Internal controls (11 - 20 of 67 items)
Federal Facility Cybersecurity: DHS and GSA Should Address Cyber Risk to Building and Access Control Systems
GAO-15-6: Published: Dec 12, 2014. Publicly Released: Jan 12, 2015.
The Department of Homeland Security (DHS) has taken preliminary steps to begin to understand the cyber risk to building and access controls systems in federal facilities. For example, in 2013, components of DHS's National Protection and Programs Directorate (NPPD) conducted a joint assessment of the physical security and cybersecurity of a federal facility. However, significant work remains.Lack o...
Hurricane Sandy: FEMA Has Improved Disaster Aid Verification but Could Act to Further Limit Improper Assistance
GAO-15-15: Published: Dec 12, 2014. Publicly Released: Dec 12, 2014.
By implementing new controls since the mid-2000s, the Federal Emergency Management Agency (FEMA) improved its ability to detect improper and potentially fraudulent payments, but GAO identified continued weaknesses in the agency's validation of Social Security numbers, among other things. As of August 2014, FEMA stated that it had provided over $1.4 billion in Hurricane Sandy assistance through its...
Critical Infrastructure Protection: DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts [Reissued on September 17, 2014]
GAO-14-507: Published: Sep 15, 2014. Publicly Released: Sep 15, 2014.
During fiscal years 2011 to 2013, various Department of Homeland Security (DHS) offices and components conducted or required thousands of vulnerability assessments of critical infrastructure (CI), but DHS is not positioned to integrate them in order to identify priorities. Although the Homeland Security Act of 2002 and the National Infrastructure Protection Plan (NIPP) call for DHS to integrate...
Federal Protective Service: Protecting Federal Facilities Remains A Challenge
GAO-14-623T: Published: May 21, 2014. Publicly Released: May 21, 2014.
The Federal Protective Service continues to face challenges ensuring that contract guards have been properly trained and certified before being deployed to federal facilities around the country. In September 2013, for example, GAO reported that providing training for active shooter scenarios and screening access to federal facilities poses a challenge for FPS. According to officials at five guard...
Federal Facility Security: Additional Actions Needed to Help Agencies Comply with Risk Assessment Methodology Standards
GAO-14-86: Published: Mar 5, 2014. Publicly Released: Apr 7, 2014.
Three of the nine selected agencies' risk assessment methodologies that GAO reviewed—the Department of Energy (DOE), the Department of Justice (DOJ), and the Department of State (State)—fully align with the Interagency Security Committee's (ISC) risk assessment standards, but six do not—the Department of the Interior (DOI), the Department of Veterans Affairs (VA), the Federal Protective Serv...
Border Security: DHS Needs to Strengthen Its Efforts to Modernize Key Enforcement Systems
GAO-14-342T: Published: Feb 6, 2014. Publicly Released: Feb 6, 2014.
The schedule and cost for the Department of Homeland Security's (DHS) border enforcement system modernization program known as TECS Mod that is managed by Customs and Border Protection's (CBP) continue to change; while the part managed in parallel by Immigration and Customs Enforcement (ICE) is undergoing major revisions to its scope, schedule, and cost after discovering that its initial solution...
Homeland Security: Federal Protective Service Continues to Face Challenges with Contract Guards and Risk Assessments at Federal Facilities
GAO-14-235T: Published: Dec 17, 2013. Publicly Released: Dec 17, 2013.
FPS faces challenges ensuring that contract guards have been properly trained and certified before being deployed to federal facilities around the country. In its September 2013 report, GAO found that providing active shooter response and screener training is a challenge for FPS. For example, according to officials at five guard companies, their contract guards have not received training on how to...
GPS Disruptions: Efforts to Assess Risks to Critical Infrastructure and Coordinate Agency Actions Should Be Enhanced
GAO-14-15: Published: Nov 6, 2013. Publicly Released: Nov 6, 2013.
To assess the risks and potential effects from disruptions in the Global Positioning System (GPS) on critical infrastructure, the Department of Homeland Security (DHS) published the GPS National Risk Estimate (NRE) in 2012. In doing so, DHS conducted a scenario-based risk assessment for four critical infrastructure sectors using subject matter experts from inside and outside of government. Risk as...
Department of Homeland Security: Continued Progress Made Improving and Integrating Management Areas, but More Work Remains
GAO-12-1041T: Published: Sep 20, 2012. Publicly Released: Sep 20, 2012.
Since we designated the implementation and transformation of DHS as high risk in 2003, DHS has made progress addressing management challenges and senior department officials have demonstrated commitment and top leadership support for addressing the department's management challenges. However, the department has significant work ahead to achieve positive outcomes in resolving high-risk issues. For...
Critical Infrastructure Protection: Cybersecurity Guidance Is Available, but More Can Be Done to Promote Its Use
GAO-12-92: Published: Dec 9, 2011. Publicly Released: Jan 9, 2012.
A wide variety of cybersecurity guidance is available from national and international organizations for entities within the seven critical infrastructure sectors GAO reviewed--banking and finance; communications; energy; health care and public health; information technology; nuclear reactors, material, and waste; and water. Much of this guidance is tailored to business needs of entities or provide...