

reports approved by the Chief of Information Sharing Services (S12) or
one of the five other authorized individuals?
5. (U I fFOUO) Monthly Test Results We found no instanc:.es··o(g¢,h\b)(J)-P.L.
compliance for the months of January and February 2010 ....Howe~er.~::::~tgNfic\;ant
scope limitations remained for all months in testing.Office of Geµ¢f,:af:¢ouns~l
(OGC) reviews of selectors associated with J,.LS:·j)ersons because·:()f..-66,titrol \
-'/e found\an
weaknesses reported in the Pilot Te~t.Re···o~t. Also,
expired selector marked as approved
\1eried for foreign
intelligence purposes:/ThelJ.S. person selector
.1
I
land. was due for revalidation
·based on the Court
mandated 180-day requirement for revalidation of a.U.S.. person selector. This
selector was then queried!
.• /
lafter·it had expired. The selector
After being notified of this
was changed to NOT APPROVED
non-compliance, Special FISA, Oversight, Processing and Support (SV4) issued an
incident report
Tllis error w1derscores the control weakness in
selector revalidations that we reported in the Pilot Test Report. It also raises a
question regarding separation of duties when Data Integrity Analysts (DIAs) are
able to query for data integrity and foreign intelligence purposes. We will make
formal recommendations to address these findings in a separate report.

and ..

I

I ./

I

I

TOP SECRET17'COlv11N'fl7"/tlOf1fYIVv'
2

86 36
-

 DOCID:

4'230247

REF ID:A4197240
·'fOP s:Eci:E'Iwbo~·JiNtA#oFo:f?N

ST-'l0-0004A

6. (U//f10U0) We appreciate the courtesy and cooperation extend~d to the
auditors throu hout the review~ If you need clarification of additional information:, .
please contact
on.99.9..:~988(s) or vfa e~maitad
o
on952'.'.2171{~).?.:.. :.ia e.-mail'atl
I< ·
.\

I

................................... :·...

• ..... 1......

············
......... ;.,,

. - - - - - - - - - - - - -.....,

Assistant Inspector General_
for Intelligence Oversight

·

...•

FOP SECR:ERS'CO:lrfl.i'611i~WOFO~-D.1'1

3

.. ···-·· .

...............

.

1

··.
-

.......

• .

·...

.• •

.

\.

·;~f(~)-P.L. 86-36

 REF ID:A4197240

DOCID: 4230247

TOP S£CRETWCOlvI1lfft7?vYJFORN

DISTRIBUTION:
D21

_____

'-r------------1

....,
Chief,
Chief,
Chief, '--------~--....;;....-S2I4~-------i..;.;.____;;_ _ _ __
Chief TD,
·······... ·· ...
DoJ
··· .....::::···... ·..

.:·
.:·
.;:::·

.::== ..

.;:·

T()P 8£CR£n?'COl'vf1Nn7'JvYJFOR1V
4

ST-10-0004A

 DOCID: 4230247

REF ID:A4197240
TO-P SECRETi?'CO-lJ1JtBS'NOF'ORN

APPENDIX A
(U) January 2010 Test Results

 DOCID: 4230247

REF ID:A4197240
TOP 8ECRE'fWCOlvfIlvTMvYJfi'tffi..N

(U) This page intentionally left blank.

TOP 8ECRETA'COltflJi.i'TiSWOf'0R}{

ST-10-0004A

 REF ID:A4197240

DOCID: 4230247

TOP SECRETtS'COM1lv71S'f<HJFORN

ST-10-0004A

(U) January 2010 Test Results
(TS//BI//Mit) Test results show that NSA complied with the requirements of the BR
Order, with noted scope limitations, for the time period 1-31 January 2010. The
rating definitions are included in Appendix D of this report.

Area

Test Results

Scope Limitations

Rating

I

·-'..· ..None

1. Access

·..:::-

.............·

:::'::::,.
.··, </(b)(3)-P.L. 86-36

,.······

:=~~h~::I

\

"

4. chpin.ing

None

Th~

5. Revalidation of
Queried Selectors

eed selecto~s queried for
foreign intelligence purposes were
approved by authorized HM~ithin
. the Court's timeframes. TheLJeed
selectors that were not RAS
approved were queried for data
inte~rity purposes.
".

'.

·.

None

6. Weekly
Dissemination
Reports

WeeklyOissemination Reports
coEllp~e\ely .a~d accurately reported
th ·
serialized SIGINT reports
issue .

We decided to limit testing to
serialized SIGINT reports because
briefings, litigation, and other
types of dissemination were not
easily testable.

7. Dissemination
of Serialized
SIGINT Reports
with BRF
Metadata

The Chief of lnformatio.n..fillaring
Services approved thtl_Jerialized
SIGINT reports issued.

We decided to limit testing to
serialized SIGINT reports because
briefings, litigation, and other
types of dissemination were not
easily testable.

TOP SECRETt7'CO1vIHrlf17'Jl10PORN

.

:

.

.

~ompllanf

C.O!lJpliai:it

 DOCID: 4230247

REF ID:A4197240
TOP SECRETWCO-AH}ff1?1.frlOFOf?:}{

(U) This page intentionally left blank.

TOP 8ECRET!7'C0-1vf1}rlTWNOFORN

ST-10-0004A

 DOCID: 4230247

REF I:D:A4197240
TOfJ 3ECttE'I'l7'COlvlll'V"f/tN'Ofi"O-ft:N

APPENDIX B
(U) February 2010 Test Results

T&P SECRE'fWC01vIIN'I'l7'1V'Ofi'0111V

ST-10-0004A

 DOCJI:D:

423024 7

REF JI:D:A4197240
TOP 3ECft:ET17'COlvI11"VT?7'NOFOR1Y

(U) This page intentionally left blank.

TOP 8ECRETPCO}rfE¥TAWOr"001'f

ST-I 0-0004A

 REF ID:A4197240

DOCID: 4230247

TOP 3ECfi..Ert7'C01V111Y rmv (J/i"()"fl.N

ST-I 0-0004A

(U) February 2010 Test Results
(TS// 01//MF) Test results show that NSA complied with the requirements of the BR
Order, with noted scope limitations, for the time period 1-28 February 2010. The
rating definitions are included in Appendix D of this report.

Test Results

Area

Scope Limitations

Rating

1. Access

·· .. ·...

·· .. ··.

4."-c:;:haining

None

Th~

5.. Revalid~ti<;m of
Queried Selec.tors

seed selecto.rs queried for
foreign intelligence purposes were
approved by authorized Hfv1C~"thin
the Court's timeframes. The·
seed selectors that were not
S
approved were queried for data
integrity purposes.

None

6. Weekly\
Dissemination
·
Reports

yveekly Dissemination Reports
coTp~e~ely and accurately reported
the
erialized SIGINT reports
issue .

We decided to limit testing to
serialized SIGINT reports because
briefings, litigation, and other
types of dissemination were not
easily testable.

· Compliant

7. Dissemination\
of Serialized
·.
SIGINT Reports \.
with BRF
·.
Metadata

The Chief of Information Sharing
Services (S12) or the S12 Deputy
with authority granted in a Staff
~cessing Form (SPF) approved the
L_Jserialized SIGINT reports issued.

We decided to limit testing to
serialized SIGINT reports because
briefings, litigation, and other
types of dissemination were not
easily testable.

.. Compli:;tnt

..........

\ .......

ror SECRET11'COlv:f}{Tt?'NOf'(}R}{

 DOCID: 4230247

REF ID:A4197240
TOP 8ECRE'fWCO:l11f1l'ilT1?'f'l'OFOfV{

(U) This page intentionally left blank.

rot' 3EC'fl..l!:f17'COlvfINT1?'Jv'OFORl<l

ST-I 0-0004A

 DOCID:

4.2 30.2 4 7

REF ID:A4197240
T&.P SECREiiS'COME'iTkNOFORN

APPENDIX C
(U) March 2010 Test Results

TOP SECi?.E1iVCO-lvHN1iS'NOFORN

ST-I 0-0004A

 DOCID:

4230.24 7

REF ID:A4197240
TOF SECftE'f'l?'COM1iVT!7'N'OflOb:N

(U) This page intentionally left blank.

TOP 8ECftEY'l7'COlvf1lv'f!?)Y0flOft:.N

ST-I 0-0004A

 REF ID:A4197240

DOCID: 4230247

TOP SECft:ETfiCOivillvT17'i'tOFORN

ST-I 0-0004A
.·· ...(l>)(1)

(U) March 2010 Test Results _.......·

(b)(3)-e.L 86 .35
,, ,,
.
.
............
. (b)(.3)-SO·U.SC 3024(i)
('fi577SI77MF) Test results show that NSA complied w1t.h··:ri:J.ost requirements of the BR

Order with noted sco e limitations for the time eriod 1-31 March 2010.'

-

........................,.,.__,,.........,,.....,,..

...........................................................................

Append ix D of this report.

Area

-The rating definitions are included in

Test Results

1. Access

Scope Limitations

Rating

. None

············· .........

........ ·.

-

.

·········...

··· ...

. ·4.. _ch-~in1ng

5. Revalidati~ii of
Queried Selectors

None
·· ... of ine
seed selectors
...q'""'u_e_n_e..,...,.o_r..,.oreign 1n elligence
purposes were apprayed by
authorized HM Cs within tt_itaurt's
timeframes. The remaining
seed
selectors that were not RA
.approved were queried for data
iht~grity purposes.

None

6. Weekly
Dissemination
Reports

Weekly Dissemination Reports
colp~etely and accurately reported
the
serialized SIGINT reports
issue .
·

We decided to limit testing to
serialized SIGINT reports because
briefings, litigation, and other
types of dissemination were not
easily testable.

7. Dissemination
of Serialized
SIGINT Reports
with BRF
Metadata

The Chief of Information Sharing
Services approved t h e l l
serialized SIGINT repo'irsis'Sued.

Testing was limited to serialized
SIGINT reports because briefings,
litigation, and other types of
dissemination were not easily
testable.

TOP 8ECRETWC°'-Y!LVTA'N<W0/1}f

Compliant

 DOCID:

4.230.24 7

REF ID:A4197240
T(}.P SECREIWCOAJL\T1SifvrOf'OfV{

(U) This page intentionally left blank.

ST-I 0-0004A

 DOCID: 4230247

REF ID:A4197240
ST-I 0-0004A

APPENDIX D
(U) Rating System

FOP 8ECRET!7'CO1vHbTft7'tv'OFOR1·<l

 DOCID:

4230247

REF ID:A4197240
'fOP 8ECRET17'C0lvf1lff17'f'ir0-F01?.N

(U) This page intentionally left blank.

'fOP 8ECRET17'COAHNTtSWOl"O/U¥

ST-I 0-0004A

 DOCID: 4230247

REF ID: A41:97240
rop 8£CR£1iS'CO}JLV1iS'f.v[OFO/lN

ST-10-0004A

(U) Rating System
:" ',

Description
A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control weaknesses
prevented us from testing the entire universe, as
explained in the scope limitations.
A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.

TOP 8ECRE1iVCOM1N1iSl.fv'{}F'ORlir

Rating

 1

'

-

DOCID: 4230248

REF ID:A4197245
TOP 8ECRE'J}7'COMfN'flYNOf!ORN

NATIONAL· SECURITY AGENCY/CENTRAL SECURITY
SERVICE

INSPECTOR GENERAL REPORT

(TSh'Slh'NF) Audit of NSA Controls to Com ply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records
April 201 O Test Results
(ST-10-00048)
10 June 2010

TOP SECRET;$lCOhflNf»'NOFOMT

E\pproved for Release by NSA on 08-06-2015. FOIA Case # 80120 (litigation)

 DOCID: 4230248

REF ID:A4197245
TOP SECRE'f#CO!vfil'li"f;]'NO:PORJ,.l

(U) OFFICE OF THE INSPECTOR GENERAL
(U) Chartered by the Director, NSA/Chief, CSS, the Office of the Inspector General (OIG)
conducts audits, investigations, and inspections. Its mission is to ensure the integrity, efficiency,
and effectiveness ofNSA/CSS operations, provide intelligence oversight, protect against fraud,
waste, and mismanagement of resources, and ensure that NSA/CSS activities are conducted in
compliance with the law, executive orders, and regulations. The OIG also serves as
ombudsman, assisting NSA/CSS employees, civilian and military.

(U) AUDITS
(U) The audit function provides independent assessments of programs and organizations.
Perfonnance audits evaluate the effectiveness and efficiency of entities and programs and
assesses whether program objectives are being met and whether operations comply with law
and regulations. Financial audits detem1ine the accuracy of an entity's financial statements. All
audits are conducted in accordance with standards established by the Comptroller General of the
United States. ·

(U) INVESTIGATIONS AND SPECIAL INQUIRIES
(U) The OIG administers a system for receiving and acting upon requests for assistance or
complaints (including anonymous tips) about fraud, waste, and mismanagement. Investigations
and Special Inquiries may be undertaken as a result of such requests, complaints, at the request
of management, as the result of irregularities that surface during inspections and audits, or at the
initiative of the Inspector General.

(U) Fl ELD INSPECTIONS
(U) The inspection function consists of organizational and functional reviews undertaken as part
of the OIG's annual plan or by management request. Inspections yield accurate, up-to-date
information on the effectiveness and efficiency of entities and programs, along with an
assessment of compliance with law and regulations. The Office of Field Inspections also
partners with Inspectors General of the Service Cryptologic Elements to conduct joint
inspections of consolidated cryptologic facilities.

TOP SECRETh'C0l'1flNFJ$'P•lOf'ORN

 DUCID: 4230248 REF 


REF ID:A4197245

DOCID: 4230248

TOP SECRET//COMHffh'HOFQIV.q=

OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENfRAL SECURITI SERVICE

10June 2010
IG-11163-10

TO: DISTRIBUTION
SUBJECT: (Tg//gl//Mf<) Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business
Records April 2010 Test Results (ST-10-0004B)
1. (U / /FOUOJ This report summarizes the results of our April 2010
testing using the continuous auditing methodology.
2. (TS//SI//NF) Audit Objectives We are conducting monthly
testing of NSA controls to comply with the Foreign Intelligence Surveillance
Court (FISC) Business Records (BR) Order to determine whether these
controls are operating as intended.
3. (U / /POUO) Monthly Test Results and Objectives We found no
instances of non-compliance for the month of April 2010. However,
significant scope limitations remained in testing Office of General Counsel
(OGC) reviews of selectors associated with U.S. persons because of control
weaknesses reported in the Pilot Test Report issued on 12 May 2010 (IG11154-10). This report details April 2010 monthly test results for the
following objectives:

•

(TS//Sf//NF) Access: Were all queries of the Business Records
(BR) metadata made by authorized individuals (e.g.,
intelligence analysts and data integrity analysts)?

•

(U / /POUO) Reasonable Articulable Suspicion (RAS) Approval of
Queried Selectors: Did all queries use RAS-approved seed
selectors?

•

(U/ /FOUO) OGC Review of U.S. Person Selectors: Did OGC
verify that RAS determinations of all queried seed selectors
associated with U.S. persons had not been based solely on
activities protected by the First Amendment to the Constitution?

TOP SECRET//COMFNT//NOFORN
1

 ;·.,·

···,

REF ID:A4197245

.DOCID: 4230248

TOP SECRETf/COM:H~'D'/MOf"QitM ..

ST-10-0004B

• · (C//REL TO USA, F.VEY) Chaining! Were all queri¢s.:¢~ed to
rio more than three hops? ...... ·.~ ..... ·
. ·.')~:::.~~·/''.·'': t.
·•

(U //FOUO) Revalidation of Queried Selectors: Wef~:~:~t.!~#ec;l
·foreign and U.S.-person $eed selectors revalidated Mthfri the
Court's timeframes- one year and 180 days, respectlVely ~ artd
approved by an authorized Homeland Mission Coordinator
(HMC)?

•

(.f'S//3i/niJF) Weekly[)isseminatiqn Rep~rts.: Did NS1i\ . .. .
. a~<7urately.~d .completely' report serfo1ized.dis$emUiatjon of BR
metadata outside.NSA?
..
.
'

.I

'

·•

•

.

.·

•

• (TS//81//NF) Dissemination of Serialized SIGINT Reports with BR
Me.t"4:9tq: Was all infon,I~tioIJ: qiss~.min~te,dtrrough serialized
SIGINT rep.orts ct.pproved. py ~e C:hief; pf Iµfor.mation Sharing
other authorized individuals?
Services! (S12) or one of the

five

4.. (tJI fFQuQj We ~ppreciate tpe co~rt~sy ~d c,poperatip!l e~tended
to the auditprs.$.rougho.ut the review,. If otl 11eed darific.atjp11 a~ditional
information, please contact
on 963-2988.(s) gr vta e,fu.ail at .
or
oh 952-2171(s) or via e~1llail at
'

or

i---------i;

'":"

\:

\(bH3)-P.L. .86-.36

'•.:

..

.· ·

Assistant Inspector General
for Intelligence Oversight
:

. : ..

.

l

~

.

•

. ..

.

'

TOP SECRET//CUMfM'f/fl~OFOllM
2.

 DOCID:

REF ID:A4197245

4230248

SECRET//COMHfl'//NOFORH

TOF

··· .. :··..

........

(b)(6)

ST-10-0004B

oc

~~

··. ··.::.

~....~-~-D-~-~-o~-~.....)R'--e--.ynolds)

_

S2

; .

.......................

~~~--........-JI ........../<"",,,...""":./·,//,/'
1-r-----,-.·;;;;.J"'

/

.. .. ..

,;::~::;~,(b)(3)·P.L. 86~6

"'"" / . . . /
,. '

,./'

T122
,•·
,...
T12221---___. . . . . . . ._......_ ___,::/:::>·
......__
..,._,
OGCIGPOC,...._
.
SIDIGPOC
TDIGPoc·,..__ _.,..._____

_____

____

"'-~

Dl
D12.___ _ _

~

D13
D14

TOP

SECRETHCOMINT//~~OFORN"

3

 DOCID: 4230248
TOfl

REF ID:A4197245
1

SECi\:ET/1 COMIHT;'/i'q-Of oruq-

(U) This page intentionally left blank

TOP SECRET//COMINT//NOFORN
4

ST-10-0004 B

 REF ID:A4197245

DOCID: 4230248

5ECftEi17'COIY1IMi/JNOfOltN

iOt'

ST-10-0004B

(U) April 2010 Test Results
(TS// Oil/NF) Test results show that NSA complied with the requirements of the
BR Order, with noted scope limitations, for the time period 1-30 April 2010.

Area

Scope Limitations

Test Results

Rating

None

1. Access

··•''",., ..

...:z •. RP:$"'Ap,~rov(;ll
of Queried········

;;;;;:::::::;:;:;,,,;;:jd~§t~!'-t9r5 " "' ,,,, ;:

:::::····

. "'' '_j"(b)(3)-P.L. 86-36
, ••• •• , •• ••

'.

_,f"

..
None

4':..ChaiiiiQg

5. Reva.lioation
of Queried
Selectors 1

Th6'
seed selectors queried for
foreign intelligence·pµrposes were
approved by authorized. IJ.M..Cs within the
\Court's timeframes. TheLJseed
s~lectors that were not RAS approved
were queried for d<jta integrity or "ident
look!.!p" purposes.

None

6. Weekly
Dissemination
Reports

Weekly bi.ssemination Reports
,.£.Q.!!!Q!etely and accurately reported the
1,___15eriali2:€Jd SIGINT reports issued.

We decided to limit testing to serialized
SIGINT reports because briefings,
litigation, and other types of
dissemination were not easily testable.

The Chief of Information Sharing
Services approved thec:Jserialized
SIGINT reports issued.

We decided to limit testing to serialized
SIGINT reports because briefings,
litigation, and other types of
dissemination were not easily testable.

·.

7. Dissemination
of Serialized
SIGINT Reports
with BR
Metadata

Compliant

(TGH811/t<IF)

(b)(3)-P.L. 86-36

u~i~9J

1
(0HREL TO USA, F'u'EY) "Iden! lookup" refers to querying a selector
ho determine
the approval status of a selector. In such cases, the Emphatic Access Restriction controls will prevent
chaining of a selector that is not marked as approved for querying, and return an error message to the
analyst. Because the selector was not actually chained, there is no violation of the Order.

TOP

SECRET//COMINT//~qQfORN

5

 REF JI:D:A4197245

DOCID: 4230248

SECRET//COMHff/i~~OFO:KH

TOP

ST-10-0004B

. : ·...

(U) Rating System

Description
A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control weaknesses
prevented us from testing the entire universe, as
explained in the scope limitations.
A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.
(TGf{GIN~lP)

TO~

SECRET//COMHff//NOFORN
6

Rating

 DOCID: 4230249

REF ID:A4197247
rOPSECRET#COldINf#f,lOFORl<l

NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE

INSPECTOR GENERAL REPORT

(TSNSIHNF) Audit Report of NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records Control Weaknesses
(ST-1.0-0004C)
29 September 2010

~pproved for Release by NSA 011 08-06-2015. FOIA Case #80120 (litigation)
Derived From: NSAICSS Classification Guide 1-52
Dated: 20070108
Declassifj; On: 20350712

TOP 8ECRET#CO:AfIN1J¥N"Ol'OR..1\J

 DOCID: 4230249

REF ID:A4197247
TOP SECRET;fCOMll•l'Dl'l',lOFORN

(U) OFFICE OF THE INSPECTOR GENERAL
(U) Chartered by the Director, NSA/Chief, CSS, the Office of the Inspector General (OIG)
conducts audits, investigations, and inspections. Its mission is to ensure the integrity,
efficiency, and effectiveness ofNSA/CSS operations, provide intelligence oversight, protect
against fraud, waste, and mismanagement of resources, and ensure that NSA/CSS activities are
conducted in compliance with the law, executive orders, and regulations. The OIG also serves
as ombudsman, assisting NSA/CSS employees, civilian and military.

(U) AUDITS
(U) The audit function provides independent assessments of programs and organizations.
Performance audits evaluate the effectiveness and efficiency of entities and programs and
assess whether program objectives are being met and whether operations comply with law and
regulations. Financial audits determine the accuracy of an entity's financial statements. All
audits are conducted in accordance with standards established by the Comptroller General of
the United States.

(U) INVESTIGATIONS AND SPECIAL INQUIRIES
(U) The OIG administers a system for receiving and acting upon requests for assistance or
complaints (including anonymous tips) about fraud, waste, and mismanagement. Investigations
and Special Inquiries may be undertaken as a result of such requests, complaints, at the request
of management, as the result of irregularities that surface during inspections and audits, or at
the initiative of the Inspector General.

(U) FIELD INSPECTIONS
(U) The inspection function consists of organizational and functional reviews undertaken as
part of the OIG's annual plan or by management request. Inspections yield accurate, up-to-date
information on the effectiveness and efficiency of entities and programs, along with an
assessment of compliance with law and regulations. The Office of Field Inspections also·
partners with Inspectors General of the Service Cryptologic Elements to conduct joint
inspections of consolidated cryptologic facilities.

TOP SECRET#COltfINT#NVFORN

 DOCID: 4230249

REF ID:A4197247
TOP SECRET//€0.lvfINT//"HOf'ORN

OFFICE OF THE INSPECTOR GENERAL

NATIONALSECURITYAGENCY
CENTRAL SECURITY SERVICE
29 September 2010
IG-11201-10
TO: DISTRIBUTION
(T8//SI//l'1F) SUBJECT: Audit Report of NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records - Control
Weaknesses (ST-10-0004C) -ACTION MEMORANDUM
1. (TS//SI//NF) This report summarizes the results of our review of NSA
Controls to Comply with the Foreign Intelligence Surveillance Court Order
Regarding Business Records. We found that the delayed implementation of a new
selector tracking application resulted in control weaknesses and the querying of
an expired selector. Our review also identified a control weakness regarding data
integrity functions. Management concurred with the findings and
recommendations and has already completed one recommendation by
implementing the new selector tracking application and verifying that controls are
in place.

2. (U / /FOUO) We incorporated management's comments in th~ report,
where appropriate, and included the full text of management responses in
Appendix D. As required by NSA/CSS Policy 1-60, NSA/CSS Office of the
Inspector General, all recommendations and planned corrective actions are subject
to follow-up until completion. Status reports should be directed tol
.I
JAssistantinsp.e.Gt.Q:t:..G:~.J::l:~!.~Jor Follow-up, at OPS 2B8076, Suite 6~.41,
I
within 15 calendar days after target coriipleti6'f'.fdates·;· ···· · · ······-···· ...... .....,..,,./·

.......... · _.,. (b)(3)-P.L. 86-36

I

3. (U / /FOUO) We appreciate the cooperation.. and·co\,lrtesi~·s. ~xtended to
our personnel throughout the review. If youneed~gditi6naJ information or
clarification, please contac~I .. · .
lori 963-2988s or by e-mail at
I·-··-··--_ ....... --··

)t~ed~
GEORGE ELLARD
Inspector General

TOP SECRET//C01vflNT//N()T(Jff.1V

 DOCID: 4230249

REF ID:A4197247

TOP SECRET1/ 1COl·fillT1/1lCI'ORl'Tf

ST-10-0004C

,•

'

DOJNSD~I~~~~~__,......,!
IG
D/IG
Dl/AIG for Follow-up

(b)(6)

D11
D12
Dl3
D14

TOP SECRET//COlefIJcFF;';'AlOFORJ--l
ii

 DOCI:O:

4230249

REF I:O: A41:9724 7
TOP SECRET;) 'COivfii•lT;)5VOf:ORN
ST-10-0004C

(U) TABLE OF CONTENTS
I. (U) EXECUTIVE SUMMARY ..................................................................... v
.II. (U) BACKGROUND ..................................................................................... 1
(TSHSlf/NF) Terms of the Foreign Intelligence Surveillance Court (FISC)
Order Regarding Business Records (BR) ................................................... 1
(TS#SINNF) Testing of Compliance with the BR Order .............................. 1
Ill. (U) FINDINGS ... .".......................................................................................... 3
(Uh'FOUO) Expired Selector Was Queried ................................................... 3
(U/U:OUO) Controls Are Not in Place ........................................................... 4
(U/IFOUO) Analysts' Duties Are Not Clearly Defined and Separated ....... 5
IV. (U) ACRONYMS AND ORGANIZATIONS .............................................. 7
APPENDIX A: (U) Objective, Scope, and Methodology
'APPENDIX B: (U) Summary of Recommendations
APPENDIX C: (TSHSIHNF) DoJ Letter to FISC Regarding Incident Involving the BR
Order
APPENDIX D: (U) Full Text of Management Response

TOP SECR£T//C01dfNT//"fli'OTOtV<l
iii

 DOCID: 4230249
ST-10-0004C

(U) This page intentionally left blank.

TOP SECRET;'lCOi\fINT//P.,1fJJ:OR}1•l
iv

 DOCID:

REF ID: A4197.24 7

4230249

TOP SECf(f!'f/J 'COivtIN'f/;NOFORN

ST-10-0004C

(TSh'SIHNF) Audit of NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records Control Weaknesses

I. (U) EXECUTIVE SUMMARY
(U) OVERVIEW
(T£f/SI//N'.'.F) In May 2010, the Office of the Inspector General issued a
Pilot Test Report (IG-111545-10) as part of our ongoing audit of NSA
Controls to Comply with the Foreign Intelligence Surveillance Court
Order Regarding Business Records (BR) (ST-10-0004). In the report, we
identified three control weaknesses in querying BR metadata. We did not
make formal recommendations bec::~:i:t:~~.:1:4.~.releaseo4
a new
selec!2r.tr.acking.applicatiotfllfa.fwould address those weaknesses, was
believed to be imminent-first in April 2010 and then in May 201 o.
···Howevet;. becausel
!release date kept slipping (it was released
on 25 June 2010) and because a March 2010 query of an expired
selector .underscored one of those reported control weaknesses and
identified an additional weakness regarding data integrity functions, we
recommended that Agency management take immediate action.

I

(U) HIGHLIGHTS
(TS//SI/f1'W) While testing March 2010 data, we found that an expired
selector marked as approved was queried by a Data Integrity Analyst
(DIA) for what seemed to be foreign intelligence purposes. The
Department of Justice reported the query as an incident of noncompliance in August 2010; however, NSA disagreed that the query
constituted a violation because the reasonable articulable suspicion
approval was valid for the time-bounded period queried. Regardless, the
query raised the following concerns:

(h)(3H=>~L-86~36

···mm

•

(C//RBL 'PO USA, FVBY) A DIA was able to query an expired
selector because controls were not in place to prevent such
queries and the manual process that management had
temporarily put in place did not identify the selector as needing
revalidation.

•

(TS//SI//NF) DIAs can query BR metadata for both data
integrity and foreign intelligence purposes, increasing the risk
for non-compliance with the Order.

(TS// SI/ (PJF) Management concurred with the recommendations in our
audit report and completed one. Specifically, management released
........ ,
June 2010 and has verified that controls are now in place
to address selector revalidations and the two remaining control
weaknesses that we reported in the Pilot Test Report.

Im

TOP SECRET1/tCOMI1VT;)'NOFORH
v

 DOCID: 4230249

REF ID:A4197247
1

TOf' SECI\ET;/ 1CClrfillT;/ 1"lOTGRll

ST-10-0004C

(U) This page intentionally left blank.

'f'O? SECR:ET//C(Xl!ff1\T//NOFOR.Jo{
vi

 DOCID: 4230249

REF ID:A4197247

TOP SECREii)''CO:tW:iNT/;/1VOTORi ef
ST-10-0004C

II. (U) BACKGROUND

(TSf,<Sl#NF) Terms of the Foreign Intelligence Surveillance Court (FISC) Order
Regarding Business Records (BR)
(TS/fOi//f~ The FISC BR Order requires that U.S. selectors be
revalidated every 180 days and that all other selectors be revalidated
every year. Data Integrity Analysts (DIAs) can query any selector,
regardless of its approval status, for data integrity purposes. However,
DIAs are prohibited from querying expired selectors (i.e., selectors not
revalidated within the mandated timeframe) for foreign intelligence
purposes. A Department of Justice (DoJ) National Security Division
representative stated that a query made by a DIA to provide direct
assistance to a foreign intelligence analyst constitutes querying for
foreign intelligence purposes because the query results are shared with
the analyst for intelligence analysis.

(C//REL TO USA, FVEY) To meet the querying terms of the BR Order,
NSA implemented standard operating procedures requiring DIAs to
operate within the same control structure as foreign intelligence analysts
when providing direct assistance. Specifically, these procedures require
that DIAs use the standard login, which prevents such violations as
querying selectors that are not approved when "reviewing telephone
identifiers prior to and or after the issuance of a serialized report," and
"[helping] analysts interpret and understand the results of their queries."
When DIAs conduct data integrity analysis, procedures require that they
use a special login that bypasses such controls. The procedures specify
that DIAs should not use the bypass login when providing direct
assistance to foreign intelligence analysts.
{TSHSIHNF) Testing of Compliance with the BR Order
(TS//SI//NF) We began our review by pilot testing compliance with six
requirements of the BR Order relating to querying and dissemination.
The goal was to ensure that each requirement was testable using the
continuous auditing method. To determine whether controls are
operating as intended, we are continuing our review with monthly testing
ofNSA compliance with seven requirements of the BR Order for 2010.
To date, we have completed testing and reported results of data from
January through July 2010.

TOP SECRET//CQP.{Jl\TT//P..TQFORN
I

 DOCID:

423024:9

ST-10-0004C

(U) This page intentionally left blank.

I'D? SECRETl/COJHNT//NO...ll.QRI'l
2

 REF JI:D:A4197247

DOCID: 4230249

TOP SECRtT/'/ce·fll\''l'i
1 1 1 9 1 ; / il\loLvR/\'
i1
1
i1

ST-10-0004C

Ill. (U) FINDINGS

-ff8j,(gWJVFJ During our monthly testing of March 2010 data, we found that a U.S. selector
had not been revalidated at 180 days, as mandated by the BR Order, and the selector
remained "approved" for querying in the BR Foreign Intelligence .Surveillance Act (FISA)
database for 16 days past the expiration date. As a result, a DIA was able to query that
selector, in possible violation of the Order. This incident occurred because adequate
controls were not in place to revalidate reasonable articulable suspicion (RAS)
determinations of selectors, as mandated by the Order. We reported this weakness,
along with two others, in our Pilot Test Report. The incident also revealed an additional
control weakness: DIAs can query BR metadata for both data integrity and foreign
intelligence purposes, increasing the risk for non-compliance.

(U/IFOUot Expired Selector Was Queried
(Cf /Rf!3L 'fO US:A, fi'V'EY) While testing March 2010 data, we found that
an expired selector marked as approved had been queried by a DIA for
"(6){3};;P~L~"86..36·· :::::::::::::::::Y.Y:J:;iat..see.m.<::.4... to be foreign intelli ence u oses. The U.S. person
798 ·..
(b)(3}·t~
.. . s.~fodothad-beeiiapproved
but had not been
.
reviili.dated.on its ex iratiotf'date,
he selector was still .
marked as approve·
---....-':"'""""'i--'="
request for information associate WI

ust-:·

.~elector

........ .,;::::::::::::::::

.......----r-=---.:~~~-.....--:---.--....--...,.....---....--_,.1

······································~--

(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

T e DIA o owe stan ar operating proce ures or
'-p-r-ovi.....,.,··.....-g----e-c..,..t....
assistance by using a standard login rather than
bypassmg·querying controls and did not indicate in the justification field
that the query ~as for data integrity :urposes. The selector was changed
to "not approved"l
J16 days after its expiration. No
other queries of this selector had been made.
(0/ /REL 'fO US:A, FVEYi Because the query seemed to have been
conducted for foreign intelligence purposes, we notified management of
the possible non-compliance incident, and Special FISA Oversight and
Processing (SV42) issued an incident report on 25 May 2010. On
2 August 2010, the DoJ National Security Division reported the query as
a compliance incident pursuant to Rule lO(c) of the FISC Rules of
Procedure, effective 17 February 2006 (see Appendix C). However, NSA
disagreed with DoJ that the query constituted a violation of the Order
because the RAS approval was valid for the time-bounded period queried
by the DIA to answer the client's technical question. NSA's position is
described in detail in Appendix D.

'f'Of' SECRET//C02rfINT//NOFOR:i\l
3

 DOCID: 4230249

REF ID:A4197247

TOfJ St!:CRET;/'COlt-Hl<lT;';l\TQf'Oflll

ST-10-0004C
(U/fFOUO) Controls Were Not in Place
(G//~L TO U~A, llS.lli:¥) A DIA was able to query an expired selector
because controls were not in place to prevent such queries and the
manual process that management had temporarily put in place did not
identify this selector as needing revalidation. This weakness, along with
two others, was identified in our Pilot Test Report. We did not make
recommendations at that time because we found no incidents of noncompliance and the control weaknesses were to be resolved with the
release ofl
la-newselectortr.;::i.c::~g application, then planned
for May 2010.
····· ······· · ······· ... ,.°(J:>)(J)-P.L. _

86 36

(G//F"{gLTO U&.1., FVKY) Because!
ltei~~~e date k~pt slipping,
the risk for non-compliance remained for requirements relate(!. to U.S.
persons, selector revalidations, and time-restricted selectors. However,
Agency management reported on 28 June 2010 thatl
lhad been
released on 25 June 2010 and was operational.

(U) RECOMMENDATION 1
{6)(3)~P~L .. 86•36··· ........ ff_§.1'(§._l(J'P.~..~) 1i:nmediately verifJ that con~rol~ in the newly

released ve·rsmn·ofl

_are function mg to:

a. prevent querying selectors associated with U.S. persons
without a documented Office of General Counsel review for
First Amendment considerations;
b. prevent querying selectors not revalidated within BRmandated limits (180 days and one year for U.S. and foreign
selectors, respectively); i:md
c. tag, track, and identify time-restricted selectors.
(U) (ACTION: Homeland Security Analysis Center [S214]
with SV42)

(U) Management Response

(b)(3)-P .L. 86-36

:findin,

(U / /~OUGj-CONCUR. Management concurred with the
and
recommendation and has taken appropriate action. I
was
implemented on 25 June 2010, and the Director of Compliance, Office of
General Counsel, SID Oversight and Compliance, and DoJ
representatives were provided demonstrations and expressed their
approval.

TOP SECLlET;S'CO}lfl,\7;'/NOJVR,'f)l
4

 DOCID:

4230249
ST-10-0004C
(U) O/G Comment

(U / /FOUO) Management has taken corrective action that meets the
:intent of the recommendation.

(U/,q::ouot Analysts' Duties Are Not Clearly Defined and Separated
(C//RfflL "PO USA, FVf¥t1 The March 2010 query of an expired selector
revealed another weakness: DIAs can query selectors for data :integrity
and foreign :intelligence purposes. The Standards for Internal Control in
the Federal Government state that key duties and responsibilities should
be divided among different people to reduce the risk for error and fraud.
No one :individual should control all key aspects of transactions or
events. Although DIAs do not conduct target analysis or report on
targets, they might help a foreign :intelligence analyst with a question on
a target. In those cases, the DIA is query:ing for foreign :intelligence
purposes, not data :integrity, and must use the same rules as foreign
:intelligence analysts. These procedures require that DIAs and foreign
:intelligence analysts use a standard login that :invokes controls over
query:ing, such as preventing the query:ing of selectors with a status of
"not approved." However, DIAs also use special logins that bypass such
controls and allow them, for example, to query selectors that are not
approved, which is permitted for data :integrity analysis but puts DIAs at
risk for query:ing for foreign :intelligence purposes without controls.
(C//R±SL 'FO U&h, FVESY) The 'March 2010 :incident revealed that the
functions of DIAs are not clearly defined and communicated. It is
unclear whether the DIA's query was for data :integrity or foreign
:intelligence purposes. The standards for :internal control require that key
areas of authority and responsibility be defined and communicated
throughout the organization. The standards also call for managers to
document clearly such :internal control mechanisms :in management
directives, administrative policies, or operating manuals that are readily
available .
. (TS//SI//~W) Although 8214 management.stated that they discussed
with DoJ the appropriate functions of DIAs, personnel did not have a
common understandihg of the types of queries appropriate for foreign
:intelligence and data integrity purposes. Furthermore, existing guidance
did not clearly link the types of queries with the purpose of query:ing, and
supplementary guidance was still :in draft. For example, after we
identified that an expired selector had been queried :in March 2010, it
was unclear whether the query had violated the FISC BR Order.
Specifically, personnel had differences of opinion as to whether the query
had been for foreign intelligence purposes and, therefore, a violation or
for data :integrity purposes, which is not a violation.
(T£f/~l/f1\T¥) Without clearly defined roles, a distinct separation of
duties, and well-understood policies that differentiate queries for foreign
:intelligence and data integrity purposes, DIAs are vulnerable to errors

TOP SECRBT; 1/CO;AfE"lT;'/'1"lOPORi\T
5

 DOCID:

423024:9

REF ID:A4197247
rOP SECRET//COMllvT;/NOFOR.N

ST-10-0004C
and violations of the FI8C BR Order. In particular, DIAs might
mistakenly query selectors for foreign intelligence purposes while using
the special login that bypasses key controls.

(U) RECOMMENDATION 2

(TS//Gh'/NF) Clearly define and separate the duties of DIAs and
foreign intelligence analysts. Specifically, implement controls to
prevent an individual from querying BR metadata for both data
integrity and foreign intelligence purposes and issue formal
guidance to differentiate such queries.
(U) (ACTION: Exploitation Solutions Office [S313] and
Structured Repositories [T132])

(U) Management Response

(U / /FOUO) CONCUR. Management concurred with the finding and
recommendation and provided target completion dates. Management
plans to move data integrity functions out of 8214 and into 8313, and
T132 and will develop appropriate procedures and job descriptions.
(U) O/G Comment

(U / /FOUO) Planned and ongoing actions meet the intent of our
recommendation.

TOP SECRET//CO}.fl{1{T//fllOI'OKN
6

 DOCID: 4230249

REF ID:A4197247
TOf' SECREli/COi"vfl:N'l//NOFORJ.V
ST-10-0004C

IV.. (U) ACRONYMS AND ORGANIZATIONS

(TS Tl
I 'Sf I ''NF) BR
Tl

Business Records

(U) DIA

Data Integrity Analyst

(U) DoJ

Departm.entofJustice

(U) FISA

Foreign Intelligence Surveillance Act

(U) FISC

Foreign Intelligence Surveillance Court

(U) RAS

reasonable articulable suspicion

(U) S2I4

Homeland Security Analysis Center

(U) 8313

Exploitation Solutions Office

(U) SV42

Special FISA Oversight and Processing

(U) T132

Structured Repositories

'f'Oi' SECR£T//C01vff.NT/;/fv'OFORN
7

 DOCID:

4.230249

REF
ID:A4'197247
Te:P 5E€.n
T'."T' 11,-,r-.1 KT1\ T'T';-11\ rr-.r.nn 1\ T
1\LI// CVlWlV 1//1 VOL Olli'

ST-10-0004C

(U) This page intentionally left blank.

TOP SECRET;$LCOi''tffl>IT;$1.Aro_,_r:.oR1\T
8

 DOCID:

4.230249

REF ID:A4197247
TOP SE€RET; /tCOP.fI1VT;'j(\'OFORl\l
1

ST-10-0004C

(U) APPENDIX A

· (U) Objective, Scope, and Methodology

TOP SECR£'F//C01ifINT/;'NOflottN

 DOCID: 4230249

REF
ID:A4"197247
TO" SEC.n
r:rr / /r>r>"A
rrr7'/11. rnr:nn 11. r
i\L1// COlWl 4' 1// 1"01 Olli Y
AT/\

.L

ST-10-0004C

(U) This page intentionally left blank.

TOP SECR£T;';'C01v11i\ft'//Nfff0t?.N

 REF ID:A4197247

DOCID: 4230249

TOP SIJ..Cfili.T//CUMlL'lT//NOFORJV

ST-10-0004C

(U) ABOUT THE AUDIT
(U) Objective, Scope, and Methodology
(U) Objective
('FS//SI//N:F) The overall objective oftbis audit is to test whether
controls to ensure NSA compliance with key terms of the Foreign
Intelligence Surveillance Court (FISC) Order Regarding Business Records
(BR) are operating as intended. During the pilot test phase of the audit,
oµ.r objective was to determine NSA compliance and assess the feasibility
and reasonableness of including in monthly testing six objectives related
to querying and dissemination. For monthly testing, our objective is to
test NSA's compliance with seven requirements of the BR Order and
determine whether controls are operating as intended.

(U) Scope and Methodology
(U) We conducted pilot testing from January to March 2010; monthly

testing of January through July 2010 data was conducted from March to
August 2010.
·
(T£//SI//Pf.F) For both-pilot testinr and monthly testing, we compared all
selectors that were do~1:1!r.l.~nted.-inl
. laudit logs and had been
ql]._~rje..d.eaoh-montl;fagainst access lists, reasonable articulable suspicion
.,,,,,...... -··- ·-··· -··-·-······ -·-·-·approvals documented in the Foreign Intelligence Surveillance Act BR
(b){~):P;b··86~36........ d.gtabase, and Office of General Counsel reviews documented in the
·······...
Homeland·Requests...P.~~base. We also counted the number of hops
·. .
chained for each selector iii"th~·................... laudit lo s. For monthl
· · ... _ testing, we also applied these tests to quene·s.ofthe
We researched any an'-0-m---.....e-s'""'t_o_m__,,....1
final determination of compliance.

l

I

(U / /FOUO) We met with individuals from the Office of General Counsel
(OGC), the SIGINT Directorate, and the Technology Directorate, including
the SID Office of Oversight and Compliance, Information Sharing
Services, Homeland Security Analysis Center, SID Issues Su,ort Staff,------··
Analytic Capabilities, Structured Repositories, andl
-- ·
(b)(3)-P.L. 86-36
Operations.
(U / fFOUO) Details on the scope and methodology used for pilot testing,
including scope limitations, are included in our Pilot Test Report (IG11154-10). Details on monthly testing are included in the January to
March 2010 Test Report (IG-11160-10), April 2010 Test Report (IG11163-10), May 2010 Test Report (IG-11174-10), June 2010 Test Report
(IG-11179-10), and July 2010 Test Report (IG-11188-10).
Appendix A
Page 1 of 2

TOP SECRET;'/COAfINT//f.v'OFORJ-l

 DOCID: 4230249

REF ID:A4;~7247
TOP SECRET;/rCG}•Hi\JTyrOFO.R.l+·

ST-10-0004C
(U) We conducted this performance audit in accordance with generally
accepted government auditing standards. Those standards require that
we plan and perform the audit to obtain sufficient, appropriate evidence
to provide a reasonable basis for our :findings and conclusions according
to our audit objectives. We believe that the evidence obtained provides a
reasonable basis for our :findings and conclusions according to our audit
objectives.

Appendix A
Page 2 of 2

TOP ~RF:T//C()},fL''ff//f'VroFORN

 DOCID: 4230249

REF ID:A4197247

TOP·SECRET//CO:iYJ.7J·{T/;~VOr01uvT

ST-10-0004C

(U) APPENDIX B
(U) Summary of Recommendations

TO? SECRE'f'//C01dlN'f'//t•lO?ORl•ll

 DOCID: 4230249

REF
ID:A41.q7247
TOP SEC.Tl
r.rr I I r rn ,rn rrr7 /( r .n r..n n "!\T
.L(L1/) COlilll Q 1// 1 4 U1 U1tI'i

ST-10-0004C

(U) This page intentionally left blank.

TOt1 S'l!:Cll'f'/;'COlvtI1V'f'/;'f<;l(JffJttN

 REF J:D:A4197247
11

DOCID: 4230249

ce·w 'T

TOP SECRET/11/ 1 '

.t1J

" 'Ol
// l,

Oll",
114

ST-10-0004C

(U) Summary of Recommendations

Recommendation 1
(TSt/Slt/NFl Immediately verify that controls in the newly released
ver.~.i~9.
are in place and functioning to:
·

ofl

......

···············

(b)(3)-P.L. 86-36

I

a. prevent querying selectors associated with U.S. pe_rsons
without a documented OGC review for First Amendment
considerations;

b. prevent querying selectors not revalidated within BR-mandated
limits (180 days and one year for U.S. and foreign selectors,
respe~tively); and
c. tag, track, and identify time-restricted selectors.

'

(U) Status: CLOSED

Recommendation 2
(TSNSIHNF) Clearly define and separate the duties of data integrity
analysts and foreign intelligence analysts. Specifically, implement
controls to prevent an individual from querying BR metadata for data
integrity and foreign intelligence purposes, and issue formal guidance to
differentiate such queries (ACTION: Exploitation Solutions Office [S313]
and T132).

~~~ ~!~~~~:C~~~~tion Dates: i....--------.~~~T~~3 · · · · · · · · · · · · · ·

Appendix B
Page 1 of 1

(b)(3)-P.L. 86·36

 DOCID:

4230249

ST-10-0004C

(U) This page intentionally left blank.

'I'D? SECRETi/C01vJi1\lr/;/:!•lOFOffN

 DOCID: 4230249

REF ID:A4197247
TOP SECRET//COfofll'v'Ti/IVO:FOfti<l
ST-10-0004C

(U) APPENDIX C
(TSNSINNF) DoJ Letter to
FISC Regarding Incident Involving
the BR Order

 DOCID: 4230249

REF ID:A4197247

'f'Ot' SECK£17/cOivill\J1/;NOrOtd'i

ST-10-0004C

(U) This page intentionally left blank.

TOP SECRET//C0:1i!fHff//NOFORt•l

 REF ID:A4197247

DOCID: 4230249

U.S. Department of Justice

1 , .·.

National Security Divis~on S U,1:; ~}/., :·.

TOP SECRET//COMINT//NOFORN
'.'

. -~ ! r:

i-: ·}-;-. ~-

The Honorable John D. Bates
United States Foreign Intelligence Surveillance
U.S. Comihouse
333 Constitution Avenue, N.W.
Washington, D.C. 20001
Re:

Ii.1~~u7.."

Compliance Incident
u•·•;·
Investigation for
G'>J;:··
AT&T, the Operatmg ·s~p;§l;·•·
'ii ..
Pminership d/b/a Verizmi~~:·
Associated Terrorist Organiz,
and Abr
, fiiliated with al''
the 9:~Z~
f han and
P~s
';~ed States and
"
,~. ·st · ·--·----·---

m:

_-.-J'7;-,,,·:·

.

lligence Surveil
'"ie?·•::fcfw.iher advises
'<!)..
eilminary notice

~~~

.., .i.·J:;q~.!:Q,;I,f}£!ge Reggie B. Walton approved an
· '"edth~t;at#ftoxity
on May 14, 2010, in docket
·.._,_;._
){8p;Y:gl.~~Bt~~\~ Order in docket number
{ ,<·<·,,~;~. f::·•"<'~-.<'

···-·\1j1~

·<:r: F/;' .. m1d qeyeloping mia iesting~any':f.ec o _ogical .. eaf~~£W~~~if:~~a~iee~~~ ~~~:~ac~!;iity
·<~:,i. ~J.·_'· i~Y:i~··f~9;§9~1-ti~~!,¥rs-: "-·'B0ck~t~uw1)~1~}3,~.Jl.Q~J·~;~~W,¥:y;6rder at 5. "Persons who query

1

, tBe·'.§~1p:~t~4Ml:i:J?pt~\lant to this pai-agrapfr:Jnay..'.q11IY:~sl1aj·y:the results of any such query with
::9tJ:ierspe9f@yTq~~~re.~;NSA tcclmical personnel," \vHhlhnited exceptions, including when "a
cla.t,aintegi:ity'aii~lys.t[l)J.Al conduct[s] the query using a RAS-approved telephone identifier at
the 'N~.qtj~st·qf'~#-~i'l~1ysfiiit~fizcd to query the BR metadata" Id. at 5-6. (TS//SI//NF)

' :'<;.£&.;, ;:'7n;: . ~i:.:':,:;~xi~;;;}.ii~~"

On<i'll1t~J:<:ff~l>.J.m·Jg.~.~fl:t~81,1~1 Security Agency (NSA) advised the Department of
Justice's NatiQ!lttl,;~~~P;R:~Y:.·R!Ji~j()p.''.%the compliance incident desclibed below:

~~~l~~~ll~JJf

fcRET//COMJNT//NOFORN

cl1i_§·stfi6d by: Davids. Kris, Assistant
o/
Attorney General, NSD, DOJ
Reason:
l.4(c)
Declassify on: 2 August 2035

 DOCID: 4230249 REF 
TOP 
I On March 9, 2010, a DLA queried the BR metadata ill to a Federal Bureau of

hwestigetion (FBI) request for certain infunnmion l'elafing to a United States telephone
identifier refereueed in a previously issued NSA report. Specifically, the FBI inquired

 
  

a The reasonable, alficulable suspicion (RAS) approyal'lfm ler expiremon
before the query. (I111 dibea'n RAE-approved on 
-.) Still, the identifier was listed on the iqn Table hisloiically, list of
identifiers that have undergone RAS dete lions as RAS--approved unh'l
- at time its status was eheng to "not . . ,i 

The DIA used the identifier eeiidue/t shingle quei 0/1" the BR needed-in the 
Tiensaetion Database. Altireughthe prelimiuni ntiee eitliis inei'de tr 0 that
the query was timaebouudcd/m/flie period of through" mie- 
query was not time-hounded 333151, the DIA ed reigew'of'the queryresultsg
to the time period referenced in the 1731's request 

a Based on the query results, the DJA detemiined that no memiu'g date was available for 
fl-re identified, an NSA provided than l'ilfolmah'on to the FBI. didnog 
report based err th squery. 1 

  

   
   
 
 
 

   

 



This int/gent was discuveseg by the staff of SA's Inspector General through their

review of 0011 used te the Court's 0rd is in this matter; NSA dirihiins that it
conducted no using the identifier after the DLA's quary describcd abuvei 

At the timsbfihis incident, NSA managed the RAs--eppreyel'steti'is ofiderltifiers\oll the
Station Table threughk periodic, ihnnusl review of these identirie 5. NSA assesses that '3
eernplianee incident resulted from delays in the manual ieview process. NSA further as esses
that a technical modifieetiehliltely will 131':va these of eomplisneeiireideut flaw/occurring

"fit In June 2010, implemented a-new pregral'n to manage and haemequests te

   
  

ectierr Chief, Ovelsl'ght
 - Natlonal Security Division
us, Department of Justice

 

 


TOP 

2

DOCID: 4230249

REF ID:A4197247
'f'OT' SECR£T//COMI1VT //N0f'OR1'l
ST-10-0004C

(U) APPENDIX D

(U) Full Text of Management Response

 DOCID: 4230249

REF ID:A4197247
1

TOP SECRETi~ COi'riH'llT/1%TJr0tm'

ST-10-0004C

(U) This page intentionally left blank.

TOP Si!CltET;'/COlYJJN'T;'/NOFORJ.\l

 REF ID:A4197247
SECURITY CLASSIFICATION

NSA STAFF PROCESSING FORM
TO

OIG
THRU

I

EXREG CONTROL NUMBER

I

KCC CONTROL NUMBER

2010-4645

EXREG SUSPENSE

ACTION

~~~~~~~~~~~~~~~~~~~~~~~~~~--!

SUBJECT

(TS//Sl//~JF) SID Response: Quick-Reaction Draft Audit Report ofNSA
Controls to Comply with the Foreign Intelligence Surveillance Court Order
Regarding Business Records - Control Weaknesses (ST-10-0004C)

D
D

18 Aug 2010

APPROVAL

KCC SUSPENSE

SIGNATURE
ELEMENT SUSPENSE

X

INFORMATION

2 Aug 2010

DISTRIBUTION

SID, 802, S2, SV, D4, Tl2, OGC
SUMMARY

PURPOSE. (T6//SI//P'¢F) To provide the SID Response to the subject DRAFT Report.

BACKGROUND: (TSHSI:h~ff) In May 2010, the OIG issued the Pilot Test Report (IG-11154-10) as part of the
ongoing audit ofNSA Controls to Comply with the Foreign Intelligence Surveillance Court (FISC) Order Regarding
Business Records (BR) (ST-10-0004). The pilot testing identified three control weaknesses in querying BR metadata
as well as concerns related to the dissemination of information. Because there was no evidence of non-compliance
and the release of the new selector tracking application that would address the weakne~~~sl
was
imminent, the OIG didn't make formal recommendations opting to monitor the sitµation and make formal
recommendations as necessary.
. .... ··· · {b)(3)-P.L. 86-36

I

('f~//~I//Mfl) The continual slippage ofl

lreleas~d~t:I·

Jreleased June 25, 2010) coupled

with the March 2010 non-compliance incident (which underscored one of the reported control weaknesses and
identified an additional weakness) resulted in the OIG recommending Agency management take immediate action.
The subject quick-reaction draft report is the result of the problem that warranted immediate attention by Agency
Management.
DISCUSSION. ff5//5I//Mfl) The SID Response·to the subject document has been coordinated with 52, SV, T12, D4
and OGC. It includes the response to the two Recommendations for SID Lead and NSA' s response to the DOJ' s
notice of violation. Also included for your reference is the SV42 response to the March 2010 incident relative to the
subject report.
_//(IJ)(3)-P .L. 86-36
.·..

/ co0-RDiNAJION/APPROVAL
··. ·.. OFFICE

1)4
S2

ORIGINATOR

SID IG Liaison,
FORM A6796

John DeLon //email//8/6/10
/email//8/9/10

963-3335

sv
T12

NAME AND DATE

10
/email//8/6110

963-1705
963-0247
ORG.

S023

PHONE (Secure)

966-5590

DATE PREPARED

11August2010

Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20320 I oRff'IEjfl'-§1.~~~etll:M:fH:f#i~~ffl'.~

SECURE
PHONE

963-8309

 DOCID: 4230249

REF ID:A.4197247
'l'OP 8ECRE'tYlCOlrflll117'f\'&FORN

(TSHSJ:n'-NF) SID Response: Quick-Reaction Draft Audit Report of NSA Controls to
Comply with the Foreign Intelligence Surveillance Court (FISC) Order Regarding
Business Records - Control Weaknesses (ST-10-0004C)

(TS//SI//HP) Introduction: The SID Response has been coordinated with the Deputy
Directorate for Analysis and Production (S2), SID Oversight and Compliance (SV), and
the Office of General Counsel (OGC) because the same issue is being addressed in
parallel channels at the SID level and above. The Department of Justice (DOJ) filed a 10c
notice of violation with the Foreign Intelligence Surveillance Court (FISC) to which
NSA, through OGC, is providing a non-concurrence on describing this event as a
violation. NSA' s response to DOJ is included in the Background and Context section of
this document. It is being provided to ensure that NSA provides consistent responses
and appropriate context to these parallel reporting actions. While NSA does not agree
that this event was clearly an 'incident of non-compliance,' it does highlight deficiencies
in the previous selector management applicationi nevertheless it falls short of a
compliance violation.
(ilH?J~f.>:.L.JJ.6-36

\" -:::::::: : ::::·::: . ::.::RE~?.MME~J.?:_'.TION.1: ffSftj~fl) Immediately v~rify that controls in the newly
\
·<. ·"·l'.~leased..v.~!s1on ofl
_are m place and functiorung to:
·.. ""a). prevenlquezying selectors associated with U.S. persons without a documented
.
"..
"·ode.review for.FitstA.mendment considerations,
.
b)"t?l'.:?~ehtquerying sei~clors.Q~t revalidated within BR-mandated limits (180
\
days an(J. one"y~ar for U.S. and foieign_s,electors, respectively), and
"
c) tag, track'-. amfide.p.tify time-restrictecfseledq_rs.
.
If the conclititn1s in a;--b,Jmd c cannot be verified.;imm~~:liately develop and
.
implement interill'.l:plans'to-~~dress these weaknesses untill
lean be
. d
..
. "·
dif
mo ie .
········...
...
.
SID Action Element: Chief,S2I4 with SV42 and T1222
\
\

201~):(0/)FOU~)~IDcqncm·s

SID RESPONSE (August
with this recommendation.
On 25 June 2010 the new selector martagement syste1:n;I
I was activated and
\ all deficiencies noted in the OIG report have been addressed. The OIG has been
'\ provided real time updates associated with this release and has interacted with S2I4's
I
lliaison in order to perform their own: review of the application.
Additionally, the Office of the Director of Compliance (ODoC), Office of General
Counsel (OGC), SID Oversight and Compliance (SV), Office of the Inspector General
(OIG) and Department of Justice representatives have all hadl
functionalities demonstrated to them and expressed their approval (see additional
information in Explanatory Remarks section)

I

POC: 1
....._ _ _ _.....!Chief, S2I4, CT Homeland Se:~~!YHJ.\r.:t~llysis,j.__

__.1969-0224

Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20320108
FOP SECRE'fYlCOl,,JIJV'fYfNOFOltlf
(b)(3)-P.L. 86-36

 REF ID:A4197247

DOCID: 4230249

TOP SECR:Ef'fl'CO!dll,TT!'J'f•lOPO"JJ:lil
(TS#S;wNii) Quick-Reaction Draft Audit Report of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business Records - Control
Weaknesses (ST-10-0004C)

(TS//SI//HF) March 2010 Non-Compliance Incident- Additional Information
(TS//SI//HP) SID Oversight and Compliance/PISA Authorities (SV4) emphasizes that
all of the items listed in recommendation 1 are procedures and features of th,....e_ ___,
...... ,
!program that h~~~ been in ~l. a.ce sine~ ~une -~-~'...~9.~9.: .NSA.Wayl
.....
.
hmtial operati:ng. capab1hty·was concluded by T12 personnel
on June 22, 201 Q: .Ihis.acceptance·snouid serve as the testing verification for the
..requiremerifSset out in recommendation 1 of the subject report.

I

·
_,..:: ... :·
('iJj(:J")~P .L. 86-36

(TS//SI//fqf) Operational testing and evaluation is on-going under real-world use
while the developers and technical oversight personnel are monitoring "bug reports"
and user feedback with a keen eye toward compliance issues. In addition, an
. _Emergency Change process is established with a cross-organization technical and
6v~rsight team in place to resolve any compliance findings or to determine adjustments
to the program should changes in the legal environment occur.
•,

(U) SV42 p~oposal related to Recommendation 2.

(TS//SI//NF) ~elow are the DIA roles and specific functions as defined in the Data
Integrity Analyst-I
!standard Operating Procedures (SOP),
dated September 28, 2009, while the DIA's were assigned to the SIGINT Directorate.

! _____.Ito-···· ··(b}(3)-P.L. 86-36

(TS//SI//P<IF) In the SOP, the DIA's have three tools or roles within....
perform their functions:

~· Th~ftrstrolel

{ti.kt)

.......

land was
d:scribed a~ only for the use of providing support to analysts both in and out of

(b){~).,f> .L. 86 _36 t ~ ~T p~~ uct line.
(b)(3)~o

<\

use 3024(i)
··········...

············ ············

.

B. The second availabletol~.__,,__ _ _ _ _ _ _ _ _ _ _.....IWithin this
second role was a list of typical support:
1. Reviewing telephone identifiers prior to and or after the issuance of a
serialized report or a Request for Information (RFI) in order to verify
the accuracy of thq
ldata;
"(b)(3)-P.L.
2. Helpirig analysts interpret and understand the results of their queries.
3. Confir:rrtl
]
m

,.m

......

....

m,um.....

m

,.mmu"U

\. . ....-,
I - - - - - - i - - - - - - - - - - - - - - - "I

Derived From: NSA/CSSM 1-52
Dated: 20070 I 08
Declassify On: 20320108

TOP SECREIWC01l!BVTA'NOPOR:A'

86-36

 .

~

..

R.EF ID:A4197247

DOCID: 4230249

TlhQ SECREnSWiW1JV1/sCJVOFORJV
C. The thirc:l.role

hich provides the DIA by-pass capability. This third
tool was described for use in technical and data integrity purposes only and the
~~~g~-P.L. 86 _36 ~y-pas.s capability was specifically called out not to be used to support functions
(b)(3)-50 use 3024(i}n sections A. or B above.
.....................

·····:::::; ...

."'''''''''

(TS//SI//tqf) SV4 recommends that those offices that have taken on the functions,
previously or currently known as the Data Integrity Analysts, establish a policy that
clearly defines and prohibits the use of RAS by-pass modes while working on data for
or assisting other analysts for intelligence analysis purposes.
(T5//5I//~JP) The policy should state that the use of any RAS by-pass functions should
be limited to processing and data formatting purposes to ensure that the metadata is
accurate and usable by analysts and to ensure compliance with the FISA Court Orders.

(TS//SI//NF) The policy should allow that technical support personnel or DNR
Subject Matter Experts working with BR FISA metadata should be able to continue to
provide technical support to intelligence analysts for the purposes of assistance with
accuracy and technical interpretation of the metadata with or without any RAS by-pass
function enabled.
(TS//SI//NF) However, the policy should strictly prohibit the use of a RAS by-pass
function by technical support personnel or DNR Subject Matter Experts as described
above to assist with or provide any analytic interpretation of results of queries against
the BR FISA database that would supply any information of intelligence value.

roe:I
...lsv42, 969-0024
Appro'-v-ed-by-:..-l- - - - -...,..~...,.J...
1ief SID Oversight and Compliance, 2 August 2010

(b)(3)-P.L. 86-36

 DOCID: 4230249

REF ID: A41:9724 7
FOP SECRET/lC:OlrfTN1YJ'NOFORJl{

RECOMMENDATION 2: (T8#8J#NF) Clearly define and separate the duties of Data
Integrity Analysts and Foreign intelligence Analysts. Specifically, implement
controls to prevent an individual from querying BR metadata for data integrity and
foreign intelligence purposes and issue formal guidance to differentiate such
queries.
(U) (ACTION: Chief, S2I4 with SV42 and T1222)
SID RESPONSE (August 2010): (TS/;'SI//HF) SID does not concur that this is an
action for Chief, Homeland Security Analysis (S2I4) as stated in the rec01mnendation.
Counterterrorism (CT) Production Center (S2I) does not intend to retain individuals in a
'data integrity analyst' (DIA) capacity and is working to transition those functions to
where they fit better within SID. The DlA function is one of the legacy consh·ucts
tracing back to a former NSA compartmented program. The DIA' s role was not clearly
distinct from target analysts. S2I4 determined during the end-to-end reviews that data
integrity analyst functions should be moved out of the production organization and
aligned with other corporate elements within SID' s SIG DEV Strategy and Governance
(SSG) and Deputy Directorate for Data Acquisition (S3), who perform similar functions
related to data integrity and fidelity at the point of ingest. Transition of DIA functions,
not DIA positions, is ongoing with Cryptanalysis and Exploitation Services (CES)
(531)/Exploitation Solutions Office (ESO)( 5313) and SSG. S2I has been working with
Chief, Protocol Exploitations (S31323) on this h·ansition of functions. S2I4 leadership
has asked TD to relocate the single remaining DIA (a TD resource) to T spaces. The
analyst who performed the March 2010 query recently took a new job in SSG.
Poe:

I

roe..· I

lcruef,$4.J..4! . S::.!..~°.ll!eland Secur.ity Analy~
..• 969-0224
1-....ehlef.>?t..~,I . g~~~~~~::~~~~9~-~~~'._L_jiq1o3- ~01

(U) Background and Context:

............ · . ....

"==""'"'""····..(b)(a)-P.L.

_
86 36

EC//REL TO USA, FVEY) Where 5214 diverges from this report as written is in the
description of the query performed in March 2010 as an 'Incident of Non-Compliance'.
The report fails to provide adequate background context.

(Te//81//NJ!i') The following was provided to OGC and DOJ for review as an
explanation of the chain of events in the course of DOJ filing an initial 10c:

(b)(1J•······················
(b)(3)-P.L. 86~36
(b)(3)-50

use 3024(i

ror· SECRE1W€0iWLV1WNOFORl'l

 DOCID: 4230249

REF ID:A4197247
TOP 8ECREJWC01~Ili/JWNOFOR::lV

(b)(1-) ......

. (b)(3)-P.L~·86•36 ....
: (b)(3)-50 USC 3024()

(TS//61/ fNF) S2I4 has no contention that the query performed I
land
noted in an OIG audit highlighted specific deficiencies in the legacy applications/used
to manage RAS approved selectors. These same findings were noted during the/End-toEnd reviews of both the Business Records and Pen Register Trap & Trace FISA /
programs. S2I4 leadershi~ strongl.y agreed with the recommendation to delay the
release of thel
applicati.Qr.:t~J::l~il such time as: 1) the End-to-End revi¢w
findings were complete and had been fully.discussed withPQJ..(;llld 2) those fin;dings
could be incorporated intol
ho·address·compliance·vuhler:abilities"Hll"i
......... ·:::;:;;;>"·' (b)(3)-P.L. 86-36
········

.. ·;:.···

:

(S//NF) A new revalidation process was.~.stablisheffand;;ieni~h~~d in the fall of

;:9,

albeit a

,::.:r

cor:i~~!~;:n;~;:~::!sep;;~~::~!f

re-engineet. Prior

underpinned by its own appl.~s;ation~leaving NSA with a purely manual process during
. this transition. S2I4 a.,1J.d-TD.counterparts validated all previous 'customer requirements'
forl
lancfworked through the 'NSA Way' process to completion. SV and
OGC are also 'customers' of this application and along with ODoC, had visibility into
the entire revamping process. This engagement continues to address any issues noted
afterl
frelease~····················m··m··· ..................................................................................... . ..................
o:i(b)(3)-P.L. 86-36

(TS//SI//NF) Nonetheless, the legacy system's defi._c_ie_n__
c.__al_lo_w_,e9··~/DIA to·q:uery on a
selector that should have no Ion er been retained in
as)RAS approveµ.
it should be noteq
however, the DIA could still have queried on that selector
as part of their 'data integrity' duties --- within the bounds._o_,...,t.....------.--.....-----'
RAS approval.
(U / /FOUO) Explanatory Remarks related to Recommendation 1:
a) ES//NF) Any selector being reviewed for RAS that is a US identifier or is
believed to be in use by a US person cannot be RAS approved without an
OGC First Amendment review. As the nomination is entered into
la field to note whether the selector is foreign or domestic must be
('6fr3)~;.:~. .:~~~~~ populated for the nomination to be processed. When the domestic field is
p:opulatedJ . .
lsends the nomination to OGC for review and no

I

b)

~~:~~~1/c?~~)c~~ ~e~!::~::t~~t;;~;!"J?t~~~:eeted.

belector
management system, a revalidation date is set tied to the date of approval

TOP 8ECRETilCOMLVL$'/o{Of¥>R:1V

 REF ID:A4197247

DOCID: 4230249

TOP SECR£1WCOlJB"•l'f'J7'NOJi'ORJ•l
and whether it is US or foreign. HSAC [Homeland Security Advisory
Council] internal management guidelines are that all US selectors will be
revalidated every 90 days and foreign selectors at 180 days. This protocol
should preclude any instance of exceeding FISC mandated timeframes.
A
!will automatically move these selectors into a pending status 15
.......
days from the projected 'expiration'. If any selector in this status has not been
...
revalidated by the cut-qff.dateJ
lmoves the selector into an expired
.....
state. The.select6r·!S··~~ longer noted as 'RAS approved' in the system
..·····:::..:,,.,,,,,,,,,,,,:,;:=::=:::'::::''::::::::.::::::!
............................................................................................ ·...................... j·andl
hs informed of this
·c~){:3):P:i .. ~~-36
action in order to ensure this selector can no longer be queried in the
'· ·
··. ·······I
IBRF or PR/TT repositories.
c) (C//RI!:L TO DaA, FVEY) 'Time Bounded Query' restrictions have their own
.. lcon.vv.:~ch :rompts an ~nalyst to check a sel~ctor's re~or.d withi1: the
I
··. . J;ystem. This record notates the time restr1ct1on and mforms
· :· .
analysts of the··sp~cific timeframe they must focus on during the review of
query results. Information outside of those boundaries must not be used in
. , .., ._ the pursuit of their targets~

\._<::.:.·.·.·. .· :·:.:.· .· ·. ·.· . .

·

I

'

. . .:·1,_- - - - - . - - - - - - - - ' -

POC:I

I Chief, S2I4, CT Homeland Security Analysis,I

Approved by: DDAP,I

l3 Au?. :.~............ ·• ... · · •

(b)(3)-P .L. 86-36

TO:P 8ECRE1iVCOMill1i$'!\/rcJ-FORf{

1969-0224

---

 DOCID: 4230249

REF ID:A4197247
TCi3 SEC~E'f//COMlf<fT//PWFORP<I

Quick Reaction Draft Audit Report of NSA Controls to Comply with the Foreign Intelligence Surveillance
Court Order Regarding Business Records - Control Weaknesses {ST-10-0004C)
RECOMMENDATION 2. (T5f/51//PJF) Clearly define and separate the duties of Data Integrity Analysts
(DIA) and Foreign Intelligence Analysts. Specifically, implement controls to prevent an individual from
querying BR metadata for data integrity and foreign intelligence purposes and issue formal guidance to
differentiate such queries.
S3 Input: (TS//51//Pdf) 53 has accepted responsibility for performing the functions of the Data Integrity
Analysts and determined this mission will be performed within th~,__ _ _ _ _ _ _ _ _ _ _ __.
,____,._ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ___,.Befsed on S3 direction, it is expected that
will have an interim procedure to perform DIA functions i,h place within three weeks, working
toward a p~rmifnentprc:i.cedure to be in place within three mprths.
I

I

I.'

········ ..... j

(b)(1)

(b)(3)-P.L. 86-36

Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20350901
TO~ SECf\E'f//corvll!lff17'r~oFOM

 REF ID:A4197250

DOCID: 4230250

'f'OP SECRET;J'COlvf/1\l'f'JlNOFOJ1N

NATIONAL SECURITY AGENCY/CENTRAL SECURITY
SERVICE
Further dissemination of this report outside NSA ls
PRDH/B/TED without the approval of the Inspector

General.

INSPECTOR GENERAL REPORT

(TSh'Slh'NF) Audit of NSA Controls to Com ply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records
May 201 O Test Results
(ST-10-00040)
30 June 2010

TOP 8ECRET#COAffN'Th'NOFOR...,.,1

gpproved for Release by NSA on 08-06-2015. FOIA Case #80120 {litigation J

 DOCID: 4230250

REF ID:A4197250
'FOP SECRB'f)YCO!vHN"t}]NOFORl'T

(U) OFFICE OF THE INSPECTOR GENERAL
(U) Chartered by the Director, NSA/Chief, CSS, the Office of the Inspector General (OIG)
conducts audits, investigations, and inspections. Its mission is to ensure the integrity, efficiency,
and effectiveness ofNSA/CSS operations, provide intelligence oversight, protect against fraud,
waste, and mismanagement of resources, and ensure that NSA/CSS activities are conducted in
compliance with the law, executive orders, and regulations. The OIG also serves as
ombudsman, assisting NSA/CSS employees, civilian and military.

(U) AUDITS
(U) The audit function provides independent assessments of programs and organizations.
Performance audits evaluate the effectiveness and efficiency of entities and programs and
assesses whether program objectives are being met and whether operations comply with law
and regulations. Financial audits detennine the accuracy of an entity's financial statements. All
audits are conducted in accordance with standards established by the Comptroller General of the
United States.

(U) INVESTIGATIONS AND SPECIAL INQUIRIES
(U) The OIG administers a system for receiving and acting upon requests for assistance or
complaints (including anonymous tips) about fraud, waste, and mismanagement. Investigations
and Special Inquiries may be undertaken as a result of such requests, complaints, at the request
of management, as the result of irregularities that surface during inspections and audits, or at the
initiative of the Inspector General.

(U) Fl ELD INSPECTIONS
(U) The inspection function consists of organizational and functional reviews undertaken as part
of the OIG 's annual plan or by management request. Inspections yield accurate, up-to-date
information on the effectiveness and efficiency of entities and programs, along with an
assessment of compliance with law and regulations. The Office of Field Inspections also
paiiners with Inspectors General of the Service Cryptologic Elements to conduct joint
inspections of consolidated cryptologic facilities.

TO:P 8ECRETfi'COMIN'fhNOFORN

 DOCJED:

4230250

REF JED:A4197250
'f'OP SECRE'f#COlvfIN'f>7'NOFOKN

TOP 8ECRE1;¥C02',RNT#P.lOFOR...\J

 REF I:D:A4197250

DOCID: 4230250

TOP SECRETh'COMINf'f1'lNOFOR:N

OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENTRAL SECURI1Y SERVICE
30June 2010
IG-11174-10
TO: DISTRIBUTION

SUBJECT: (TS//SI//ptF) Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business
Records - May 2010 Test Results (ST-10-0004D)
1. (U) This report summarizes the results of our May 2010 testing
using the continuous auditing methodology.
2. ('fS//Sf//MF) Audit Objectives We are conducting monthly
testing of NSA. controls to comply with the Foreign Intelligence Surveillance
Court (FISC) Business Records (BR) Order to determine whether these
controls are operating as intended.
3. (U / /FOUO} Monthly Test Results and Objectives We found no
instances of non-compliance for the month of May 2010. However, significant
scope limitations remained in testing Office of General Counsel (OGC)
reviews of selectors associated with U.S. persons because of control
weaknesses reported in the Pilot Test Report issued on 12 May 2010 (IG11154-10). See page 4 for details of May 2010 monthly test results for the
following objectives:
•

(TS//Sl//Jl'JF) Access: Were all queries to the BR metadata made
by authorized individuals (e.g., intelligence analysts and data
integrity analysts)?

•

(U / /FOUO' Reasonable Articulable Suspicion (RAS) Approval of
Queried Selectors: Did all queries use RAS-approved seed
selectors?

•

(U / f POUO) OGC Review of U.S. Person Selectors: Did OGC
verify that RAS determinations of all queried seed selectors
associated with U.S. persons had not been based solely on
activities protected by the First Amendment to the Constitution?

TOP

SECRET//COfvHMfh't~Of?OIU~

I

 . DOCID:

REF ID:A4197250

4230250

TOP ·snCRET/fOOMfNT//t~OFORN

ST-10-0004D
'

'

~//REL TO U5A, FVEY) Chaining: Were'all qt,teri~S}i~~j.ned to

•

. ' ' . than three
' h ops.
'?

no more

.· . . .

'

· · · ·.

. ,·,·, ·'<':' .. ..

'

· ·

.;.

•· {'/k, <
:'.~r:.':}~\',(;,>;>:cL .. · ·...

(U/ /FOUO~ Revalidation of Queried Selectors: w__·:~·.' , ,. .. ~ie~f
foreign and U.S. person seed.selectors revalidat~d~i, .. \'..tP.e ··
Court's tirneframes-one year and.180 days, resped:iveiy':,...;and
approved by an authorized Homeland Mission Coordinator
(HMC)?
. ·; I. .
. : .'· . : . . . : . :·'

•

~

I

• (TS/ /Sl//~~F) We{!kly. Pisseniinatio,n Reports: l).id N.S~ . ., .:

.

accaj'.ately ~~ :coil:iv~etely report serialize4 qJssemiriatio,fl-· of BR
· ·metadata, qj.itside NSA? ..
·
·
· · · · ·· ·
•

•

'.

: ..

;

.

•

.

•

.

• 1'1

(TS//SI//"NF) Dissemination of Serialized SIGINT Reports with BR
Mefq.df1J~: Was ajl in,fqrmation ·<ll.ss~n;W:ia~ed .through serialized

SIGINT reports approved by the Chief of Jnfo;rl,J;la~o#Sh~ing
Services. (S12) or ·one of the five other authorized individb'cils7 ·

•.' .. ' 4. ·.. (y//FC)Uq) w~· C\ppresi~te W~e:~.owte"sy~4 ,coc)p~r~tiqn ~xt~nded

to th¢ .~ti<lit<?r~ . tl\r.o~g1'9µt the r~view.. If -vou· ne~4,~1M~~lftlrn.p1:°:~d4i~onal
information, ple~se'C::ontad
.
fo.~96:?;.2Q88(~j or,v~~re 1mail at

I

I

lon9.$?-~i7i(s)~or vfa e-:illitllat··
..•. ,... L;;;:::;::.>~:t::;:;.~:::··t''::;;:::~I'.I'.:;}:,,;;;;;;;;;;;;;,
; '•'

borl

I"' '. · .· ';: · .

.r., '"' .. ;.... ·;-;

~.-,

. .,,

;

•

•

'··

;

.~

:.

1

.,-;·

.0~)(3)-P.~L .. ~~-~() ·.

-.:1~~____.\r
·Assistant Inspector! General
for Intellige~<;:e Oversight

'fOP 8BCM'fitc01vHM'fitt~OffOltM
2

·

·. ·

·

 REF ID:A4197250

DOCID: 4230250
TOP

SECRETHCOI'vHMfh~~Of<'OitM

··...

T1222
··....
... -.
··..- - ! ·....
poJ ~------------.....__
__.
···· ..:···. :.::·\.,

__

·····
(b)(6)

~~ (). DeLong)
~~tin

>:: ;:.~~\~(b)(3)-P.L. 86-36

./

GC P. Reyi:,9lds)::··::::, _,;: ::::::•.·:·/>::_:·:::::;..-/·/./

Sl

·...::>

s

/

S2Ir..--_ _....__.:>.·

.

.-:>
.·

~~;:-_-_-_-_-:_:"---'... : ..-·

.
/

..

/

i

________
..

T1222
.
OGC I~G~P~O~C~.._-.....-;...,

.....

SID IGPOC
TDIGPOC

___....

Dl.._
D12
D13
D14

TOP SECRET//COMINT//tq-opoffiq3

ST-10-0004D

 DOCID:

4.230250

REF ID:A4197250
TOP

~F:CftE:"f77'COivffNfhHOf?ORH

(U) This page left intentionally blank

TOP

SECRETHCOMINT//NOFOfil~

4

ST-10-0004 D

 REF ID:A4197250

DOCID: 4230250

'fOF S'.ECIUS"f11COMIMI77'NOPORN

ST-10-0004D

(U) May 2010 Test Results
('f:'f>// 'SI//Mf!) Test results show that NSA complied with the requirements of the
BR Order, with noted scope limitations, between 1-31 May 2010. The rating
definitions are included on the last page of this report,

Area

Test Results

Scope Limitations

Rating

1. Access

.9c9t;rl.~liC)nt;.···•

·. . w1tt1 st;()peo
;:. limitations •

';i· . · · •·.:. ·:z·-;··+···············
None

4\C.haining

5. Rev~lid.~tion
of Querie'd ·
Selectors "·

6. Weekly
Dissemination
Reports

7. Dissemination
of Serialized
SIGINT Reports
with BR
Metadata

Th~Oseeci'se\ectors queried for
.
foreign intelligenceo•.P.urposes were
approVEi9 by authorizeq);J.M.Qs within the
Court's t1meframes. TheL..J seed
selectors th13t were not RAS ...a~oved
were queried .f~.
da integritYLJor
"ident lookups"L,_J

None

V\(eekly Dissemination Reports
. completely and accurately reported the
D~erialized SIGINT reports issued.

We limited testing to serialized SIGINT
reports because briefings, litigation, and
other types of dissemination were not
easily testable using the continuous
auditing methodology.

The Chief or Acting Chief of Information
Sharing Services (S12)
approved thepserialized SIGINT
reports issue .

We limited testing to serialized SIGINT
reports because briefings, litigation, and
other types of dissemination were not
easily testable using the continuous
auditing methodology.

Compliant

(Taua111~1i=)

1(Chfl:E:t fe USA, FVEY) "!dent lookups" refers to querying a selecto~
l.,to determine
the approval status of a selector. In such cases, the Emphatic Access Restriction controls prevent chaining
of a selector that is not marked as approved for querying and return an error message to the ana,lyst. There
is no violation of the Order, because the selector was not actually chained.
·

TOP

SECRETHCOMI~ffH:NOFORN

5

(b)(3)-P.L. 86-36

 REF ID:A4197250

DOCID: 4230250
'fOP

SECRE'fh'CO"MH'ffh't~OFOfili

ST-10-0004 D

(U) Rating System
Description
A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control weaknesses
prevented us from testing the entire universe, as
explained in the scope limitations.
A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.

(TSffSIHNF)

TOP SECRE'fh'COMINT//NOFOl\Jq6

Rating

 REF ID:A4197432

DOCID: 4230251

TOP SECRET#CO!vBN'f}J'l\iTOFORN

NATIONAL SECURITY AGENCY/CENTRAL SECURITY
SERVICE
Further dissemination of this report outside NSA Is
PROHIBITED without the approval of the Inspector

General.

INSPECTOR GENERAL REPORT

(TSHSIHNF) Audit of NSA Controls to Com ply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records
June 2010 Test Results
(ST-10-0004E)
20 July 2010

~pproved for Release by NSA on 08-06-2015. FOIA Case #80120 (litigation)
Derived From: NSA/CSS Classification Guide 2-48
Dated: 20090804
Declassifj> On: 20350709

 DOCID: 4230251

REF ID:A4197432
TOP SECRE'fWCOMfNT!lNOFORN

{U) OFFICE OF THE INSPECTOR GENERAL
(U) Chartered by the Director, NSA/Chief, CSS, the Office of the Inspector General (OIG)
conducts audits, investigations, and inspections. Its mission is to ensure the integrity, efficiency,
and effectiveness of NSA/CSS operations, provide intelligence oversight, protect against fraud,
waste, and mismanagement of resources, and ensure that NSA/CSS activities are conducted in
compliance with the law, executive orders, and regulations. The OIG also serves as
ombudsman, assisting NSA/CSS employees, civilian and military.

{U) AUDITS
(U) The audit function provides independent assessments of programs and organizations.
Performance audits evaluate the effectiveness and efficiency of entities and programs and assess
whether program objectives are being met and whether operations comply with law and
regulations. Financial audits detennine the accuracy of an entity's financial statements. All
audits are conducted in accordance with standards established by the Comptroller General of the
United States.

{U) INVESTIGATIONS AND SPECIAL INQUIRIES
(U) The OIG administers a system for receiving and acting upon requests for assistance or
complaints (including anonymous tips) about fraud, waste, and mismanagement. Iilvestigations
and Special Inquiries may be undertaken as a result of such requests, complaints, at the request
of management, as the result of irregularities that surface during inspections and audits, or at the
initiative of the Inspector General.

{U) Fl ELD INSPECTIONS
(U) The inspection function consists of organizational and functional reviews undertaken as part
of the OIG 's annual plan or by management request. Inspections yield accurate, up-to-date
information on the effectiveness and efficiency of entities and programs, along with an
assessment of compliance with law and regulations. The Office of Field Inspections also
partners with Inspectors General of the Service Cryptologic Elements to conduct joint
inspections of consolidated cryptologic facilities.

TOP SECRETh'€0A>ffNTh'NOf'ORJ.•l

 DOCID: 4230251

REF ID:A4197432
TOP SECRE'IWCOAfEl'fI/$4'.rO:fOR...1¥

TOP SECRE'f'#COMlNT;J't<lOFO'ltN

 REF ID:A4197432

DOCID: 4230251

TOP SECRE'fh'COMIH'f//MO'FORN

OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENTRAL SECURI'IY SERVICE
19 July 2010
IG-11179-10

TO: DISTRIBUTION
SUBJECT: (ig//gl//MF) Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business
Records -June 2010 Test Results (ST-10-0004E)
1. (U) This report summarizes the results of our June 2010 testing using the
continuous auditing methodology.
2. (TS//Sf//~.JF) Audit Objectives We are conducting monthly testing of
NSA controls to comply with the Foreign Intelligence Surveillance Court (FISC)
Business Records (BR) Order to determine whether these controls are operating
as intended.
3. (C//REL TO USA, FVEY) Monthly Test Results and Objectives We found
no instances of non-compliance for the month of June 2010. However, for the
five test ob'ectives related to ue in we limited the testin of data from
to 1-25
June 2010 as a result of the 25 June 2Ql0
implementation. In
addition, significant scope li.nntatfo~s remained in testing Office of General
Counsel (OGC) rev:j.ews·ofselectors associated with U.S. persons because of
control we._gknesses reported in the Pilot Test Report issued on 12 May 2010 (IG1JJ,54;l0f See page 5 for details of June 2010 monthly test results for the
/following objectives:

......

'--~~~~~~~~~~~~~--~~~

0/

/•

/ ....···

(b)(3)-P.L. 86-36

•

~~~~~~--'

(TS//Sf//NF) Access: Were all queries to the BR metadata made by
authorized individuals (e.g., intelligence analysts and data integrity
analysts)?
(U / /FOUO) Reasonable Articulable Suspicion (RAS) Approval of Queried
Selectors: Did all queries use RAS-approved seed selectors?

Derived From: NSA/CSS Classification Guide 2-48
Dated: 20090804
Declassify On: 20350709
'fOP

SECRE'fh'COMIMfJ'1~q=QfORN"

I

 REF ID:A4197432

DOCID: 4230251

TOP SI;;CRET/0€QMINT//+(8r'0RN

ST-10-0004E

(U/ /"fOUO) OGCRevie7ppfU.S.,PersopSelecJ0.i;s!I).id·OGC verifyJ1;1at

•

RAS d.etermiriations of:,@. ·queried seed selectors assoqiat~q:witff;JJ,.~..

·

persons had not been,ba_s~d:i?9lely on acti,vities protec~~~;:~}7'.~#.'.~~~f
Amendment to the Constitution?
· ,,\:;:, :·;·1;f,i:"--·"·'r"'"::. ':'
::~'.· ·. j"<?,:\~~·.'.~~'.:·.:.,:·~:~:t.:f.(;:,; '::

•

:··

~C//REL TO USA, PIEY) Chaining: Were all queries ch~edto rto

·. •

more than three hops?

·

·

(U / /FOUO) Revalidation of Queried Selectors: Wererall querietllforeign '
and U.S. person seed 'selectors revalidated within the Court's
tirrieframes'~ one year: and
days, ·respectivelyLand:appr6v~<l by

•

iso

an auth6ri.iedHqliielhlld TV!fssiohCoorclipatot'(HMC)? .· · ·,
~.

•

•

i

'

•

•

•

.~ 1'" ~ '.

•'

•

•

! . .

•

"; : .

·

.

(TS//Si//NF) Weekly Dissemination Reports: Did NSA accurately and.
completely report serialized dissemination of BR metadata. outf.?ide 1.

NSA? . ·:_ ''; ..· ' · '

: ·· ·.. · · · -, ·· · · 't" · · : ' ·' "
.

.

. ·: _:

~

~

•"

..

.: '

• (TS//81//MF) pissemination ofSerial~zed ~!GINT,Report~ '{Pi.th BR, ..· .
' :Metadata: Was a11 lhform~tlon diss~~at~d :ilitotigh: seria1fzed SIGIITT
'' reports approved rf the Chief bf Infcir!h~tiJn $fuii,mg $ertriC~s· (812) 'or·
' one nhh~ :five :other authorized irldiViduals't · · · · : "· · · : :· ' :-· ·
!.·."'

·:

.I
w

·,.·

'

'

' 4. (U//FOUO) We appreciat~ the courtesy an4 GOOper~ti01J. extended fo the'
auditors·throughout:the·review...:ff····6u nee'dd~ifica:tl(>ri or additi(>nal. _..
_; . .. ' - .. ~

..

,.; . . .. : ;•. ~ •', . t' ...

..

l

.

.l '· ......•: l

•. .

•

'

,. ::

',!

' •

l '' ·.=.

" '<).);
-------··:.-:,
.· ..:..........
·
·

.-::~::::::"

...:;;;;;;!/;;.

fb;:(3)~P~L.86: ~6· · · · ·

'

'

~-

,.

!

.·

•' . . :

: •

:

.

.' "' '

•

_. ..

.

•.

:

. 6Ii963~Z988(s) ot~vfa ~jinfill iit ...
·n: 95z.;2171(s) 6r Vla'. 1~~~it' ' .

infob:riation; ..t~ase contac

1 ••

. ·' • ' . . .

:_·;:"

:

:i

.;,•·;·•..

'

, I''.~· '.

•

.'~·

.'• : ~- .: .

~

.

'

j

'

.. ·

;_;·i

' . ·":
',{

··

··: ..

_·······!...._ _ _ _ _ _ _ _ ___.!

Assistant Inspector <;;eneral
for Intelligertce OV~rsight

TOP 8ECRBT/,tCOMD+Tt&l0¥0v.;bT
2

~

~ J

•

 .REF ID:A4197432

DOCID: 42302.51
TOP

SECRETHCOtvfIN'fh~q=QFOitH

·..
··....... ·· .. .
...........

·......
··......
··.... ·..
··.. ·...

......... ··

....

... ........

"

\

.. ·.

'•

·· ·· ...

(b)(6)

•,

'··.'··

··.:::.:-.. ·.

__ .._______

.__

...__

........

"'--_:

..._____,....

~~~.~

•,

.

. ..
~

____

T1222

·,

,'

'

,

OGCIGPOC
-"""--....,;;.
..,.,___,:
SIDIGPOC
TDIGPOC,___ ___,...__ _~-~
Dl
Dl..,___ _ ___.
D13
D14

'fO~ SECR:ETHCOMINT//NOFO:fil~

3

ST-10-0004E

 DOCID: 4230251

REF ID:A4197432
'fOP SECRE'f7'/COfvfflqTf71q0ffOftH

This page intentionally left blank.

TOP SECRE'f/ICOMIN''f/JMOPORN
4

ST-10-0004E

 REF ID:A4197432

DOCID: 4230251

'fO~ ~ECtuS'f//COivilNT/il'l;fOF'Om

ST-10-0004E

(U) June 2010 Test Results
('fS//SI/fWF) Test results show that NSA complied with 1) the querying
requirements of the BR Order, with noted scope limitations, between 1-25 June
2010, and 2) the dissemination requirements of the BR Order for the entire
month. The rating definitions are included on the last page of this report.

Area

Test Results

Scope Limitations

1. Access

Rating

None

· ...
·All [=:J RAS-approved U S person .. -:::::: ::B~sei~rd~ a control weakness reported in
..................... ......
. .. seed selectors queried inl
I were th\3::f.>ilot Test Report, we limited testing to
.)'("a"')· ;.,,~··•.L..
R~~iew
.feV.ieW.~:iL!:?Y..,9.GG for First Amenclment .............:~~e!d selectors presumed to be associated

(b

&-n.iac. .

...........

. ·. ·... ';t?.l\. p,,..on
\

·:::,:;; ::~~leqt?.rs
"
":'\_:_::.:,·,.. :: ·.......
···....
··.-:

.

··..

I

:~',':::~~~~~;',~;;;;; ;H~a

e·ach was
_//
rev1ewe b y e forirst Amendment./
concerns as required.
·· ·

w1mtJs "'a"'

' '

"° ,.,;,.

approva s o ore1gn selectors associated
with U.S. persons, because the existing
database does not track this information.

None

... o no·more an
._ sel.\3C!or> .
·..
. ·-~~:eOseied ~electors queried for foreign
of infel!ig!?nce purposes.yvere approved by
5 . Revalid.ation
·
authorized HMCs within the Court's
Queried
timefrai'he_s •. Thi3·0seed sele.ctors that
Selectors
were not RAS~roved were queiried for
data integri!YL.J.~r "ident lookups"

None

6. Weekly
Dissemination
Reports

\J\leekly Dissemination Reports completely
alid accurately reported the0serialized
SIGU'-JT reports issued.

We limited testing to serialized SIGINT
reports because briefings, litigation, and
other types of dissemination were not
easily testable using the continuous
auditing methodology.

7. Dissemination
of Serialized
SIGINT Reports
with BR
Metadata

The Acting. Chief or Acting Deputy Chief of
Information Sharing Services (S12)
approved theperialized SIGINT
reports issue .

We limited testing to serialized SIGINT
reports because briefings, litigation, and
other types of dissemination were not
easily testable using the continuous
auditing methodology.

D

Compliant

(TCHClmff)

(TS//Sl//NF) "Iden! lookups" refers to querying a selecto~
~()determine the approval
status of a selector. In such cases, the Emphatic Access Restriction controls prevent.chaining of a selector
that is not marked as approved for querying and return an error message to the analysf:-. ..There is no
violation of the BR Order, because the selector was not actually chained.
1

'fO~ SECitlS'f//COMIU'f/fl~OFOfil~

5

(b)(3)-P.L. 86-36

 DOCID:

:JREF ID: A.4197432

4230251
T'OP

SECRE'F/i'COMINTi'i+mFO~J

ST-10-0004E

(U) Rating System

Description

Rating

A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control weaknesses
prevented us from testing the entire universe, as
explained in the scope limitations.
A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.

TOP

SECRE'F/fCOMIMf/fMOrOIU~

6

 DOCID: 4230252

REF ID:A4197434
TOP SECRETn'€OM:Jl',l'fh'/1{0f'ORN

NATIONAL SECURITY AGENCY/CENTRAL SECURITY
SERVICE

INSPECTOR GENERAL REPORT

(TSNSIHNF) Audit of NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records
July 2010 Test Results
(ST-10-0004F)
18 August 2010

~pproved for Release by NSA 011 08-06-2015. FOIA Case #80120 (litigation)
Derived From: NSA/CSS Classification Guide 2-48
Dated: 20090804
Declassify On: 20350805

TOP 8ECRE1)$'€0AflNT#NOf'OAAr

 DOCID:

4230252

REF ID:A4197434
'f'OP 8ECttE'fJl'COlvflNf}7NOFOltN

(U) OFFICE OF THE INSPECTOR GENERAL
(U) Chartered by the Director, NSA/Chief, CSS, the Office of the Inspector General (OIG)
conducts audits, investigations, and inspections. Its mission is to ensure the integrity, efficiency,
and effectiveness ofNSA/CSS operations, provide intelligence oversight, protect against fraud,
waste, and mismanagement of resources, and ensure that NSA/CSS activities are conducted in
compliance with the law, executive orders, and regulations. The OIG also serves as
ombudsman, assisting NSA/CSS employees, civilian and military.

(U) AUDITS
(U) The audit function provides independent assessments of programs and organizations.
Performance audits evaluate the effectiveness and efficiency of entities and programs and assess
whether program objectives are being met and whether operations comply with law and
regulations. Financial audits detennine the accuracy of an entity's financial statements. All
audits are conducted in accordance with standards established by the Comptroller General of the
United States.

(U) INVESTIGATIONS AND SPECIAL INQUIRIES
(U) The OIG administers a system for receiving and acting upon requests for assistance or
complaints (including anonymous tips) about fraud, waste, and mismanagement. Investigations
and Special Inquiries may be undertaken as a result of such requests, complaints, at the request
of management, as the result of irregularities that surface during inspections and audits, or at the
initiative of the Inspector General.

(U) FIELD INSPECTIONS
(U) The inspection function consists of organizational and functional reviews undertaken as part
of the OIG 's annual plan or by management request. Inspections yield accurate, up-to-date
infonnation on the effectiveness and efficiency of entities and programs, along with an
assessment of compliance with law and regulations. The Office of Field Inspections also
partners with Inspectors General of the Service Cryptologic Elements to conduct joint
inspections of consolidated cryptologic facilities.

 REF ID:A4197434

DOCID: 4230252
TOP

SECRBT//COMR<ff/J~<fOFOl\lq

OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE

18 August 2010
IG-11188-10
TO: DISTRIBUTION

SUBJECT: (TS//OI//NF) Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business
Records - July 2010 Test Results (ST-10-0004F)

1. ('fS//SI//HF) Background This report summarizes the results of our July
2010 testing using the continuous auditing methodology. The OIG is using this

methodology as a means of complying with the oversight responsibilities
assigned to it in the Business Records (BR) Court Order. Specifically, we are
conducting monthly testing of NSA controls to comply with the Foreign
Intelligence Surveillance Court (FISC) BR Order to determine whether these
controls are operating as intended.
2. (C//RELTO USA, PtlEY) Monthly Test Results and Objectives Vve found
no instances of non-compliance for the month of Julv 2010. For the five test
ob"ectives related to uer ina ulv testin included,data fro~"P.f ....."""'"'"' """'.:::·::::::::::::::::::::""'"" 'b)(3)-P.L. 86-36
fo{'.26---30--June 2010. \lVe
. 1.. e_x_cl,. .u"""'d,. .e'""'d"""'thi., . . ,.s-·
, d.,,..a_t_a~fr-o-m~J.u-r-::i.e-.---te-s-:ti-tl.-:.g=:
.. b""'
..e.-ca-t-1s....e;.;;..o-:f:-t:-he-;1.-:-im-·-...plementation of
loti25."}ui~~-2010.
lalsc>"~~solved a significant scope
limitation in our testing of Office of General Counsel (OGC) reviews of selectors
associated with U.S. persons, as all U.S. selecfors are now tracked.

I

I

(U) See page 5 for details of July 2010 monthly test results for the following
objectives:
e

('f3//Si;'/HF) Access: Were all queries to the BR metadata made by
authorized individuals (e.g., intelligence analysts and data integrity
analysts)?

e

(U/ /FOUO) Reasonable Articulable Suspicion (RAS) Approval of Queried
Selectors: Did all queries use RAS-approved seed selectors?

Derived From: NSA/CSS Classification Guide 2-48
Dated: 20090804
Declassffj; On: 20350805
TO:P SECRETHCOMil~T/1~~0FORH
1

 REF ID:A4197434

DOCID: 4230252

TOP SECRETNCOMil'ff//NOFORH

e11

e

Ill

o

0

II

ST-10-0004F

(U/ /FOUO) OGC Review of U.S. Person Selectors: Did OGC verify that
RAS determination.c; of all queried seed selectors associated with U.S.
persons had not been based solely on activities protected by the First
Amendment to the Constitution?
(C//REL TO USA, FVfrY) Chaining: V\Tere all queries chained to no
more than three hops?

(U/ /FOUO) Revalidation of Queried Selectors: Were all queried foreign
and U.S. person seed selectors revalidated within the Court's
timeframes - one year and 180 days, respectively- and approved by
an authorized Homeland Mission Coordinator (HMC)?
(TS//SI//NP) Weekly Dissemination Reports: Did NSA accurately and
completely report disseminations of BR metadata outside NSA?

(TS//SI//HF) Dissemination of Serialized SIGINT Reports with BR
Mef:adata: Was all information disseminated through serialized SIGINT
reports approved by the Chief of Information Sharing Services (512) or
one of the five other authorized individuals?

3. (U/ /FOUO) We appreciate the courtesy and cooperation extended to the
auditors throughout the review. If you need clarification or additional
information, please cor-n_ta_c""'~-------_.loJ::t_963-2988(s) or via e-mail at

lon?5?::171(S)or~i:e-::il at

terJ

·_. .· · ...
.. ' .... ····:;.,:

L---__,,.---~-~I
Assistant Inspector General
for Intelligence Oversight

'f Ofl

8E'.Cft~"f'//COMIM'f7'1HOFOIU<t

2

;~;;~: ;;;

:;;;;::::ii;~ !h·

(b)(3)-P.L. 86-36

 REF ID:A4197434

DOCID: 4230252
TOP

g:gcRET//CO~ 41NT,(£N"OfORN

ST-10-0004F

DISTRIBUTION:
D21

_____ __

SV42~----.-------1

512,..__
S2I4

.;;;..___.;;...

·· .....

T122~2-----------"'---------.

DoJ

... L - - - - - - '

(b)(6)

cc:
Director
SIGINT Director
D4 (J. DeLong)

___
______

GC M. Olsen

sv

SV4
Sl

__.__

.._

TOP SECRETNCO!vffNTh'HOFORJ>of
3

86-36

 DOCID:

4230252

REF ID:A4197434
TOP SECRETNCO'fvffiff//f cfOFO'R}if

(U) This page intentionally left blank.

TOP SECRETHCOMIHTHHOfO:lxH
4

ST-10-0004F

 REF JED:A4197434

DOCID : 4230252

TOP SECRETl/C01vill¢TNN OFOR1¢

ST-10-0004F

(U) July 2010 Test Results
('fS//81//NP) Test results show that NSA complied with 1) the querying
requirements of the BR Order betvveen 26 June- 31July2010, and 2) the
dissemination requirements· of the BR Order for the entire month. The rating
definitions are included on the last page of this report.

Test Results

Area

Scope Limitations

Rating

.....----........---..........---jl--~~~~~~~~~~~~~~b-~-

r-~~~~~--;~----~~~~

1. Access

None
"•,

Of theD~G~ries performed in . \ .,
Ithe seed selecto~:?..ofO. .
\ ·\
2 ... ·RAS Apprq.11:<3l :::: "Were validated"as.. appr.oved: The
,.of Queried:::.. ··
remaining qµeries·'were for data i~"... · Nb
.. Selee:t6rs·
purooses:· 'The seed s6.1.E:Jsiers.. of
'·: . .., .ne
.,,,,:::=..
··
l~w.e~
.1i\fe~e
... .
.····
. ... .approve~ ... JD~..r.eroa1n1ngCjq~en~~ were
·~:~.. . ., . . .
...... .;:·
.......................
for·data·mtegnty purposes.
· ......

./

I

I

.1iiii~~~;~;;;;;;;;;~~;;;;;;;~::::: .:::::::·:·:...
(6)'(1 r:::::::::::::

...................

··

.

(b)f~l~P .L. 6~3Ef'
. ".::.:::<::.:. . 3. OGG Review
"...".::: ....of U.S. Person
".... "·-$e.lectors
"

"·."··....·...
"

··... .....·. "·.....
........

.
"
In accordance with our test plan, we did not test July 201 O data for this objective. Because we have
4. Chai~lh~ "......... ..noted no exceptions for the last six months of testing, we will not test this objective again until October
"·· 20).0 (using September data) and January 2011 (using December data).

·...

T·h·anse.ed selectors queried for foreign
. inteWgerice purposes were approved by
5. Revalidation of ·authorized HMC~hin the Court's
Queried
tirn€)frames: .Th~LJseed selectors that
Selectors
were.11ot RAS·cipproved were queried for
data integrity purposes.

None

6. Weekly
Dissemination
Reports

Weel<ly Disse(flination Reports completely
and accurately ~13ported the0serialized
SIGINT reports issued.

We limited testing to serialized SIGINT
reports because briefings, litigation, and
other types of dissemination were not
easily testable using the continuous
auditing methodology.

7. Dissemination
of Serialized
SIGINT Reports
with BR
Metadata

The Deputy Chief of lnformakiharing
Services (S12) approved the
serialized SIGINT reports issue .

We limited testing to serialized SIGINT
reports because briefings, litigation, and
other types of dissemination were not
easily testable using the continuous
auditing methodology.

TOP SECRETHCOMFHTNHOfORH
5

 REF ID:A4197434

DOCID: 4230252
TOP

SECRETHCOPvffi~Tf/NOFOIU>T

ST-10-0004 F

(U) Rating System
Description

Rating

A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control wealrnesses
prevented us from testing the entire universe, as
explained in the scope limitations.

Compliant, with
scope limitations

A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.

TOP SECRET//GOMIHTNHOFORH
6

 DOCID: 4230254

REF JJ:D:A4197437
i<JP SECRE1WCOI'rf1ll1Wfl-OFORil)I

NATIONAL SECURITY AGENCY/CENTRAL SECURITY
SERVICE

INSPECTOR GENERAL REPORT

(TSHSl//NF'} Audit of NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Business
Records August 2010 Test Results
ST-10-0004G
28 September 2010
~pp roved for Release by NSA on 08-06-2015. FOIA Case #80120 {litigation)
TO-.P SECRE1i5'€0ilfL¥1iVHOFORN

 (U) OFFICE OF THE INSPECTOR GENERAL
(U) Chartered by the Director, NSA/Chief, CSS, the Office of the Inspector General (OIG)
conducts audits, investigations, and inspections. Its mission is to ensure the integrity, efficiency,
and effectiveness ofNSA/CSS operations, provide intelligence oversight, protect against fraud,
waste, and mismanagement of resources, and ensure that NSA/CSS activities are conducted in
compliance with the law, executive orders, and regulations. The OIG also serves as
ombudsman, assisting NSA/CSS employees, civilian and military.

(U) AUDITS
(U) The audit function provide~ independent assessments of programs and organizations.
Performance audits evaluate the effectiveness and efficiency of entities and programs and
assesses whether program objectives are being met and whether operations comply with law
and regulations. Financial audits determine the accuracy of an entity's financial statements. All
audits are conducted in accordance with standards established by the Comptroller General of the
United States.

(U) INVESTIGATIONS AND SPECIAL INQUIRIES
(U) The OIG administers a system for receiving and acting upon requests for assistance or
complaints (including anonymous tips) about fraud, waste, and mismanagement. Investigations
and Special Inquiries may be undertaken as a result of such requests, complaints, at the request
of management, as the result of irregularities that surface during inspections and audits, or at the
initiative of the Inspector General.

(U) FIELD INSPECTIONS
(U) The inspection function consists of organizational and functional reviews undertaken as part
of the OIG 's annual plan or by management request. Inspections yield accurate, up-to-date
infonnation on the effectiveness and efficiency of entities and programs, along with an
assessment of compliance with law and regulations. The Office of Field Inspections also
partners with Inspectors General of the Service Cryptologic Elements to conduct joint
inspections of consolidated cryptologic facilities.

TOP SECRE;T //COPHHT //UOFORN

 REF ID:A4197437

DOCID: 4230254

"fOfl SECU'f'77'COMIH"fl'l'MOFORH

OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE
28 September 2010
IG-11202-10

TO: DISTRIBUTION
SUBJECT: (TS//81//NF) Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business
Records -August 2010 Test Results (ST-10-0004G)
1. {TS//81//PqF) Background This report summarizes the results of
our August 2010 testing, using the continuous auditing methodology, of
NSA's compliance with the Foreign Intelligence Surveillance Court (FISC)
Order regarding Business Records (BR). The Office of the Inspector
General (OIG) is using this methodology to fulfill the oversight
responsibilities assigned to it in the FISC BR Order. Specifically, from
January to December 2010, we are conducting monthly tests of NSA's
compliance with certain requirements of the FISC BR Order. Once
monthly testing is complete, the OIG will make an overall assessment of
whether the controls that are in place to ensure such compliance are
operating as intended.
2. (C//REL TO USA, FV&Y) Monthly Test Results and Objectives We
found no instances of non-compliance for the month of August 2010.
The implementati9]) ... ofl
Ion 25 June 2010 resolved a significant
scope li_witatioif."in our testing of Office of General Counsel (OGC) reviews
.· .·· of·setectors associated with U.S. persons because all U.S. selectors are
now tracked.
(b )( 3 )-P .L. 86-36

(U) See page 5 for details of August 2010 monthly test results for the
following objectives:
•

('f'O//OI//NF) Access: Were all queries to the BR metadata made by
authorized individuals (i.e., intelligence analysts and data integrity
analysts)?

•

(U / /Jii'OUO) Reasonable Articulable Suspicion (RAS) Approval of
Queried Selectors: Did all queries use RAS-approved seed selectors?

Derived From: NSAICSS Classification Guide 2-48
Dated: 20090804
Declassifjl On: 20350916
TOP

SECRET//COMUfF//~¢0F0fil¢

I

 DOCID: 4230254

REF ID:A4197437
TOP 5EC:tmi1tCOMfM'fftioqOfi'OftN

ST-10-00040

•

(U/ fFOUO) OGC Review of U.S. Person Selectors: Did OGC verify that
RAS determinations of all queried seed selectors associated with U.S.
persons had not been based solely on activities protected by the First
Ai:nendrhent to the Constitution?

•

(C//R:BL TO US:A, FV:ffiY) Chaining: Were all queries chained to rio
more than three hops?

•

(U / ,LFOUO) Revalidation of Queried Selectors: Were all queried foreign
and U.S. person seed selectors revalidated within the Court's
timeframes-one year and 180 days, respectively-and approved by
an authorized Homeland Mission Coordinator? ·

•

(TS/ /81/ /~TF) Weekly Dissemination Reports: Did NSA accurately and
completely report disseminations of BR metadata outside NSA?

•

(T8//8I//NF) Dissemination of Serialized Signals Intelligence (SIGINT)
ReportS with BR Metadata: Was all information disseminated through
serialized SIGINT reports approved by the Chief of Information
Sharing Services (S12) or one of the five other authorized individuals?

3. (U / /~OUGtWe appreciate the courtesy and cooperation extend~d
to the auditors throughout the review. If ou need clarification or
additional information, please contc.i,.ct
on 9632988( s) or via e-'niail.t;;l.
on 952- ·
21 71 (s) ot via e.'.:mail..a

··""'"'''''''" >·;:: :::::··· ··. .'---..-.-··-·________.
(bf(3}'P;t,86-36 .... • _ .•............... --IL..,___________.....

. Assistant Inspector General
for Intelligence Oversight

TOP SECI.tB'fWCOMHff/fNOFORN
2

 DOCID: 4230254

REF ID:A4197437
TOP SECRETh'COMINTh'MOf?OftM

ST- I 0-0004G

DISTRIBUTION:
D21

SV42~---.....-~~-~

512
S2I4

---------------

...
Tl_..J..----------1.....;;ii;;.-----.

······

::::::

....····

(b)(6)

cc:
Director
SIGINT Director
D4 (J. DeLong)
GC M. Olsen

86-36

sv "'---.....&......,

SV4
Sl....-----..

___
______ ___

s2...,____-.1··

......_
S2I
,.....,....
T12 ...._
__._....,
T122
_._
T1222 ......_.
OGC IGPOC
SID IGPOCr'-1----..:..a...------

TDIGPOCI"------------~

Dl
D12_ _ _ __.
D13
D14

TOP

SECRETHCOMIMfm~Of?O'l.tNT

3

 DOCID: 4230254

REF ID:A4197437
TOI> SECI'tB1'i/COMfN''f/J1qQ'fOftM

(U) This page intentionally left blank.

TOP SECRET//COfvfIH'f/J!<fOflOR1'1
4

ST-10-0004G

 REF ID:A4197437

DOCID: 4230254
TOP

~f!:CftE'f7'/COtvfINl'f/J'HOFOKN

ST- I 0-0004G

(U) August 2010 Test Results
(TS//Si//NF) Test results show that NSA complied with the requirements of the
Foreign Intelligence Surveillance Court (FISC) Order regarding Business Records
(BR) between 1 and 31 August 2010. The ratings are de.fined on the last page of
this report.
Area

Scope Limitations

Test Results

1. Access

Rating

None

2. Reasonabl~·
articulable./
suspiciQh·'(RAS) ·
apprqv'.a! of /::/
queried sel,e¢t6rs
.··...:
,··:::···'
.·.·
....
·
...·· .···
.. ··..·
. ... //
. .... . ....
..-:::- 3,::0ffice.or..........
. /· ..,:GeneraLC6unsel .....
.::::>:>"" . <pG:~r:r.eview of
,,,..,:· .......0 ,.S·; person
;;;;;:;;:'i::::::::::::=:< .. ·s·electors

•!tbl··(.l)

cb).....< 3')"::: ··*-,cn.~rn1 ~~
··-.::::::::::-- ..

··s. Revalidation

of
cjl,Jeried selectors

6. Weekly,
dissemination
reports
·

7. Dissemination
of serialized
SIGINT reports
with BR metadata

..

TheLJRAS-a proved

u.9.
..,:::/''''' .
n.e.~:hn

r---------..w""'·,..e·re

"::r~ev":':'1e=w':":'e:::-:r'i::'y:-:-7"'~..-:::o:-::r-l:i rst
Amendment concerns, as required.

None

In accordance with our test plan, we did not test August 2010 data for this objective.
Because we have not noted any exceptions for the past six months of testing, we will not
test this objective again until October 2010 (using September data) and January 2011
(using December data).
·rne[Jseed selectors queried for
fore1gn·intel,ligence purposes were
approved by·authonzed Homeland
Mission 9oordinators.vv.it~the
Court's t1meframes. Tfie
seed
selectors that were not R
approved were queried for data
integrity purposes.

None

I_______,

We limited testing to serialized
SIGINT reports because briefings,
litigation, and other types of
dissemination were not easily testable
using the continuous auditing
metliodology.
We limited testing to serialized
SIGINT reports because briefings,
litigation, and other types of
dissemination were not easily testable
using the continuous auditing
metliodology.

TOP 8ECRETh'COMHffHNOFO:Ktq5

· c'·

.·

'1'·

omp ian

c0

1· · ·

t.

. mi:> •:;tnt

 DOCID: 4230254

REF ID:A4197437
'fOP SECitElY/COMIH'f//HOFOR:H

ST- I 0-0004G

(U) Rating System
Description

Rating

A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control weaknesses
prevented us from testing the entire universe, as
explained in the scope limitations.
A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.

'fOP SECRE'fHCOMINTHNOFORN
6

  $123025? REF 

 

DOCID: 4230254

REF ID:A4197437
TOP 3ECRl!:'t)YCOMfNT#P;,TOFOR..·"f).r

TO-P 8ECRE1WCO-JllN'B~W-OFORi"'I

 REF ID:A4197439

DOCID: 4230255

TOP 8ECRETnl£01HH{f';]':NOFORN

NATIONAL SECURITY AGENCY/CENTRAL SECURITY
SERVICE
Further dissemination of this report outside NSA Is
PROHIBITED without the approval of the Inspector

General.

INSPECTOR GENERAL REPORT

(TSh'Sl/iNF) Audit of NSA Controls to Com ply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records
September 2010 Test Results
(ST-10-0004H)
28 October 2010

~pproved for Release by NSA on 08-06-2015. FOIA Case #80120 (litigation)
Derived From: NSAICSS Classification Guide 2-48
Dated: 20090804
Declass(f'y On: 20351020

I 01' 5F:CttET!l'COMfNf#.NDFORJ..T

 DOCID: 42302.55

REF :ID:A4197439
TOP SECRETJ$<CQMfNf#f'\TOf!ORl'l

(U) OFFICE OF THE INSPECTOR GENERAL
(U) Chartered by the Director, NSA/Chief, CSS, the Office of the Inspector General (OIG)
conducts audits, investigations, and inspections. Its mission is to ensure the integrity, efficiency,
and effectiveness ofNSA/CSS operations, provide intelligence oversight, protect against fraud,
waste, and mismanagement of resources, and ensure that NSA/CSS activities are conducted in
compliance with the law, executive orders, and regulations. The OIG also serves as
ombudsman, assisting NSA/CSS employees, civilian and military.

(U) AUDITS
(U) The audit function provides independent assessments of programs and organizations.
Performance audits evaluate the effectiveness and efficiency of entities and programs and assess
whether program objectives are being met and whether operations comply with law and
regulations. Financial audits detennine the accuracy of an entity's financial statements. All
audits are conducted in accordance with standards established by the Comptroller General of the
United States.

(U) INVESTIGATIONS AND SPECIAL INQUIRIES
(U) The OIG administers a system for receiving and acting upon requests for assistance or
complaints (including anonymous tips) about fraud, waste, and mismanagement. Investigations
and Special Inquiries may be undertaken as a result of such requests, complaints, at the request
of management, as the result of irregularities that surface during inspections and audits, or at the
initiative of the Inspector General.

(U) FIELD INSPECTIONS
(U) The inspection fimction consists of organizational and functional reviews undertaken as part
of the OIG 's annual plan or by management request. Inspections yield accurate, up-to-date
information on the effectiveness and efficiency of entities and programs, along with an
assessment of compliance with law and regulations. The Office of Field Inspections also
partners with Inspectors General of the Service Cryptologic Elements to conduct joint
inspections of consolidated cryptologic facilities.

TOP 8ECRET#COfvH1,l'f]J'NOFOR:i.'V

 DOCID: $230255 REF 


REF ID:A4197439

DOCID: 4230255

TOP SECR:ETJ'/COMIN'fliNOf\'OttM

OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE
28 October 2010
IG-11213-10

TO: DISTRIBUTION
SUBJECT: (TS//SI//MF) Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business
Records - September 2010 Test Results (ST-10-0004H)
1. (T8//SI//N19 Background This report summarizes the results of
our September 2010 testing, using the continuous auditing methodology,
of NSA's compliance with the Foreign Intelligence Surveillance Court
(FISC) Order regarding Business Records (BR). The Office of the
Inspector General (OIG) is using this methodology to fulfill the oversight
responsibilities assigned to it in the FISC BR Order. Specifically, from
January to December 2010, we are conducting monthly tests of NSA's
compliance with certain requirements of the FISC BR Order. Once
monthly testing is complete, the OIG will make an overall assessment of
whether the controls that are in place to ensure such compliance are
operating as intended.
(°6)l3)•P,L..S.~.:~~......f:: (C//REL TO USA, FVSY) Monthly Test Results and Objectives We
found'"no·instap~es of non-compliance for the month of September 2010.

The implementatioii....bfl
I on 25 June 2010 resolved a significant
scope limitation in our testing of Office of General Counsel (OGC) reviews
of selectors associated with U.S. persons because all U.S. selectors are
now tracked.
(U) See page 5 for details of September 2010 monthly test results for the
following objectives:
('fS//OI//HF) Access: Were all queries to the BR metadata made by
authorized individuals (i.e., intelligence analysts and data integrity
analysts)?
(U / /.POUO) Reasonable Articulable Suspicion (RAS) Approval of
Queried Selectors: Did all queries use RAS-approved seed selectors?

Derived From: NSA/CSS Classification Guide 2-48
Dated: 20090804
DeclassifjJ On: 20351020
TOP 8ECRETNCOMHff//NOFOIUq=
I

 REF ID:A4197439

DOCID: 4230255

TOP SECRET//COfvffi(T/~(Of'QR)(

ST-10-0004H

•

(P //FOUO) OGC Reuiew of U.S. Person Selectors: Did OGC verify that
RAS determinations of all queried seed selectors assodated with U.S.
persons had not been based solely on activities protected by the First
Amendment to the Constitution?

•

(Cl/REI. TO USA, FW-Y) Chaining: Wer._e all queries chained to no
more than three hops?

•

(U//FOUO} Revalidation a/Queried Selectors: Were a1i. queried foreign
and U.S. person seed selectors revalidated within the Court's
timeframes-one year and 180 d~ys, respectively-and approved by
an authorized Homeland Mission Coordinator?

•

('!S//SI//:WF) Weekly Dissemination Reports: Did NSA. accurately . and
com:pletely report disseminations of BR metadata outside NSA?

•

(TS// SI//NF} Dissemination of Seriq.lized Signals Intelligence (SIGINT) .
Reports With BJ? Metadata: Was all information disseminated tjlrough
serialized SIGINT reports approveg by the Chief oflnformation
. Sharing Services (812) or one of the five other authm;i.zed individuals?

.

.

3. (U //'FOUO) We appreciate the courtesy and cooperation extended
to the auditors throughout the review. If ou rteed clarification or
additional· information, lease contact
on 96.32988(s) or via e.;.mail at
on 9522171 (s) or via e-mail

a

,__~~~~~~--'

················:::::::::··...

; .'

'.'.''(b)(3)~P.L. 86~36

ss1stant nspector ener
for Intelligence Oversight

TOP

SECRET//COMil~'f'7'/MOr'ON:M

2

 REF :ID:A4197439

DOCID: 4230255
TOP

SECRET//CO~H:HT//t(OFORN

T122 Technical Director

I.?.oJI

I

. . . . .-.·...-__,\,

.(b)(6)

· .. \ ...

~~ (M. Olsen)

'·"

·.. ·..,

cc:
Director
SIGINT Director
D4 (J. DeLong)

""

·. ·.

'·"

".:·...

\

\,

<-<::\

................. ····· · · ....

...__ ___._....,

·::::::::;;~i~(b)(3)-P L

·:;:::><>>?!\

..

SV4
... ,.......... . .
,_...__ _ ___._, ........ ......
. ,,:"'···:>·. . _>:.:..
Sl _ _ _..,..... .-:::· .. · ........· ...
S2,,..._
.. ··

'

S2I

\

86-36

:

.· .·

.-

. .- . ' /

----

. · -'
..

T12
.
T122
... ·
T1222
OGC I._G_P_O_C_....___...,._...,
SIDIGPOC

TDIGPOC~---------~

D
Dl.,,_2_ _ ___,

D13
D14

TOP

SECRET//COMINTh~(OFOIU(

3

ST- I 0-0004H

 REF ID:A4197439

DOCID: 4230255
TOP

SECRET/i'CO:MHff//t40FOR~~

(U) This page intentionally left blank.

TOP

SECRET//COMHffHNOFORJ~

4

ST-10-0004 H

 REF ID:A4197439

DOCID: 4230255

TOI' :SECfUff//COMIMfmq-oFORN

ST-10-0004H

(U) September 2010 Test Results
(TS//SI//'P'W) Test results show that NSA complied with the requirements of the
Foreign Intelligence Surveillance Court (FISC) Order regarding Business Records
(BR) between 1 and 30 September 2010. The ratings are defined on the last page
of this report.
Scope Limitations

Test Results

Area

Rating

Aut~orjzed jndjyjdua!s rnad~):illll

1. Access

!q1,1enes 'fi'om-' None

Cham_

I

.· >\

I'..

None

.. ···· ...···
3·;::0fflce of
..G.
.. -:::: > eneral Counsel......
..;.. · {OGC...).. revieVi(of
U ··
· ~~~cf;(;on

.,,,:;::::::::::::::

(b)f1l::"·
(b)(3)::p·:Ls . -36

"<:....

4·:.. Ch!=lining
···················- ...

~
"· "· " '
..The
RAS-approved
t
· d · I11;~ ~ersar".· ·
see se ~c ors ciuerie I D : \ \ None
were reviewed by OGC for 1rs
"~
Amendment concerns, as required. ../· b)(3 )-P. L. 86-36

\

· .... "At1C::Jchainl
I'
queries were ctiamed to no more than
three hops from the seed selector.

None

lne-Qeed selectors queried for
foreign mtelligence purposes were
approved by authorized Homeland
Mission Coordinators within the
Court's timeframes.

None

·· .... ··...
·. ··.
·. "· ....

5. R:evalid.ation of
queried .~e1ei:;tors

"··· ....

6. Weekly
dissemination
reports (WDRs)

7. Dissemination
of serialized
SIGINT reports
with BR metadata

_

"w~g~· c'omP.~e
re ort~d the
1nfelligence

and accurately
serialized Signals
NT) reports issued.

The Chief of Information Shao·
Services (S12 a proved the
serialized s1dNf reports issue .

We limited testing to
serialized SIGINT
reports because
briefings, litigation, and
other types of
dissemination were not
easily testable using
the continuous auditing
methodology.
We limited testing to
serialized SIGINT
reports because
briefings, litigation, and
other types of
dissemination were not
easily testable using
the continuous auditing
methodology.

Compliant

.I
TOI' :Sti:Citnil7COMIN I//NOFORN
5

.·· .... ··

.·····

········

...... ·······

(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

 DOCID: 4230255

REF :ID:A4197439
TOP i;eCRBT/11COMHffHHOFORH

ST- I 0-0004 H

(U) Rating System
Description
A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control weaknesses
prevented us from testing the entire universe, as
explained in the scope limitations.
A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.

TOP SECRETHCOl'vHNTNHOFO:RH
6

Rating

 DOCID: 4230257

REF ID: A41:97 511
TOP 8ECRET1$'COlrfiiVTt'/NOFORN

NATIONAL SECURITY AGENCY/CENTRAL SECURITY
SERVICE
Further dissemination of this report outside NSA Is
PROHIBITED without the approval of the Inspector
General.

(TSHSIHNF) Audit of NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records
October 2010 Test Results
ST-10-00041
01 December 2010
DERIVED FROM: NSA/CSS Manual 1-52

pproved for Release by NSA on
8-06-2015. FOIA Case #80120 liti ation

DATED: 08 January 2007
DECLASSIFY ON: 20320108

 DOCID: 4230257

REF ID:A4197511
TOP SfJCRE'f;5'COfvflNf;}NOPORl'l

(U) NSA OFFICE OF THE INSPECTOR GENERAL
(U) The NSA Office of the Inspector General (OIG) conducts audits, investigations, inspections, and special
studies. Its mission is to ensure the integrity, efficiency, and effectiveness ofNSA operations, provide
intelligence oversight, protect against fraud, waste, and mismanagement of resources, and ensure that NSA
activities are conducted in compliance with the law. The OIG also serves as an ombudsman, assisting Agency
employees, civilian and military, with complaints and questions.

(U) Intelligence Oversight
(U) The OIG Office oflntelligence Oversight reviews NSA's most sensitive and high-risk programs for
compliance with the law.

(U) Audits
(U) The OIG Office of Audits within the OIG provides independent assessments of programs and organizations.
Performance audits evaluate the effectiveness and efficiency of entities and programs and assess whether NSA
operations comply with federal policies. Information Technology audits determine whether IT solutions meet
customer requirements, while conforming to information assurance standards. All audits are conducted in
accordance with standards established by the Comptroller General of the United States.

(U) Investigations and Special Inquiries
(U) The OIG Office ofinvestigations administers a system for receiving and acting on requests for assistance
and complaints about fraud, waste, and mismanagement. Investigations and special inquiries may be
undertaken as a result of such requests and complaints (including anonymous tips), at the request of
management, as the result of questions that surface during inspections and audits, or at the initiative of the
Inspector General.

(U) Field Inspections
(U) The Office of Field Inspections conducts site reviews as part of the OIG's annual plan or by management
request. Inspections yield accurate, up-to-date information on the effectiveness and efficiency of field
operations and support programs, along with an assessment of compliance with federal policy. The Office
partners with Inspectors General of Service Cryptologic Components and other Intelligence Community
Agencies to conduct joint inspections of consolidated c1yptologic facilities.

TOP 8ECRE1WCOiWlNTAW.OFO/l:N

 DQCID: 4230257 REF 


DOCID:

REF ID': A4197511

4230257
TOP

SECRETh'COMlNT/1~mFORn

OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE
1 December 2010
IG-11229-10
TO: DISTRIBUTION
SUBJECT: (TS//SI//MF) Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business
Records - October 2010 Test Results (ST-10-0004I)
1. f:PS//SI//NF} Background This report summarizes the results of our
October 2010 testing, using the continuous auditing methodology, of NSA's
compliance with the Foreign Intelligence Surveillance Court (FISC) Order
regarding Business Records (BR). The Office of the Inspector General (OIG) is
using this methodology to fulfill the oversight responsibilities assigned to it in
the FISC BR Order. Specifically, from January to December 2010, we are
conducting monthly tests of NSA's compliance with certain requirements of the
FISC BR Order. Once monthly testing is complete, the OIG will make an overall
assessment of whether the controls that are in place to ensure such compliance
are operating as intended.
2. ('fS//81//NFj Monthly Test Results and Objectives For the month of
October 2010, we found that one weekly dissemination report mistakenly listed
as a serialized dissemination that was not derived from BR metadata. Although
the error did not violate the BR Order, it underscores a weakness in the largely
manual process to track and report BR disseminations that we noted in our
Advisory Report on the Audit of NSA Controls to Comply with the FISC Order
Regarding Business Records, dated 12 May 2010. The error is currently being
corrected.

(U) See pages 5 and 6 for details of October 2010 monthly test results for the
following objectives:
·
['FS//SI/OTF) Access: Were all queries to the BR metadata made by
authorized individuals (i.e., intelligence analysts and data integrity
analysts)?
(U / /FOUO) Reasonable Articulable Suspicion (RAS) Approval of
Queried Selectors: Did all queries use RAS-approved seed selectors?

Derived From: NSAICSS Classification Guide 2-48
Dated: 20090804
Declassifj1 On: 20351115
'f'Ofl Sf:Crte:'f//COMIMi17MOflORN

 REF ID:A4197511

DOCID: 4230257
TOP

~ECReTJ/GOMftffi/tqOi 'OiUrJ

ST-10-00041

•

(U / /FOUO) OGC Review of U.S. Person Selectors: Did OGC verify that
RAS determinations of all queried seed selectors associated with U.S.
persons had not been based solely on activities protected by the First
Amendment to the Constitution?

•

(C//RSLTO USA, FVEY) Chaining: Were all queries chained to no
more than three hops?

•

(U/ fFOUO) Revalidation of Queried Selectors: Were ·an queried foreign
and U.S. person seed selectors revalidated within the Court's
timeframes-one year and 180 days, respectively-and approved by
an authorized Homeland Mission Coordinator?

•

(TS//Sf//NF) Weekly Dissemination Reports: Did NSA accurately and
completely report disseminations of BR metadata outside NSA?

• fFS// Si// NF) Dissemination of Serialized Signals Intelligence (SIGINT)
Reports with BR Metadata: Was all information disseminated through
serialized SIGINT reports approved by the Chief of Information
Sharing Services (S12) or one of the five other authorized individuals?
3. (U / /FOUO) We appreciate the courtesy and cooperation extended to the
auditors throughout the review. If ou need clarification or additional
information, please contac ·
on 963-2988(s) or via e-mail at
:.\:~
on 952-217l(s) or via e-mail at

I

.

.:;;;;::::::>;/

Assistant Inspector Gener
for Intelligence Oversight

TOP 8ECRET//CO:MfNT/flqQf0Rtq
2

 REF ID:A4197511

DOCID: 4230257

'f0l3 S'e:CitETh'COMIMfNHOFORN

..··

.......

(b)(6)

·::::::<\· . . ·\

cc:
Director
SIG INT Director
D4 (J. DeLong)
GC M. Olsen

>

,;,.~l,~~b

)(3)-P ,L, 86-36

sv
sv4'-----....

Sl
s21r------...............· .·
S2I
,•' /
/ ,.:
Tl
/
T122,___ _ _....
,. .

'
''

'

\

,

T1222

OGCIGa..-P-0-C...-__,__ _,._~
SID IG POC ___________,
TDIGPOC,.__
Dl
D 1,,,___ _ ___,
D13
D14

TOP 8£CRETh'COPv·mffNHOFORNf
3

ST-10-00041

 DOCID: 4230257

REF ID:A4197511
TOP SECR:E'f77'C01vHJ<ffm"10fi'Om

(U) This page intentionally left blank.

TOP SECRET//COMINT//NOFORN
4

ST-10-00041

 DOCID: 4230257

REF ID:A4197511
T'OP SECRffF//COMfNT//tJOFOIUl

ST-10-00041

(U) October 201 O Test Results
("f'f!i// SI//MF) Test results show that NSA complied with the requirements of the
Foreign Intelligence Surveillance Court (FISC) Order regarding Business
Records (BR) between 1 and 31 October 2010, with the exception of accurate
and complete weekly dissemination reports. The ratings are defined on the last
page of this report.
Area

Test Results

1. Access

Scope Limitations

Rating

None

None

·. . '':

)i'.;'l?h~ining

None

·. T.h~E]seed. selectors queried for
foreign intelligence purposes were
appr'bved by authorized Homeland
5. Revalidation of Mission Coordina,to,rs within the Court's
queried selectors
tlmeframes. TheLJseed selectors that
were not RAS aP.Doved were queried
for datci rerfy
or were "ident
lookups"

None

,

~om_piiant

(TSt/Slh~i!f') "I dent lookup" refers to querying a selector using
todctcrm:ii're. the.. ....
(fi}(3)-P .L. 86-36
approval status. In such cases, the Emphatic Access Restriction contro s prevent c mining of a selector that
is not marked as approved for querying and return an error message lo the analyst. There is no violation of
the BR Order because the selector was not actually chained.
2

H

TOP £eGRBT//GOMHJT/MOFQR}t
5

..

 DOCID:

REF ID:A4197511

4.230257
TOP
Area

SECRET//COM:EHT//t~OFOR:N

Scope Limitations

Test Results

6. Weekly
dissemination
reports (WDRs)

We limited testing to
serialized Signals
Intelligence (SIGINT)
reports because
briefings, litigation,
arid ot~er Wpes of
d1ssemmat1on were
not easily testable
using the continuous
auditing methodology.

7. Dissemination
of serialized
SIGINT reports
with BR metadata

We limited testing to
serialized SIGINT
reports because
briefings, litigation,
and other types of
dissemination were
not easily testable
using the continuous
auditing methodology.

..... ·I
/

................

.......... ···
.·:.··
.•

(b)(1)

(b)(3)-P.L. 86-36

TOP SECRBT//COMHH//J>l"OfORJil"
6

ST-10-00041

Rating

 REF ID:A4197511

DOCID: 4230257
TO'P

~f:CRB'fh'COMINTm~oFORH

ST-I 0-00041

(U) Rating System
Description

Rating

A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control weaknesses
prevented us from testing the entire universe, as
explained in the scope limitations.

;,:·¢.<>mil1ia6t~;with·•······

· ':s~.C>l?e'li'1'!it~~i<>l1~,·

A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.

TOP

SECRET//COMI~ff//JH0¥017.dN

7

 REF ID:A4197511

DOCID: 4230257

'fOP SECRE'f//COM"IH'f/J'T:q=OFORlq=

OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
.CENTRAL SECURITY SERVICE
1 December 2010
IG-11229-10
TO: DISTRIBUTION
SUBJECT: (TS//SI//NF) Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business
Records - October 2010 Test Results (ST-10-0004I)
1. (TS// SI/ OTF) Background This report summarizes the results of our
October 2010 testing, using the continuous auditing methodology, of NSA's
compliance with the Foreign Intelligence Surveillance Court (FISC) Order
regarding Business Records (BR). The Office of the Inspector General (OIG) is
using this methodology to fulfill the oversight responsibilities assigned to it in
the FISC BR Order. Specifically, from January to December 2010, we are
conducting monthly tests of NSA's compliance with certain requirements of the
FISC BR Order. Once monthly testing is complete, the OIG will make an overall
assessment of whether the controls that are in place to ensure such compliance
are operating as intended.
2. (TS// SI//Mfi') Monthly Test Results and Objectives For the month of
October 2010, we found that one weekly dissemination report mistakenly listed
as a serialized dissemination that was not derived from BR metadata. Although
the error did not violate the BR Order, it underscores a weakness in the largely
manual process to track and report BR disseminations that we noted in our
Advisory Report on the Audit of NSA Controls to Comply with the FISC Order
Regarding Business Records, dated 12 May 2010. The error is currently being
corrected.
(U) See pages 5 and 6 for details of October 2010 monthly test results for the
following objectives:
!TS//SI//NF) Access: Were all queries to the BR metadata made by
authorized individuals (i.e., intelligence analysts and data integrity
analysts)?
(U / /FOUO) Reasonable Articulable Suspicion {RAS) Approval of
Queried Selectors: Did all queries use RAS-approved seed selectors?

Derived From: NSA/CSS Classification Guide 2-48
Dated: 20090804
Declassifj; On: 20351115
TOP 8ECRET//COMIN"'f/J'T:q=Ofi'OttNf
1

 REF ID: A41:97511

DOCID: 4230257

TOP SECRET//COf\iHN1'//P<IOFORN

ST-10-00041

•

(U / / FOUO) OGC Review of U.S. Person Selectors: Did OGC verify that
RAS determinations of all queried seed selectors associated with U.S.
persons had not been based solely on activities protected by the First
Amendment to the Constitution?

•

(Cl/REL 'fO USA, rVEY) Chaining: Were all queries chained to no
more than three hops?

•

(U / f FOUO) Revalidation of Queried Selectors: Were all queried foreign
and U.S. person seed selectors revalidated within the Court's
timeframes-one year and 180 days, respectively-and approved by
an authorized Homeland Mission Coordinator?

•

('fS//Sf//NF) Weekly Dissemination Reports: Did NSA accurately and
completely report disseminations of BR metadata outside NSA?

•

('fS//Of//NF) Dissemination of Serialized Signals Intelligence (SIGINT)

Reports with BR Metadata: Was all information disseminated through
serialized SIGINT reports approved by the Chief of Information
Sharing Services (S12) or one of the five other authorized individuals?

3. (U / fFOU~ We appreciate the courtesy and cooperation extended to the
auditors throughout the review. If ou need clarification or additional
information, please contac
on._963-2988(s) or via e-mail at
-.9.-52--....217f(s)·or_via e-mail at

I

l·o.--....._......____-.o_n-..

I.

1.....
~

·· .. ······ .... ··· .... "·· ............ ..
...........................

. ··.

·.

.. · .
...... :: ;: ;~~:..............

____,,,_

__[

Assistant Inspector General
for Intelligence Oversight

'IOP

~eGRE'F//CHMfNT//N'Ofi'OltNf

2

. . ·· ... ·:"":"'~;::'ii;;!,...(b)(3)-P.L. 86-36

 REF ID:A4197511

DOCID: 4230257
TOJ?

g:gGRJ;T//CO:MilffN:HOFOl\1~

_________

DISTRIBUTION:
D21 ..._
SV42..,....__ __

__.

812..__~--'-"'---"----.

1-----------i..;._ _.. ,

S2I4
T122 Technical Director

J?._<?.JI

I

...····"

....
(b)(6)

cc:
Director
SIGINT Director
D4 (J. DeLong)
GC M. Olsen

sv,_____...._

____

SV,.;.4.___ _ ___._,
Sl
/ . . .·.·
.....
S2
:
,.
S2I .,___ _...&..,
... :
,:
/
:
:
T12 a...------'.....
,/
:'
T122
'

'

I

T1222~==="·

OGC I
SID IG
IG POC,...._
POC _ _ _ _ _ __,__ _,
TD
Dl
D 12.....__ _ ___.
D13
D14

TOP

SECRETHCOMHfff/~¢0FOffi¢

3

ST-10-00041

 DOCID: 4230257

REF ID:A4197511
TOP SECRET//COM.flffNHOFOitM

(U) This page intentionally left blank.

TOP

SECRBTHCOMH'if'fh~¢0F0ffi¢

4

ST-10-00041

 REF ID:A4197511

DOCID: 4230257
TOP

SECRETi'/COMfNTh~fOFOKN

ST-10-0004 I

(U) October 201 O Test Results
('PS// SI/f PfF) Test results show that NSA complied with the requirements of the
Foreign Intelligence Surveillance Court (FISC) Order regarding Business
Records (BR) between 1 and 31 October 2010, with the exception of accurate
and complete weekly dissemination reports. The ratings are defined on the last
page of this report.
Area

Test Results

1. Access

Scope Limitations

Rating

None

None

5. Revalidation of
queried selectors
'(b)(1)....
·
·

Thl!i0seed selectors queried for
foreign. intelligence purposes were
c;ipproved by.. authorized Homeland
Mission Coordin~s within the Court's
timeframes: ThEt_Jseed selectors Jhat
were not RAS af5ved were queried
for data. rerity
or were "ident
lookups'"

;':.·',,·... ···.

None

'".'

.

dofuplitlnt

(b)(3J~P~L 86~3..___ _ _ __ _ , ' - - - - - " ' = - - - - - - - - - ' - - - - - - - - . L - - - - - - - '
(b)(3)~5QUSC 3024(i)
~,(-T~S~//~s~u~44_F_);::::============:__~~~~~~~~~~~~~~~~~~~~~~

2

(T5//Sl//NF) "!dent lookup" refers to querying a selector using
to·detcrmific'thcH H nH(b)(3)-P.L. 86-36
approval status. In such cases, the Emphatic Access Restriction contro s prevent c aining of a setector that
is not marked as approved for querying and return an error message lo the analyst. There is no violation of
the BR Order because the selector was not actually chained.
m

TOP £BCRET/ICOMI}-fft/JH0¥0RN
5

 REF ID:A4197511

DOCID: 4230257

TOP SECRET//COMfNTNHOFOR:N
Scope Limitations

Test Results

Area

6. Weekly
dissemination
reports (WDRs)

We limited testing to
serialized Signals
Intelligence (SIGINT)
reports because
briefings, litigation,
and other types of
dissemination were
not easily testable
usin9 the continuous
auditing methodology.

7. Dissemination
of serialized
SIGINT reports
with BR metadata

We limited testing to
serialized SIGINT
reports because
briefings, litigation,
and other types of
dissemination were
not easily testable
using the continuous
auditing methodology.

/.]

·<····
(b)(1)
(b)(3)-P.L. 86-36

,::>'

TOP

S!JI!:CRJITh'COMHJTh~~OFORN

6

ST-10-00041
Rating

 DOC ID:

4.23025 7

REF ID:A4197511
TOP SECRETHCOMH'fFN?ifOFORN

ST-10-00041

(U) Rating System
Description
A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control weaknesses
prevented us from testing the entire universe, as
explained in the scope limitations.
A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.

TOP SECRETHCOMHffh'l'ifOFORlif
7

Rating

 DOCID: 4230258

REF ID:A4197513
TO-.P SECREF15'Cf>lr1INF;5'NOFOR1V

NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE
Further dissemination of this report outside NSA Is
PROHIBITEP without the approval of the Inspector

General.

(TSHSlh'NF) Audit of NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records
November 2010 Test Results
(ST-10-0004J)
20 December 2010

pproved for Release by NSA on 08-06-2015.
OIA Case #80120 liti ation

DERIVED FROM: NSA/CSS Manual 1-52
DATED: 08 January 2007
DECLASSIFY ON: 20320108

Tf>:P 8ECREF15'COM1I<l'ftl7'1if0F17R1'9

 DOCID:

REF :ID:A4197513

4230258
TO:P

S£CRE'fh'CCM~rgpQ1fN

(U) NSA OFFICE OF THE INSPECTOR GENERAL
(U) The NSA Office of the Inspector General (OIG) conducts audits, investigations, inspections, and special
studies. Its mission is to ensure the integrity, efficiency, and effectiveness ofNSA operations, provide
intelligence oversight, protect against fraud, waste, and mismanagement of resources, and ensure that NSA
activities are conducted in compliance with the law. The OIG also serves as an ombudsman, assisting Agency
employees, civilian and military, with complaints and questions.

(U) Intelligence Oversight
(U) The OIG Office oflntelligence Oversight reviews NSA's most sensitive and high-risk programs for
compliance with the law.

(U) Audits
(U) The OIG Office of Audits within the OIG provides independent assessments of programs and organizations.
Performance audits evaluate the effectiveness and efficiency of entities and programs and assess whether NSA
operations comply with federal policies. Information Technology audits determine whether IT solutions meet
customer requirements, while conforming to information assurance standards. All audits are conducted in
accordance with standards established by the Comptroller General of the United States.

(U) Investigations and Special Inquiries
(U) The OIG Office oflnvestigations administers a system for receiving and acting on requests for assistance
and complaints about fraud, waste, and mismanagement. Investigations and special inquiries may be
undertaken as a result of such requests and complaints (including anonymous tips), at the request of
management, as the result of questions that surface during inspections and audits, or at the initiative of the
Inspector General.

(U) Field Inspections
(U) The Office of Field Inspections conducts site reviews as part of the OIG's annual plan or by management
request. Inspections yield accurate, up-to-date information on the effectiveness and efficiency of field
operations and suppo11 programs, along with an assessment of compliance with federal policy. The Office
partners with Inspectors General of Service Cryptologic Components and other Intelligence Community
Agencies to conduct joint inspections of consolidated cryptologic facilities.

UJP SEGRE7WC9MlN'EW1lf>POR:N

 DOCID: 4230258

REF ID:A4197513
TfJ:P S£CREf'/JCOMiiVT1l!v'()Ji'ftRJv

1OP SE CR1!1/lCtJM1lff!IJ.YO'P8RN

 REF ID:A4197513

DOCID: 4230258

I OP SECR'.Eil7'COMII<fT//MOf!OttN.

OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENTRAL SECURlTY SERVICE
20 December 2010
IG-11238-10
TO: DISTRIBUTION
SUBJECT: (TS//81/f~JF) Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business
Records - November 2010 Test Results (ST-10-0004J)
1. ('f:S// 81// NF) Background This report summarizes the results of our
November 2010 testing, using the continuous auditing methodology, of NSA's
compliance with the Foreign Intelligence Surveillance Court (FISC) Order ·
regarding Business Records (BR). The Office of the Inspector General (OIG) is
using this methodology to fulfill the oversight responsibilities assigned to it in
the FISC BR Order. Specifically, from January to December 2010, we are
conducting monthly tests of NSA's compliance with certain requirements of the
FISC BR Order. Once monthly testing is complete, the OIG will make an overall
assessment of whether the controls that are in place to ensure such compliance
are operating as intended.
2. ('fS/f Sif/nF) Monthly Test Results and Objectives We found no
instances of non-compliance with the BR Order for six of the seven objectives
tested in November 2010. We did not test the seventh objective-compliance
with weekly dissemination reporting requirements-because the new BR Order
[BR 10-70, signed 29 October 2010] changed the weekly dissemination
reporting requirement to a monthly reporting requirement. Because the first
report covers the period 9 October to 19 November 2010, not the entire month
of testing, we can only conclude that from 1 to 19 November 2010, NSA was in
full compliance with the BR Order regarding the accurate and complete
reporting of serialized dissemination of BR FISA metadata.

(U) See page 5 for details of November 2010 monthly test results for the
following objectives:
(TS//81//JltFl Access: Were all queries to the BR metadata made by
authorized individuals (i.e., intelligence analysts and data integrity
analysts)?
(U / /FOUO) Reasonable Articulable Suspicion {RAS) Approval of
Queried Selectors: Did all queries use RAS-approved seed selectors?

Derived From: NSAICSS Classification Guide 2-48
Dated: 20090804
Declassifj1 On: 20351214
TOP

SECRET//COMH'ff//~~OFORN

I

 REF :ID: A41:97 513

DOCID: 4230258

'fOP SECR:E1YtCOMIN'f17N01i'OttM
•

ST-10-0004J

(U / /FOU9) OGG Review of U.S. Person Selectors: Did OGC verify that
RAS determinations of all queried seed selectors associated with U.R
persons had not been based solely on activities protected by the First
Amendment to the Constitution?

• · (C//REL 'fO U:SA, F'VEYJ Chaining: Were all queries chained to no
more than three hops?
•

(U / /FOUO) Revalidation of Queried Selectors: Were all queried foreign.
and U.S. person seed selectors revalidated within the Court's
timeframes-one year and 180 days, respectively-and approved by
an authorized Homeland Mission Coordinator?

•

('FS//SI//'NF) Weekly Dissemination Reports: Did NSA accurately and
completely report di~seminations of BR metadata outside NSA?

•

f.FS//SI//MF) Dissemination of Serialized Signals Intelligence (SIGINT)
Reports with BR Metadata: Was all information disseminated through
serialized SIGINT reports approved by the Chief of Information
Sharing Services (S 12) or one of the five other authorized individuals?

3. (U/ /FOUO) We appreciate the courtesy and cooperation extended to the
auditors throughout the review. If ou need clarification or additional
information, please contaqt
on 963-2988(s) or via e-mail.at
------~~~--~~__.
l
. .::)r~f.
on 952-2171(s) or via e-mail at

(6~:;:::::::6
Assistant Inspector General
for Intelligence Oversight

TOP

SECRBTh'CO:Mfl'fl'/R~OFORN

2

 REF ID:A4197513

DOCID: 4230258

'f'OP SECRE'f'//COl'vfIN'fh'MOFOKN

___________

D ISTRIB UTIO N:
D21 ..._
sv42;;.." - - - - - - - 1
812

__,

~i~~i..-T-ec_h_n-ic_a_l'"""D-ir......ec-t-or---..P.oJj
I
______.
........

(b)(6)

..........

<:::: ..
···· ...

·.:· ..

··

cc:
Director
SIGINT Director
D4 (J. DeLong)
GC M. Olsen

. ·· ..:::.:::::::::··..

"

sv,_____....,

SV4
s 1,....__ _ __....,

:::·· / .· ·
...... . . i

821------~·

.......

m. .

2""____:_-_-_-_._.........

/./

_/,///

://

.·· •·

T1222...______.__ _ _ ,...
,. ,.
,_._
_
_
_
_,..;..a.
_
_
_
_
_
,.__,
OGC IG POC
,...
.
SID
IG
POC
TDIGPOC,..______..______....,.___.
Dl
Dl.._2_ _ _ __.

D13
D14

'fOP SECKE'fHCOMINThr;HOFORN
3

ST-10-0004J

 REF ID:A4197513

DOCID: 4230258
TOP

SECRET//COfvffHTi1~~0FOftM

(U) Th.is page intentionally left blank.

TOP gBCRET//COMINT//NOFOKN
4

ST-10-0004J

 REF ID:A4197513

DOCID: 4230258

"POf> SECiti!"Pf7'COivHH"Pmr;rofi'OftM

ST-10-0004J

(U) November 2010 Test Results
(TS// BI// MF) Test results show that NSA complied with the requirements of the
Foreign Intelligence Surveillance Court (FISC) Order regarding Business
Records (BR) between 1 and 30 November 2010. The ratings are defined on the
last page of this report.
Test Results

Area
1. Access

6. weekly
dissemination
reports (Wl;)Rs)

Scope Limitations

Authorized ;·ndividuals made all
Chainl
:
I rom

I

·....

... .

·..

Rating

None

WDRs are no longer a requirement of the BR Order; therefore, this is no longer
a testable objective.

7. Dissemination
·1
of serialized
SIGINT reports
_
with BR metadata 1- - - - - - - - - - - -

We limited testing to
serialized SIGINT reports
because briefings,
litigation, and other types
of aissemination were not
easily testable using the
continuous auditing
methodology.

.• c.· ...· o.··.·.m.p'.lia. . nt.·.;

ff'D//Ol//HF)

{b)(1J ············ ············ ,

~~~~~~~=~L~:~~~~4J,j~~(rtis!t:t//~sit:tJ;q4>~1F:tJ)IL_____________________

I

J...,l

(TS//SIN4>tf) "ldent lookup" refers to querying a selector using I.
ho determine the
approval status. In such cases, the Emphatic Access Restriction controls prevent chah1ing ofa selector that
is not marked as approved for querying and return an error message lo the analyst. There is no violation of
the BR Order because the selector was not actually chained.
2

TOP

SECRETHCOMHH//~mForu;r

5

(b)(3)-P.L. 86-36

 REF ID:A4197513

DOCID: 4230258

'f'Ofl Sl':CU'fh'COMIH'fh'MOF'OttM

ST-10-00041

(U) Rating System
Description

Rating

A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control weaknesses
prevented us from testing the entire universe, as
explained in the scope limitations.

'\'.·. ?<\~~·\:.}'·-.; .. ,."'',,' :,·. ;·:·-'.:-;·'

,·:-..:.:< _., . "'..''-~.·:-:- -<;.·:};:

;~~;i~~ii~it~tJW~:>

A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.

TOP

SBCRBTkC~HNT//~mPORN

6

 REF ID:A4197515

DOCID: 4230259

NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE
Further dissemination of this report outside NSA Is
PBOWB/TED without the approval of the Inspector

General.

INSPECTOR GENERAL REPORT
(TSHSIHNF) Audit of NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records
December 2010 Test Results
(ST -10-0004K)
12 January 2011

pproved for Release by NSA on 08-06-2015.
OIA Case #80120 liti ation

Derived From: NSAICSS Class((ication Manual 1-52
Dated: 20090804
Declassify On: 20360/06

'fOP S'ECRE 'f7'7'COMINf17'NOFO-Rl1l

 DOCID: 4230259

JREF ID:A4197515
'fOP SECR£1i5'€0lvf.FNT;]'P•IOFO&V

(U) NSA OFFICE OF THE INSPECTOR GENERAL
(U) The NSA Office of the Inspector General (OIG) conducts audits, investigations, inspections, and special
studies. Its mission is to ensure the integrity, efficiency, and effectiveness ofNSA operations, provide
intelligence oversight, protect against fraud, waste, and mismanagement of resources, and ensure that NSA
activities are conducted in'compliance with the law. The OIG also serves as an ombudsman, assisting Agency
employees, civilian and military, with complaints and questions.

(U) Intelligence Oversight
(U) The OIG Office oflntelligence Oversight reviews NSA's most sensitive and high-risk programs for
compliance with the law.

(U) Audits
(U) The OIG Office of Audits within the OIG provides independent assessments of programs and organizations.
Performance audits evaluate the effectiveness and efficiency of entities and programs and assess whether NSA
operations comply with federal policies. Information Technology audits determine whether IT solutions meet
customer requirements, while conforming to information assurance standards. All audits are conducted in
accordance with standards established by the Comptroller General of the United States.

(U) Investigations and Special Inquiries
(U) The OIG Office oflnvestigations administers a system for receiving and acting on requests for assistance
and complaints about fraud, waste, and mismanagement. Investigations and special inquiries may be
undertaken as a result of such requests and complaints (including anonymous tips), at the request of
management, as the result of questions that surface during inspections and audits, or at the initiative of the
Inspector General.

(U) Field Inspections
(U) The Office of Field Inspections conducts site reviews as part of the OIG's annual plan or by management
request. Inspections yield accurate, up-to-date information on the effectiveness and efficiency of field
operations and support programs, along with an assessment of compliance with federal policy. The Office
partners with Inspectors General of Service Cryptologic Components and other Intelligence Community
Agencies to conduct joint inspections of consolidated cryptologic facilities.

T(}P 811CR:Efl7'CftM1i"ff'1tlNtJ1i'ttlJ.1 rf

 REF J:D:A4197515

DOCID: 4230259

TOP SECRE'i'?YCOMIN'f//MO'.POitl"I
OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURTIY AGENCY
CENTRAL SECURITY SERVICE

12 January 2011
IG-11243-11
TO: DISTRIBUTION
SUBJECT: (TS//81//MF) Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business
Records - December 2010 Test Results (ST-10-0004K)
1. (T~// ~I//MF) Background This report summarizes the results of our
December 2010 testing, using the continuous auditing methodology, of NSA's
compliance with the Foreign Intelligence Surveillance Court (FISC) Order
regarding Business Records (BR). The Office of the Inspector General (OIG) is
using this methodology to fulfill the oversight responsibilities assigned to it in
the FISC BR Order. Specifically, from January to December 2010, we are
conducting monthly tests of NSA's compliance with certain requirements of the
FISC BR Order. Once monthly testing is complete, the OIG will make an overall
assessment of whether the controls that are in place to ensure such compliance
are operating as intended.
2. ('fS/ f GI/ /Pl"F) Monthly Test Results and Objectives We found no
instances of non-compliance with the BR Order for six of the seven objectives
tested in December 2010. We did not test the seventh objective-compliance
with weekly dissemination reporting requirements-because the new BR Order
[BR 10-70, signed 29 October 2010] changed the weekly dissemination
reporting requirement to a monthly reporting requirement. Because the report
covers the period 20 November to 17 December 2010, not the entire month of
testing, we can only conclude that from 1 to 17 December 2010, NSA was in full
compliance with the BR Order regarding the accurate and complete reporting of
serialized dissemination of BR FISA metadata.
(U) See page 5 for details of December 2010 monthly test results for the
following objectives:
('f~// ~I// Mff) Access: Were all queries to the BR metadata made by
authorized individuals (i.e., intelligence analysts and data integrity
analysts)?

(U / /FOUO) Reasonable Articulable Suspicion (RAS) Approval of
Queried Selectors: Did all queries use RAS-approved seed selectors?

Derived From: NSA/CSS Classification Guide 2-48
Dated: 20090804
Declassify On: 20360106
TOP SECRETHCHMINT//NUFORN
1

 REF ID:A4197515

DOCID: 4230259

iOl' 5t:i;CIU!i//COMmi/J'.MOFOitM

ST-10-0004K

• · (U / /F'OUO) OGC Review of U.S. Person Selectors: Did OGC verify that
RAS determinations of all queried seed selectors associated with U.S.
persons had not been based solely on activities proteeted by the First
Amendment to the Constitution?

an queries chained to no

•

(O//REL 'PO USA, F'VEY) Chaining: Were
more than three hops?

•

(U / /F'OUO) Revalidation of Queried Selectors: Were all queried foreign
and U.S. person seed selectors revalidated within the Court's
timeframes-one year and 180 days, respectively-and approved by
an authorized Homeland Mission Coordinator?

•

(TS//SI/fNF) Weekly Dissemination Reports: Did NSA accurately and
completely report disseminations of BR metadata outside NSA?

• . (TS//OI//NF) Dissemination of Serialized Signals Intelligence (SIGINT)
Reports with BR Metadata: Was all information disseminated through
serialized SIGINT reports approved by the Chief of Information
Sharing Services (S12) or one of the five other authorized individuals?

3. · (U / /FOUO) We appreciate the courtesy and cooperation extended to the
auditors throughout the review. If you .need clarification or additional
information, please contact!
Ion 9()3-2988(s) or via e-mail at
.I orJ
Ion 952-217l(s) or via e-mail at

"

'

.1

.;;:;;;.>"'

,,~3j:P:i:;

86'36 ···

I
As....s'""'i_s.,..tan_t,........
In_s_p_e_c..,.t-or-...G,...e_n_e_r_aI_...
for Intelligence Oversight

TOP SBCRET/ICOMilff//NOPORH
2

 DOCID: 4230259

REF ID:A4197515
TOP SECRE'FNCO:tvHMfh':MOFOR:H

DISTRIBUTION:
D21

SV42---~---~-~--'

S12
S2I4r..--~------------.
T 12 2"""T"""e'"""ch:-n-:i'"""ca"""'l"""'D"""'i,.....re-c-to'"""r......_ __,....._____,·....

I

_J?g.J.f
·····

(b)(6)

..... ·..

cc:
Director
SIGINT Director
D4 (J. DeLong)
GC M. Olsen
sv
SV4_ _ _ _..__,_

·····.. :"-..
·...... .

·."

·.

Sl
S2,....__ _ _ _..,,._ ·.·.·.·.·...
..... ·· .. ···
/ !
S2I
..... ..·" ..· /
T 12·1..-----''-i
......
... ··
Tl 2""'2....,__ __....., ....
T122.,._2r-----....
//
OGC IG Poe_ _ _ _........,··_
.. - - - - - SID
IG
POC
TD IG POC,...__ __..,.._ _ __,_...._.....
I

:

Dl
D 1,.,___ _ ____,
D13
D14

'f'Ofl

SECR:E'f//COMINT//NOFORJ~

3

ST-10-0004K

 REF ID:A4197.515

DOCID: 4230259
TOP

5E:Cturt'i/COivHM'fh'N'OFOitl~

(U) This page intentionally left blank.

TOP

8ECRET//COMHff//NUFOitl~

4

ST-10-0004K

 REF ID:A4197515

DOCID: 4230259

'fOP SECRE'f//COtvffiffNHOFORU

ST-10-0004K

(U) December 2010 Test Results
t'fS//SI//NF) Test results show that NSA complied with the requirements of the
Foreign Intelligence Surveillance Court (FISC) Order regarding Business
Records (BR) between 1 and 31 December 2010. The ratings are defined on the
last page of this report.
Test Results

Area

Scope Limitations

Rating

1. Access

t

3 ...
o.f.·:::< ..... ·· ··r·····h···e·
~~~~ seed selectors ........:·~~\\
.Cfoheral·:Cc>unse( ...... ·
.·
'·."'-\'
· (OGC).... ·
f ... quene m
lwerehhOh ....... h N··::'l
.····::::::: ·U<S<p~~~~;. .......o .. · reviewed y
or First
.
··· ·-_y'\%)(3)-P.L. 86-36
. ··:>··-..-::: :::setei:Ctors
Amendment concerns, as required.
·:/

office.

w

Qu

... •· ..• -:· .. ···i-..···.....··;;.."··------1------------_,.;.~----------i.;;;.;~~~~

~i::i!;,i (;:'.: > ~ Ch8i0i~!i

$:E::~:!ore man ,~~::

None

~~n!·~~~'.:t::::ss~s·_t=-..,,,,:::-"""--==---+-h-op_s_f_ro_m_th_e_s_ee_d_s_e_1e_c_to_r._ _--1r-----------1b7~~~+1
..

· ·rrre·Qeed selectors queried for
..foreign intelligence purposes were
approved··bY.. authorized Homeland
5. Revalidation of Mission Coordinator§ w'l1t
· the
queried selectors
Court's timeframes. The seed
selectors that were not
approved were queried for data
integrity purposes.

None

6. Weekly
dissemination
reports (VV_DRs)
We limited testing to
serialized SIGINT reports
because briefings,
litigation, and ofher types
of dissemination were not
easily testable using the
continuous auditing
methodology.

7. Dis semi nation ·
of serialized
SIGINT reports
with BR metadata

I

(TS//Slh"l'W)

c. o. mpliant

.I

I

./ :::.:··1
TOP SECRET//COMINT//flfOFORllf

5

....

·:.-···

.....·

(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

 REF ID:A4197515

DOCID: 4230259
TOP

SECRET//COMUH//~~OFORH

ST- I 0-0004 K

(U) Rating System
Description

Rating

A rating of green indicates that no instances of
non-compliance with the BR Order were identified during
testing. Any noted scope limitations were related to the
application of the continuous auditing methodology, not
known control weaknesses.
A rating of yellow indicates that although no instances of
non-compliance were identified, control weaknesses
prevented us from testing the entire universe, as
explained in the scope limitations.

i--------------------__..,.''';.:_, . ·-,·i:'°:'.'::.<,,;.;"':)'··.-·.. _·..
A rating of red indicates that one or more instances of
non-compliance with the BR Order were identified during
testing.

"f'Ofl SECU'f77'COMIMf//tq0f OR:H
6

 REF ID:A4197515

DOCID: 4230259
TO·P

8ECRETA 1CO·lrfl1VT1~'!1ilOFORl<l

TOP 8£CltEfJ'J'COMlNT1?1YfJJ?ttlhV-

 DOCID:

42302 60
1

REF ID:A4177257

NATIONAL SECURITY AGENCY/CENTRAL SECURITY
SERVICE
Further dissemination of this report outside NSA is
PROHIBITED without the approval of the Inspector

General.

(TSl/Sll/NF) Audit Report on NSA Controls to Comply
with the Foreign Intelligence Surveillance Court Order
Regarding Business Records
ST-10-0004L
25 May 2011
~pproved

for Release by NSA on 08-06-2015.
=-01A Case #80120 (litiaation)
TOP SPClJ.ETl/CQJl{JNT,~tp.l{)FORl'f

DERIVED FROM: NSA/CSS Manual 1-52
DATED: 08 January 2007
DECLASSIFY ON: 20320108

 DOCID: 4230260

REF ID:A4177257
roP ,f)ECttEf'tlCO-!rilN'IWArOPOR::l'l

(U) NSA OFFICE OF.THE INSPECTOR GENERAL
(U) The NSA Office of the Inspector General (OIG) conducts audits, investigations, inspections, and special
studies. Its mission is to ensure the integrity, efficiency, and effectiveness ofNSA operations, provide
intelligence oversight, protect against fraud, waste, and mismanagement of resources, and ensure that NSA
activities are conducted in compliance with the law. The OIG also serves as an ombudsman, assisting Agency
employees, civilian and militruy, with complaints ru1d questions.

(U) Intelligence Oversight
(U) The OIG Office oflntelligence Oversight reviews NSA's most sensitive ru1d high-risk progrruns for
compliance with the law.

(U) Audits
(U) The OIG Office of Audits within the OIG provides independent assessments of programs and organizations.
Performance audits evaluate the effectiveness ru1d efficiency of entities and programs and assess whether NSA
operations comply with federal policies. Information Technology audits determine whether IT solutions meet
customer requirements, while conforming to information assurance standards. All audits are conducted in
accordance with standards established by the Comptroller General of the United States.

(U) Investigations and Special Inquiries
(U) The OIG Office oflnvestigations administers a system for receiving and acting on requests for assistru1ce
and complaints about fraud, waste, and mismrurngemen t. Investigations and special inquiries may be
unde1tal<en as a result of such requests ru1d complaints (including anonymous tips), at the request of
management, as the result of questions that surface during inspections and audits, or at the initiative of the
Inspector General.

(U) Field Inspections
(U) The Office of Field Inspections conducts site reviews as pmt of the OIG's annual plan or by management
request. Inspections yield accurate, up-to-date information on the effectiveness m1d efficiency of field
operations and supp01t programs, along with an assessment of compliance with federal policy. The Office
pmtners with Inspectors General of Service C1yptologic Components and other Intelligence Community
Agencies to conduct joint inspections of consolidated c1yptologic facilities.

TOP SECRET,«COAlllVT4A':OFOB1¥

 DOCID: 4230260

OFEICEOF THE INSPECTOR GENERAL .
. NATIONALSECURITY AGENCY .
CENTllA.L SECUR1TYSEi[lVICE
25 May2011
IG-11287'."11

TO: DISTRIBUTION
{TQ//81//l'~fi') SUBJECT: Audit Report on NSAControlsto Comply with the

Foreign Intelligence Surveillance Court Order Regarding Business Records
(ST-10-00Q4L) -ACTION 1VIEMQRA,NDl11\t1
..

l. (J'S//BI/ /i)IJ1) This report summarizes :the results of our yearlong review
of NSA Controls to Cor:nply with the Foreign Intelligence Surveillance Court Order
Regarding Business Records. Although we d~termined that the querying and
dissemip.ation c()ntrols we tested were adequate to provide n~asqnable a,ssµrance
of compliance with the terms qf the Order, two recommendations.were made :to
strengthen the existing controiframework. . ·. . .
·. .
2. (U//FOUO) As required.byNSA/CSS.Policyl-60,NSA/CSSQf.fice.ofthe ·

Inspector G~n~ral~ action$ on OIQ auc1,it recomm,enda,tions .are subject to

monitoringand follow:-up until completion. Therefore, we askthatyou provide a
written status report con,cerning each planned corrective<w~ti 0 q c::ategorizecl as
·''OPEN." If you •propose that a, recor:nrnenciation. be· considere<iclosed, ·please
provide sufficient information to show that actions have been taken to correct the
deficiency. If a planned action will not be completed by the p:riginal target
completion date, please :,;>tat{';! the reas.on fortbe d('!lay and provide a.revised target
completion date. Status :reports should be senttol
!Assistant
Inspector General for Follow-up, at OPS 2B, Suite 6.24 7, withip. 15 caJ.endar days
after each target completion dat~.
'
f

.(b)(3)-P.L. 86-36

3. (U / /FOUO) We appreciate theH.<::.ourtesyancf~~~peration extended to the
.auditors throughout ther.:~view;··F6radditional information, please dmtact

I

lon963-0922(s) or via e-mail atl

/(~~
George Ellard
Inspector General

TOP SECREn~tCOMIHTWHOPDRi"r.'

I

 DOCID:

REF ID:A4177257

42302·60

1VP SEcRBl 1iCOivfiih 1;H&l ORfl

ST-I 0-0004L

(U) DISTRIBUTION:
DIRNSA
DOC (J. DeLong)
SID (T. Shea)
TD (L. Anderson)
OGC (M. Olsen)

cc:
OGC

STr--.1.~~~---~~~~~~~~---1

sv
SV4w-~~~-------~~---.
SV4,._._~-~-'-'----------S 12

__

S2.--~------~~--

........,
S2I ...._
S2I4
.S309a...-----S3209
S332.-i----...-.,,,......a· .

~)(3)-P.L.

86-36

Tl
Tl......__ _ _ _.....

Tl2
Tl22

D4IG~P,..,.,...,.,,.r-~"'""7""----/"--f---i--t--~;

D4

OG.~C~I-G~P~O~C.,..,...----,

''

'

SIDIG
IGPOC
POC,..,___ _ _ _...,..___...,._____.
TD
DL SIDIGLI
DL TD_REGISTRY
DOJ NSDIL-_ _ _ _ _ _

__.!··/··/·. · · · · · ·

IG
D /,...IG_ _ ___,
Dll

Dll

I

D12

Dl3
Dl4

ror $f!:Ct<:ET'.· COi'vHNT ·: '1¥0{i0Pu.¥

6
(b)( )

 REF ID:A4177257

DOCID: 42302'60

fOf $1!:CRE foCOlviiivT/;Jv'QFORN

ST-I 0-0004L

(U) TABLE OF CONTENTS

(U) EXECUTIVE SUMMARY ......................................................................................... iii

I. {U) BACKGROUND ................................................................................................... 1
II. (U) FINDINGS AND RECOMMENDATIONS ............................................................. 3
(U) FINDING ONE: Querying Controls ...................................................................... 3
(U) FINDING TWO: Dissemination Controls .... ... ...... ............... ... ...... ...... ... ... ... ...... ... 9
Ill. (U) ABBREVIATIONS AND ORGANIZATIONS ...................................................... 15
APPENDIX
APPENDIX
APPENDIX
APPENDIX
AP PEN DIX

A:
B:
C:
D:
E:

(U)
(U)
(U)
(U)
(U)

About the Audit
Summary of Recommendations
Monthly Test Results of Querying Controls
Monthly Test Results of Dissemination Controls
Full Text of Management Responses

TOP 8ECRET:''COMINT:'.}{()FOR1'l

 DOCID:

42302 60
1

REF ID:A4177257
TOP SECRm 1>COivIJJv1 /1JVUr UH.JV

ST- I 0-0004L

(U) This page intentionally left blank.

TOf /5ECl?.ET·: 'C(JivII}lh ~ '}f0F:;OIX1'l
ii

 DOCID:

4.2302'60

REF ID:A4177257
TO? :Sf!:CRE11{-:0JviIN11/NOr ORN
ST-I 0-0004L

(U) EXECUTIVE SUMMARY
(U) OVERVIEW
(TS//81//NF) This report summarizes the results of our audit of National
Security Agency (NSA) controls to comply with the Foreign Intelligence
Surveillance Court Order Regarding Business Records (BR). From January
through December 2010, we conducted monthly tests of NSA compliai1ce with
seven provisions of the BR Order to determine whether controls were in place
and operating as intended. Five of the provisions were related to querying ai1d
two to dissemination.
(b)(3)-P.L. 86-36

(U) HIGHLIGHTS

.

.

(TS//SI/OfF) Querying controls were adequate to provide reasonable '\
assurance of compliance with the five provisions of the Order that we tt~.sted.
NSA's June 2010 rele_c,t.~e.od
I a new selector-tracking applicati~n,
corrected co11:trolweaknesses that we identified in our Pilot Test Report (iG1.J.1545:.:rOr Tests of controls resulted in a low error rate ofl
J
.·········
·· ..... bne error ?..~.<;1.l::r.:r..~.d.heforel
!release; none occurred after. NSA
........................ ma:11ageiiient must remain diligent in monitoring these controls ai1d
... ,,:::::::·::·:"·:··
ensuring that they remain effective.
(b)(3)-P.L. 86-36

('t>RfF:::::::·:::::.
(b)(3)-P.L. 8()::36·· ·· ....

('PS//81//NF) Manual controls over the dissemination of serialized Signals
Intelligence (SIGINT) reports and the compilation of the Weekly
Dissemination Report were inherently risky. However, risks of noncompliance with the two provisions of the Order that we tested were
.....ma:nageable···given·-the . amount·oHnformation. disseminated·I
I
during 2010). Tests of controls revealed no instances of non-compliai1ce. All
···. Oserialized SIG INT reports derived from BR metadata had been approved
by an authorized official and included ·in Weekly Dissemination Reports.
(TS//81//NF) The manual dissemination controls will be increasingly
difficult to mai1age if the amount of information disseminated outside NSA
increases. A recent chai1ge to the BR Order that removes the limit on the
number of analysts authorized to access BR metadata will likely increase
BR-related dissemination if im lemented. As art of a two- hase 1011 to

..,:::.:.::::.:··:::.:::::: ........ ···············
(b)(3)-P.L. 86-36

query BR metadata, the Counterterrorism Production Center (S21) began
training ai1alysts inl
I Recognizing the ai1alytic limitations,
NSA plai1s to seek relief on foreign dissemination tracking requirements
through a motion to amend, which in turn will lessen the compliai1ce
burden ai1d risk in this area.
(U) Management action

(U / /~) The SIG INT Director concurred with the Office of the Inspector
General recommendations. In addition, the Office of the Director of
Compliance, Technology Directorate, and Office of General Counsel
concurred with the recommendations assigned to them as the secondai·y
action officers. The plaimed actions meet the intent of the
recommendations.
TOP SECRET'.('QU,WT 1'N.(),F()ll) T
;;;
1

 DOCID:

42302·60

REF ID:A4177257

TOP SEC'lcET;. COiviiiv·r;iffJ-FOttiv·

ST-! 0-0004L

(U) This page intentionally left blank.

Tt9f ,'5ECRET· :, 'C01vfJl{Tr :. ?iOFOR1'{
iv

 DOCID: 4230260

REF ID:A4177257
TO? 8f!:CREFCO:ivfJNJ;;HOfiDfb.Y
ST-I 0-0004L

I. (U) BACKGROUND

(TSHSIHNF) The Business Records (BR) Order
(T8//81//~LF) Pursuant to a series of Orders issued by the Foreign Intelligence
Surveillance Court (FISC) beginning in May 2006, the National Security Agency
{6)(1}:::::::: ...........
~has been analyzing certain call detail records or telephony metadata from
(b)(°3)~P.L~·gs;36::.:::::... ··L__Jtelecommunications providers. NSA refers to the Orders collectively as the
(b)(3)-SO)JSC 3024(if·· ·······"BR.Order" or "BR FISA."

ffS/J'~~·;;;~;l

The.BROrd(':r provides NSA access to bull( call detail records that
primarily include records of telephol1.~ calls between the United States and
abroad or wholl within the United States···
This collection of
.......
information is not wholly available to NSA through its other foreign intelligence
information collection. It is valuable to NSA analysts tasked with identifying
potential threats to the U.S. homeland and interests abroad because it
enhances analysts' ability to identify, prioritize, and track terrorist operatives
and their support networks in the United States and abroad, primarily using
call chaining analysis techniques.

...,_.,,...~...,.,.~...-~~...,,...

~--,.,.....,,.-.-~....,,.,,,..,...---~--..-...,....

(TSHSINNF) Provisions of the BR Order
(TS// SI// MF) The Order defines a series of requirements that NSA must follow
to protect the privacy rights of U.S. persons (USPs). To access this data, a
designated approval authority must conclude that, because of factual and
practical considerations of everyday life on which reasonable and prudent
persons act, facts give rise to a reasonable articulable suspicion (RAS) that an
..............................identifier-I

I

=~~:~--~~~~~~~~~~~~~~~~~~~~~~~~~~-

(TS//SI//NF) The provisions of the Orders issued for the first 10 months of our
review remained constant. On 29 October 2010, substantial changes were
made to the BR Order to be consistent with the terms of the new Pen Register
Trap and Trace Order issued in July 2010. The most significant changes
related to our review were the elimination of restrictions on the number of
analysts allowed to access the BR metadata and a requirement for monthly
rather than weekly reports of BR-related dissemination. We adjusted our test
procedures for November and December 2010 data to accommodate the
changes that affected our monthly control tests.

(U) Tests of Controls Using Continuous Auditing
(TS//81/0IF) To assess the effectiveness of NSA controls for complying with the
BR Order, the Office of the Inspector General used the continuous auditing
methodology, performing monthly tests of NSA's compliance with select
requirements for 12 months. Continuous auditing is one of many tools used
1

 DOCID: 4230260

REF ID:A4177257

ST-I 0-0004L

within the audit profession to provide reasonable assurance that the control
structure surrounding fill operational environment is suitably designed,
established, and operating as intended. Details on the scope and methodology
we used to test controls are in Appendix A.

TOP 8ECRET~'COMN<fLNOrORN

2

 DOCID: 4230260

REF ID:A4177257

TO!! 8ECRm l!COivfiX11;J·v·o1 ORif

ST-! 0-000f L

II. (U) FINDINGS AND RECOMMENDATIONS

(U) FINDING ONE: Querying Controls

°(Q)(3)-P.L. 86-36

(TSffS)#NFj NSA controls over querying were adequate to provide reasonable
assurance of compliance with the five provisions of the Order that we tested.
Although our Pilot Test Report (IG-111545-0) found an isolated instance of non"-.., compliance for the revalidation of queried selectors, NSA's June 2010 re/ease of
·j
new selector-tracking application, corrected the control weakness. No
additional errors were noted for the queries reviewed since
re/ease .

la

I

(U) Criteria Used to Assess Querying Controls

.... -···

/·I

(b)(3)-P.L. 86-36

(TS//SI//WF) The BR Order includes a series of requirements that limit access
to the metadata and limit the selectors that NSA is authorized to query. We
evaluated against standards of Intemal Control in the Federal Government the
adequacy of controls to ensure compliance with the following BR requirements.
1.

(U //FOUO) RAS Approval of Queried Selectors: All queries for
intelligence analysis purposes must use RAS-approved seed selectors.

2. (U/ /FOUO) Office of General Counsel (OGC) Review of USP Selectors:

OGC must verify that RAS determinations of all seed selectors proposed
for querying associated with USPs are not based solely on activities
protected by the First Amendment to the Constitution.
3.

(U / /FOUO) Revalidation of Queried Selectors: The RAS justifications for
all queried foreign and USP seed selectors must be revalidated within the
Court's periods-one year and 180 days, respectively-and approved by
an authorized Homeland Mission Coordinator.

4. {TS//Si//NF) Access: All queries to BR metadata must be made by
authorized individuals (e.g., intelligence analysts and Data Integrity
Analysts.
5. (C//RJ;];;J,, TO USilA, FV:lii:Y) Chaining: All queries must be constrained to
chains of no more than three hops.
(U / / FOUO) We tested the effectiveness of these controls monthly from January
through December 2010.

(TSHSIHNF) Databases, Applications, and Controls to Manage the
Querying of BR Metadata
(TS/f SI//PfF) The following describes the various databases, applications, and
controls that were in place to manage querying of BR metadata.

TO? 3ECRET''C(Jld1NT' '}olQF:.OR::N
3

 REF ID:A4177257

DOCID: 4230260

TOP SECREL'C'OMINJ;;JVOi'OR:N

/(~)(1)
/ (b)(~)-P.L. 86-36
/ (b)(lk50 use 3024(i)

ST- I 0-0004L

(TS/7'Sll/A.'F) Storing BR Metadata
'

fb)(3)-P..L.,.~ 86-36

""

......Cf.S/../.SI/O+F)I
I NSA's corporate contact chaining" system,··:st~res
metadata from multi le sources and stores BR metadata 1in a se arate<: hysical

·····················.

and sortih functions and ·-. .

'm~

... ....,

I

I

/CH /./..1\TTOl.1

..... ·· ........ i"I

................................... , ....... .
··········

"('bl(1)·· .. ··.
(b)(3)-P .L: 86;;35 ...
(b)(3)-50 USC 3024(i)

(TS/.1811/Mt::) Tracking Selectors and Controls over Querying BR Metadata
(TS/JSI/OfF) The BR FISA Database was used until 25 June 2010 to track the
approvals of selectors and supporting documentation for RAS justifications.

ffS;'/Sf//NF) In February 2009, NSA implemented the Emphatic Accesi~b)( 3 )-P.L. 86 -36
Restriction (EAR), a software-restrictive measure written into I
I' \
middleware. At that time, the EAR used data contained in the BR FISA ·
Database to prevent querying of non-RAS-approved selectors inl
'I and
to limit the number of hops. However, as noted in our Pilot Test Report,
limitations of the BR FISA Database precluded the use of automated controls to
prevent queries of expired selectors or to identify selectors associated with USPs.
(TS/fSI/OlF) In June 2009, the NSA BR FISA Compliance Review Team
completed a comprehensive systems engineering and process review of the
f6){3')4lM;;dHi.~3.G.
instrumentation and im lementation of the BR FISA authorization and reported
·"""'"''' · : : : ::t.}'.i€it.:th.~
did not have sufficient controls over
queiyiiig;: ::: · ······ . ....
was decommissioned fil1.d its
.(b)...( )····
functionality ieconsti.t.uted·in
where all analytic queries ru·e under
1
·················
thearchitectural contTolS·of
thereby affording the same compliance
36
(b)( 3)-P.L. 86 safegu~d; affoicfodto·the
(e.g., EAR restrictions).
(b)(3)-50

use 3024(i)

(TS/f SI//.NF) I
hs the new selector-tracking application that replaced
th~BRF1SA database on 25 June 2010, . Afterl
release, the EAR was
/liOconfi~r to ll~~J!•ta,,fmml
jto prevent queries of selectors in
. / / ...... ············
tlHllwere not RAS approved, including USP selectors that were not
.,,.,;;;;:;;:;:::::::,:,:.;,'::::::::<:::::::::::::::::·::::· marke ...as.having.beenreviewed byOGG,·-Finally;I
I added a control to
(b)(3J~P..L. 86-36
chru1.ge automatically the RAS approval of expired selectors to "not approved" so
that those selectors could not be queried.

I

(;.slisll!NF.). Tracking Personnel Authorized to Query BR Metadata

(TS// s1//~tF)
provides identity ru1.d authorization access control
services to authorized NSA Enterprise programs and projects. NSA

I

I

 DOCID: 4230260

REF ID:A4177257

TOP SECRET;CO:ivfINDNOFORN

ST-I0-0004L

managemegt...uses·I
I to manage access to BR meta.data. The Signals
Intellig·ence
Directorate's
(SID)
FISA Authorities Division (SV4) also maintains a
.... ··················
master list of accesses.

('fi)(i>.~F:~::. ~:;;~~::: . ::::::.::.:(ii/;s1//M.Ff.coiitro1S. were·1n-place··inl....- - -....l to ensure that only cleared
"·· . .,.,..

ersoi'ii'l:el·w:ere able to access BR meta.data. These controls compared
. ,,..,_ ·.....
lo -i~~5···v:iith
groups and prevented access to those not
(U/tP:OU8' Weaknesses in querying controls have been corrected
(TS/ /SI/ /NF) During pilot testing, we identified weaknesses that precluded the
use of automated controls to ensure compliance with two of the five
requirements that we tested: OGC review of USP selectors and revalidation of
selectors. Specifically, the BR FISA Database that NSA used to track the
approval status and justifications of BR selectors was not designed to tag and
track selectors associated with USPs and selector revalidation dates as separate
and distinct fields. i As a result, NSA increased its risk of non-compliance with
these requirements, and the scope of testing on selectors associated with USPs
was limited.

(TS//81/0TF) On 25 June 2010, NSA corrected these weaknesses by replacing
.................:the . BR..FISA.Database withl
Ia new selector-tracking application.
{6)'('3Y,:P:i:;::3&~:3&
····I
I created the required data fields, allowing NSA to implement
automated controls that prevent analysts from querying for foreign intelligence
purposes 1) USP selectors without an OGC review and 2) expired selectors
without revalidation.
('ff5//f5I//MF) We found no wealmesses in automated controls over the
remaining three of the five querying requirements that we tested: access to BR
meta.data, RAS approvals, and chaining.

(U/f.FOUeJ Querying controls were adequate to provide reasonable assurance
of compliance with the Order
(TS/f SI//nF) Querying controls were adequate to provide reasonable assurance
of compliance with the Order for the five re uirements that we tested. Monthly
tests of 2010 ueries of BR metada ta in
•:!" ..(b )(3)-P .L. 86-36
Ohe error occmred
._b_e_f_o-re-.--------r-e-le-·a.-·s-·e""';·""'rui""···_d_1_1...
on=-e-o_c_c_u_r-re_c_l_af_t_e_r_._W
___e_f_o""'u~d one error in the

.

·····················

(b)(1)

(b)(3)-P.L. 86-36

..

queries made in 2010 for one of the fiye HRf~quirements tested. We
ha a significant scope limitation in~~sting comp~i~1ce. with OGC reviews of
USP selectors before L
lretease and no lnn1tat10ns after.
(U) RAS approvals
(TS//SI/OIF) We found no eU"ors in our tests of coi1trols over RAS approvals.
All selectors queried were documented as RAS-approved at the time of the query

1

(TS.'.'St::NF) During pilot testing, we identified a third control weakness not directly related to our testing: the BR
FISA Database was not designed to track time-restricted selectors so that analysts could be made aware of the time
for which the RAS determination applied as mandated by the Order. I
lalsoresolvect·tllis·cOilfrol"" ..... Th)(3)-P.L. 86-36
weakness. We did not include time-restricted selectors in our monthly testing because the provisions of the Order
allow for the application of analytic judgment to queries on time-restricted selectors, which is subjective and makes
objective assessment of compliance difficult.

TOP 8ECRET•-COlvHNT',?v'-OFVR:N
5

 DOCID:

REF ID:A4177257

42302'60
TOP

8ECRELt~OMINLX01'"0RN

ST-I 0-0004L

in the BR FISA D_§:t.abase-orl
We therefore judged these controls
ad.equatettf
provide
reasonable
assurance
of compliance with the Order.
........................

fB){s:)~e~k:.::86.~.~~-.

(U) OGG reviews of USP selectors
···.::::::::::::::::::::::::::.]TS// 811./NI) We found no errors in our tests of controls over OGC reviews of
····lfSP::~ele.G~ors·. · After
release, all selectors queried that had been
docuiii"eiit~(fJlt ·····...
as being associated with USPs were reviewed by OGC,
as document~cfih
··· ... ·
. However, before June 2010, there was a
significant scope limitation in.ouf"testi,pg of OGC approvals. Because the BR
FISA Database did not identify selector~ ..assoGiat~d with USPs, we did not know
whether our tests included all U.S. selectors. Because
corrected this
control wealn1ess and we found no instances of non-compliance after its release,
we determined these controls adequate to provide reasonable assurance of
compliru1ce with the Order.

I

I

(U) Revalidation of selectors
.. . .
·(~)(~)-P.L. 86-36
(T~/)SI//MFJ We .~?..~p..dno·etiors in our tests o~·c;mitr~~s to revali~ate sele~to~s
after_
lvtas released. All selectors queried had h~en revalidated w1thm
the prescribed period, as documented inl
1 Before!
Irelease,
we found one error that was a brealcdow n in controls, which the Department of
Justice (DoJ) National Security Division later reported as a com Hance incident
pursuru1t to Rule lO(c) of the F..I.§.G.. ..Rnle.s....of.Procedures;·····2.

(U) Access
(T:i;//:i;l/j~~) We found no errors in our tests of controls over access to BR
metadata. Only authorized personnel, as documented ml
lru,:i.d the
Special FISA Division's (SV42) list of authorized accesses, queried the EfR··
metadata for foreign intelligence or technical analysis (e.g., data integrity) (b)(3)-P.L. 86-36
purposes. We therefore judged these controls adequate to provide reasonable
assurance of compliru1ce with the Order.

(U) Chaining
(TS//SI/OfF) We found no errors in our tests of controls over chaining.
Accorcling..fothel
audit logs, no selectors had been chained to more
thru1 three hops, except for selectors queried for data integrity purposes as
permitted by the Order. In following our test procedures, we did not test these
controls from July through November 2010 because we found no errors within
the first six months of testing. We therefore judged these controls adequate to
provide reasonable assurru1ce of compliru1ce with the Order.

I

(b)(3)-P.L. 86-36

(U//FOUG7 Periodic monitoring of querying controls is needed
(U / /FOUO) Although our evaluation ru1d tests of controls determined that
controls were adequate to provide reasonable assurance of compliru1ce with the
Order, mru1agement must continue to monitor the effectiveness of these controls
in a manner commensurate with risk and value added.
2

(U/~) Because of amendment to the FISC rules, lO(c) incidents are now referred to as 13(b) incidents.

6

 DOCID: 4230260

REF ID:A4177257
TOP SECHET"'C'OirrfLVT'HOFORN
ST-I 0-0004L

(U / /ii'OUSj Monitoring is the final standard for internal control in the federal
gove1nment. Agency internal control monitoring assesses the quality of
performance over time by putting in place procedures to monitor internal
control as part of the process of carrying out regular activities. Monitoring
includes ensuring that managers know their responsibilities for internal control
and control monitoring. In addition, separate evaluations of internal control
should be performed periodically and the deficiencies investigated. The scope
and frequency of separate evaluations should depend primarily on the
assessment of risks and the effectiveness of ongoing monitoring procedures.
Separate evaluations may tal<:e the form of self-assessments as well as reviews of
control design and direct testing of internal control.
(TS// SI// NF) At the time of our review, SV42 was monitoring the effectiveness
of controls by conducting weekly manual reviews of audit logs to ensure
compliance with three of the provisions of the Order that we tested. Given the
strength of the automated controls sin.eel
l-release;mru.1agemerif.. ·(bj{3)-P.L. 86-36
should reassess the timing and extent of these reviews. In particular, we
recommend that management base the type, duration, and frequency of
monitoring on risk and value added. For example, in lieu of weekly and
100 percent reviews of audit logs, management should consider such options as
periodic testing, sampling, event-driven reviews, or automated exception
reporting.

(U//F'OUO~ Develop a comprehensive plan to provide long-term monitoring of
the effectiveness of querying controls. The plan should be commensurate
with risk and value added and include the means to manage changes in
factors such as personnel, Information Technology systems, software
applications, and legal authorities.
(ACTION: SIGINT Director with TD and ODOC)

(U) Management Response

//(b)(3)-P.L. 86-36

CONCUR (TS//SI//tff) Currently, Oversight and Compliance (SV)

manually monitors querying compliance with a weekly 100 percent audit of
all queries. SV has found no errors in querying since the Emphatic Access
Restriction (EAR) was implemented I
I which technologically
limits the selectors used in a query. SV is in the process of developing a
long-term querying compliance strategy aligning the weekly 100 percent
auditing with SID's Auditing Modernization Strategy. SV will work with D4
to develop a "Sampling Rigor" to identify a sampling standard by the end of
August 2011. In addition, SV will continue to work with.I
I
(6){3)-P.L. 86-36
developers to fully automate auditin
rocedures such as a web-based
interface to perform t}J& . audits •
................... ,... ,... ,. ,,,,.,,:;::::··:::::::::: ..::::::::::::··::::.::::::::::

(b)(1)
(b)(3)-P.L. 86-36

'--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~---'

(U) OIG Comment

(U / /FOUO) The planned actions meet the intent of the recommendation.

7

 DOCID: 4230260

REF ID:A4177257

TOP 8ECR:t:t::COMiltf'i;j·v·o1' OR.N

ST-I 0-0004L

(U) This page intentionally left blank.

8

 DOCID:

REF ID:A4177257

42302 60
1

TOP SECRELCOMINT1;xoFOR:N

ST-I 0-0004L
(Jj)(1J. ....
(b)(3)-P:t;··86::.~6

·
\

(U) Fl NDI NG TWO: Dissemination Controls

(T8h'-SlHA'FJ .. Manual controls over the dissemination of serialized SIG/NT reports
and the compllatiQ_n of the Weekly Dissemination Report (WDR) were inherently
risky. However, risks··of..non-compliance with the two provisions of the Order that
. we tested were manageab/e·I
Although we found no instances of non-compliance, monthly
testing identified one error in which a WDR incorrectly included a report that was
not derived from BR metadata. This error was not a violation of the Order but
underscores that the largely manual process for tracking serialized SIG/NT
dissemination and compiling WDRs is inherently risky and would requ.....i.._re_ __
management attention should the amount of dissemination increase. I

I

I

I

.. / / / /

(U) Criteria Used to Assess Dissemination Controls

...
(b)(1)
(b)(3)-P.L. 86-36

(TS//SI//Mfi') To protect the privacy rights of USPs, the BR Order includes a
series of requirements to track and control information shared outside NSA.
With the exception of exculpatory material used in litigation, the BR Order
requires th.at all disseminations of USP information derived from BR metadata
made outside NSA, whether in formal reporting or in response to requests for
information or other forms of communication, be approved by one of five NSA
officials. One of the five officials must determine th.at the information identifying
the USP is in fact related to Counterterrorism (CT) information and th.at it is
necessary to understand the CT information or assess its importance. The BR
Order does not state that the authority may be delegated. Until BR 10-70 was
issued on 29 October 2010, the Order also required th.at NSA provide the FISC a
weekly report of all dissemination. BR 10-70 changed the weekly reporting
requirement to every 30 days.
(TS//SI//NE) We evaluated the adequacy of controls to ensure compliance with
two BR requirements against Standards oflntemal Control in the Federal
Govemment and tested the effectiveness of these controls monthly from January
th.rough December 2010.
1. !TS/fSI//Nfi') Weekly Dissemination Reports: NSA must accurately and
completely report disseminations of BR metadata outside NSA.
2.

(TS//gl//~fpt

Dissemination of Serialized SIGINT Reports with BR
Metadata: All information disseminated th.rough serialized SIGINT
reports must be approved by the Chief of Information Sharing Services
(S 12) or one of the four other authorized individuals.

(TSHSL'i'P4F) Process to Track and Disseminate BR Serialized SIGINT
Reports
(Tg//SI//WF) The process to track serialized SIGINT dissemination is largely
manual and maintained outside the infrastructure used to handle normal

TOP S'ECRF:T'.'COMIHT'.'}l&FORtvr
9

 DOCID: 4230260

REF ID:A4177257

TOF 8ECRET'i CO:ivfIHTidv·o,-1Diciv·
I

ST-I 0-0004L

reRorts involving the release of U.S. identities. Homelru.1.d Security Analysis
Center (S2I4) policy was that serialized reporting ru.1.d S12-approved responses
to Requests for Information were the only acceptable forms of dissemination
outside NSA. Therefore, e-mails and other informal types of dissemination were
not permitted, ru.1.d any information derived from BR metadata required S12

{b){'.1'.):·············"''''''''"'''"''''"'''''''''''''"
(b)(3)-P~L;·s6-36....
(b)(3)-50

use 3024(il

:::::::::::::::::!:~~~::~~~~~;:.tu:ar. s1%;~:~c~~:~l;e~~!~e~0 ~:~;:~~:e d;~I~; from BR
information that res onds to.The··s·····e·crarte··uirements·ofthe-

....

('FS//Sl//NF) The Chief ru.1.d Senior Editor of S2I4 track BR-related reports and
submit requests to disseminate information outside NSA to the Chief of Sl2, via
e-mail. S12 documents approvals to disseminate through one-time
dissemination authorization memos. The Chief of Sl2 signs the memos ru.1.d
retains a copy for the record.
('b)(:$.)•P.,L. 86-36
... ······
······.... ········· ........

··....
··

....

ff8f/8i//PfF) S2I4 manually tracks BR-related dissemination for inclusion in
WDRs to the FISC, and SV42 maintains a spreadsheet to track report
····· ........ qissemination authorizations.
.......

. . . ,................................................ :::::·······. ..fFS//SI//NF)I
I a management information system for SIG INT production
~~~~!·t~pJ::;··s 6 _36 _
··········c-o?-t~~s··statis~cal--in!o~ation..and.. G.µ::;t.<>..l'.1:1..~!....~~-:,~.?..~~~- ~~-~1:1t _s~:1alized re orts.
(b)(3)-50

use 3024(i)········ ... Within

dissemmation based on BR anal sis can be 1dentif1ed

(Ul/FOUO) The Manual Process to Disseminate and Track Serialized
SIGINT Reports Was Inherently Risky but Manageable Given the
Amount of Information Disseminated

f6ff1) ·

(C//RBL 1:6 USA, FVB¥) During pilot testing, we noted that the process to obtain
ru.1.d document dissemination authorizations for serialized SIGINT reports signed
by the Chief of S12 ru.1.d the process to compile WDRs were largely manual ru.1.d,
therefore, dependent on the diligence of the staff and the strength of standard
operating procedures. During monthly testing, we found one error that
underscored this weakness but found no instru.1.ces of non-compliance with the
Order. The largely mru.rnal process to disseminate and track serialized SIGINT
......... !.~P.?rt~-~~~ ~~~·efo~e in~eren~y risky but manageable given the relatively small
amount or mrorm:a:tio11 .. d1ssemmatedt

I

(b)(3)-P.L. 86-36
(T8,~'81N~JI=)

Weekly Dissemination Reports

(TS//SI/OIF) In our tests of controls over the accuracy of the 44 WDRs covering
2010 dissemination, we found that a WDR mistal(enly listed a se1ialized
dissemination that was not derived from BR metadata. Although the error did
not violate the BR Order, it underscores a weakness in the largely mru.1.ual
process to track and report BR disseminations that we noted in our Pilot Test
Report (IG-111545-10).
('FS//SI//NF) We did not test NSA compliance with weekly dissemination
re ortin re uirements in November ru.1.d December 2010 because the BR Order
......... ................... . ........ ······
changed the reporting requirement from weekly to
(b)(3)-P.L. 86-36
every 30 ays. Because the 30-day reports did not correspond with our

IO

 DOCID:

4230260

REF ID:A4177257
TOP SECRELCOivfJNJ;;xorof&of
ST-I 0-000"1L

monthly testing, we were unable to draw a conclusion about whether NSA was
in full compliance with the BR Order regarding the accurate and complete
reporting of serialized dissemination of BR FISA metadata for the period from
1 November 2010 to 17 December 2010.
(U//FOUO) We judged the manual process to compile WDRs to be inherently
risky but manageable given the small amount of information disseminated.
(U//FOUO) Dissemination of Serialized SIGINT Reports

('fS//Gi//WF) We found no errors in our tests of controls over approvals of
..................................................... ······serialized··-SIGINT-reports;···AHQreports issued in 2010 had been approved by
3
35 35
(b)( )-P.L. the Chief of Sl2 or one of the four other authorized individuals. We judged the
manual process to track serialized reports as inherently risky but manageable
given the small amount of information disseminated.

(U//FOUO) Manual Processes Will Not Be Manageable if the Amount of
Dissemination Increases
(T~//£I/0lF) We noted in our Pilot Test Report that management should
consider automating dissemination approvals and tracking if BR-related
dissemination increases. A change to the provisions of the Order signed on 29
·..fj
Octob_er 2010 (BR 10-70) might significantly increase the amount of information
('")('1:).,,,,,,,,,......
disseminated. Specifically, BR 10-70 removes the limit of 125 analysts
(b)( 3)-P~L::~~~~6... .
(b)(3)-50 usc···SO?~{i). . ...... _authorized to qu~ry B~ m~tadata ?ut maintains re~uirements for NSA to report
.............. · "··· . .to··th~. FISC all dissemmation outside NSA. Before issuance of BR 10-70, only
.......... ·E:]pers:C:i:~s-··ha.4._query access to the metadata, well below the 125 limit. The
Chiefof.. S'.214·eS._timated. that if NSA implements this change, S214's query access
might expancl. !?. tlte[""]p~rson..P.:~1.. already authorized to ~i~~. query results and
to the more thaitc::=ranalysts wrthl
lcT responsibihties. Mai1ual
processes would not be maiiageable if the amount of dissemination increases
with the number of analysts authorized to query.

~:~{!~~P;L.:·a6~3Ef

.........

(b)(3)~50_U.SC--~Q24(i)

··..

_(T~//£I/0fF)

S2l issued a Staff Processing Form (SPF)I
I··· . . (6)(3)-P.L. 86-36
annou11cing_plai1s to ex ai1d BR and Pen Re ister ai1d Tra and Trace PR TT)
access to uer ·-resU:lts

The Chief of S214 stated that the expansion relies on training and controls, such
as the EAR ai1dl
Ito ensure . co:i:µpliai1ce. The SPF states that training

I

I

....... .

(b)(3)-P.L. 86-36
fFS//Slj/~!F) NSA OGC recognized that increasing the number of ai1alysts
authorized to query BR metadata and expai1ding access to BR query results
might increase the risk that informal disseminations would not be documented
ai1d therefore, would be untracked and ultimately out of compliance with the
Court Order. Specifically, the BR Order requires formal, documentable tracking
of foreign-target BR disseminations, a practice th.at runs counter to traditional
NSA ai1alytic process and hence requires additional, non-standard training to
accomplish. This practice also constrains the full ai1alysis of bulk metadata.
NSA OGC is therefore drafting a motion to amend the BR (and PR/TT) Order. A
draft of the motion, I
lst~tes that NSA seeks relief from the

TOP SECREP'.'COMEVT:'.'NOF01rNll

(b)(3)-P.L. 86-36

 1,

DOCID: 42302'60

REF ID:A4177257

TOP SECR:t 1,; COiviiN1, 1NOr OR1v

ST- I 0-0004L
requirement to include in a 30-day report "a statement of the number of
instances since the preceding report in which NSA has shared, in any form,
information obtained or derived from the metadata with anyone outside NSA,"
only to the extent that the dissemination applies to non-USP information
obtained or derived from metadata. NSA OGC expects to file the motion soon,
but there is no definite period, and it is uncertain whether the FISC will grant
the motion.

Hi-tm~+Nt-..

Develop a plan to mitigate the risk of non-compliance with the
Order in disseminating information derived from BR metadata when
expanding access to BR querying and results.
(ACTION: SIGINT Director with ODOC and OGC)

(b)UJ

(b)(3)~P.l-. 86-36

(b)(3)~5o.

(U) Management Response

US.G 3024(i)
· ..

CONCUR (TS//SI//NF) SID acknowledges that BR Order compliance, in

..

" .

·. ........
··..

"·...

terms of tracking and controlling the dissemination of BR-derived
. .._information, is indeed essential as the Signals Intelligence Directorate
expqnds BR and Pen Re ister Tra and Trace PR TT access to uer
. resuitsw1
e mcremen y execu e 111 a me o 1ca manner to mitigate t e ns
of non-compliance. Expansion of access and use of the BR and PR/TT
authorities will be conducted apace of the requisite compliance and
oversight infrastructure to minimize the risk of incidents and violations .
.Tra.i.P.-.i.1."I:~ serves as one of the key elements for success and much progress
has beeii . iii.ade·;··1
I SID expects the launch of the
National Cryptologic School course OVSC 1205. This course incorporates
required Office of the General Counsel (OGC) indoctrinations for both BR
and PR/TT with analyst focused material. Com letion of OVSC 1205 will
·r.edentials and constitutes
be the basis for granting the
a prerequisite for the granting of the
upon
nomination by a production element manager
····.f
justification.
(b)(1)
(b)(3)-P.L. 86-36

(TS//SI//WF) In addition, SID fully understands the Office of the Inspector
General's concerns regarding tracking disseminations of BR-derived
information and continues to evaluate approval and dissemination
processes to optimize current procedure, where possible. When planning to
disseminate information derived from BR FISA, USP information must be
identified and its dissemination (with a report) must be reviewed and
approved by the Chief or DI Chief S 12 (or one of the other offi.cials as noted
in the BR Orckr.) .. j
I

···:..... ······················

.......... ,,.:::::::::::::::::::::: .......

(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

Although non-USP disseminations do not require prior approval from S 12,
known disseminations shall continue to be documented as they occur and

12

 DOCID: 4230260

REF ID:A4177257

TOi" 8ECRELCOivfliv7·1;tfOFOtW

ST-10-0004L

.... -·
....... -·

(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

reported, along with disseminations of USP info, every 30 days to the FISC.
As BR is expa11.d.ed·I
!process shall be
expande.d.. to·ensure the same degree of controls and oversight. Expansion
. . :wm··be. .gradual to ensure requisite training is conducted and control and
compliance processes are in place, and SID shall consider further
controls/process enhancements (such as further automation) as the
situation warrants. S2I shall ensure expansion remains aligned with
current scalable processes that have resulted in substantive compliance
with the Court's order to date.

* (U) Refer to Appendix E, Pages 3 through 5 for full text of SID 's
management action plan for Recommendation 2.
(U) OIG Comment

(U / /FOUO) The planned actions meet the intent of the recommendation.

TOP 8ECR£T'.C01vHNT''NOFOm<l
13

i
'l

 DOCID:

4230260

REF ID:A4177257
TOf ffECREJ;;COJ."cfIN"t;;ifQt ORH

ST-I 0-0004L

(U) This page intentionally left blank.

fOf 3EC!f:Er; COlvHNn; UOFORN

 REF JED:A4177257

DOCID: 4230260

TOP 8£CRET ·; ·c OirlfI};'T/ '1'v'01"Gi7d'i

ST-10-0004L

Ill. (U) ABBREVIATIONS AND ORGANIZATIONS

~+£'
IT'Sr'ii'Pi!F)

Business Records

BR

(U) BDA

Blanket Dissemination Authorization

(U) CT

Counterterrorism

(U) CTEE

Counterterrorism Extended Enterprise

(U) DIA

Data Integrity Analyst

(U) DoJ

Department of Justice

f'FS TT
I 'Sf I qH:;:~ EAR
fl

Emphatic Access Restriction

(U) FISA

Foreign Intelligence Surveillai1ce Act

(U) FISC

Foreign Intelligence Surveillance Court

(U) MRG

Math Research Group

(U) NSA

National Security Agency

(U) ODOC

Office of the Director of Compliance

(U) OGC

Office of General Counsel

f'FS//Sf//NF) PR/TT

Pen Register and Trap and Trace

(U) RAS

reasonable articulable suspicion

(U) S12

Information Sharing Services

(U) S2I

Counterterrorism Production Center

(U) S2I4

Homeland Security Analysis Center

(U) SID

Signals Intelligence Directorate

(U) SIGINT

Signals Intelligence

(U) SPF

Staff Processing Form

(U) SV

Oversight and Compliance

(U) SV4

FISA Authorities Division

(U) SV42

Special FISA Oversight and Processing

(U) TD

Technology Directorate

(U) USP

U.S. person

{U) WDR

Weekly Dissemination Report

TO! 3ECRET. CO.lvIINT '. 'H0{6 0i"?::,V
15

 DOCID:

42302 60
1

REF ID:A4177257
TOP SECRET; COMil'fT;NoroRif

ST-I 0-0004L

(U) This page intentionally left blank.

16

 DOCID: 4230260

Wf

REF ID:A4177257

3ECREli~COiviIN11dfOr01tN

ST-10-0004L

(U) APPENDIX A
(U) About the Audit

ro,_n SEf-:RET ·: '(~ Olvff}{T ~· ~\l(J.jVQf?:N

 ,,
I

DOCID: 4230260

TO!

REF ID:A4177257

,~ECREl ;;COivfIN1

/;Nor ORN

ST-10-0004L

(U) This page intentionally left blank.

TOf :5EC1T:ET-;coM1NT!UOFOfoV

 DOCID:

42302 60

REF ID:A4177257

1

1OP SECRE1,,(-:QivJJN11dfOr Git.ff
ST-I 0-0004L

(U) ABOUT THE AUDIT
(U) Objective
('f8//8if/NF) The overall objective of this audit was to test whether controls to
ensure National Security Agency (NSA) compliance with key terms of the Foreign
Intelligence Surveillance Court (FISC) Order Regarding Business Records (BR)
are operating as intended. To do so, we conducted a pilot test of the audit in
which our objective was to determine NSA complia11ce and assess the feasibility
and reasonableness of including in monthly testing six objectives related to
querying and dissemination. We then conducted monthly testing of NSA's
compliance with seven requirements of the BR Order.

(U) Scope and Methodology
(U) We conducted pilot testing from January to March 2010; monthly testing of
Ja11uary through December 2010 data was conducted from March 2010
through January 2011.
(T~//§1//WF) For tests related to ue ina, we com ared all selectors that were
documen.ted....i ·
.•• ,•• ,:;::·::::::::::====
s having been queried each month against access lists,
fb)(~}~~-·:_.,·._·'._'.(~,'86 ~36 ::::::::: ..reas..QU.;3...1:>.1.~.. i:tf!iculable suspicion approvals documented in the Foreign
.,,,,,,,.
....Tiifellige11ce ·slli;v.eiifaiic:e.::A~(BR'd·atabase·orl
I and Office of General
·::,.
Counsel OGC) reviews docuniente·a·mthel
lor
···::>: ..
We also counted the number of hops chained for each selector in
tiie
audit logs. We researched anomalies to make a final
determination of compliance.

(U / / PeUe-)" For tests related to dissemination, we verified that serialized SIG INT
reports issued in 2010 were supported by dissemination authorizations. We
also reviewed Weeldy Dissemination Reports and supporting documentation.
(U / / filOUe-)" We met with individuals from OGC, the Office of the Director of
Compliance (ODOC), the Signals Intelligence Directorate (SID), and the
Technology Directorate, including the SID Office of Oversight and Complia11ce,
Information Sharing Services, Homeland Security Analysis Center, SID Issues
Support Staff, Analytic Capabilities,!
landl
I
Operations.
, .
;

/
":

(b)(3)-P .L. 86-36

A-1

 DOCID:

42302·60

REF ID:A4177257
TOP 8£CRET:;COivfINT:;HQFORN

ST-10-0004L

(U) We conducted this performance audit in accordance with generally accepted
gove1nment auditing standards. Those standards require that we plan and
perform the audit to obtain sufficient, appropriate evidence to provide a
reasonable basis for our findings and conclusions according to our audit
objectives. We believe that the evidence obtained provides a reasonable basis
for our findings and conclusions according to our audit objectives.

(U/,'FOUO) Reports Issued
{'f8//8I//NF} Advisory Report on the Audit of NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding Business Records (ST-100004), 12 May 2010
(TS//~I//~lFt

Audit of NSA Controls to Comply with the Foreign Intelligence
Surveillance Court Order Regarding Business Records -January to March 2010
Test Results (ST-10-0004A}, 1 June 2010

(TS//Sl//NF) Audit of NSA Controls to Comply with the Foreign Intelligence
Surveillance Court Order Regarding Business Records -April 2010 Test Results
(ST-10-0004B), 10 June 2010
(T:?3//SI//Nii't Audit Report of NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Business Records - Control
Wealcnesses {ST-10-0004C), 29 September 2010

(TS// SI// NF) Audit of NSA Controls to Comply with the Foreign Intelligence
Surveillance Court Order Regarding Business Records - May 201 0 Test Results
(ST-10-0004D), 30 June 2010
(TS//81/0fF) Audit of NSA Controls to Comply with the Foreign Intelligence
Surveillance Court Order Regarding Business Records - June 2010 Test Results
(ST-10-0004E), 20 July 2010
!T:?3//Sl//NF} Audit of NSA Controls to Comply with the Foreign Intelligence

Surveillance Court Order Regarding Business Records - July 2010 Test Results
(ST-10-0004F), 18 August 2010
(TS//Sif/NF} Audit of NSA Controls to Comply with the Foreign Intelligence
Surveillance Court Order Regarding Business Records August 201 0 Test Results
(ST-10-00040), 28 September 2010
('FS//SI//NF) Audit of NSA Controls to Comply with the Foreign Intelligence
Surveillance Court Order Regarding Business Records - September 2010 Test
Results (ST-10-0004H), 28 October 2010
(TS//81/0IF) Audit of NSA Controls to Comply with the Foreign Intelligence
Surveillance Court Order Regarding Business Records - October 201 0 Test
Results (ST-10-0004I}, 1 December 2010
(Tg//81//NF) Audit of NSA Controls to Comply with the Foreign Intelligence

Surveillance Court Order Regarding Business Records - November 2010 Test
Results (ST-10-0004J), 20 December 2010
TO? /.SECRET·:. (?Olvfl}ifT, :, 'J{QlYQR}{
A-2

 DOCID:

4230260

REF l:D:A4177257
TOP SECRELCOMIJ'{f,;f{QTOt?:J"<f
ST-10-0004L

f'fS//SI//WF) Audit of NSA Controls to Comply with the Foreign Intelligence
Surveillance Court Order Regarding Business Records - December 201 0 Test

Results (ST-10-0004K), 12 January 2011

TOP SECRET'. COMINT 11NOHJR.V
1

A-3

 DOCID: 4230260

REF ID:A4177257

TOP 6Y3Ct7:ET ·; t:tJivfjNT ·; ·}{F],_'Ot?:f{

ST-I 0-0004L

(U) This page intentionally left blank.

TO 19 t:5ECi?;E T,. I'C01v!IlifT. ~ 'lv10F0l?}{

A-4

 DOCID:

42302 60
1

REF ID:A4177257

ran /YECt7:Ef; ·,: 't~Oivflf{T ·; 'f9'01'Oi61''

ST-J0-0004L

(U) APPENDIX B
(U) Summary of Recommendations

 DOCID:

42302 60
1

REF ID:A4177257

TOP SECI<ET··COMJ,o,TT'}iOFOl<N

ST- 10-0004L

(U) This page intentionally left blank.

 DOCID: 4230260

TO?

REF ID:A4177257

3ECRET.~ COivfINfoNOFOitN

ST-I 0-0004L

(U) SUMMARY OF RECOMMENDATIONS
(U) RECOMMENDATION 1
(U/IFOU9-) Develop a comprehensive plan to provide long-term monitoring of
the effectiveness of querying controls. The plan should be commensurate with
risk and value added and include the means to manage changes in factors
such as personnel, Information Technology systems, software applications,
and legal authorities.
{U) ACTION: SIGINT Director with TD and ODOC
(U) Status: OPEN/Concur
(U) Target Completion Date:I_ _ _ _ _ _ _

!. . . . .

.... ····· ·················

···· ..... ····· . )'.(b)(3)-P.L. 86-36

(U) RECOMMENDATION 2
(TSNSlfi'NF) Develop a plan to mitigate the risk of non-co mpli~ri-ce with the
Order in disseminating information derived from BR Metad.ata when expanding
.··
access to BR querying and results.
...

{U) ACTION: SIGINT Director with ODOC and OGC
(U) Status: OPEN/Concur
I
_. . .(U) Target Completion Date:---------1

TOI' 8EC-lr:Er: C01vHJt/T, /}{QF'ORN
B-1

 DOCID: 42302'60

TO F

REF ID:A4177257

SEt~l?:ET ·,: t~Olri-11\iT: ·tlG'l'C)l?J'l

ST-10-000.+L

(U) This page intentionally left blank.

TOP SECRET''.1COM!HJ?'.'}l0F:ORH
B-2

 DOCID: 4230260

REF ID:A4177257
TO-I' SiiCREfi;coivliiv7;;1¢()10t?:H

ST-10-0004L

(U) APPENDIX C
(U) Monthly Test Results
of Querying Controls

fOf

3EC-ft.ET'.,COM1NT, NOFOR:N

 DOCID: 4230260

REF ID:A4177257

TOP SECRET·;E(J:MINT·;·NOFORH

ST-! 0-0004L

(U) This page intentionally left blank.

TOf 8ECR£T'.·'COiHI1'{T· 'N&.tr::.of?:N

 DOCID:

42302,60

REF ID:A4177257
TOP 8£CRET·:·co1vHNT:1·v-oi'OTbV
ST-10-0004L

(U) MONTHLY TEST RES UL TS OF QUERYING CONTROLS

2. OGC Review

0

Adequate

3. Revalidation

1

Adequate

4. Access

0

Adequate

0

Adequate

Not Not Not
Not
Not
tested ested ested tested tested

5. Chaining

*

*

*

*

Total No. of
Queries

*

•"'(b)(1)
(b)(3) P.L. 86-36

'~====L--------------------------...b==::b===~
(U//~

Not tested per test plan.

['i'S/;'Si//P!F)

(b)(3)-P.L. 86-36

T01D lh5CRE T ~ 'COlvff}fT, ·; }·{()FQf(}{
C-1

 DOCID:

42302·60

REF ID:A4177257

T01° 613C'!t?:ET ·; t~Oivff}{T, ·: ·]~0110{t]'i

ST-10-0004L

(U) This page intentionally left blank.

TCJF

,~ECl?E

r. ;, ·coi"v{{}{R';'}f()jG()]t]tf
C-2

 DOCID: 4230260

REF ID:A4177257

TOP 8ECR:£J;;ccJ:ivfiiff1;J'v"OFOR:iV

ST-10-0004L

(U) APPENDIX D
(U) Monthly Test Results
of Dissemination Controls

 DOCID: 4230260

REF ID:A4177257
TOP S£CRET1COMINT">NOtOR:N

ST-I 0-000'-f.L

(U) This page intentionally left blank.

TOP 8F:CRF:T':'COA1L\T'.'NOFORN

 DOCID: 42302'60

REF ID:A4177257

TOP SECRET;CCJMHiT;ffOT'OitH

ST-10-0004L

(U) MONTHLY TEST RESULTS OF DISSEMINATION
CONTROLS

1
2. Dissemination
of serialized

0

SIGINT
Total No. of
WDRs

Total No. of
Serialized
SIGINT
Dissemination

(b) ( 1)

(b) (3)-P.L. 86-36

*~:VONGIN~ll=l Not tested because the reporting requirement changed from weekly to every 30 days.

{Tf/;'81//IWr

(b)(3)-P.L. 86-36

D-1

 DOCID:

42302 60
1

REF ID:A4177257

TOP /5£C1?.ET.·:,·cOi'viINT ·;·woFOl?:}f

ST-10-0004L

(U) This page intentionally left blank.

TOP 8ECRET'.1COMINT'.'NOFfJRN
D-2

 DOCID: 4230260

REF ID:A4177257

T01° SECmj11;coJvfiN11!NOrOR.N

ST-I 0-0004L

(U) APPENDIX E
(U) Full Text of Management Responses

TOP SECRET'.'COML\rT''N014{)R·N

 DOCID:

4230260

REF ID:A4177257

TOf

,~E:CRm 1T~OivfiN11dv'OFORN

ST-I 0-0004L

(U) This page intentionally left blank.

TOP SECRET'.-'COM:INT'.'HO-F-O·R:N

 DOCID:

REF ID:A4177257

4.2302 60
1

ror S!!:CR.Bl ,~CO.lviINl 1;N01 OR:H
1

ST- I 0-0004 L

l Ul' i!ieUH::Llh'UUMm l/J'fJUI Ul<:f4
SECURITY CLASSIFICATION

NSA STAFF PROCESSING FORM
TO

OIG
THRU

I

I

KCC CONTROL NUMBER

E!Xft.eO CONlROl..\\iUMBSR

2011-3073
ACTIOM

~s~u~"'"'""'EC~T~~~~~~~~~~~~~~~~~~~~~-i

(U) SID'S Management Response to the DR.D..FT IG
Report for ST-10-0004L.

0

EXREG SUSPENSE

APPROVAL

15 Apr 11
KCC SUSPENSE

D
D

SIGNATURE
ELEMENT SUSPENSE'.

INFORMATION

DISTRJeUTIOH

S, S02. 8023, Sl, S2, 83, ST, SV, D2, D4
SUMMARY

PURPOSE. (FS//Si/;'nF) To provide the Signals Intelligence Directorate's (SID's) response to the DRAFT
Inspector General Audit Report on NSA Controls to Comply witl1 tlie Foreign Intelligence Surveiliance Court
(FJSC) Order Regarding Business Reoords (BR) (ST-10-0004L).
BACKGR.OUND: ff5//Sf//}~f} SlD received the DRAFT audit report which summarized the results of
the lnspector General's year-long review of NSA Controls to Comply with the FISC Order Regarding BR
Although the querying and dissemination controls tested were adequate to provide reasonable assurance
of compliance with the terms of the order, two recommendations with SID Lead were documented in the
report.
DISCUSSION: (U/ /'flOUO' SID reviewed the document for.factual accuracy and concurs with the
document and recommendations as written. SID Oversight and Compliance (SV) will lead the effort for
Recommendation 1, with SID'~
. ~pearheading the effort for Recommendation 2. The
Office of General Counsel agreed to be a secondary'action officer to assist SID in its development of a
management action plan for Recommendation 2/The SlGINT Directorate's coordinated response is
attached.
·

End: a/s

jt.q)(3)-P.L. 86-36

,l "!'

COORDINATIQ~IMPROVAL

50232

lih.:_,)j

I

Sl

:iMayU

D2

82

3Mayl1

D4
ORG.

I

Ism IG Liaison
FORMA6796
REV NOV9S

l2B~rn· 1

SV

S0232

Derived From: NSA/CSSM 1-52
Dated: 20070108
OeclasslfJI On: 203(ti10~

12Mi'ly11

f29Aprll
PHONE (Socur11)

966-5590

DATE PREPARED ..

I 04 May 2011.

SECURITY CLASSIFICATION

fOP

E-1

SEC:R:~'fWCOMIH'fti~~OfORJ<l

 DOCID:

REF ID:A4177257

42302 60
1

TOP SECRET;CQiviiNJ;;NQFORN

ST- I 0-0004L

TOP SECRET//COMIMT//NOFORN
(TS7)'S°W:P'ff) DRAFT AUDIT REPORT ON NSA CONTROLS TO COMPLY WITH
THE FOREIGN INTELLIGENCE SURVEILLANCE COURT ORDER REGARDING
BUSINESS RECORDS (ST-10-0004L)

rift~§.r~~iR~,tr~T:J~N111-

<u / f FOUO) Develop a comprehensive plan to provide long-term m.onitoring of the

effectiveness of querying controls. U1e plan. should be conm1e11.Stu-ate 1vith risk and
value added and include the m.ea.i1s to manage changes i11 factol'S such as personnel,
i.11fon11atio11 teclu1ology systems, sofh\7 ai·e applications, and legal authorities.
SID Action Element: SID Lead SV
(ACTION: SIGINT Di1"ecto1· with TD a.i1cl ODoC)
Concur/Non-concur: CONCUR as written

SID Response (l\fay 2011): (T€i//eI//:!'W) Currently, SV manually monitors querying
compliance with a '""Teekly 100 percent audit of all queries. SV has fott11.d no errors in

~ing since the Emphatic Access Restriction (EAR) was implemente~

!::::::::::::::'"

L_Jwhich--tedm:ologicallytiniit~rthe··selec·to:r-s·u:s·ea·11i·a:··q:iiei;y:····5\Tfo.Tii ..i:lie·i~J.:ocess_gf.·····:.::<b;

developing a long-term qtte1-ying compliance strategy aligning the weekly lQO-perc~11J.··/
auditing with SID' s Auditing Modernization Strategy. SV will wo1J-;, ..wifu.D4
.
.__
,__
,__..,,,....-;;;;..
_. ·-:tn

_______
with..__......,,._

______________________________

I····. . ····· . · . . .

··

(b)(1)

~~~~~~ pg-u~~~~24(i)

. .______________.

Estimated Completion Date: (~i

SID POC: (U/ /FOUO}l........_ _ _ _ ___.IDepttty Chief, SV4, NSTS: 969-5383

(b)(3)-P .L. 86-36
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20320108

TOP ~ECRET//COMINT//NOFORN

E-2

·

______________

addition, SV will continue to >vork
__, de\~elopers to folly automate
auditing procedures such as a web-based interface to perform the audits. U1is longterm plan will take into consideration the expansion of BR and PRTil....... · · ·
J·

I

(3)-P .L. 86-36

 DOCID:

REF ID:A4177257

42302,60

TOP SECRET.; 'COlvflNT;;Horol&f

ST-10-0004L

TOP

SEERET//COMINT//NOFORr~

~~iljjjjj:~~tt~~
~--::=/ ,'::,','-::~-::;Develop

a plan to mitigate the risk of non-compliance with the Order u1.
d.issenilli.ating i:nforni.ation derived. from BR metad.ata when expanding access to BR
quet.ying and results.
,.. .. ".(b)(3)-P.L. 86-36

(ACTION: SIGINT Director with ODoC am:,l.cfGC)
SID Leadl
,,.... ..
Concm"fNon-conctu-: CONCUR as written

/(~)(1)
/ (b)(3)-P .L. 86-36
(b)'{~)-50 USC 3024(i)
/

-

.

SID Response (April 2011): (TS//Gi//?.W) SID ackno·wle.,dges that ~R Order
compliance, :in. terms of tracking and contrnlling the disq.~~i.ination of)3R-derived
:information, is indeed essential as the Signals Intellige~{~e Directorate ~,J<pands BR and
Pen Register/Trap and Trace (PR/TT) access to quert~·esultsl
.
]11i.is lTlission expa.ii.sion to the
~ill be irtcrementally executed in a
methodical ma1ui.er to ni.itigate the risk of non-co1npliance. Expansion of access and use
of the BR and PR/TT authorities 1vill be conducted apace of the requisite compliance
and oversight infrastrttcttt.re to tl."lit'limize the risk of il.1.cidei1.ts and violations. Traitung
serves as one of the key ele1uents for success and D.1.uch progress has been ni.ade. For
U1.stai1.ce, by ni.id September 2011, SID expects the launch of the National Ciyptologic
School (NCS) cot.use OVSC 1205. This co1u-se incorporates required Office of the
General Cottnsel (OGC) i.11.doctrinations for both BR and PR/TT vdth analyst focused
material. Tii.e current regimen rep1·esented in OVSC 1204 is strictly BR centric wli.ile

I

I

1205 addresses both programs. Completion of OVSC 1205 ,..,,ill be the basis for granting
('b)ffF: : .
· · thel
Icredentials and constitutes a prerequisite for the grantili.g of the
(b)(3)-P.L. 86~.:I
!upon nonunation by a prnd11ction element inanager based
on a valid mission justification. Beyond tra:i.nit1.g, management oversight vdll be critical.
Tii.e BR Order has no provision for the delegation of disseni.ination approval authority
beyond those individuals and positions named in the ordet". OVSC1205, specifically on
this topic (dissemination), reflects the language of the order clearly in l'vlodule 4 and as
the plam1ed expansion progresses,!
jhave the
responsibility for educating their \Norkforce and providing the appropriate' level of
oversight to ensure coni.plianse.C]has a sotu1.d business practice that 1,Ylll serve as a
model to emulate as Sip.nic;~,es fonvard with this imporfa.nt mission exp,fu.i.sion.
SID J::)has be.~1.1.coilaborating with key players!
.
.·I

I

Iand $JP/?~~ remains committed to guiding and q~ern;;,eii1.g the

/~~·.. ............···
_

(b)(3)-P.L. 86-36

TOP SECRET//COMINTiiN'oro'RN.

h

h

i(b)(1)

,-,,-,-· ...... ----I•.

l

I,_

-

•

(b)(3)-50

E-3

- -

- -

use 3024(i)

 DOCID: 4230260

REF ID:A4177257

TO? S-ECRE T C&"vffiffu ~-v-Oi'Dt?:l•{
1

ST-10-0004L

TOP SECRET//COMINT//NOFORN
ni.ission rollout and implementation of proced1.u-es governing U.S. person disseni.ination
issues.

(f'S//Si://MF) Finally, SID fully understands the IG' s concems regarding tracking
disseminations of BR-derived information and continues to evaluate approval and
dissemination processes to optimize ctn-rent procedure, where possible. When planning
to dissenuna.te infon:nation derived froni. BR PISA, USP infonnation ni.ust be identified
and its disse111.ination (with a report) must be 1·eviewed and approved by the Chief or
D/Chief 512 (or one of the other officials as noted in the BR Order). As with the
tmni.asked dissemination of any USP identities in products, this is acconi.pl.ished using

___________

··TI1e-S12J).RS.:Cei:rfiiii"s'':;;_;::~... (b )( 3) p. L. 86-36

""1-·e_s_p_o_n_s-ib-le_fo_1_·_p_r_e_p_a!_'_il_i.g_ru:_:i._d_s_u_b_u_u__t-t11-.:i.-g-t1-,:i..-~""...-....-....-....-...."".. ~0-11-·t-fohaif~f""Prnduct Line repolte1·s

..._

__.

Althotigh~~on-USP disseminations do not require prior

approval from 512, known disseni.inations shall continue to be docum.ented as U1ey
occttr and reported, along with disseminations of USP info, every 30 days to U1e FISC.
As BR is expanded
shall be
expanded to ensure the sani.e degree of controls and oversight. Expansiofti. will be
gradual to ensure requisite training is conducted and control and coui.pl}ance processes
are in place, and SID shall consider fttrther controls/ process enhanceni.~nts (such as
ftu·ther auton1atio11) as the situation warrants. 521 shall ens1ue expaii.sibn reu1'.ains
aligned with c1.u:rent scalable processes that have resulted in substan.tiye coni.pliance
v.riU1 the Court's order to date.
/.'(b)(1)
(U) Estimated Completion D<.tte:·I.._______.
0
0

(U) OVSC J20:ff~:~ly fielded.
//
(Tfo!;,'{SI//HF) Ap1;ropriate popnlationsl
i{epresenting the crnss
seCti~ns of SID and TD elements involved in BR a.nd PR/TT at NSA-\V folly
credentialed and a>v,ue of progra.il.1 backgronnd a.s '\·'\'ell as cti:.iTent enviro1unent
the FISC
Jroduction ele111ent inana em credentialedJ
based on re"c01nrnendations
.._.,.....,~....,----------------------------0 f the £onner
.
.
(TCi//•:,±//NF) SV oversight protocol for auditing, DO} spot checks, ,utd 30 d.:tv
reports reva111ped to include unique ch,,.llenges th.at cotild arise bclsed lln._I_ ___.
access a.nd use
\
!
. ·· ··
(TS//SI//Nt') ODoC in prngress reviei;v of each increme11.taJ stt;:>.p t~ ensure
co1npli,u1ce re1nain:. apace of irnple1nentation
. .·
(b)(1)
(b)(3)-P.L. 86-36
,..,~i th

. . .<::

(b)(3)-P.
()

0

(b)(3)-P.L. 86-36
(b)(3)-50 use 3024(i

I

TOP SEERET//COMINT//NOFORN

T01° /?19CRET.

·ctJlvlf}{T,.'~}{Q1VQl?:lel

E-4

 DOCID:

42302·60

REF I:D:A4177257

TO? 8ECRETi:COiviJNf;:NQfiDJ("H

ST-10-0004L

TOP §ECRET//COMINT//NOFORN
(U / /Ji'OUO) SID Points 6£ Contact:

(UI /'.f!CUO) sm..-L-..ea....d.._~....__ _ _ _ _ _,_,,_,...,....,,,..,,..,.,,___ _ _-.,.::1..I
(UI /FOUO) 51 ~----------....
1·966~3.9.J?............
.
(U/ f FOUO) 52 1··969-0224.....................:::::::;m.,,,.(U / /E*OUO) 53 l969~069~f:::::·::::::::::::::::>··· (b)( 3)-P.L. 86 -36
(U//FOUO) SV -

l969:53i3°i3°

........
... ··

(U / /FOUO} Coordinated with: ODOC -f.____....l:A~sistant Dit:ector fo1· Special
Compliance Activities, D4, 963-1705
(U//FOUO) OGC concurs with Recomm.endation 2 and '\·dll work with both SID and
ODOC to prepare a managem.ent action plan.

TOP SECRET//COMINT//NOFORN
TOP 8ECRET'.f'OM1Nn;NOFO!i.N
E-5

 DOCID:

REF ID:A4177257

4.230260

TOP 8£CRET;'COMH'ff,·;·NOFOF6.Y

ST- I 0-0004L

b.s~-011

USA CIV

From:

Sent:
To:
Cc:

Subject:
Attachments:
Follow Up Flag:
Flag Status:

Classification: TOF'

Sl:!C~E'ftteciMrr41 ffl40P'ORN

.-------.1/ / . . -·

ODOC (D4) concurs with Recommendations 1 and 2 (see attached form).
NNNNNNNN~NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

Rceommcndation 1 :

Action:
Concur/Non-concur:
Mgmt response:

,___ _ _las.p4 POC
Concur - with ciaNfication that SID has the lead
The D4 POC will work ~itffSID.(who has the lead for the action) in the
development of an Action Plan .......... .

Completion date:

For SID (as action lead) to define ........:::· "·-·:::::::;!ii•·(b)(a)-P.L.

Rceommcndatfon 2:

Action:
Concur /Non-concur:
Mgmt response:
Completion date:

1

... ····

-............ ...........
1

.... ··

. ......·.:: ·.·."'

"--c-on-c-ur____.with clarifrcati~1_1..thafs~.D ha~.tl1~ lead
The D4 POC wfll llJ.Prkwith SJIY(whc;dfos the lead for the action) in the
developme.ntof·a·~ Actio.n·Pl~n ,... ....
For .§J:D(as action le.ad)"to def(ne;

Thankr~:·····//.//····

... ·······

(U//FOUO)

I

I

/

Office of the. Director of Cornplia11ce; D4
OPS 2B, Rtn. 2B8054, Suite. 6242
963-2199 ~

86 36

I

fOf-1 3f:CRt£T: COlvflNT'.?JOF::OR-H
E-6

 DOCID: 4230260

REF ID:A4177257

~~ECREl

f0l1

,/COivfiH11/HOr ORJV

ST-10-0004 L
~.$A-D11 USA CIV
From:
Sent:
To:
Cc:

Subject:
Follow up
Flagged

Follow Up Flag:
Flag Status:

·· .. ·.. \

..
Classification: COPdFIDEfffli!llL

ii

.·· ..... ··

·:>\,{~;(.3)-P.L. 86-36

.... ····

(U//~I
l····ap;·l·ogize for the clelay, I was out yesterday.
Tl, TD DoC
and TE6 have reviewed the report and all concur and do not recommend any
changes.
Specifically to REC 1, they all concur as well.
REC No - REC 1
Action

SIGINT DIR with TD and ODOC

Concur with the recommendation
Mgmt Response - TD has no comments to present on the audit.
Completion Date - To be determined by all parties as the actions within
REC 1 begin to take place.
POC

-

-I
-I
-I

Tl
TD DoC
TE6

Thank you,

I

1.

,.......

......·

I..

····::::
.... ··

;.

(b)(3)-P.L. 86-36

:::::::'ii!!i""b)('>) PL 86 36
.IN·sA"o1··1 .. usA··c1v·······..·······.......................... · ..................
··············::::;;;:::::··
\
. . ...
~

~.-

From:
Sent:

To:
Cc:

Subject:
Follow Up Flag:
Flag Status:

Follow·G~
__ flagged

Classification:TOP SEGRET/fGOMIPHh'NOFORN

Hic:J /
Please use this email as confirmation that OGC wants to be added to Recommendation 2. OGC concurs with
Rer.0111111Pnd;itinn 7 ;rnd will work with both SI[) ;ind Of)Of to prPpnrP ;i m;inagPmPnt ;ictinn pliln.
Pleas!' ll't me know if you nPP.d ;inything furthPr.
Thanks.

E-7

 DOCID:

4230260

REF ID:A4177257

!Of! S!!:CREl 1d-:OJvfIN1 .1~NOr ORN

ST-10-0004L

(U) This page intentionally left blank.

TOF 8F:Cfi:F:f ;colvIIlvT; NOFOft:N

E-8

 D-OCID: 4230260 I REF 

DOCID:

42302 62
1

REF ID:A4177267
TOP SECRE'f77'8Ii7'NOFORN

NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE

INSPECTOR GENERAL REPORT

(TS/ISIUNF) Report on the Audit of NSA Controls to
Comply with the Foreign Intelligence Surveillance
Court Order Regarding Business Records
Retention
ST-11-0011
20 October 2011

@\pp roved for Release by NSA 011 08-06-2015. FOIA Case #80120 {litigation J

 DOCID:

423026.2

REF ID:A4177267
TOP SEC1tE'f'!l'8I!lNOf101tN

(U) OFFICE OF THE INSPECTOR GENERAL
(U) Chaitered by the NSA Director and by statute, the Office of the Inspector General conducts
audits, investigations, inspections, and special studies. Its mission is to ensure the integrity,
efficiency, and effective1iess ofNSA operations, provide intelligence oversight, protect against
fraud, waste, and mismanagement of resources by the Agency and its affiliates , and ensure that
NSA activities compl y with the law. The OIG also serves as an ombudsman, assisting
NSA/CSS employees, civilian and military.
(U) AUDITS

(U) The audit function provide s independent assessment s of programs and organizations.
Pe1formance audits evaluate the effectiveness and efficiency of entities and programs and their
internal controls. Financial audits detennine the accuracy of the Agency's financial statements.
All audits are conducted in accordance with standards established by the Comptroller General
of the United States.
(U) INVESTIGATIONS
(U) The OIG administers a system for receiving complaints (including anonymous tips) about
fraud, waste, and mismanagement. Investigations may be undeitaken in response to those
complaints, at the request of management, as the result of irregularities that surface during
inspections and audits, or at the initiative of the Inspector General.
(U) INTELLIGENCE OVERSIGHT
(U) Intelligence oversight is designed to insure that Agency intelligence functions comply with
federal law, executive orders, and DoD and NSA policies. The IO mission is grounded in
Executive Order 12333, which establishes broad principles under which IC compon ents must
accomplish their missions.
(U) FIELD INSPECTIONS
(U) Inspections are organizational reviews that assess the effectiveness and efficiency of
Agency components. The Field Inspections Division also pa1tners with Inspectors General of
the Service Cryptologic Elements and other IC entities to jointly inspect consolidated
c1yptologic facilities.

 DOCID: 4230262
OFFICE OF T}JE INSPECTOR GENERAL
NATIONAL SECURITYAGENCY
QE;N1'RAL SECURITY SERVIC.E

20 October 2011
IG-11345-12

TO: DISTRIBUTION
SUBJECT:. (TS// Si//NFJ Report on the Audit of NSA Controls t() Comply with
the Foreign Intelligenc.e Suryeilhl!lce Court Order Regl:lidingB11siness Records
Retention (ST-11-0011) -.. ACTION MEMORANDUM
1.
(U) This report summarizes the results of our audit of NSA
Controls to Comply with the Foreign Intelligence Surveillance Court Order
Regarding Business ·Records Retention and incorporates management's
rnsporise .1:o. tJ:ie draft report.

(U//FOUO) A.s .requireci by NSA/CSS Policy 1,.60, NSA/GSS Office
of the Inspector General, actions on OIG audit recommendations are subject to
monitoring and follow,..up until completion. Therefqre; we asik that you prqvkle
a, written statµ§ report conc;erning each planned t:orrective actibn categ():rized
as "OPEN." If you propose that a recommendation be considered closed,
please provide sufficient information to show that actions have been takeQ to
correct the deficiency . .If a planned action will not be corr:tp~eted by the original
target completion date, please state the reason for the delay and provide a
revised target completion date. Status reports should be sent Joi...._____,
I
lt\ssistantlnspector General for Follow-up, at 0)?~_.2B·~ Suite 6247,
within 15 .cal~ndar dGl.ys after each target completion cJ,ate·.
2.

·· ..

.... ·······

3.
(U //FQUO) We appreciate the coyrte~y and cooperation extended
to the auditors throughout the review. For.additional information, please
con tac~
lo.~ 963-092~(s) or via ~~~c=.i.i.l.atf....._ _ _ _ _ ___.
·::,,,'"·

...... ~,:::::::: :::.::: .......................... ············
(b)(3)-P.L. 86-36

ArCEleuiJ
George Ellard
Inspector General

1'0P SECltETt/Slf/N·O-FOR:N

 REF ID:A4177267

DOCID: 4230262

'fO:P SECRE fJ7'8117'N'OFORbl
ST-11-0011

(U) DISTRIBUTION:
DIRNSA
SID (T. Shea)
TD (L. Anderson)
cc: EXDIR (F. Fleisch)
COS (D. Bonanni)
DOC J. DeLong)
D4 ______.._..__ _ _ _ _ _ _ ___,
OG~C

ST
svi------__.

___

,
SV4 .....,...
SV42
83132.....3~----...;;;....-_..;;;._.;;.;._......;o.....,;;_.__..

S353 _ _ ___,,
TE,........
TE6
Tl,.....__ _ _

(~)(3)-P.L.

~

Tl2
T121o.-r------__.,
Tl222
T131.....___ _ _ _ _ __,,........_.___,
Tl31 L-___r--...._------~':"'-------~
D4 IG
SID IG POC
TD IG POC ...----------";__i
DL SIDIGLIAI
DL TD _REGISTRY
DOJ NSD _,_ _ _,,,___ _ _, .
(b)(6)

IG
D/I_G_ ___

Dlj
Dll
D12
D13
D14

I

86-36

 R.EF ID:A4177267

DOCID: 4230262

TOP 8ECR£1WSlt7'NOFttRN
ST-11-0011

(U) TABLE OF CONTENTS

(U) EXECUTIVE SUMMARY .....................................................................................................iii

I.

(U) BACKGROUND ............................................................................................................. 1

II. (U) FINDING AND RECOMMENDATIONS .......................................................................... 9
(T8//81f/NF) FINDING: BR Retention Practices Must Be Documented ................................ 9
IV. (U) SUMMARY OF RECOMMENDATIONS ........................................................................ 17
V. (U) ACRONYMS AND ORGANIZATIONS .......................................................................... 19

(U) APPENDIX A: About the Audit
(U) APPENDIX 8: Testing Methodologies and Results
•
•

(U) Selector Pair Testing
(U) Metrics Analysis

(U) APPENDIX C: Full Text of Management Response

 DOCID: 4230262

REF ID:A4177267
TOP SECR£'f17'Sfl/NOT'OltN'

ST-11-0011

(U) This page intentionally left blank.

FOP 8ECR£'f1S'8f;S'PfOFOR:1V
ii

 REF ID:A4177267

DOCID: 4230262

FOP SfJCR£T1S'8hS'N{)Ff»l:l'l
ST-11-0011

(U) EXECUTIVE SUMMARY

(U) Overview
('fS//SI//NF) This report summarizes the results of our audit of National
Security Agency (NSA) controls to comply with the Foreign Intelligence
Surveillance Court Order Regarding Business Records (BR) Retention. From
April through June 2011, we performed testing and procedural reviews to
assess the Agency's compliance. On the basis of the information reviewed,
we found no instances of non-compliance with the terms of the Order for BR
retention for calendar year (CY) 2011. However, we noted three areas for
future improvement: (1) develop a plan and written procedures to document
the Agency's BR retention process, (2) develop a process to research
quarantined records, and (3) accurately document parser configurations.

(U) Highlights
(TS// SI// NF) The Agency should document the key initiatives and
procedures that will be used to comply with the Order for BR retention in
the future.
(TS//81//~dF)

•

No formal BR retention plan or procedures
(TS// SI// '[}IF) The Agency does not have a coordinated plan that
documents the major initiatives for the BR retention process.
Furthermore, the organizations responsible for maintaining BR
systems, databases, and backups do not have written procedures to
document their processes.

•

(U//FOUO) No process to research quarantined records
(TS// SI// Pff) The Agency does not have a formal process to research
quarantined records for reasonableness before their introduction into
the Agency's BR repositories.

•

(U/iLPOUet Inaccurate parser documentation
('FS//SI//Pff) Documentation was not accurately maintained for the
current parser configurations used to filter BR metadata.

(U) Management Action
(U //FOUO) Technology Directorate and Signals Intelligence Directorate
personnel agreed with the Inspector General recommendations . The
planned actions meet the intent of the recommendations.

FOl.... 8fJCRET1S'Sf15'NOFORH
iii

 DOCID:

423026.2

REF ID: A41772·67
TOfJ !fECttETt!Sl/JJVOFtHtN

ST-11-0011

(U) This page intentionally left blank.

T01" SECRETtS'SESW-0-...n.ORN
iv

 DOCID:

REF ID:A4177267

42302·62

TOP :S'ECttET17!'51t/NOFOltN
ST-11-0011

l.(U)BACKGROUND

'(b)(1}
(b}(J)•P.. L. 86-36
(b}(3}-50"U~C 3024(i}
····.....

(TSNSIJ.!N~)·Th~

Business Records (BR) Order

(TS/fSI//Pf.F)""·Pµrsuant to a series of Orders issued by the Foreign
Intelligence Surv·eiijance Court (FISC) beginning in May 2006, the National
Security Agency (NSA))J.as been receiving certain call detail records or
telephony metadata froinl
!telecommunication providers. NSA refers to
the Business Records (BR) Orders collectively as the -BR Orderll or -BR
FISA.11

............. . ::::::::::::::::::::::........:................
:

(b}(1}
(b)(3}-P.L. 86-36
(b}(3}-50 use 3024(i}

(TS//81//Pff) The BR Order provides NSA access to bulk call detail records
that include records of telephone calls between the United States and
abroad or wholl within the Uni.t~.d ...States·;
This collection of
information is not wholly available to NSA through its other foreign
intelligence information collection. It is valuable to NSA analysts tasked
with identifying potential threats to the U.S. homeland and interests abroad
because it enhances analysts' ability to identify, prioritize, and track
terrorist operatives and their support networks in the United States and
abroad, using call chaining analysis techniques.
(TSh'Sh'"fMf) Provisions of the BR Order for Retention

(T£//£I/OIF) The Order requires that BR metadata be destroyed no later
than five years (60 months) after its initial collection.I The Office of General
Counsel (OGC) reviewed the Order and concluded that BR retention
compliance should be determined using the date when records are received
from providers, and not the call communication date.

1

•

(TS/fSl//PIF) Record receipt date is the actual date when
telecommunication carriers electronically provide BR metadata to
NSA. Although record receipt dates have no analytical value, the
Agency uses this information to determine BR retention compliance.
Record receipt dates are separate and distinct from call
communication dates.

•

(T8//81//PIF) Call communication date is the date when a
telephone call is made from one person (Selector A) to another person

(TS.'/SI.'/HF) BR Order 11-57. dated 13 April 2011. defines telephone metadata as comprehensive communications
routing information (e.g., originating and tenninating telephone number), trunk identifier, telephone calling card
numbers, and the time and duration of calls. Telephony meta data does not include the substantive content of a
communication or the name, address, or financial information of a subscriber or customer.

'f'019 8ECRE TM~J.i~'!'.T.fJFQ./J.A(
1

 DOCID:

REF ID: A41772 67

42302 62

1

1

'fOP SECR£f1$'81WNOPOR:N
ST-11-0011

(Selector B).2 This date is important for intelligence analysis because
it establishes a call association for a particular time between two
selectors.
(U) Timing differences with call communication dates and record receipt dates

.............;.;..~/. ::.....,..~;.~~··I

('6)(:1f : :......... .

I

(b )( 3)~P~L.~ .86~36"·
(b)(3)-18 USC.f'.98
(b)(3)-50 USC 3024(iP-------------.,..._IB-ec_a_u_s_e-of""'th_e_s_e_d..,..,i..,..ff-e-re_n_c_e_s_,-th-e_A_g_e_n_c_y___.

'-----..,,--___,._,.....,,..-_,,......,.""=-'
must track receipt dates for BR metadata to document compliance with the
Order.
,_~I
\ .L

/nT

I /1\TTC\

I

'-"'I / ...... .

............. ························

('6fr1):::. " ....... .

(b)(3)-P.L. 86~36· ··· .......

(b)(3)-so use 3024(i)

(TSHSWNF) NSA Repositories that Store BR Metadata
.. . .. .. ..fT§/./~iH//M¥). BR metadatal

I

... .. ..... ........

I

(b}(3)~P.~·~ ..SS~as· .. . . ··.. . ...
~~
I
USC
_ _ _ _ _. . . . . ._
.. - . . . , , , . , . . - - - - - - - - - - - - - - - - - - - '
(b)(3)~50

3024(i~

• (T5l//~I//Jl,Fyj

h·~·t:he"Ag«::ncy.'s. .c0..r.pp.rate contact chainini?:
databast-i"'that accepts metadata from multiple ·s-c;·urces·I

"
·
....···········

....... ····
.. ···

,

... ·····

---:·

...............--··

\

.... --····

('b):(;;.P..k'. 86-36
·····........

.

'"'

· · · · · · · · ~· · .fff!t:ti1!b:ttlfil____Jl§sJth £e. . Jc~ourJ2.QoIJra~t~e. . JCWla jt~aJ;ib~a.§.seur~eQ .os§jiJ2toQ.Jr[Y_j;lth1Ja~t;_ _,
2

(S.','SL'REL TO USA. FVEY) A selector is an identifier used in dialed number recognition (e.g., tele hone
····ri1iiribeiToYlirt:ligital network inteHigenee
In this
(b)(3)~P.L. 86'~36report the terms Selector A and Selector

(b)(1f: ::

rc'RE~ ;~~£,:\~ ¥ViY~----------------------------.
--1
I
3

T01., SECREf1$'8b$'NOfi'O-R:JiF
2

 REF ID:A4177267

DOCID: 4230262
TOP

SECRET/·/SE~'NOF&Rl·l

ST-11-0011

.....-········

...·· ·······

..·········

• ff.§././.SI/./N-F)1

lis the contingency database for

(b){jj::::::::::::::::·::::::................

(b )(a)::P.. L"ss. 3s. ....
(b )( 3)~sQ.: us.<:; 30 24{i)..........
······.....

"·.. . "·

. .....

'----..,,,..---------------------------'
(T'S ;~·I"~"'i'¥i'F)·I
Iis the system backup that stores an
·. ·l (( Tl
•

I

I

· .•

('fe5//SI//NF) Backup tapes are

. . . . . . . . .. _ _ _ I _

_

m~~~~~i~~~d at,...I- - - - - - - - . . . ,

_

_

_

__ _ _ . _

(TS// SI// WF) Figure 1 illustrates the BR dataflows within the Agency and
the various BR repositories.

(TS//Sl//MF} Figure 1. Business Records Dataflow
(b)(1)
(b)(\3)· P.L. 86-36
(b)(1a) 50 USC 3024(i)

('b)t1').. .. . .

('fSi.St:tWJ!

(b)(3)-P.L. 86~36 ..... ,
(b)(3)-50 USC 3024(i).

TOP

8ECRETi~<\r/:;~\7V.()PQ.J>_}\T

3

 DOCID:

REF ID:A4177267

42302 62
1

rep 8£CR£1W8J;sqv-oFORl'tl
ST-11-0011

(Ctt~l!!t

TO USA, fi'V'l!'t') How information is stored

(TS//81//WF)

I

I

.. .....

·····················fbff3)-P.L. 86-36

lare···th;;;···~-~~-databases used to store

BR metadata for intelligence analy§is..... 1

I

..-·::.:..

··::::::::::::::: ....

(ilfr1):::«::::: ·······················
(b)(3):PJ.,~ 86-36
(b)(3)-50 USC..3024(i)
·· ..
·· ...

···................ .

··· .....

{Ch'RE1:1' Figure 2.

._I_ _ _ _ _ _ _

__.IArchite·etu-re··5.........

(6}"(3)-P.L. 86-36

I v11....,111

(b)(1
(b)(3 -P.L. 86-36
(b)(~ -50 USC 3024(i)
'

'

i

'

\

(TB//GIHNF)

(T~/./.~l/../UF) ·

('6fr1) :

:.

.····

(b)(3)-P.L. 86:36··
(b)(3)-50 USC 3024(i)

TOP SECR:F:1?~\\'J,~qv.oY0£7!1f
4

 DOCID:

REF ID:A4177267

42302,62

TOP 8ECR£1W8ft7'1¥0FfHtN
ST-11-0011

······
·······
········

{bl(1)················

(b)(3)-P.L. 86:.:36·· · ...
(b)(3)::SQ_USC 3024(i)····
·..

,_:··;-;;;~·1·r"'r.' ·I

\.I. V/ I VJ./ I

J.

I

....

'·

"···...

(TSHSIHNF) NSA's BR Age-Off Process
('il)l3')~P:c·s 0 :.:3s······

('FS//SI//NF) To remain compliant with the terms of the Order (which states
.............thatBR.m.e.tl'!9:gt.9.:...T.g.1:J.St be destroyed no later than five ears after its initial
Ma 2011.
collection , the A enc ....c.oiii. "leted"···1g·fifst""BR"·a e~off

{b){1J"•················· ············
(b)(3)-P .L. 86-36

{il)(.1Y:'"'.'.'" ' ""'"'""'' ':··:::·········
(b)(3)~P,L 86-36
(b)(3)-50USC
3024(i)
··.,

~ (U//trOUe+-A relational database stores data in tables using a standardized data format. This allows similar

information to be organized and queried on the basis of specific data fields.
5

f'.f8/,'Sl/.'l'ff.j

. ./1 . . . . ·
...,:.··

::::.. -·····

(b)(1)
(b)(3)-P.L. 86-36

'f0"/1 StsCltET17'8I15'!tlOFORfil

5

 DOCID: 4230262

REF ID:A4177267

ST-11-0011

('t)Jf1)'·. ······· ··········

(b)(3)-P .L. 86-3() .. ······· · ..
(b)(3)-50 USC 3024(i)

(T£f/8I//NF) Table 1 shows the procedural timeline used to complete the
CY2011 BR age-off effort.

TOP S£CRET1SShVi'\rOFOR:N
6

 REF ID:A41772'67

DOCID: 4230262
TOP

S1!CltET17~W/J'l'VTOF&RN

ST-11-0011

(TG//811/MF) Table 1. Procedures Used to Complete the BR

Age-0~

: :::'::: ::::;;:::::;;:::::::.i

;7,b)(3)-P. L. 86-36

1

~~=,.;:,

lhard drivesjhafp~~viously
secure destruction.
..........···
...... ·

....... · ......... :::: ::fo:iil

··········

•11 tlj:

::::'.~ '. '. '.'.'.'.'.'.'.'.'.:::::::: ;;:;: :::::: ;:'.:::::::' ••', ••

(o){.1}"·!..:· : . ... . . .

(b)(3):.pi;86~36 ":"

•.......:::............·.·__ .. ::::

sfg~~fBR transactions/,ere subn{itted

fdr

~~~~~~~~~a!,:~:;.~~~~~~:~~r~~~i~~~metadata._I__,.,___ _ _--;..___...,..\!
r· -. . . . . . . . .

"lfif~~I-"

. Iwere deleted.

... ....._ _
1

_,l~~s taken

The

liryl.-..-.---;

remaining fitesl /.-"
out of service during the

r~b.uild.

s'ib·aq_alysts were redirected froml.___ __.ltothel
fbackup
database I
I
,___ _ _ __,

{b)(3')-P..L.... ~6-36
···············

.. ····

.·"

.. ··

........................

f6)'('1)
(b){3)-P.L. 86-36
(b)(3)~5Q USC 3024 i)

SID an~IY.~~~ 'l_l'E:lr~ rnolr.ected .. baek tcl..____ __.
... ,,,,,,:(............. ... ..... ... .

(b) 3);f>;L· 86-36

The continuous flow of BR metadatal

................ -·· ..... ___

lwas restored so that it again

~ielated the AJ~;bc~;~ ~::do~~t1~!~~da~~~:t~t~c~~~n~~s ~~tad~~~~~~~~i~ed during

"- - - . . ________ "-,1.._______ _ _ _ _ _ _ _ _ _ _ ____.....
BR transactions manually

sa~~dto._I_ __,l..._.....----....------.;.;;·-&.,·I

Iwill be deleted and reloj~ed with the post-rebuil9 transaction.!$._!--...------'I
v•:::

TOP SEC.7?.:ETP8Ji~q'l{)FORN
7

••...-···

(b)(1)
(b)(3)-P .L. 86-36

(T~//Blh'Mpt

 DOCID: 4230262

REF JCD:A41772'67
TO{' SECRET!HY!JS'NOPO-RN

ST-11-0011

( U) Organization

fProje·ct·rearrc········· ···

(TSMREL TO US/\, FVP()I

7

······ :::::·: (b)(3)-P.L. 86-36

.........:~__:============--...:._~~~~~__,...;;;.;:;:__,

........{TS//.SI// nF) ·I

mi:r~:t~~~~~4;,;

....

1...._________________. . -_. . . _·_· · ·______
·· .... (DUFOJ;J.O~ Structured Repositories

···.... ·..

l

I/ . .

(T§//~If/i>rwH.--------====~-----------.

·. ·..

····1.____ _ _ _ _ _ ____.
(U) Audit Universe
(U) General control environment assessment

...···

_

.... -~::::: ........

.. 11!ig(~~:::::::::·:.:.:..........

(b)(1)

.-···
-······

. .·

(TS//Sl/fNF) The audit scope focused on the manual and automated
controls used to maintain compliance with the terms of the Order for BR
retention for the Agency's BR repositories, system backups, and backup
ta es. The BR re ositories reviewed included the o erational com onent of
... ··

1-----------.,..------------~-".""'-.'~---~-

we also observed the process for deleting BR files
and the physical storage and destruction procedures
- - - - - - - - - - - - - - - - - . W e excluded from review BR
......-·········,__...,__ __,.._ _ _ _ _ _....-_ _ _ _ _ _.,..
m ormatlon 1ssemma e m 1gn s ntelligence reports.
1----------,.---!

(b)(3)-P.L. 86-36
(b)(3)-50 use 3024(i) (U) Reviews to assess Agency compliance with the terms of the Order

(TS//SI//PfF) We performed five levels ofreview and observation to
determine the Agency's compliance with the terms of the Order for BR
retention. We also determined whether the Agency has a plan and
organizational procedures to document the systems, resources, and
organizations involved with the BR retention efforts.
•
•
•
•
•

(U)
(U)
(U)
(U)
(U)

Review
Review
Review
Review
Review

1:
2:
3:
4:
5:

Tape, disk, and system backup data destruction
Quarantined records
System parser controls
Selector pair testing
Metrics analysis

(U / /fi'OUO) A summary of the audit test results for the five levels are in
Table 2 in the Finding and Recommendations Section. A detailed summary
of the audit methodology and results for the selector pair testing and metrics
analysis are in Appendix B.

TO{' 8ECRETiS'!:ll>S'NOF0Ri"I
8

 DOCID:

REF ID:A4177267

4.230262

TOP SECRETt't'S}17'NOFORl•l
ST-11-00li

II. (U) FINDING AND RECOMMENDATIONS

(TSHSIHNF) BR Retention Practices Must Be Documented
(TSh'SlffHF) We found no instances of non-compliance with the terms of the Order
for BR retention for CY2011. However, the Agency does not have a formal plan or
written organizational procedures to document the systems, resources, and
practices used to maintain compliance with the Order. Furthermore,
jwas not
documentation of t~-j
accurately maintaifle . As a result, the Agency has an mcreased nsk of non·
compliancejnthe future .
... ·····

(UJ.. Cfiteria Used to Assess the Agency's Compliance with the Order
...··

(T~//~I//J)IF)

··"

.... ·
(b)(1)

(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

The BR Order requires that BR metadata be destroyed no later
than five years after its initial collection. To maintain compliance, TD and
SID decided to delete annually from A enc databases and ta e storage BR
metadata whose record receipt date is
·Fot···· ·· ······(b)(1)
CY201 l, the Agency deleted BR metadata received
(b)(3)-P.L. 86-36
('f8//8I//MF) We performed five levels of review to assess the adequacy of
controls and to determine whether the Agency was in compliance with \the
terms of the BR Order. In addition,, we determined whether the Agency\ has
a formal plan and organizational procedures to document the key proce~ses
and the roles and responsibilities for the 01ganjzatjon~ involved in t!t.~. . I.?,J~
rebuild. A majority of the audit focused 01~
j.anct·the.fap:e;:;~ti_lf'. ~b)(3)-P.L. 86-36
system backups because they stored BR metadata from the.dat¢>ofili.e \
original Order (May 2006).
..:::",. ···
.- .·

syst~mba~~~;iJ~~;uct,fon:practices ~or

1. (T8//8I//WF) Tape, disk, and
BR metadata received befO(E}.I
evaluated the secure
\
stora e and destruction ··rocedures·for the
backup tapes,
used to store BR
\
"'"m-e~t~a""'c-a~~?-...-.... ,,..e-.-s-0-0.....-s-e-rv-e"""'"""'J"'l'-e-p_r_o_c_e-ss__,..o-r-T'eleting the
Qsfstem backup.Jiles and reviewed for compliance the data stored
111 thel
lcOOP backup system.

l:We

I

"1"'1.

2•
.... .:::::::::::::::::······

·--I

1 L ....,1

rl~T
~·r r

·~

•
LU

,

Quarant'me d

I

d s-·I

r~.c..or

............................................... .

(b)(1)

(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

to develop a system quarantine process to document the records that

TOl.0 S:ECR£1W8lt7'NOFORN
9

I

 REF ID:A4177267

DOCID: 4230262

T(}P 8ECRETiS'8};S'NOFORN
ST-11-0011

.....1
.......

=================:l'""w=-e-r_e_v.,..ie_w_e_d.,,....,.th.--e_q_u_a_r_a.I_1'""ti.,...,n_e_p_r_o-ce_s_s...,...to_ _ _ ___.
determine whether an adequate audit trail was maintained to
document the Agency's compliance with the Order.

..:: ::: .. :1

.. ··· ::::..... ··
..··::::::> ····
·····=·

(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

(TS//SI//H:P) System parser controls System parsers are used to
filter BR metadata of unwanted data before records are saved to
Agency databases. To determine whether the parsers were working
as intended, we performed testing in a simulated environment to

~~~~;I that parsers Ill J~~~~i~~~~ee~e~:~o~~~P~~~;~!ealr~i4::i~7~,~~~(3)-P.L 86-36
information before processing records. We also review~d·wlieTh(f~
documentation of the parser configurations used to filter· B"R
: ~
metadata was accurately maintained.
·
...- ·

/

........

3.~~i::!!.1;:ti.j!!1...:S~e~l~ec~t~o~r~a~ff~t~e~st~Jn~..g~·[··_··~~~~~~~~~..L.-B.J
!

c~

dates befor..~
..... System testing.\:tfas performed to d(i'term~\ne
........ ··
\11.hethet·fhese records were correctly.1frocessed with one of/the ii
........... ··········following outcomes after the BR ;ebuild was complete:
·
ii
... ···

Deleted;...-P~~-;~rmed

...··::::::::.... ········

{b).(1J.. .

(U / /-F!OUE7)
for records that ha'.d call /
communication
__
c;la:tes
and
receipt
dates before
(b )( 3)~P~L··s6~.~6
1
(b)(3)-5CfU$C 3·024(il..
·· ... • (C//REL TQ. tfSA, FVB5l) Modified: Performed f...0-1/.,..ir-e-co_r_d_s_that
I
·· .. · ... ·······.... ·... -. ... h_ad s~-~pes.sive call dates that occurred on or a~t'erl
1
1
•

··...

.

i''·

/

4. (Cf/REL 'PO USA, :PVEY)

obtained

I ·

Metrics analysis Summary metrics were
/ (but before the
to verify that

.~~~=~-::::-::=~=~=-=-::~-=~=%"1:"':=-:'~~'-~ck

(b)(1)
(b)(3)-P .L. 86-36

(U) Audit Summary Results

(b)(3)-50

use 3024(i)

(U / /FOUO) Although we found no instances of non-compliance with the
terms of the Order, we noted three areas for future improvement:
1. (U) Develop a plan and written procedures to document the rebuild.
2. (U) Establish a process to research quarantined records.
3. (U) Accurately document parser configurations .

(U / /FOUO) These deficiencies are discussed in detail in the next section.
Table 2 shows the summary results for the five areas reviewed .

TOP SECR:ETiS1!AW:Po{0FOR.1¥
JO

 DOCID:

REF ID:A4177267

4230262

fftP 8ECRf T1S'Sf15'NOFfHtN
ST-11-0011
(U) Table 2. Audit Summary Results
ff8//:51i~MF)

Compliant:

Tape, disk,
and system
backup
destruction
practices

We found no instances of non-compliance with the Order for BR retention.
•
.·"

•

T~eObackup tapes were submitted for secure destruction . The backup

...ta

es were secure! stored in a locked cabinet inside a restricted access room

-----....-.!-~I.es·

······:: We"f\fdeletea ; ...: ::::::: ::::::::::::::::::=:=::'"" "'"''"'"'"""'""""(b )(3)-P .L.

• _Th 1====1.;.fi;.:;a;.,;rd;;.,···.::dr~lve·s·we:r.~·:~·r.~~~-9.. cin.ct submittediof""sec"i.fre destruction.
;; Th
backU was deleted of all BR metadata and
··repopulated
···········
..._
__,

_____________

.... ·····················

.... ................ :

Compliant (with an exception noted):
We found no instances of non-compliance with the Order for BR retention.
However, T1222's process for reviewing and researching quarantined records
must be documented .
·~·····"Ad"equ.ate··aoci:i"mei"iitatron·was"fi'iaintaifiei"a forth·e··a
···········-re~ords

·····...

··· ..

\"··.::. ··::.. ·<:·..

•

·.·.....

\

.. ·····.

S~sfe~.::p~rser.. Compliant (with an exception noted):
···con.!rols·· .. ··· ·········....\Ne.foy_nd no instances of non-compliance with the Order for BR retention.
·.....
·.8'bwey_e('the..f.\gency must ensure that configuration documentation accurately
··.......
rerl'ects)he.c.urreI1t-0perating parser configurations in use.

" ·.·.
.. "<::::,-...

· ....

·.. ·...

·...

··....

-~

We peffor~:~d0t~~fs·ina ..l>.imulated environment that confirmed arsers
····correctly proc·essed.tr-·r13........s~a:-ct..,io..,n...
··s...__ _ _ _ _ _ __,,_.,...,.-,......,__.
quarantined records
and deleted
suspected .predit card information::frorn... _records.
···...

Se;ledt~r.. pair
testiti g. :_-·......

. CoJ11 pliant:

·····...

········......

·

\JV~ ·found no instances of ~on"Qompliance with th~ brd~r foi'"BR..r,etention.

• ·sa~·~le. testing verified that
integrity of the data (r~ceiv.ed b~fore-.tbe
· ..
" :"-...
rebllild be an could be relied on t"o·conduct our selector testln . In total·
·. · "......... records
..
..,,,.....,..,,__..,.._ __,,;.,-,.....,,..._,,__.,,.__.,.,..,....,......,..,.iwer.e;_ randomly selected to verify
~hq,t it met our criteri~ fo.r testing. (Note: We could n~t ferform a statistical ··· ~·· .
.
Verifo;:ation because of.the size of the sample universe_
.
·•. Th~I
I records were found to be correctly dele..
te-d-or_m_o_di-fie-d-(w-i-th....
.latter thel
lrebuildwas com 151ete:

the·

1

I

Metrics
analysis

.

Compliant:

·.. ·.

m

u

...... /····· · ..

·We found no instances of non-compliance With the OrdE!rforBR ~etention.
~\ The metrjcs analysis verified that no recc.rgs / ···
Jafter th ei:=:=:::Eebuild....w-a_s_c_o_m_p"'"le""'t-e-.""T""'hi_s_v-a""lid"'"a""ti-on""
was performed before thec==Jquarantined files were re-introduced.

I

(U) See Appendix B for a detailed explanation of the testing methodology and results for the
selector pair test and metrics analysis. Only the areas with exceptions noted are presented in this
section.

TOP SECRfT1$'Sf1VNOFOitf!l
11

u

 DOCID:

REF I:D: A41772·67

42302'62

TO{' SECR£f1S'SbS'!iOPORH
ST-11-0011

(TS/i'SIHNF) BR Retention Practices Must Be Better Documented
(U) The Agency does not have a process to research quarantined records

(U //FOUO) We found no instances of non-compliance associated with the
newly developed quarantine process. However, the Agency must establish a
formal process to research quarantined records before their introduction
into Agency repositories.
·--I, __ I

/°!\.TT""\\

\ ~ ~I I - -1 I •

'

I

I

/."I

i..... /··································

...·...

..

... ... ..··

t~n1r--

. . . . . . . . ..

(b)(3J~P.L. 86-36

(b)(3)i1:~. use 798
(b)(~)-5(flJ.~C 3024(i)
·.. ·....

.

······················
"-'

-~··

. . ·:-r:--~··I

I

"· ..

"·. ·.

..
•,

1· ... ·.

·--

....

I

(T5 TT
I '5I II II I>TJ1)1
I

TOP SECH:Ef;S'8ESWO-YORH
12

 DOCID:

REF ID: A41.772'67

42302 62
1

TffP S£CltE'tWSlt7'!1lOFO-RN
ST-11-0011

{TSh'SINNF) Establish a process to research quarantined records before they
are removed from quarantine and included in the Agency's BR repositories.
(ACTION: I

........ 1
~···

(U) Management Respon..§i;t................... · ············

·········· (b)(3)-P.L. 86-36

.........

CONCUR (T5l//~H//NFtt
lwill"write a process to research and
analyze any quarantined records in order to determine if any records
should be included in the Agency's BR repositories.
(U) OIG Comment
(U / /FOUO) The planned actions meet the intent of the recommendation.
(U) Documentation did not accurately reflect parser configurations

('f'S//SI//NF) Although we found no instances of non-compliance for the
system controls used to filter BR metadata, the Agency must ensure .that
documentation accurately reflects the current parser configurations .
('f'S//SI//MF) The Agency receives raw BRm.e.tadafa... froml
l""''". (b)( 3)-P.L. 86 -36
......~.~.~~,S9:¥:l:Jf:),µ~~~§t.ti.Qn::::p:rovid:et~...................
I Pa,i;s;fs' are used to
.,..........................................................................filter the BR metadata of unwanted information before jti~.-saved to Agency
(b)(1)
databases.
l·D'ata Integrity
~~~~!)):~~u:~~~ (i) Analysts (DjAs) s~ated that they have been actj.vely working to docum.ent the
.... ·.
parser configurations!
I· However, the DIAs confirmed
that the suooortinl! documentation has not been consistentlv uoclated to

24

f

··· ...

(U) Action taken
.........................................{U/fFOUO)l------------.IDIAs fin1shed their update of the
(b)( 3)-P.L. 86 -36
parsers' configurations. This documentation was subsequently provided to
the Office of the Inspector General.
. .

-

..·.-·;.

llll'Ri;dOMIVl~NDAt.10N: 2 Y
.·;. ~ •. -·~--- 1 ·•• ;

-: ''.-·;. •

, .. '.' 1...

·".:···:.·.•

....

'··· -· -·

(U//.pQUO) Update parser documentation to reflect accurate! y the current
configurations in use. This documentation should be updated as new
configuration changes are made to the parsers.
(ACTION:

l

_land DIAs)
(b)(3)-P.L. 86-36

TOP SECllf!:nS'SN'NOF'f111l'I'
13

 REF ID:A4177267

DOCID: 4230262

TOP Sl!CltEf1)Sl17'NOf?OftN
ST-11-0011

(U) Management Response

CONCUR (U /tFOUO ll
l·completed·its·upt:l;~t~::o:r:tne::parser::: . ,.,,,,,,,,,, .......f*)(3)-P.L. 86-36
configurations!
l·anct·wm··continue to update the
documentation as configuration changes are made to the parsers .
will also review the documentation on a quarterly basis to verify it is up-todate.
._I_ __ _ .

(U) OIG Comment
(U / fFOUO) Status: CLOSED. The actions addressed the recommendation.

('f~//~l//l~F')

The Agency does not have a formal plan and organizational
procedures to document its BR retention practices

{Tg/ / g1/ OTF) The Agency does not have a formal plan to document the BR
retention requirements, the methodology used to maintain compliance for
the enterprise, the systems and databases and other storage media that
store BR data, the organizations responsible for carrying out the plan, and
the milestones for completing future rebuilds. Furthermore, the
organizations responsible for maintaining BR systems, databases, and
b~_c,:J<ups·I
.
do not have written procedures to document
. their roles and responsibilities and processes to maintain BR retention
compliance. As a result, the A!!encv has an increased risk for noncompliance in the future. I
.I

I

········

··········

(b)(3)-P.L. 86-36

·······················

..

'-----------------------------------------------------------T",~.~,-~.,,...... L.86-36

1-+1~H'ft~...+Prepare

a plan that documents the Agency's major initiatives for
complying with the terms of the Order. This plan should be flexible and
updated to reflect changes in the terms of the Order and in the systems and
databases that store BR metadata, and the plan should identify organizational
resources and milestones for completing future aging-off of BR metadata.
Ensure that BR retention rules defined in the Order are documented in the
Compliance Standard for Retention.
(ACTION: Chief, TD Office of Compliance with Deputy Director, T1)
(U) Management Response

CONCUR (TS//SI//NF) In June 2011, atthe request of the Compliance
Steering Group, the TD Office of Compliance (TV) and SID Office of
Oversight and Compliance (SV) jointly authored an approach to developing
compliance standards, deriving applicable technical requirements, and
publishing the requirements for compliance certification. Consistent with
the documented approach, the draft retention standard, including BR data,
has been submitted to TV, which is documenting and vetting the technical
requirements for retention (age-ofD. These requirements are expected to be
published in October for developers' reference. At such time, Tl and other

TO? ,'fECR:E'f1SSh5'NOFORN
14

 DOCID: 4230262

REF I:D:A4177267
TOP Sl!CltETIJ'SfllN()fi'()ltN
ST-11-0011

developer organizations will be provided requirements specific to retention
issues.
(U) OIG Comment
(U //FOUO) The planned actions meet the intent of the recommendation.

1-R~~/.IMi:+

Prepare written procedures that document the roles and
responsibilities of the organizations involved in the BR retention effort.
These procedures should also document the process for researching
quarantined records and the requirements for maintaining accurate
documentation for parser configurations as outlined in Recommendations 1
and 2.
(ACTION: Chief, TD Office of Compliance and Deputy Director, T1)
(U) Management Response
CONCUR ffS//SI/fNF) TD Compliance will outline the roles and

responsibilities for organizations involved in the BR process. ,...T.....1.........
w_..il....l _ ___,,
describe the procedures for researching quarantine records.
Jwill._document their procedures to include roles,.{
responsibilities and procedures fOr··han..~ling the BR data. We have
./
requested the document be com pl red bV'{he·e11c.L of October.
..I
will write procedures documenting
roles . ~.ri:c.t.::resp.Q_p._sibilities wi.:th
.................... ···.....
·.·
regards to BR retentioll.
...... :::::::::::::: ..... f~

I

I

.I

I

(b)(3)-P.L. 86-36

(U) OIG Comment
(U / /ti'OUO) The planned actions meet the intent of the recommendation.

'ftff SECR£ T1S'8h7'NOPOR:i¥
15

 DOCID: 4230262

REF ID:A4177267
TO? SECltE'f17'S1177vrOFOftN

ST-11-0011

(U) This page intentionally left blank.

TOP 8£CREvSSbSWOFOfl:N
16

 REF ID:A4177267

DOCID: 4230262

1 OP SECirnT!lSllilVOFOM'
ST-11-0011

IV. (U) SUMMARY OF RECOMMENDATIONS

{U) RECOMMENDATION 1
(TSh'Slh'NF) Establish a process to research quarantined records before they are removed
from quarantine and included in the Agency's BR repositories.

I

,. . . . . . . . . . . . . . . . . . . . . . . . . . ... ............

{U) ACTION:
(U) Status: OPEN/Concur
(U) Target Completion Date: ....

I _________,J......... .

... ................................... .
··················· ········ ...................

·: """'"'{b)(3)-P.L. 86-36

{U) RECOMMENDATION 2
{U/lFOUO) Update parser documentation to reflect accurately the current configurations
in use. This documentation should be updated as new configuration changes are made
to the parsers.

I

·:::::::::·:::::::::::::::·::::::::::::::::::::::::::::: :::::""'"'"{b )( 3 )-P. L. 86-36

{U) ACTION:
land . DIAs·······
(U) Status: CLOSED/""C....
o,.nc=u..._r_ __
(U) Completion Date:
J.... ...

I

················

{U) RECOMMENDATION 3
(TSh'Slh'NF) Prepare a plan that documents the Agency's major initiatives for complying
with the terms of the Order. This plan should be flexible and updated to reflect changes
in the terms of the Order and in the systems and databases that store BR metadata, and
the plan should identify organizational resources and milestones for completing future
aging-off of BR metadata. Ensure that BR retention rules defined in the Order are
documented in the Compliance Standard for Retention.

--------.....-'t

{ACTION: Chief, TD Office of Compliance"-'

~~~ *~~~=~ g:!~1~~~o~~u~ate: ....I ______...I············ . · · · · · · · · · · · · · · · · ·

.

...

{U) RECOMMENDATION 4
(TSHSIHNF) Prepare written procedures that document the roles and responsibilities of
the organizations involved in the BR retention effort. These procedures should also

TOP SECl?.ETiS 18I-M.'IOf"ORN
17

(b)(3)-P.L. 86-36

 DOCID: 4230262

REF ID:A4177267
TOP SEC11ETl1Sfl!'!WJJi'ORJcl

ST-11-0011
document the process for researching quarantined records and the requirements for
maintaining accurate documentation for parser configurations as outlined in
Recommendations 1 and 2.

I

· · ............

(ACTION: Chief, TD Office of Compliance
~
..........
(U) Status: OPEN/Concur
-------(U) Target Completion Date:I,__ _ _ _ _ ____.I ....................................................................... .

T01" s:ECR£'f1~'8f1}'iVOf?OltN
18

.... ::::::::::··

(b)(3)-P.L. 86-36

 DOCID:

42302 62
1

REF ID:A4177267
ST-11-0011

V. (U) ACRONYMS AND ORGANIZATIONS

{U)
(U)
{U)
(U)
{U)
{U)
{U)
{U)
(U)
{U)
(U)

~ll

BR
CY
DIA
FISA
FISC
COOP
OGC
MRG
NAS
NSA
SID

Business Records
Calendar Year
Data Integrity Analyst
Foreign Intelligence Surveillance Act
Foreign Intelligence Surveillance Court
Continuity of Operation·s
Office of General Counsel
Math Research Group
Network Attached Storage
National Security Agency
Signals Intelligence Directorate

~-

... (b) (3)-P.L. 86-36

{U)~T~D,..-~~-=T-ec~h-n-o~lo_g_y_D""""""ir-e-ct~o-ra~t-e~___,

{U)
{U)
{U)
{U)

Tl
Tl222
Tl313
TV

Mission Capabilities
Knowledge Services
Structured Repositories
Technology Directorate Office of Compliance

TO:P 8ECR£vS'8ES'ffOPOR:i'¥

19

 DOCID: 42302·62

REF ID:A4177267
TOP SEC1tE'f77'Sl17'NOFORN

ST-11-0011

(U) This page intentionally left blank.

TOP

.~ECRET<4W/4VOFORlV

20

 DOCID:

4230262

REF ID:A4177267
TO"P /st!C1tEfJ'7'SI1YNOfi'ORJV
ST-11-0011

(U) APPENDIX A
(U) About the Audit

 DOCID:

42302'62

REF ID: A41772·67
TO? SECltE'f!Wil1S'NOFORN

ST-11-0011

(U) This page intentionally left blank.

'fftP ,'5fC:ltE'f'n8ItlN'OFOtt:N

 REF ID:A4177267

DOCID: 4230262

fOP 8ECltETt/S117Jv(J"fl(JJt]V
ST-11-0011

(U) ABOUT THE AUDIT

(U) Objectives
(TSf/SI//N'fi') The overall audit objective was to determine whether Agency
controls are adequate to provide reasonable assurance of NSA compliance
with the terms of the Foreign Intelligence Surveillance Court (FISC) Order
regarding Business Records (BR) retention.

(U) Scope and Methodology
(U//FOUO) From April through June 2011, we performed testing and
procedural walkthroughs to assess the adequacy of controls and to
determine the Agency's compliance with the terms of the Order. Five levels
of review were performed.
1. ('f'Sf/SI//N.F) Tape, disk, and system backup destruction practices for
BR metadata receive.q)J..~fore I
We evaluated the secure
stora e and ...destrtiction rocedur~.s... fo1: ..the
backu ta es

I

····················

.....,.,.,,,,,,,,,,:::::::::::::::::::::::::::::::::.........................u-s-e""'d_t.,...o-st.,...o-r-e""'B""R=-m-e"'"ta-d..-a.,.t"'"a-....,,.,,w....e-a"'"ls-o_.,.ob,...s_e_r_v_e...,.d-th~e-p_ro_c_e_s_s_f,....o_r_d..-e...,.1-eti~.-n-g__.

··~t;):;;~;~:~:::::F,·::::r.-:~·::::a·6·-36·"·+·······....................... 1.N.etwork.....At.!~<::?.~.~-·-~~orage (N AS) system backup files and
·-=:::::::::·· ... ··· ..... ·...... t~Y.iewed

for compliance the dahCstoted··inthe·I
of Operati!;g~s backup system.

<. ··..
·····...:::::::.·.·..

IContinuity

······················

····...

2·~ ··· ff~lf.!)I// NF) Quarantinea··-recorq:; We reviewed the quarantine

pro·c·e·S~···to . g.etermine whether an a(:fe·quate...l'l.Udit .trail documented the
records ..
had...call comm uni cation dates b.efote·I
Ibut were
received on otafterl

thaf

Sy~~~",;i"par~er

I

3. (TSf/SI/OlF)
controls To determine whether the
parsers were working as inten4ed, we performed testing in a
fb) <1 >.
simulated environment to verify th~~ P.arsers (1) quarantined records
(b) ·< 3 > .::·i?·;·L> BQ~ 36
with call communication dates before
land (2) deleted
(b) (3.) -50 USC j()'24·(i)
·
·
s:µ.spected credit card information before processing of records. We
alsoteviewed whether documentation of the current parser
configuratioiis was accurately maintained .

I

4. ;::,, ::, , :·::';

Selector;~i;t~silngl.-----------------.

TOP 8ECR£1W8fM.VO:PORN
A-1

 REF ID:A4177267

DOCID: 4230262
'fffP

tiECREf17'S/J7'NOFOR1'l

ST-11-0011

.......... ··········

············

5. (C//REL 'fO USA, FVEY) Metrics analysis Summary metrics were
o~.!ajned·l
!{but before the
·cfuarantined records were introduced) as another check to verify that
no records had first call dates before I
Im•• ----- ,m•• n m•'' ,,.,m''(6)(3)-P.L. 86-36

·········

·············

(b) ( 1)

(b)
(b)

( 3 )-P.L. 86 _ 36
( 3 ) _ 50 use 3024

(TS//Si//NF) We also determined whether the Agency has a formal plan and
(iprganizational procedures to document the key processes and the roles and
responsibilities for the various organizations involved in the BR rebuild.

(U / / FOUO) We corresponded with management and personnel from the
Technology Directorate, the Signals Intelligence Directorate, the Office of the
Director of Compliance, and the Office of General Counsel.
(U //FOUO) We conducted this audit in accordance with generally accepted
government auditing standards. Those standards require that we plan and
perform the audit to obtain sufficient, appropriate evidence to provide a
reasonable basis for our findings and conclusions according to our audit
objectives. We believe that the evidence obtained provides a reasonable
basis for our findings and conclusions according to our audit objectives.

(U) Use of Computer-Processed Data
6 36
3
(b) < >-P.L ...13 - . ... (Qf/REL TO USA. iVEY) To perform this audit, we used data that originated

I.

""'"' ":::··

(b) ..(-1}.....
(b) <3t--P.:;"r;·~·· '86 .... 3.f~.

(b) (3)

._

from" the
s stem. We used this information to
---- -- .............................. seleetor-p-air.. testing-

erform our

-------------------------------

-so""usc ··....3024'(1
......

·· ...

(U) Prior Coverage
('fS//SI//N'fi') The NSA Office of the Inspector General (OIG) has not
performed a previous audit or review of the Agency controls to assess
compliance with the terms of the Order for BR retention. The NSA OIG
completed on 21 December 2007 the Audit of Retention of Domestic
Communications Collected Under the Foreign Intelligence Surveillance Act
(ST-06-0007); however, that audit focused on inadvertent collection of
Foreign Intelligence Surveillance Act domestic communications and whether
the Agency was in compliance with the U.S. Signals Intelligence Directive
(USSID) SPOO 18 special minimization procedures. In addition, the Audit on
the Assessment of Management Controls for Implementing the FISC Order
(ST-06-0018), completed on 5 September 2006, focused on the adequacy of
management controls for processing and disseminating U.S. person
information. Most recently, the BR Capstone Audit (ST-10-0004), 25 May
2011, evaluated the BR querying and dissemination controls.

TOP 8ECR£1W8hS'NOPORN
A-2

 DOCID:

42302'62

REF ID: A41772·67
ST-11-0011

(U) Management Control Program
(TS//SI//PfF) As part of the audit, we assessed the organization's control
environment pertaining to the audit objective, as set forth in NSA/CSS
Policy 7-3, Intemal Control Program, 14 April 2006. The 2010 Vulnerability
and Process Assessment completed byl
.... ·······I
1-~id not report concerns ap_p.lic.able. to BR
retention.
..···· .
·

I

"

·········

(b) (3) -P. L.

'fOP ,'fECREf/,'8bV·JVOFffR:i'¥

A-3

86-36

 DOCID:

4230262

:REF ID:A4177267
TOP 8ECR£nS'8l:A'-NOYOR1¥

ST-11-0011

(U) This page intentionally left blank.

T01Q 8ECREnS'SbS'NOFORN
A-4

 DOCID: 42302 62
1

REF ID:A4177267
TOP 8ECR£T1$'Sh$'NOT0f01rl
ST-11-0011

(U) APPENDIX 8
(U) Testing Methodologies and Results

TOP SEClfF:f;S'SEV-NtJf"ORN

 DOCID: 4230262

REF ID:A4177267
'lQP ~'ECRETiS1!ilAWOFf>RH

ST-11-0011

(U) This page intentionally left blank.

 DOCID:

REF ID: A41772,67

42302'62
f'(JfJ

.'5ECltET!7i'51t/!llOFORJ<l
ST-11-0011

(U) Testing Methodology and Results

(U) Selector Testing Methodology and Results
(U) Selector pair methodology
.{bf( l·"'·P···L .. · · 86·=.~?...... (TS.//.~.I././~.~).

f

T~e urpose of selector pair t~sting _was to determine whether
the contact cha.nTs _
Iwere compliant with the terms of the Order
for BR retention. The Order requires that BR metadata be destroyed no
later than five years (60 months) after its initial collection. To maintain
compliance, the Technology Directorate and Signals Intelligence Directorate
decided to delete annually from Agenc databases and ta e storage BR
metadata whose record receipt. cf..ate
For CY
2011, the Agency deletedBRmetadata received before
··(6}(3)-P.L. 86-36

3

.(Y.J..The·fO"if~:;j"~~ ::·thodology was used to complete the selector pair testing:
~fai:~:~~;~:i~

T(Oh'RELIOUSA,...l'\le(j . Step1-ld•ntify-the"f!Ontact ehainsl

·············· ....

. ····....

(U I fFQV.O·ll

•

. . . . . . . . . . . . . . . . . . . . . .::::::::><::...1..-.. .-. . -.. -.-,-,-------------------'

--~-------L . ~=~~J_/_FO~_-_O_)j~~~~~~~~~~~~~~~~'l

fiJ)t3j;;p~L;··86-36 ......... .. ........... ·

I

FVFt)

_

······· ...

(C//REL
'PO criteria.
USA,
these
above

,___ _ _ _ _ _ _ _ _ _ _ _ _ ___.

(U) Step 2 - Verify that the data received in the Before and Span listings
contained only selector pairs that met the criteria in Step 1.

-~~~~~~~;~

(b)(3)-P .L. 86-36

__ .. __

:-~--~~--------------------------'

... .-;':.::::::::::::.:::::: ........................ .

refi==~~i--===~-r-1-'/_R_S_L_T_O_U_S_A_,_F_V_&_l)-,~~~~~~~~~~~~~l

TOP SECRET/,'f,Y1S'l'IOFfYR:N
B-1

 REF ID:A4177267

DOCID: 4230262

'ffYP SECftEfJ~S11~'NOFO-RN

ST-11-0011

1..__ _ _____.I···

···················································

/(1;>)(1)
/ /(~)(3)-P.L. 86-36

(U) Step 3 - Establish a test methodology and criteria for the 1~eleh6~. pair
testing.
.

(U) Before listing:
t'C'Lt'REL

•

·1

'PO USA , FHE"ll
V I

I
··········································

t'il)H). ········ ·

(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

• (C//REL TO U£A, FVEYl!

{p)(1)

(U) Span listing:

(b)(.?J-f>_.L. 86-36
·. . · 1

\\I

• (C//REL 'fO USA, FVEYJI

"('b)t1)::·:::::·················

...................

,.~

( b )( 3 )~p.[:;~"86-36 .....
(b)(3)-50 1Jsc. .~024(i) ·· ...... ·· ..

•

,.

... .. ,.

'V

......
'AJI

.. .. · · - •
v v .........

..L ' - '

-·
.L;

.I
.J.J.L

I
• (C //REL TO

(bi{jj
(b)(3)~P.L,~=·
86-36 • •· • • • • :

u Q~'\, ...FVEY) I

I

I.- - . . . . . - - - - - - - - - - - - - - - - - - - - - - 'I

,___ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _...,.__

_______

(U//FSUG~ Step 4 - Verify that ..___..,_..,.........,....._
work as intended for the selector pair testing.
• (U I /fOUO)

I

I

'ftJ"f' SECRET1$'8hS'NOFOR:I•l

B-2

___. would

_.....L. 86-36

 DOCID:

REF ID:A4177267

42302·62

T01n SECR£T17'Sh7'NOFOfOV
ST-11-0011

t~ij__ ... ·~·.·--1~·-·~~~~~~~~~~~~~~~~~~~~~~
(b)(3)-P.L. 86-36

(U) Selector pair test results

(U / / FOU 0) We found no instances of non-compliance during the selector
pair testing. Our testing found no error cases during the selector pair test.
,IT'\,.,

--

.,...,.T""\·\·I

... .....,,

l.J.L

.1. .......

I

··········
······

..(b)(1")
:::·::·: .......... .
(b)(3)•P.L. 86-36
(b)(3)-50 USC 3024(i)

0

Quarantined r~cor.~s added back (after rebuild)

....:::::::::::::::::::::::::::.::::::··.

(6)(1)•••·········· .

(b)(3)-P .L. 86~36

(+~M/SIN~JF)

fff.F 8ECR£n7'SfJSC!VOFOAA~
B-3

 REF ID:A4177267

DOCID: 4230262

fffP 8ECR£T!7Sf!J'fv'tJFOJVV
ST-11-0011

(U) Metrics Analysis Methodology and Results
(U) Metrics analysis

(U / /FOUO) We found no instances of non-conipliance during our metric
analysis. However, we were unable to perform both parts of the metrics
analysis as originally planned in the Audit Guide.

(TS// SI// ~ff) The intended purpose of the metrics analysis was twofold:
(1) confirm that all records before I
lwere·Te:tnoVecr'froiii . lhe ............... T6)(3)-P.L. 86-36
........................ 1
I database, and (2) verify that the total number of records could be
{b)fa:)-P:L. 86~36" ····aeeounted..forhefore·ai1cl·afterthel
Irebuild was complete. .
Although we were able to verify the first part, in that the selector Fair testing .
confirmed tha.:!Jhel
!records with first call dates before_
(bj(3)-P.L. 86-36
coulcL.be·atEounted for (i.e., deleted or modified, or excluded by parsers on
.·· ...... tJiitbasis of current configurations), we were unable to verify the second part
....... --············
of the metrics analysis because the net number of records decreased by
..........approxima!~.1Y1
~e Table Bl). However,
l.pfficials
(b)(1)
that
there
would
be
some
differences
before
the
rebuild\~ffort
antic..ipattfd
(b)(3)-P.L. 86-36
....began, and their explanations seem reasonable.
"·

I

.... ----··

--····

...:::::::::............
(b)(1)
(b)(3)-P .L. 86-36

............................

.....(b)(3)-P.L. 86-36

.....(.TS/../.£1/. /.HF..} ..Specifically.,l....................... lconGlud{id:::.fu~t:.fuedecrease ...-0fl
I
records happened because the rebuild had been performed using the most
current parser configurations, which had been refined over time to capture
more precisely records with a Counterterr orism value. As a result, the
current parsers allowed fewer records in aggregate to be downloaded into
I
lthanJ:h.~ . total sum of the records previously allowed during the
parsers' five-year sp'iiii':
(b )(3)-P .L. 86-36

(U / /FOUO) Examples of modifications made to the parser configurations
designed to prevent certain types of records from being processed include
instances in which:
-

•

•

(TS/fSI//NF)
were
exciuded because they had little or no Counterterrorism value,

(;~;/si//nP)..------------------was excluded,
and

fffP 8ECR£ T1~'Sf15'!1/0f?&RH
B-4

 DOCID:

42302 62
1

REF ID:A41772'67
TOP 8£CRETl-/Sb$'}il0T'OftN
ST-11-0011

(U) APPENDIX C

(U) Full Text of Management Response

 DOCID: 4230262

REF ID:A4177267
fOt' Sf:!CltEf17Sl!J'NOFOitN

ST-11-0011

(U) This page intentionally left blank.

 REF ID:A4177267

DOCID: 4230262

Tfff /fECR£'BS<ffhS~a,•OFO:RlV
ST-11-0011

l!NCl.ASSIFIED!i'flfJR tJ:FF1'CfAt l:lSE 8NLY
SECURITY CL/>,SSJFICATIO.N

NSA STAJ•'F PR()Cf<:SSING l'ORM

·cc C0:\"1'1101, Nl.'~IBER

EXIU:G CO:-\'i'ROLNl'~IUf,lt

TO

QIG

10690-11

==,,,.----,----.......,.-------------,1-~'\l'l'ROVAL
SUU.JECT

(U//FOUO)SIGlNT Dirc.ctorate Response to the 010 Draft
R~portoq che~Audit (fNSA Ci:mt.rol t(l C~mplvwit11 the FISC
Qraer Regardmg }3usmess Recprcl Retent1on (ST• l l-0011)

·cc SllSPENSE

SlGNA'lllllt

X

INFORMATION

Dl.S'l'l{lllll'l.'10.N

S1D,S02,S3
SU!\l~J.\ln'

PURPOSE: (U/~ To pl'ovidethe SIGINT Directorate's (SID) response to the Office of the
Inspector deneral (OIG) Draft Report on the Audit of NSA Control to Comply with .the F(weignfntellige11ce
Surveillance Court (FISC) Order Regarding Business Record {BR) Retention (ST-I l~OOJ l ). ·
BACKQROUNQ: (U/ITEffi91 From April through June 201 I I.he NSAOIGperfonned testing and
pro~edt1ral reviews to assess ~he Agency's gompliance with ]3It ret.enti()n. On the basis of th(! infcirmation

revic;wed, the CHG found no instances ofnon~compliance for tl1r;:.CY20Jl terms. How~ver, threea.reas were
noted t()rtl1t11rejmprove!lle11t: (I) develop a plan and written. proc:e!lures t() 4ocmme:nrQ1e Agency's BR
retention pmcess~ (2}dev~lop a pr9cess to research quarantined records, and (3) acct1rately document parser
configi1ratforis .. As aresulta sjngle i·e(:onimcndation(RccQmmendatio112) was assigned.to tl).el
I
Jand,.itslf.1~':'.s, "(U/lFOUOJ Updateparser docu111entation .t.o:fejlect qccural~~)'
tlie cw~re;ii co1!figuriltioi1sin r~se. .Goi11gj(f1;iiafii; thfrdocum(!,1.1fdtfonslioi1ld be #pifaN!das new
cotifJgµmf/On cbangi;:s are made to the parsers. "
...... ' · ·· ··
·

I

.,.....::::::::/('b)(3)-P.L. 86-36

CV/tfQPO) Recommendation 2 was subsequently tasked Lo ~JP:ihf\~ftten a?knowledgr:ment on the validit); ·
oflh~:i!:isµe

an<f Jdentifi~~tion

((J/~

DJS(:USSION:
contiguration.
made to the parsers..

ofpl~n.ned

SlD

c9rrective ~9t~g.ns~:::: .. ···

.

cgpcur.fo~i{~~~~1~1:endation 2. I

~i#l-wllf continue

l'~ompleted its update of the parser

to update the documentation as cohfigt1ratio11 changes are

wi!Talso review the documentation on a quarterly basis. to verify it is up~to-date.

(U) SID requests OIG closure ofRecommenclation 2.
cwm·r.

Pl·IOl\:E

t;/nfit

SID

fORMM.7%

Sl'.CllRE

NAMEA:'l:ll ll..\'l'f

120 Sep 11

S3

~a. ~i~q,
'.JRG.

ORIGINATOR

I

OFFl("f.

l'llONE

966-6831

r/iz/11

S02
S0232

SECURE

:"iAMf. ..\>;[) DATF.

lsm10 Liaison

'''""11,··~~.:\i('S:1'M·1-s2

Dtri,•·d
Dared: 201170108
l>trl11»if1 On: 203611607

S023
..

966-2464
SECURITY CLASSIFICATION

...... ···
.

~·HONE (Sei·ure)

r,\TF. PRUARED
21 September 2011

UNCLASS/FlfJDl!FtJ'.R tJFfi'fiAL USE BPl'L l'

::~··

(b)(3)-P .L. 86-36

f()P 8ECltEf1}S11}'falOf?OR:N

C-1

 DOCID:

REF ID: A41772 67

4.2302 62

1

1

'fftP SECltE'fWSI!lfllOFO-R:J-<l
ST-11-0011

l't'J~ 5EeRETl/COMINT/{NOFOF!PJ

TD Response to S-'l'-11-0011
Factual Accuracy:

Tl comments

1. The term "Call receipt date" could be misleading.
Suggest
using the term "Record Receipt Date". NSA does not receive
"calls" from the providers, we receive metadata records.

(!...,//::H//HF) Establish a process to research
quarantined records before they are removed from quarantine and
included in the Agency's BR repositories.

Recommendation #1:

LEAD ACTION:

Chief,

I

1-

w~-~h·

Concur
1:.(;:commendation. _ _ _ __.I will
write a process to Research and An·~·ly;z;e any quar~ntined records
in order to determine if any records s'i1ou.ld be iP,cluded in the
Agency's BR repositories.
"·· ..........
CONCUR/NON-CONCUR:

ESTIMATED COMPLETION DATE:

Approved

byl

.............

+. ::::)(b)(3)-P.L. 86-36

I· ·-cbi'~·f·····~-~

('l'J//SI//MF) Prepare a plan that documents
the Agency's major initiatives for complying with the terms of
the Order.
This plan should be flexible and updated to reflect
changes in terms of the Order, systems and databases that store
BR metada, and identify the organizational resources and
milestones for completing future aging-off efforts of BR
metada.
Furthermore, ensure BR retention rules as defined in
the Order are documented in the Compliance Standard for
Retention.

Recommendation #3:

LEAD ACTION:

Chief TD Office of Compliance and Deputy Director,

Tl)
Concur:
In June 2011, at the request of the
Compliance Steering Group, TV and SV jointly authored the
approach to developing compliance standards, deriving applicable
technical requirements, and publishing the requirements for
compliance certification. Consistent with the documented
approach, the draft Retention standard, to include BR data, has
been submitted to TV. And TV is currently documenting and
CONCUR/NONCONCUR:

Derived From: NSA/CSSM 1-52
Dated; 20070108
Declassify On: 20361001

TOP SECAETNe.ololl14'fi/MCFOFtl~

JOP SECREJ/JSJ.111vD.FOmv
C-2

 REF ID:A4177267

DOCID: 4230262

TOP 8ECRET;$'Sf1$'NOFO-RH
ST-11-0011

'FOP 3EC~E'f//COIVlllQ I Ii IQOFORN

vetting the technical requirements for retention (age-off) .
These requirements are expected to be published in October for
developers' reference. At such time, Tl and other developer
organizations will be provided requirements specific to
retention issues.

ESTIMATED COMPLETION DATE: Compliance certifications will
include a verification of retention procedures/code as of
...·······················

Recommendation #4:
f'fS//sr//HF) Prepare written procedures that
document the roles and responsibilities for the organization
('b)(3J::.P. .L. 6-36
involved in the BR retention effort.
These procedures should
········- ..
also
document
the
process
for
researching
quarantined records
·······-...
··········· ... and the requirements for maintaining accurate documentation for
pa."rse.;i: configurations as outlined in Recommendations 1 and 2,
respe~tlve],,y. (ACTION: Recommend Changing Office Responsibility
for this actlon-....j:o Chief TD Office of Compliance and Deputy
Director, Tl •vi~;~i
..........................······

b

CONCUR/NON-CONCUR: concur with modified recommendation.
TD
Compliance will outline the roles and responsibilities for
organizations involved in the BR process.
Tl will describe the
procedures for researching quarantine records.
Thel
development team
l···W:~ll document their procedures to j
include roles, responsibil{~ie~ and procedures for handlinci the
BR data. We have requested th~·- .. dDC:.l.Jlil.ent be completed
lwilJ write proc~du.i;:es documenting
.l
roles and responsibilities with .. r.~gards t"Ci . B:fl,_ retention.

I

I

byl
I

I

..I

···············

ESTIMATED COMPLETION DATE:

....______....I············· ..
:::::::::::'·(b )( 3)-P. L. 86-36

General Comments:

•
•

)1~\i~:::~~:e/

The first two pages of the OIG docume,nt ..
classification set to TOP SECRET/Isfi/NORFO~·instead of

:~~~:~nd

.. ·····

:;,.e,rsi~~ ~f
I
I

that the fi.na1
this teport be provided
to thel
lte.am_.£.oi use in developing requirements
for the_B_F:_,___F_I_S_A_r..:·.:rtibn of
The r:irganizat.ion is

l'Oi? SECRET//COMIPff//PdOFORPJ

TOP SECR£1W8hSS¥0f'OfoV
C-3

 DOCID:

4230262

REF JJ:D:A4177267
TOP SECltETllS1mvuFORN

ST-11-0011

(U) This page intentionally left blank

TOP SIJCR:E TiS{~'bSCf\l0:..1J'()R::lV
C-4

 DOCIE: $230262 REF 


 4230262 I REF 
WW

 

DOCID:

4230264

REF I:D:A4177277
1 OP SECREli/,$1i!NOFORJv

NATIONAL SECURITY AGENCY/CENTRAL SECURITY
SERVICE
Further dissemination of this report outside NSA is
PROHIBITED without the approval of the Inspector

General.

(TS//SlllNF) Report on NSA Controls to Comply with the
Foreign Intelligence Surveillance Court Order Regarding
Business Records Collection
ST-12-0003
01 August 2012
~pproved

for Release by NSA on 08-06-2015.
=-01A Case #80120 (litiaation)
TOP 8ECRETMfhS'HOFO-R:iV

Derived From: NSA/CSS Manual 1-52
Dated: 08 JamlllIJ' 2007
Declass~[v On: 20370108

 DOCID:

42302'64

REF ID:A4177277
TOP SECRET1S'8 lt'/fttirOFORftl

(U) OFFICE OF THE INSPECTOR GENERAL
(U) Chartered by the NSA Director and by statute, the Office of the Inspector General conducts audits,
investigations, inspections, and special studies. Its mission is to ensure the integrity, efficiency, and
effectiveness ofNSA
operations, provide intelligence oversight, protect against fraud, waste, and
mismanagement of resources by the Agency and its affiliates, and ensure that NSA activities comply with the
law. The OIG also serves as an ombudsman, assisting NSA/CSS employees, civilian and military.

(U) AUDITS
(U) The audit fimction provides independent assessments of programs and organizations. Performance audits
evaluate the effectiveness and efficiency of entities and programs and their internal controls. Financial audits
determine the accuracy of the Agency's financial statements. All audits are conducted in accordance with
standards established by the Comptroller General of the United States.

(U) I NVESTI GATI ONS
(U) The OIG administers a system for receiving complaints (including anonymous tips) about fraud, waste, and
mismanagement. Investigations may be undertalcen in response to those complaints, at the request of
management, as the result ofirregularities that surface during inspections and audits, or at the initiative of the
Inspector General.

(U) INTELLIGENCE OVERSIGHT
(U) Intelligence oversight is designed to insure that Agency intelligence fimctions comply with federal law,
executive orders, and DoD and NSA policies. The 10 mission is grounded in Executive Order 12333, which
establishes broad principles under which IC components must accomplish their missions.

(U) Fl ELD I NS PE CTI ONS
(U) Inspections are organizational reviews that assess the effectiveness and efficiency of Agency components.
The Field Inspections Division also pattners with Inspectors General ofthe Service Ciyptologic Elements and
other IC entities to jointly inspect consolidated c1yptologic facilities.

 REF ID:A4177277

DOCID: 42302'64

TOP /!5t!Cl1ETl/S1/1!WJFOJ11V
ST-12-0003

OFFICE OF THE INSPECTOR GENERAL
NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE

01 August 2012
IG-11437-12

TO: DISTRIBUTION
SUBJECT: ('fS//SI//NF) Report on NSA Controls to Comply with the Foreign
Intelligence Surveillance Court Order Regarding Bµsiness Records Collection
(ST-12-0003)-.ACTION MEMORANDUM
1. ('f8//Sl//l'lF) This report summarizes our review on NSA Controls to
Comply with the Foreign Intelligence Surveillance Court Order Regarding
Business Records Collection and incorporates management's response to the
draft report.

2. (U / /FOUO) As required by NSA/CSS Policy 1-60, NSA/CSS Office of
the Inspector General, actions on OIG recommendations are subject to
monitoring and follow-up until completion. Consequently, we ask that you
provide a written report concerning each "OPEN" recommendation in the
following circumstances: when your action plan has been fully implemented;
when your action plan has changed; or if the recommendation is no longer
valid. The report should provide sufficient information to show that corrective
actions have been completed. If a planned action 'will not be completed by the
original target completion date, please state the reason for the delay and give a
revised target completion date. Reports should be sent tol
_....j
Assistant Inspector General for Follow-up, at OPS 2B, Suite 6'.24 7 or by e.mail
a~
,.............................. ·-······-····-······--·-··· . · ·
··············-··········-- . ·······--·····::· :: :::·::::::::::::::::==·:::"(b)(3)-P.L. 86-36
3. (U) We appreciate the cq:µrtesy·and'Coop~~;~i~~-~xtended"to our staff
throughout the_r.~yie.w .. For . addltio~al information, please cor;tactl
l·at963-0936(s) or by e-mail atl

I

I

-!l~RP-<2~
Inspector General

TOP SECRE1W8J/NOPOR!l/'

I

 REF ID:A4177277

D'OGID: 4230264

fOfl SEC17.ET;SJ;/T{6~~61i:lf

ST-12-0003
(U / /fi'OUSJ DISTRIBUTION:
DL SIDIGLIAISON
DL. TD_REGISTRY

......................

DO~ NSD l.....,___ _ __,_,,,,,,_---·····,....······-·······-······
.....··I
..• ..... .
IG
(t>)'(s)
:

D /,....IG
_ _ ____,
Dll
Dll
D12
D13
D14

I·.

TOP SECRE1Y/81/JUOFCtB:iV

 REF ID:A4177277

DOCID: 42302'64
TOP

.'SECltET!7~Y117'!c/OFORH

ST-12-0003

{U) TABLE OF CONTENTS

(U} EXECUTIVE SUMMARY ......................................................................................... iii

I. (U} BACKGROUND ................................................................................................... 1
II. (U} FINDING AND RECOMMENDATIONS ............................................................... 5
(TSHSIH~ff)

FINDING: BR Program Processes Must Be Improved ......................... 5

Ill. (U} OBSERVATIONS .............................................................................................. 11
IV. (U} SUMMARY OF RECOMMENDATIONS ............................................................ 13
V. (U} ABBREVIATIONS AND ORGANIZATIONS ...................................................... 15
APPENDIX A: (U} About the Special Study
APPENDIX B: (TSHSIJ.'NF) Business Records Systems
APPENDIX C: ('f'SHSIHNF) Agency Foreign Intelligence Surveillance Act
Business Records Collection Stakeholders
APPENDIX D: (U} Full Text of Management Response

 DOCID: 4230264

REF ID:A4177277
'fttP SECRET1S'8hS'f'{{):POR N

ST-12-0003

(U) This page intentionally left blank.

TOP 8EC"'fE1W8JiS'}ol{H!O:R:i¥
ii

 REF ID:A4177277

DOCID: 4230264

ST-12-0003

(U) EXECUTIVE SUMMARY
(U) Overview
('PS// SI// MF) This report summarizes the results of our special study of
National Security Agency (NSA) controls to comply with the Foreign Intelligence
Surveillance Court Order regarding business records (BR) collection. From
December 2011 through March 2012, we performed testing and procedural
reviews to assess the Agency's compliance . Other than one incident NSA
reported during our review, we found no other instance of non- compliance
with the terms of the Order for BR collection during calendar year 2011.
However, we noted areas for improvement.

(U) Highlights
(T8//81/0fF) The Agency should improve BR processes to strengthen controls
and help reduce the risk of non-compliance.

(TS//SI//Pl'F) Program material BR FISA program material is not
centrally located or accessible to stal<:eholders .
•

(T8//81/0fF) Meeting notes Meeting notes .of mandatory quarterly
meetings with Department of Justice National Security Division are not
kept.
{b}tfF::::::::::::::::::: . :..................... ····· . .fl'S/fSI/ INF) I

~~~~;~~:o\J~~;~~~<i>

· · ·····!.______________
(Tel//§I//~Tlf)

Management oversight Management does not have a

process to review sampling .
(U / /FOUO) Structure code test There is no process for periodic reviews
of the structure code test used in sampling .
(U) Management Action

(U / /f?OUO) Signals Intelligence Directorate personnel agreed with the
Inspector General recommendations. The planned actions meet the intent of
the recommendations.

iii

 DOCID: 4230264 REF 

1? 
1

ST -1 2?0003

(U) This page intentionally left blank.

11?

REF

DOCID: 4230264

J:D:~4177277

f&P SECRETtS'SLS'PlOirzOKl•l
ST-12-0003

I. (U) BACKGROUND

(TSHSIHNF) Business Records (BR) Order
{QJ(1y...........

('TS// SI/ OW) Pursuant to a series of Orders issued by the Foreign
Intelligence Surveillance Court (FISC) beginning in May 2006 to comply with
(b)(3):::5o.µsc 3024(i) the··Fo.re.igp. Intelligence Surveillance Act of 1978 (FISA), the National
.
Security Ageiicy·(NSAJ has been receiving certain call detail records (CDRs)
·. . .
or telephony metadata.fi:'orul
!telecommunications providers. NSA refers
·
·.
to these BR Orders collectively as the "BR Order" or "BR FISA."
(b)(;3')~P.L. ss:·35· .....

·······... ·· ......·.·.· ·.·.· ·. .(Te//

~I// ~IE)

The BR Order provides NSA access to records of telephone
calls . J:>etween the United States and abroad or wholl within the United
States> __
............................
.........,.-_.,,.... This collection of information is not available to NSA through its
other foreign intelligence information collection. It is valuable to NSA
analysts tasked with identifying potential threats to the U.S. homeland and
interests abroad because it enhances analysts' ability to identify, prioritize,
and track terrorist operatives and their support networks in the United
States and abroad, primarily using call chaining analysis.

...

~~~~~~~~~~~~~~~~~~~~~~~~~...a

(TG//81//tff) Collection provisions of the BR Order
(TS//SI//NF) The BR Order requires providers to provide daily an electronic
copy of all records or telephony metadata. The Order defines telephony
metadata as comprehensive communications routing information, including
but not limited to session-identifying information (e.g., originating and
terminating telephone number, International Mobile Subscriber Identity
number, International Mobile Station Equipment Identity number, trunk
identifier, telephone calling card numbers, and time and duration of call).
Telephony metadata does not include the substantive content of
communications or the names, address es, and financial information of
customers.
(TS//81//NF) Exhibit B For each renewal of requested authority, NSA must
file with the FISC a report that describes, among other things, proposed
significant changes to the way in which the CDRs are received from
providers and significant changes to the controls NSA has in place to
receive, store, process, and disseminate BR metadata.
(TS//81//NF) Exhibit C At least once during the authorization period of an

Order, NSA's Office of General Counsel (OGC), its Office of the Director of
Compliance (ODOC), the Department of Justice's National Security Division
(DoJ NSD), and other appropriate NSA representatives must meet to assess
compliance with the FISC Orders. Traditionally, this meeting must include
a review of a sample of records obtained to ensure that only approved
metadata is being acquired. The results of this meeting must be submitted

Ttf? 8ECJtET1S'8El'NOFOR1¥
I

 REF ID:A4177277

DOCID: 4230264

fOfl SECRE'fWSES'NfJFOR N
ST-12-0003
to the FISC in writing as part of any application to renew or reinstate the
authority requested. Exhibit C of the application summarizes the quarterly
"meeting..;·!
Ithe requirement of the Order to review a sample
of records obtained changed to a review of NSA's monitoring and assessment
to ensure that only approved metadata are being acquired.

{6)fff .....
(b)(3)-P.L. 86-36

(TSHSJ,£/~Jq
tl'T'l.r.

.... .._,

I

BR collection process

I

/,.,TI /1\TP\.1

- - ..

.... -::::::<·

.......

t~_ji·~·1···············
(~).f~l~P;·L~. 86-36
(oJm:)~OJ:iSC.~024(i)
\\ ......... ...
·.....
··· ..
·· .....

\\"<\::.>
:::: ....".:·· ....
·... .
._

'.

·· ..

',',

\ \. . . . . . . .>.... .......
~

\

".

\

"

:··..
"-..::··.....

".

..
...

',

·."
·."
"

_,__

____...,......,..-_____________________________________________________
·... ·...

'(TS
. II T'SI II 7i'NF)'
..
\

\

" "

\\ (TS TT
I 'SI I '~!Frj
Tl

TOP lfECRET1S'Sf1S'NOFOR:N
2

___,

 REF ID:A4177277

DOCID: 4230264

ST-12-0003

(6fr1) ........

(b )(3)-P .i.:~··s6·~36 ...

(b)(3)~5Q USC 3024(i) ·._····..;;.······;;...·. . . . , . . . . - - - - - - - - - - - - - - - - - - - - - - - - - - - '
ffS//sr//UF)
·...

(TSHSIHNF) Criteria to Assess Agency Compliance with the BR Order
/(b)(1)
/(b)(3)-P.L. 86-36

(TS//SlmJF) BR Order

I

f

(TS//£1//WF) Minimization procedures in FISC BR Order
require
that NSA and DoJ NSD conduct oversight of NSA's activiti'-e-s.-T""'h""e Order
states that at least once during the authorization period:
['fSh'Sf//NF] NSA's OGC, Office of Director of Compliance (ODOC), NSD/DoJ, and
any other appropriate NSA representatives shall meet for the purpose of assessing
compliance with the Court's Order. Included in this meeting will be a revie'v of a sample
of the call detail records obtained to ensure that only approved metadata is being
acquired. The results of this meeting shall be reduced to writing and submitted to the
Court as part of any application to renew or reinstate the authority requested herein.,D
hhe.r~_quirement of the Order to review a sample of records obtaine4<
changed to a review ofNSA'.s... monitoring and assessment to ensure that only apprbved
metadata is being acquired. For···ertch.re.gewal of requested authority, NSA must,AJ.le with
the FISC a report that describes, among etlie'r-·tb.ings, a description of any prop\)sed
significant changes in the \Vay in w-Iuch records 'voilla··be-re.ceived from the Ploviders
and any significant changes to controls NSA has in place to receive,.stqre, p~:6cess, and
disseminate the BR metadata.
·(b)(1)

I

(b)(3)-P.L. 86-36

(U) Internal controls

(U) NSA/CSS Policy 7-3, Managers' Internal Control Program, 14 February
2012, implements the Government Accountability Office's Standards for
Internal Control in the Federal Government, November 1999. Policy 7 -3
requires managers "to institute the needed controls." According to the
policy, internal control is
1

I

! C/1ML 'fO USA. FVffY21

.. ····

(

1

('f3f.:3Ii.1<1F) On the basis of factual and practical considerations of evervdav life bn which reasonable and rudent
persons act, there is a RAS that the selection term to be queried is

...···
..__ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ..,_,,:;
(b)(1)
............

TOP 8ECR£vS'ShS'NOFOR::lV
3

................. .

(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

 REF ID:A4177277

DOCID: 4230264
f(JP

SEC'ltl!:Ttl'SI/1!VYJF"Olt !"1

ST-12-0003

[U] a system of guidance, instrnctions, policies, regulations, procedures, rules or other
organizational instrnctions intended to determine the methods to be employed to carry out
mission or operational actions or objectives, and ensure that programs achieve intended
results.

(TS//SI//PfF) Table 1 depicts NSA/CSS Policy 7-3 categories of internal
controls, which we applied to the BR FISA Program to evaluate the risk of
non-compliance .
(U) Table 1: NSA/CSS Policy 7-3 Categories of Internal Controls
(U)

Documentation

(U) Established written procedures that are complete, accurate, and
available for examination. Consists of regulations, policies, procedures,
and/or standard operating procedures.

Record

(U) A written description of what has happened.

Structure

(U) Key duties and responsibilities in authorizing, processing, recording,
and reviewing official NSA/CSS transactions should be separated
among individuals. Managers should exercise appropriate oversight to
ensure that individuals do not exceed or abuse their assigned
authorities.

Authorization

(U) Procedures are in place to prevent people from exceeding their
authority or misusing government resources.

Management

(U) Consists of the assignment, review, and approval of work. This
control requires that management provide guidance and training to
reduce loss of resources and increase achievement of results.

Security

(U) Any method or device that can be used to restrict access to
government resources. This control may utilize safes, vaults, locked
rooms, locked desk drawers, computer log-on identification , and
passwords.
(U)

TOP SEGlfEJ;,@'J.«NOFQRN
4

 DOCID:

42302 64
1

REF ID:A4177277
TOP SECR£ T1?fYl!7'f'<lOf'ttR:N
ST-12-0003

II. (U) FINDING AND RECOMMENDATIONS
t~><1 l.

OH(~)~P~·L •. 86-36
(b}(.3)~0 USC-3.Q24(i)

(TSHSIHNF) Fl NDI NG: BR Program Processes
Must Be Improved

\,:··...... ·."tf.SffSHtMr)O~her than the compliance incident described, we found no other
\..... inst~nce of no·n~·compliance with the Order for BR Retention during CY2011.
\ . .....Howev.er, the Agency·myst centralize program documentation and make it
. apcessib.{e to all stakehoiderS..~.. Notes of mandator uarterl meetin s with DoJ
NSD ersonnel should be ke t:··
.
Management reviews of sampling
thaf
personnel perform is required. The structure code
used in sampling
should be reviewed and
updated periodica y. mprovmg
processes wt s rengthen the controls
already in place and help reduce risk of non-compliance.
(U) Non-Compliance Incidents

·················

.····· ···· ... ·

:::"'::·:'°(b).(1)
. (bj(3)~P .L. 86-36

.......

...

·············

\

···-.::·-...

f'fS / /SI// PJ.f.) . .O.urifig·ot;:·; review, . N-SAfffed with the FI~C
la. Notice of Complil:lJJ.ce··Tiicident in accordance :With _ _ _ _...._.,..,......._ Qf
the FISC Rules of Procedure ex lainin that
l·tec~~ds
·contained credit card·-.....
information. Notification to the FISC was not provided upon recognition\.
because it was OGC's understanding that this must be reported only wheh
credit card information was viewable by analysts inl
Subsequently, OGC learned that DoJ maintains a different view:
(b){3)~P;:~:·:·86,,3.~. ........ Identification of credit card information, regardless of whether the credit
·······... ..... ·cafl:linformati.QP.:. was viewable b intelligence analysts, must be reported to
·the·C.o.µrt. Accord.fri···to
analysts, credit card information never
.~ntered ·. ···......
because
the parser rules prevented the fields
....................
. ....... · ··· · ··· ···
from being ingeste·d·; ·
is responsible for updating parser rules and
(b)(1)
performs daily and weekly sampling of records to identify non-compliant
(b)(3)-P.L 86-36
data.

l

I

I

:

.··

_,:·:-'·····

(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 use 3024(i)

TOP b'ECllETIS'!·if;S'NOf'O-JtN
5

 REF I:D:A4177277

DOCID: 42302'64

TOP 8ECR£T1S~ }1$'hYJFOR N
1

ST-12-0003

(U) Program Documentation
('FS//Sl//NF) The BR FISA program has two SharePoint sites that contain
historical information on the program. One site is maintained by the
........... ······I
land contains e-mails from a former BR
"('6)('3)~P~L;··ss::3s··'····FISA.Prn.g:r!'l:P.'.l.. M8.:~~l:l:.&.~.~· .... !.?~ second .site is sporadically maintained by
·... ..
personnel from Oversight ana···com:phance···(SV);··I
··.....
·· ...... ..
·· ......

(TS//SI//PtF) The BR FISA Program Lead is concerned that program
documentation is in different locations and is not updated on the Share Point
site. He believes that all program material should be maintained centrally
and be easily accessible. He stated that a recent response to a
Congressional "Question for the Record" might not have been consistent
with a previous response because the historical information was not
included on the Share Point site for reference .
(TS//£1//PtF) In addition to a weekly compliance meeting with NSA
stakeholders , there is a Court-mandated quarterly compliance meeting of
DoJ NSD, NSA OGC, NSA ODOC, and other NSA personnel. Representatives
of the OIG attended a quarterly compliance meeting on 1 February 2012,
and questions regarding previous quarterly meetings were raised. The OIG
observed NSA participants recollecting decisions and discussions from
previous meetings. NSA does not maintain notes of discussions and
decisions made during these mandatory meetings .
..{TS/ /SI//Npt' Part of the reason that program documentation is not updated
centrally and meeting notes are not maintained is that the BR FISA Program
no longer has a Program Management Office (PMO). The Program Lead has
no staff and relies on individuals from various orn:anizations;·I
I

(U / /FOUO) Effect Lack of complete and final historical documentation in a
central location accessible to stakeholders could lead to misinformed
decisions and reporting on the program.

(TS/!Sl/l~dF)

Consolidate and maintain all final BR FISA Program material in a
central location accessible to NSA stakeholders.
(ACTION: BR FISA Program Lead)

TOP SECRET1$~'f1$'!IOFO-R:N
6

 REF ID:A4177277

DOCID: 4230264
TOP

8tJCltE'f1Wih~'NOFOlfN

ST-12-0003
(U} Management Response

(U) AGREE All final program material will be maintained on the existing SV
SharePoint site by 28 September 2012.
(U} OIG Comment

(U) Planned action meets the intent of the recommendation. Upon
confirmation that all final program material is consolidated on the SV
SharePoint site, the OIG will close this recommendation.

Maintain meeting notes of quarterly compliance meetings with
DoJ NSD.
(ACTION: BR FISA Program Lead}
(U} Management Response

(U) AGREE Management will maintain quarterly compliance meeting
documentation on the SV SharePoint site.
(U} OIG Comment

(U) Planned action meets the intent of the recommendation. Upon
confirmation that management maintains quarterly compliance meeting
notes on the SV SharePoint site, the OIG will close this recommendation.

(U) Reconciling Data from Providers

... ·····

,,,_.......

..... ... I

I .L

.._,...

..._,I

/ 1\T '1.'1\
.i.

I

I

~ ...

....···

('~)(1)..

(b)(3)-PL 86"._~6

(b)(3)~so

use 3b240l
'm~
\ .... ......,

J ,·::;
"-'.a.

iT.:rT1'd--------------------------.

I I -

-

TOP SECRETiS!f}ES'HOFORN
7

 REF ID:A4177277

DOCID: 42302'64
f(}J>

8ECRET!751117v0Ftm IV

ST-12-0003

I

I J. ..:JI I

.......... -·····
·············

Recor.i~ue pEfrfocfr~ally ,___ _ _ _ _ _ _ _ _ _ _ ____.
ItTSHSIJ/PdFl
· INSA'receives.
(ACTION:

I

(U) Management Response

(U) AGREE For each provider, management will establish a reasonable
periodicity for reconciliation that is technically feasible, yet meets OIG's
recommendation.
(U) OIG Comment

(U) Planned action meets the intent of the recommendation. Upon
confirmation that management has begun reconciling the number of BRs
that providers send with the number NSA receives, the OIG will close this
recommendation.

(U) Management Reviews and Structure Code
.ff.S.f/Sfj./PJF)Omanagement receives weekly BR FISA compliance reports
("b)'_(_;3):P~E:8'~~ 6 '. """'';;),p,f,\J?.i:W:eek.lY... ~t.::l,t:L.J:s reports and attends monthly project review meeyngj on

·········::~!~~~!~~:~£~~1.~ffI~~;~~~~l·:p·el;~;:~::i~i··~·J;t:~~1~~-~~~y0:=:;i~ng

of

records received from providers.
·······...

(U / /FOUO) GAO's Standards for Intemal Control in the Federal Govemment
include monitoring: Internal controls should generally be designed to
ei1sure that ongoing monitoring occurs in the course of normal operations.
This includes regular management and supervisory activities, comparisons,
recori:ciliations, and other actions that personnel should take in performing
their duties.
(TS//SI//HFf0personnel run daily and weekly queries on CDRs to answer
five questions, as part of the sampling process controls to verify NSA's
compliance with the Order:
\T TT'Sr, 'J\!Tj'l
1 . 1ms'

I(J~-~-.__

______________________________________

f()P SECR£f1~'S1W!fOF&RN
8

..;;;;.._··~···

(b)(1)
(b)(3)-P.L. 86-36

 DOCID:

REF ID:A4177277

42302·64
'fffP

SECltEf17'S}";7'f'lOFORPl
ST-12-0003

2. ffS//SI//NFj

{b)(3)~PL. 86~36

,........:==============::::::;-----------""'."."."'-!adhere to expectations? ...... · ......
('PS// SI// M
.F)-D-id-;:1======-.....
.
,a~.~~:~:~:::t.o:::exp:ett~~t'i'~'~;~~!~-P .L. 86-36

3·;· ·(U//FOUO }I

4.

5. ('f3// 31// MF) Did

I

ladheie. to expectations?

('FS//SI//N.F) The res..1:1:1t.s.of0sampling are submitted to ODOC in weekly
BR FISA COil:J,plianc«~···reports. ODOC compiles the information with other
c.g.:inplia:rice··· reports and provides it to the Director of Compliance for review.
DOC summarizes the weekly BR FISA compliance reports for DoJ NSD 's
........
·········
review before quarterly compliance review meetings.
('6)l3')'~P;'L!"86:':~?:.::::::::::::::::············ ......................
· ········ · :::···. (Sf'g/1~.Qfiffi'f::E:ar:JJ·qay;Duns manual scripts on all re~g.r.ds.for._I_ _ ___.
that carry . cfilling can(#i'iiiihers·:···NSAi§.POt . g.u.thorize'dfo receive customer
financial information· theiefOte ··:nchecks' ..fiies·e . feedsl
Ifor credit card
numlJ..er.sl
I

··········a

.... ··::::· ·········

f6)Hf·::::::::::.:·······
(b)l~)-P.L.

.$&;;36......

(b)(l)·SO
... USC 3024(il

······ ........

'~~
.&.......

I

·;·;:;·~·//T\1·1Nlr---------------------------.I
--

·. ·.

;f!W'/51//Nfl) Effect Management's review of the sampling of records that
L.Jpersonnel perform will provide a la er of oversi ht and hel ensure
com Hance with the.Order.·

(U/lFOUO) Implement

personnel perform.

~~anag~ment r~yiew process ~f. th~. .samplirig. thatO
···· ·· ·· · . . ........... (ACTION: J

TOP

8ECR£Ti~ 18JM'lOFO/Ll\l

9

 DOCID: 4230264

REF J:D:A4177277
TttP SEC1tE'f1nW1}'NOP&R N

ST-12-0003
(U) Management Response

(U) AGREE Management implemented a review process in June 2012 to
review the sampling during the team's monthly project review meeting.
(U) OIG Comment

(U) Planned action meets the intent of the recommendation. This
recommendation is closed.

(UJ~FOUS)

Implement a process to conduct periodic reviews of the structure

code.

I

(ACTION:l...._ __,...
(U) Management Response

.

~~!~~~etoQ~·J.:f1"m~!~!!~';;;;;~n~~j;'~~:'.d!'~.~:.~~:.~. ~~~~/
(U) OIG Comment

(U) Planned action meets the intent of the recommendation. This
recommendation is closed.

'f'OP 8ECltELS'8bSCJYO:POfl::N
JO

(b)(3)-P.L. 86-36

 DOCID:

REF ID:A4177277

4230264
'f()P

StsCR£T17'Sl17'NOF&R:Jil
ST-12-0003

Ill. (U) OBSERVATIONS

(U) Parameters for Defining Significant Changes
(TS//SI//NF) Guidelines have not been established to define significant
changes in the way that records are received or in the controls NSA has in
place for BR metadata.
(TS//SI//NF) For each renewal of authority, NSA must file with the FISC a
report, Exhibit B, that describes significant changes proposed to the way
records are received from providers and to the controls NSA has in place to
receive, store, process, and disseminate records.
(TS//SI//Nfi') The OIG asked stakeholders for the definition of "significant"
or agreed -on guidelines for determinin!! sil!11ificance. but a common
defhliti()P. ...<;.Q.nld...not . he . identified.-1

('6)(1L::::::::::::.:::::::::·:::. :..... .
(b)(3)-P.L··ss~.~s

(b)(3)-50 USC 3024(i) ..

....___.,..,._.I OGC believes that items that could be considered significant would
be discussed during the weekly BR FISA meetings. NSA OGC and DoJ NSD

ultimately determine what is reported as significant.

(TSl/Slh'PdF) Nonexistent guidelines for determining significant changes
might cause inconsistent reporting. BR FISA program stakeholders should
consider defining "significant. "

(b)(3")~Pi. 86~36

(TS//SI//NF) NSA has been inconsistent in its Exhibit B reports to the FISC
about whether there have been significant changes. The OIG reviewed all
Exhibit B reports for CY2011 to identify the information included in these
reports and determine whether significant changes to controls had been
...reported. OfthQExhibit B filings in CY2011, only one did not mention
whether NSA is proposing significant changes to the way records are
received from providers or significant changes to controls.

t-+t-¥i'M~+l'd+-+lnconsistent

reporting in Exhibit B might cause confusion about
whether significant changes have occurred. Establishing consistent criteria
in Exhibit B reporting should be considered.

TttP St:CftE TJS'SLS'PlOFORI'!
11

 DOCID: 4230264

REF ID:A4177277
TOP SECftET!7'Sf17'!'1'0FOR l<l

ST-12-0003

(TSHSIHNF) Disclosures in Exhibit C Filings
(TS//SI//Wfl'T Exhibit C filings to the FISC summarize meetings between
NSA and DoJ NSD to assess compliance with the FISC Orders. These
representatives must meet at least once during the authorization period
(usually every 90 days), and the results of this meeting must be submitted
to the FISC in writing.
(TS// SI// NF) Information reported in the Exhibit C filings is inconsistent.
For example, BR 11-07 Exhibit C, 20 January 2011, reported that, on
8 December 2010, DoJ NSD, NSA OGC, NSA ODOC, and NSA Signals
Intelligence Directorate personnel met to discuss implementation of the FISC
authorization in a manner that complies with that authorization. However,
there was no specific statement that NSA was in compliance with the FISC's
Order and no mention of the results of OGC 's sampling of BR to ensure that
NSA was not receiving unauthorized data. By comparison, BR 11-57 Exhibit
C, 13 April 2011, stated that on 23 February 2011 representatives reviewed
a sample of CD Rs and concluded, on the basis of this review and
representations of responsible personnel, that only approved metadata was
being acquired.

(TSh'Slh'PdF) Although DoJ NSD personnel submit Exhibit C and are
responsible for its content, NSA OGC personnel review the submission.
NSA OGC should recommend that DoJ NSD address the terms of the Order
consistently in Exhibit C reports.

TOP SECR£f17'Sf17'NOFORN
12

 DOCID:

BEF ID:A4177277

42302 64
1

TOP SECltET17f'5l17'!v"O"FORN
ST-12-0003

IV. (U) SUMMARY OF RECOMMENDATIONS

RECOMMENDATION 1
(TSh'Sh'/NF) Consolidate and maintain all final BR FISA Program material in a central
location accessible to NSA stakeholders.
(U) ACTION: BR FISA Program Lead
(U) Status: OPEN
(U) Target Completion Date: .....

I ________.!·. .

............................ ········ . ·······················

.. ............ (b)(3)-P.L. 86-36

.... ····

RECOMMENDATION 2
(TSHSh'tMF) Maintain meeting notes of quarterly compliance

.. ···

(U) ACTION: BR FISA Program Lead
(U) Status: OPEN
{U) Target Completion Date:

I

r.neeff~~s

with DoJ NSD.

....-··

,......

.··
(b).(1)
(b)(3)~P.L. 86-36
··········· ....

RECOMMENDATION 3

"··.

('fSt/91//MF) Reconcile periodically
NSA receives.
------------------

I

(U) ACTION:
1--. ..
(U) Status: OPEN
·.....,__ _ _ _ _....,
(U) Target Completion Date:I_________. .
···· ........... .

(U//FOUO) Implement
perform.

~~i :~i~~~:d-10-se_d_

RECO-~MENDATION . 4
a management review p;~ces~. oUh~ sampling tha~Opersonnel
• .
_. ························· ···················· ····················· ·

...................

RECOMMENDATION
(U//FOUOrtmplement a process Jo
(U) ACTION:J
(U) Status:losed

I /

colidu~t ~eriodic

.-·/

~:>,,_.//

S./. / ...

3
86 36
(b)( )-P.L. -

reviews of the structure code.

/

TOP 8£CRET1S'Sl.'WfilO"FOltlii'
13

 DOCID:

REF ID:A4177277

42302,64

f(jfl SEC'Jtf!:ftl:'5Jl/N(jF()R 1V

ST-12-0003

(U) This page intentionally left blank.

TOP

SEC:ltEfJ~'Sff/l~rOFORN

14

 REF ID:A4177277

DOCID: 4230264

TOP 8£CRE1W81WNOFORN
ST-12-0003

V. (U) ABBREVIATIONS AND ORGANIZATIONS

(U)
(U)
(U)
(U)
(U)
(U)
(U)
(U)
(U)
(U)

BR
CDR
DoJ
FISA
FISC
FTP
GAO
NSD
ODOC
OGC

(u)r---i
L____J .... ··· .........

(U) PMO
(U) RAS
(U) SCIF

~g;EJ

...

I

Business Records
Call Detail Record
Department of Justice
Foreign Intelligence Surveillance Act
Foreign Intelligence Surveillance Court
File Transfer Protocol
Government Accountability Office
National Security Division
Office of the Director of Compliance
Office of General Counsel

I· · · · ············

Pri:fgram .. Ma.µ~gement Offke··. ···· ...
Reasonable Artic.ula:ble··.Su~.picion ·· ···· ·· ....
Sensitive Compartmentel InfOrrii.ation...F.a.GJlity······· ...

r ~" ,~=~~";"";:,;,;;;;;"~"~"""'""<h,(3)-P,L. 86-36

: I

15

 DOCID: 4230264

REF ID:A4177277
TOP SECRETiS1'"LSWO-YOR N

ST-12-0003

(U) This page intentionally left blank.

f&P StiJCR:EfJ~'SI1YNOF'OfU•t
16

 DOCID: 4230264

REF l:D:A4177277
TOP 8ECR:ETi~SJ;VNOFORN
ST-12-0003

(U) APPENDIX A

(U) About the Special Study

TOP SECR:Ef1~'8ltl/VOFO-Rivr

 DOCID: 42302'64

REF ID:A4177277
TOP St!:CRE'f17'Sh7'NOFOR 1¥

ST-12-0003

(U) This page intentionally left blank.

TOP BECRET,~~YJ,C/,IV()Jl(}.DuV

 REF ID:A4177277

DOCID: 4230264

T&P 8ECREfJ7f'SftlfllOFORN

ST-12-0003

(U) ABOUT THE SPECIAL STUDY

(U) Objectives
ff0//81//MF) The overall objective of this study was to determine whether
Agency controls are adequate to provide reasonable assurru.1.ce that NSA
complies with the terms of the Foreign Intelligence Surveillance Court (FISC)
Order for Business Records (BR) for collection of BR metadata.

1. (TS// SI//P~ F) Objective 1: Determine the controls the Agency has
implemented for collection of BR metadata in accordance with the Order.

2. ('FO//SI//PlF) Objective 2: Determine whether Agency personnel are
following the requirements of the Order by meeting and reviewing
samples of records .
3. {TS//SI/{l'lF) Objective 3: Determine whether Agency personnel are
following the requirements of the Order by filing the required information
with the FISC every 30 days.

(U) Scope and Methodology
(U) Scope

('fSj/SI/OTF) The review focused on the manual and automated controls for
collection of BR. We verified whether procedures have been implemented to
provide a level of assurance that non-compliru.1.t data will not be collected or
if inadvertently collected will be swiftly expunged and not made available for
analysis. We tested whether NSA is compliant with the Order by meeting at
least once during each authorization period and reviewing samples of call
detail records (CDRs) to ensure that only approved metadata is acquired.
We verified that every 3 0 days, NSA files with the FISC a report that
describes significru.1.t changes to the way CDRs are received and to the
controls in place for receiving CDRs.
(U) Methodology
(U / / fi'OUO) We reviewed the following documentation:

•

!'FS//8I//JU?)All0Exhibit C filings for CY2011 to ensure that NSA
is compliant with the reporting requirements of the Order.

('t))f:i}:P:i~-~~~~~- ~ Hrn('FS//OI// NF) AHO Exhibit B reports for CY2011 to ensure NSA's

compliru.1.ce with the reporting requirements in the Order by
identifying whether NSA reported significant changes in controls and
the way CDRs are received.

TOP 8ECR£1iS'SES'NOF-O-R:N

A-1

 DOCID:

R.EF JI:D:A4177277

4230264
TOP

SECRE'f"l~'S11~'NOFOR

ll

ST-12-0003

•
(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 USC 3024(i)

....,,,..,.........,..-...,,....,,,.,_-....! Cotiiiterterrorism, Office of General Counsel, Office of the
Director of Compliance, and SID Oversight and Compliance to document the
roles and responsibilities of each organization in relation to the
requirements of the Order.

(U) Prior Coverage
('FS//81//MF') The Office of the Inspector General's (OIG) Report on the
Assessment of Management Controls for Implementing the Foreign Intelligence
Surveillance Court Order: Telephony Business Records (ST-06-0018),
5 September 2006, concluded that control procedures for collecting
telephony metadata under the Order had not been formally designed and
· clearly documented. As a result, management controls did not provide
reasonable assurance that NSA would comply with the Order. We
recommended that, at a minimum, procedures be established to:
(U / /F'OUO) Monitor incoming data regularly,
(U / / FOUO) Suppress from analysts' view unauthorized data that is
discovered , and
(U / /F'OUO) Eliminate unauthorized data from the incoming data
stream.

(U / /FOUO) The report's formal recommendation was for Agency
management to design procedures to provide a higher level of assurance
that non-compliant data will not be collected or if inadvertently collected will
be swiftly expunged and not made available for analysis.
{'FSf/SI//NF) Management concurred with the OIG 's finding and

recommendation and stated that it had partially implemented the
recommended procedures to block questionable data from providers'
incoming dataflow.
(TS// SI// NF) The OIG's Report on the Audit of NSA Controls to Comply with
the Foreign Intelligence Surveillance Court Order Regarding Business Records
Retention (ST-11-0011), 20 October 2011, concluded that documentation
was not accurately maintained for the current parser configurations used to
filter BR metadata of unwanted information before it is saved to Agency
databases. Befo~e the issuance of the report,/Ocompleted its update of
parser configurations .
/
(b)(3)-P.L. 86-36

TOP SECR£f1~Sf17'NOFti1Uv'
A-2

 DOCID: 4230264

REF ID:A4177277
TOP !HJCRET1$'Sh7'NOFO-RN
ST-12-0003

(U) Management Control Program
(T§// £I// WF) As part of our study, we obtained and reviewed the
Vulnerability and Process Assessments for the organizations under review,
as set forth in NSA/CSS Policy 7-3, Intemal Control Program, 14 Februar
2012. The 2011 Vulnerability and Process Assessment completed by
·:.{b)(3)-P.L. 86-36
·ctid
1---....-....-.--.--.--....-.--.--....-....__,,._......,.__,.__,......._,...,.,_--.-.-......,-.--.--.--.--.--....-.--I
not report any concerns app icable to the collection of BR.

TOP S£CRET1$'ShVi\'OFOfHi
A-3

 DOCID: 4230264

REF ID:A4177277
TOP 8£C/tEfJ7'8117'fv"OFOR 1V

ST-12-0003

(U) This page intentionally left blank.

TfH' S£CltEf17'8"itlflOFOhftl
A-4

 DOCID:

42302 64

REF ID:A4177277

1

TOl.0

SECRE'L~{S'J-i~S7\lOFORirif

ST-12-0003

(U) APPENDIX B
(TSHSlh'NF) Business Records Systems

TO'P SJ!!Ctm177Sll71\/0FtJm\/

 DOCID:

4230264

REF ID: A.4177.277
TOP 8ECR£T1$'8f1$'NOFOR N

ST-12-0003

{U) This page intentionally left blank.

 REF ID:A4177277

DOCID: 42302'64

'f()P St::CftEf17!'Sl17'NfJ/i'01tJv

ST-12-0003

(TSNSINNF) BUSI NESS RECORDS (BR) SYSTEMS

stems BR data is stored on A enc networks in

'-------------------'

and ...off~line ...using..backu.p . .tapes ......

...... ::::··::::::::::::...... ,,...... ~(..b·· · )· (· 3)-P.L. 86-36

··········································

('fS//81//NF)

________________________,

(b)(1y:::::::····· ···::• :·········

·······Foreign··-Jntelligence ·Surveillance····Act··(FISA)·BR;· .._

(b )'(3)~P .L. 86~36 .
(b)(3)~50. USC 3024Q)

(TS//Si//PH"H
lis thy corporate database repository that stores BR
FISA tranl!?.ad1ons:./I
Jprovides analysts with detailed BR transaction
information th~t supports the contact chain summaries fom1~ inl
!replaced thel
~ransaction Database 111
-~ a,:ntrnry 2'0 11 ..

I

.I
...·

. ......~~'""'"""~ =============:::. . ==·. ·.=. :. .

database for
·=·n;·ilie contin enc
" '----..~~_._.-.......-.-..;-.-..............-~.-st_e_m_...._h_.m_1_·t_a_ti_o_n_s~..-th_
. ..___________,_,,,_1system
/::.:;::::.· c.onhliniS
During the
.. ·:>·
/ ..-::·
... ::;;
.... · -rehuild,.. analysfs were redirected...to . .the
../:·...·::;;;::::::::.:;:;;;;;;;;,:::'·

·········;···;···

...,..·c············r·····"·······

.................. -;..............................................

.___ _ _ _ ____,

. ·<:;;;;:,,=;;>;'' '"' ...... ·~:::..J'f8J.::t....l3.Jf:I:f:~:~l:L....................... .........
·lis the system backup that stores an exact
,..:;:i::::::;<;:; .. ·--::::;;::::::::::,::::::::::::::{urifotmatted) copy of the raw BR metadata received from telecommunications

. ~i~i.~;:~. ;:o;~~,r~~Ft ~~~~~~'.r~{~·-~~;c;;'!!!':a~
-~S.)?.aved·!
(TO//SI//t{:Fl

e1ectronfoanrstored··ml...._______.

]to tape h'ackup,,!, ...
is

s stem that contain:·s

softwar~,,;~t"~{i1i§"'otf"al.......

servers. The system c'-u-rr-e=n'"':'t.,...ly""'"··"'"h-o·.,...ld.,...·s'"'"I_ _._____,

'ffJP

/5t!CltEfll!~71ll>v'fJPOltN

B-1

 DOCID: 4230264

REF ID:A4177277
TO-P 8£CR£T17'8lt5'NOF&R l•l

ST-12-0003

{U) This page intentionally left blank.

T01" 8£CR£T15'8f15'-Ar0F()Jt!'I"
B-2

 t .·

DOCID: 4230264

REF ID:A4177277
rep 8£CRlS1/~{S'JP-IVOFORlV
ST-12-0003

(U) APPENDIX C
(TSHSIHNF) Agency Foreign Intelligence Surveillance
Act Business Records Collection Stakeholders

'fO? SECJtET17'SJ17UOFOR:N

 DOCID: 4230264

REF ID:A4177277
TOP SECftE'fJ'1f'Jf175'v'OFOR l'I'

ST-12-0003

(U) This page intentionally left blank.

TOP A'ECl?ETi~th'JASWJFORN

 REF ID:A4177277

DOCID: 4230264

TOP 8ECRETiS 18liVN.fJ.:.T:i'()RlV
ST-12-0003

(TSNSIHNF) AGENCY FOREIGN INTELLIGENCE
SURVEILLANCE ACT (FISA) BUSINESS RECORDS (BR)
COLLECTION STAKEHOLDERS
. 0

::::"''(b)(1)

(TS/f SI//NF) The following organizations are the primary stakeholgers.Jo:f ~R
collection .
...... ··
·

('b)(;~)~g;:b~'86~36''

··· .. •

· .... · ··· :P;ogram I\ilaiiagement Divis~~n·: ···
manages the relationshi

{b){1J:::::"'"""'"'"''"'"''·
(b)(3)-P~L·86~~(f''"
(b)(3)-50 USC 3024(i).

.. :. / /

witl;i. ..the

i/l~~-P.L. 35 -35
\

..

.----'-........+-~~~-.......,.,--~~...,..,......;.,....1

prov1 er$

(TS// SI// pf'lt)I
.. ..
Iis
responsible for NSA's r·ep.q.sitor of bulk metadata··ooll~.cted under the BR FISA
metadata collection roces.s":
centrall mana es tlie
database
mamtatn~· .....................
...,_a_p_e..,....ackups("and ensures.that
update !Pl

Storage system
are provide.4,.tol

l

• (TSJ/Si// ne.} I

........... ··· ·

ac mp an
lfor

1

develops and implements
,,,stfucU:t,red,...database strateg~.~.s ..eotis1stent with ffie Agency's Enterprise
.... · A.:r..chifectt1.r~ ..·I
lma:fia~.~§. ...th4
Idatabase and provides continuous

/;• ;• •:" :" ,:;!tX~tt?W:::~:::v:~:~~~:o:::::~~:~:~l:s~~~;;~n;:t

· . ..

....:::::::::::::::::::::::::..:::::....:. ·····only····com·plia11t··d·ata··is·-i1:1:g·ested··i11to··
performs daily
l
th
11
d
'l
d
'd
'f
and weedy tests on e raw ca
etai recor s to 1 enti y non-comp l'1ant d ata.
Oalso completes the weekly BR FISA Compliance Report for the Office of the
Director of Compliance.

86 36
( )( 3)-P.L.
.... .- .

(TS// SI/ f NF) Office of the Director of Compliance (ODOC; D4), through its
Monitoring Assessments and Special Compliance Activities divisions, is
responsible for monitoring the Agency's activities for compliance with the terms
of the Order. ODOC reviews the requirements of the Order and what NSA
reports to the FISC, develops training, identifies end-to-end processes, ai1cl
liaises with stakeholders. ODOC reviews the Weekly Compliance Report
{6)(3)~PL86-36 ··········· prepareclbyCJ
(TS// SI// NF) Office of General Counsel - Intelligence Law (D2 l) is
responsible for completing authorization renewals, filing information with the
FISC, interpreting the Order to the NSA workforce, and requesting modifications
to the Order when necessary.

f&P SECR£'f17~W17'/li'OFOttlvr
C-1

 DOCID:

REF ID:A4177277

42302 64
1

T01n 8£CRETiS~WiSS¥0FOfl i'¥

ST-12-0003
(fS// SI// NF)' BR FISA Lead (ST) is fue Signals Intelligence Directorate
representative for fue BR FISA program. The BR FISA Lead manages fue
direction of fue program and ensures fuat fue program functions properly. The
BR FISA Lead signs fue declaration fuat accompanies fue FISA BR application
to fue FISC.

_________

(8//SI//REL CfO USA, fi'VBYll
,..lis responsible
.....,..
for the develo ment od
I-software fuat runs on
.a
s stem fuat contain~
. servers·<'
..·······

•,

"·
.• •'':::> ..

..

"

··· ...

'

,'

/,/

\/:.-

(b)(3)-P.L. 86-36

'f&P 8ECR£f1S'8{1/'i.VO-FOR:N
C-2

(b)(1)
(b)(3)-P.L. 86-36
(b)(3)-50 use 3024(i)

 DOCID: 4230264

REF ID:A4177277
TOP ST:CttE'fWS:b'l/tlOFORlf

ST-12-0003

(U) APPENDIX D
(U) Full Text of Management Response

TOL"1 Sti!CttE 177'Sill'N'()"JfrntJ \I

 DOCID: 4230264

REF ID:A4177277
TOP SECltE'f:WS1/J'NOFO-R N

ST-12-0003

(U) This page intentionally left blank.

TO:P 8ECRE'f1~'8IllNOFORPl

 REF ID:A4177277

DOCID: 4230264

f8PSECltE~'l'Sf»~OFOltl'V'

ST-12-0003

SIGNALS INTELLIGENCE
DIRECTORATE

memorandum
FROM:S02

16 July 2012

TO: Office of the Inspector Gemirnl (OlG)

SUHJ: (1'5/;'Dl//Nf') Signals Intelligence Directornte (Sil)) Response to the OraftHeport on NSA Controls
to Comply with lhe Foreign lntelligcmce Survt"illanc(! Court Orth~r Regarding Business Records Collection

(Si'-12-0003)
(U/~SID reviewed l:he subject draft reporl in its entirely and agrees with the recommendations.
SfD'.s complete respon~, to include three requests for clos~tre, is attached.

(U) Please cont;1~.~.__ _ _ _ __,ISID IG Liaison, on 963-2014s if you have any questions or concems.

'(b)(3J•P.L.8.~:~~ . ·l. . ----------Deputy Chiefof Sti~ff for
SIG!NT Policy and Corpora le lssuL'S

End: a/5

CLASSIFIED BY: NSA/CSS!vl 1-52
LM'l'E D: 2UD701 OS
DECl.ASSI FY ON: 20::171!717

'f'OI'

TOP

Sl:CR:ET/'Sli''~!OrOIH<

.~t!CttEf1} S'f1S'NOFOMl

1

D-1

 DOCID:

REF ID:A4177277

42302 64
1

'fOP SECRET!'!'S.b?NOFOR l>l
ST-12-0003
TO!'

91Xllf:'f/,'~f:i'NO!'OIH4

(1'9//Sl//NF) SID Response to the Drnft Report ()f1 NSA Controls to C~1111ply with the Foreign
Intelligencc Surveilhmrn Court Ordt~r l<i;.garding Business l{ernrd~ Collection (ST-·12-0003)

(U) SID Recommendations and Planned Corrective Actions

Rec6ii1riftfo~~ti4ii j
(TDffi:b)'Nf) Consnli1/iite m11f 11111i11f1ii11 nlf//1w/ llR Fl.SA Pm:;:1w11 11111/erial i1111 cenlml localion 11cressil1/e
to NSJ\ stakeho/dets.
(l\C1'JON: RN FISA Progm111 l.e111JJ
(U) Agree
(U) P.stiurnt!Jd Co111pl(~tin11 Datd
!...
(TS//~'l//l>JJ'? SID Comment; All final program mat~r:.ial wiU be maintained on the exi~ling SV
SharePotnt site. While a good portion of the final prograh~ data exists on the site today, collecti011 nnd
stomge of 011tsh1ndi11g dncumimts shotild be acrnmplishedl
(V/ ;rouo) Poc:I
J·"l~3-07lls

.I

R~alrii:h~ti'cfatfoHi

··.

·..

/

(i$;5®11)'i'JfJ Mrrilltaill ofJiciiil mel'fi11g 11otes of q1111rterly c~·iiq1fj;lll~C w.~~ti11gs wit11 Do} NSD.

(ACTION: BWffSA Prngm111 t1~ad)
:.:.••..
b. )( )-P.l. _
3
86 36
(U) Agree witl1 commt~nt
.......... ········· ··
(l)) Estimnt11d Complct!n11 Datd
....::'
('f£//5E//W'7 SID Comment: SID re~1uesl:s that the Word ''<~f.fiti<tl" be removed. Quarterly contpliance

::>(. .

meetings create suggested actions; however, these actions·:~fo not become o/Jicial until they •tr<! prmoented
t() and raUlit~d by the Foreign Intelligence Surveillanc.~·t7oi.1rt. NSA will maintain meeting tlucumentatio11
on theSharePointsile referenced.above.
.· ··
(VI /~Pocl
...... (963-0711s

R~B'ffiijl@a~tici!J~

/,......_··-----------------~"""'=,,,_.....,

Iff5?)'.5Mj"'?.~e(:c11.1~:i'.1'.J'.':r.~'.;.'.YE.'i'.l,lfl
(AC'fiON:I
I

't~~g~-P.L

.........................

(U} Agree
{U) Estimated Completion Dalor-:.,.R.,.c_..;;;quc...··s...
·t...
in""'1Ri..C.,.k.,.-is...u....r...
o....- - - - - - - - - - - - - - - - - - .
(T£/;'!5E//l'?lll) SJD Comment: I
I·····

..............
... ··

1...-_ _ _ _ _ _ _ __.769--4014s:·.___ _ _ _ _ _ ___. 5353U9;769"4166§"

"""

Cl.ASS1111ED BY: NSA/CSSM 1-52

DATED: 20070l08

DECLASSIFY ON: 20370717
TOP ,i[CKcr;. '.5l

T01.,,

.·1i:JOl·CJ!!:,~

8£CR£fJ~'8M'f<lOFOR!lf

D-2

... ·····

_
86 36

:{ ..)'(1)
( )(3)-P.L. 86-36
( )(3)-50 USC 3C

. . ............. ··········

.(b )(3)-P .L.

 REF ID:A4177277

DOCID: 4230264

TOP 8ECR:Ef1~'Si'>VNOF&R::Ar
ST-12-0003

.. ···:.,;::;;;;.'.}1(b)(3)-P.L. 86-36
.. -························
...... -················

__

...

R.&oti:\in~riii~tioW4
.. · .... ····
. ...-::.-··
..... /
. .
(ll/~ 1111vle111e1Jt 11 m1i.1y1g1mrl.'fifr~~;iew process of tl1e ~!1J11jill11,ftl11rtO)~rs9imcl pe1form.
(ACTION:

I

I·········

// ::.......

/

(U) Agree
·· ·
·
(U) Es Lima led Completion Date: J\c uesti n
,.
(U/ /~SID Comment:
iiilpJertfonted a manage1mml: revi~wprocess to address this
rec,immendation.
lh<1nagementuow reviewOampling each month at
the team's project review meeting. This procedure (s(>e chart below) is part ofa cw1tmlll~d collection of
html.-formatled files that only team members have access to. SID resi1ectfurt}' requests Wat this il~!ln l>L~
considernd satisfied and closed.
M(J11ihl!/ Tt1sks

Task
!Dh·cctions
!Monthly project !<Ui~) t\1~nagem~nt ,~jj1~
\review withO:
)manage1iie111
I. Verify
thm. chc daily logs arc bcin!?. m11 bv visually Ins ectill!Ut tecent loa for.each feed in
I
.
.
',.····
.:::;;;:\;::::::::::·::·:::·······················;..·············

(b)_(3)~P~i;;:;::ss~3s::::·:::::;:: ""-,...._--...,._....,..,.,.........,.,.....-==~~~-----,.----'
.. ..
·
'-'· ···· 1t11~5 ..t e..execut1on ol tic 1111."'-·..:;n;;;lb:;;ii;,;;.il;,;;ti;:,:ri;,;;n:i.:.i;;:.m;;;t:;;.;:'i:;;;ss;;.i'........._ _ _ _..._....,,
3. Review the w~·~i<Jy'sumnYmylog
·
pe.rsonnel
shmild be prcparc:cl io addrcs~ alJ. ata anoma 1es reported.
4. Rcvkwthc latest weekly report provided to ODOC.

. · ..,· ..

(U//~PO~:f.__ _ _ _ _ ____.j963~0245s
Rlitoni1n~!ialiHc>i\i>
. . . . (Ll/!~lniplcnwnt 11 prncess to crmd11ct periodic tt!l!Ji:ws ilftlu~ st1·11ct11re code.
(ACTION: I

I·· ..........

.·

(U) Agree
·······
: ; ;.;....
(U) Estimated Completion Dale: I{eguesling doSU:1'e:· ·.:' (b){3)"P;L. 86-36.
(U/ ~SID Commend
.. · ·····
lverifiei:fwith the Advanced lnteW. e!i.ce'ReseMcl\.ServkeB
(ATRS) that the versions 9f..th~rsfa.ndards that.__,......... .-_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __.
are valid and ri;ipmitrlli·e most recent versions . ./ ias implemented a process (see char! below) to review
I
lthe'siructure code to verify that
software rcmaltl.S up-to-date. SID respectfully requests
that this item be considered satisfied and ckisl~d.
Revhm

"il~o~r h:£c-li1 \'1 o;i,isr,;.li, .re.,c~e:rni: :lrt:vei l.r : si'fo"'i i"!s:"~Mt._1e--.do_c_u_11-1e-·n-t
lf
,.....1s_t_c.,..,..1..,e'"'"o-\\....1'"'"11_0....
rt~~~~t~ 1~1~~ :~1~:~:~~~~ ::.:~~
:,;,t

,___ __,to ete.1tmi1e if ·which can de ect:-rl1e. resen.ce of credit card num?.~.~ ..!1t.clat:Lnlias a requin~ment to
c 1a11gcs tm~ nui!d~<l.
che.i:~
lor up~~l(!.~..for+hesrr tl1ree sl!lndarddocuments.

lti\(3;_;:~.~~:3~; •·• . .

1 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _____.

(LJ,1,~submils a query to AIRS via thei1· web 11:.ige asking if

the three documents have been updmed:

T&P SECR£f/1'Sl1S'HOF0£1¥

D-3

 DOCID:

REF ID:A4177277

4230264

ST-12-0003
TOF G.l~CRET,./Jl//NCil'OR.1<

I.
2.

·rypc-.'go Al RS' in your browser,
Click on "Request Jnformatiott'' located Ori the hlWCI" l'ight side or the page (as or
June 2ol2),

3:

Cllck on "All Source Rcscurch"
Fill out the ~qucs\ form.

4.

o

fn the Cl11Ssiflcation box select TS//Sl//REL TO USA. AUS, CAN,
GBR, NZL
In the Date/Time Needed pull down box, select "3-5 working dt1y>!'
In the Rcqt1est box pm th!! following 1cx1:
(U//:-oc:::) Ple;ase lej: me know if the

o
o
o

f.o:.lowia . s1~anda;::cts tlave been 1..rnctatecl.:

. :::'){b)(3)-P.L.
·: .. ··:.....

____________________ _.....

0
0

,_

..._

__.

.··'

.... ····

.. ···

,.-··

o
0

()

0
0

In theJustification for Research Request,be:r(p~tthe follo,lii;1g text:.·_ .. ··
·;':"'.1; ).17" Y.'r<n1Yb .... usti~ P~~·EY; I_ .. /
I,..
1

I

l"h~a 8: ·an i:n ~.C1·finat 1·on

:

_[

.. ·;

'

......

\.:
,..l;

ne_e_d for the most rec(3n\: versions ·a-f th_fil·
documE•rlts listed below in o-rdet: t:o
rr.ain tair; $Oftnar.e...-;1hich can detect tl}-6
presence c•f ere di t c.;i.:c<( numoers in data.
?E~ has a i;:e<'iui:remenL L.0 cheek

C::::r

..---------.I-for

updates for: these three
standar:d documents.

Subinit the form and soineone.from AlRS will contact you. ff there is an upllate lo'
any.of these documents, they will get it for you.
6. Update the documents in CVSifneces~ary.
7~ lflhcrc, is '!n update to a~1y oflhese s~andards 7Qnust evaluate the document and.
detenll!ntJ 1fthe. change 11npucts credit card ?etecr101.1I
I '
5,

t / _.. .-

I

./ ........ ···

(U//~ POci.__ _ _ _ _ ___.l96'.3"02il-5s· .......

··~.<····
u

u

(b)(3)-P.L. 86-36

1OP SEC RE 11.·Sl.·?NOl·Ukl~

TOP 6'ECREnS'SES'NOFORN
D-4

'

 REF J:D:A4177277

DOCID: 4230264

T01n S£CR:ET17'fil1$'NOFOltN
ST-12-0003

From:
To:
(Jc;

DJ 510!6! IAJ9JN fAUA'>) 5022

SUbject:

fF5H5t/fldF) Questions answered - Slgnals Intelligence Directorate (SID) Response to the D1aff: Report on N5A
Con1rof.s to Comply with the Foreign Intelligence Su1velllance Court Order Regarding Business Records Colfectioo
(ST-12-0003) - Recommendation 2

Date:

F1iday, July 27, 2012 2:03:25 PM

Classification: TOP SECRETHCOIVllNTh'MOFORt~

. . c::I
(U / /FOUO) ~pologies for the delay in getting this to you -

.
....········

fFS/:/~I/./MF)LJeviewed tl1e entire document and provides specific comments in response to the

/ ·· ..........

":: : : : : , , . .. . . . . · · · · · : : . ::::#~!ii. @\?£\..R!;'P?..1K.i.1h1g.Da.tn.frn111..P.i:o;:1.ide.rs.and.Recv1n111endtttio11··l;LJupporls tlle OIG's findi11gs in
( b )( 3)-P. L. 86-36

this section and provides tlle following technical feedback as considemtion for the action cited in
Recommendation 2. Comments are specific to the i:ncliviclmu telecommunications providers.

{'b)(1-) .......

(b)(3)-P .L. 86-36...
(b)(3)-50 USC 30 '4(i)

(1'9//61//?&) For each provider,Ozvill establish a reasonable periodicity for re<:onciliation Uiat
is teclutlcally feasible yet meets OIG' s recomn:i:~dation. Additional teclutlcal discussions with tlle
providers and developers of follow-on in-hous~·.µctivities >\':ill be required for full consiclerntion and
implementation!
.I
(U//POUO) POC:

.....

~~~~~~~~~~--'

(u/ /~._I_ _ _ ___,j ....

769-4058s /

.............. ::./

(b)(3)-P.L. 86-36

SID IG LWSON
OPS1 2N006 Suite 6245
dl sidigliaison 963-2014

iU/ /l"OtJO!

T(H' S£CREnS'8bS'NOFOR:1¥
D-5

 DOCID: 4230264

REF ID:A4177277
TOP 8ECRF:TiS'8hS~7V0/20R N

ST-12-0003

(U) This page intentionally left blank.

T01° SECRETiS1YhS'NOFOlllV
D-6

 DOCID:

$230264

REF ID3A4177277


DOCID: #230264 REF