The allegation is that he concealed a RW-DVD in a music CD jewel case, copied files and walked out with them. How burning a DVD on a classified computer could be done without leaving an audit trail escapes me. Where I work classified desktop workstations do not have any capability to copy data directly to removable media. You need to go to a bullpen area where there is at least some chance of exposure. In addition, I believe that any copying of files from a classified system to removable media leaves an audit trail.
Sounds like they were plain lazy.
Endpoint security is common these days in most commercial anti-virus solutions. My company's AV software has the capability to block the use of any recordable media including USB and CD/DVD.
It also has the capability to block the sending of documents/files containing personal infomation, SS#s and other data via email or uploading to websites via a browser.
Of course, having worked on fed.gov installations, I know that the feds can be decades behind in procurement of this sort of stuff.