This is the accessible text file for GAO report number GAO-07-454 entitled 'Department Of Homeland Security: Progress Report on Implementation of Mission and Management Functions' which was released on September 6, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Requesters: United States Government Accountability Office: GAO: August 2007: Department Of Homeland Security: Progress Report on Implementation of Mission and Management Functions: Homeland Security Progress Report: GAO-07-454: GAO Highlights: Highlights of GAO-07-454, a report to congressional requesters. Why GAO Did This Study: The Department of Homeland Security’s (DHS) recent 4 year anniversary provides an opportunity to reflect on the progress DHS has made since its establishment. DHS began operations in March 2003 with the mission to prevent terrorist attacks within the United States, reduce vulnerabilities, minimize damages from attacks, and aid in recovery efforts. GAO has reported that the creation of DHS was an enormous management challenge and that the size, complexity, and importance of the effort made the challenge especially daunting and critical to the nation’s security. Our prior work on mergers and acquisitions found that successful transformations of large organizations, even those faced with less strenuous reorganizations than DHS, can take at least 5 to 7 years to achieve. GAO was asked to report on DHS’s progress in implementing its mission and management areas and challenges DHS faces. This report also discusses key themes that have affected DHS’s implementation efforts. How GAO Did This Study: To assess DHS’s progress, GAO identified performance expectations for each mission and management area based on legislation, homeland security presidential directives, DHS and component agencies’ strategic plans, and other sources. GAO analyzed these documents to identify responsibilities for DHS and obtained and incorporated feedback from DHS officials on the performance expectations. On the basis of GAO’s and the DHS Office of Inspector General’s (IG) prior work and updated information provided by DHS, GAO determined the extent to which DHS has taken actions to generally achieve each performance expectation. An assessment of generally achieved indicates that DHS has taken actions to satisfy most elements of the expectation, and an assessment of generally not achieved indicates that DHS has not yet taken actions to satisfy most elements of the expectation. An assessment of generally not achieved may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated no assessment made. Our assessment of DHS’s progress relative to each performance expectation is not meant to imply that DHS should have fully achieved the performance expectation by the end of its fourth year. On the basis of this analysis, GAO determined whether DHS has made limited, modest, moderate, or substantial progress in each mission and management area. The assessments of progress do not reflect, nor are they intended to reflect, the extent to which DHS’s actions have made the nation more secure in each area. What GAO Found: At the time of its creation in 2003 as one of the largest federal reorganizations in the last several decades, we designated the implementation and transformation of DHS as a high-risk area due to the magnitude of the challenges it confronted in areas vital to the physical and economic well being of the nation. After 4 years into its overall integration effort, DHS has attained some level of progress in all of its mission and management areas. The rate of progress, however, among these areas varies, as shown in the table below. Summary of Assessments of DHS’s Progress in Mission and Management Areas: Mission/management area: Border security; Number of performance expectations: 12; Number of expectations generally achieved: 5; Number of expectations generally not achieved: 7; Number of expectations not assessed: 0; Overall assessment of progress: Modest. Mission/management area: Immigration enforcement; Number of performance expectations: 16; Number of expectations generally achieved: 8; Number of expectations generally not achieved: 4; Number of expectations not assessed: 4; Overall assessment of progress: Moderate. Mission/management area: Immigration services; Number of performance expectations: 14; Number of expectations generally achieved: 5; Number of expectations generally not achieved: 9; Number of expectations not assessed: 0; Overall assessment of progress: Modest. Mission/management area: Aviation security; Number of performance expectations: 24; Number of expectations generally achieved: 17; Number of expectations generally not achieved: 7; Number of expectations not assessed: 0; Overall assessment of progress: Moderate. Mission/management area: Surface transportation security; Number of performance expectations: 5; Number of expectations generally achieved: 3; Number of expectations generally not achieved: 2; Number of expectations not assessed: 0; Overall assessment of progress: Moderate. Mission/management area: Maritime security; Number of performance expectations: 23; Number of expectations generally achieved: 17; Number of expectations generally not achieved: 4; Number of expectations not assessed: 2; Overall assessment of progress: Substantial. Mission/management area: Emergency preparedness and response; Number of performance expectations: 24; Number of expectations generally achieved: 5; Number of expectations generally not achieved: 18; Number of expectations not assessed: 1; Overall assessment of progress: Limited. Mission/management area: Critical infrastructure protection; Number of performance expectations: 7; Number of expectations generally achieved: 4; Number of expectations generally not achieved: 3; Number of expectations not assessed: 9; Overall assessment of progress: Moderate. Mission/management area: Science and technology; Number of performance expectations: 6; Number of expectations generally achieved: 1; Number of expectations generally not achieved: 5; Number of expectations not assessed: 0; Overall assessment of progress: Limited. Mission/management area: Acquisition management; Number of performance expectations: 3; Number of expectations generally achieved: 1; Number of expectations generally not achieved: 2; Number of expectations not assessed: 0; Overall assessment of progress: Modest. Mission/management area: Financial management; Number of performance expectations: 7; Number of expectations generally achieved: 2; Number of expectations generally not achieved: 5; Number of expectations not assessed: 0; Overall assessment of progress: Modest. Mission/management area: Human capital management; Number of performance expectations: 8; Number of expectations generally achieved: 2; Number of expectations generally not achieved: 6; Number of expectations not assessed: 0; Overall assessment of progress: Limited. Mission/management area: Information technology management; Number of performance expectations: 13; Number of expectations generally achieved: 2; Number of expectations generally not achieved: 8; Number of expectations not assessed: 3; Overall assessment of progress: Limited. Mission/management area: Real property management; Number of performance expectations: 9; Number of expectations generally achieved: 6; Number of expectations generally not achieved: 3; Number of expectations not assessed: 0; Overall assessment of progress: Moderate. Mission/management area: Total; Number of performance expectations: 171; Number of expectations generally achieved: 78; Number of expectations generally not achieved: 83; Number of expectations not assessed: 10; Overall assessment of progress: Source: GAO analysis. Definitions: Substantial progress: DHS has taken actions to generally achieve more than 75 percent of the identified performance expectations. Moderate progress: DHS has taken actions to generally achieve more than 50 percent but 75 percent or less of the identified performance expectations. Modest progress: DHS has taken actions to generally achieve more than 25 percent but 50 percent or less of the identified performance expectations. Limited progress: DHS has taken actions to generally achieve 25 percent or less of the identified performance expectations. What GAO Recommends: While this report contains no new recommendations, in past products, GAO has made approximately 700 recommendations to DHS designed to strengthen departmental operations. DHS has implemented some of these recommendations, has taken actions to address others, and has taken other steps to strengthen its mission and management activities. In its comments on a draft of this report, DHS took issues with our methodology and disagreed with our assessments for 42 of 171 performance expectations. DHS’s five general concerns were with (1) perceived alteration of standards used to judge progress; (2) our binary approach to assess the performance expectations; (3) perceived changes in criteria after DHS provided additional information; (4) consistent application of our methodology; and (5) differences in the priority of performance expectations. We believe that we have fully disclosed and consistently applied our methodology and that it provides a sound basis for this progress report. Contents: Letter: Scope and Methodology: Results in Brief: Background: DHS Has Made Varying Levels of Progress in Implementing its Core Mission and Management Functions, but Has Faced Difficulties in Its Implementation Efforts: Cross-cutting Issues Have Hindered DHS's Implementation Efforts: Concluding Observations: Agency Comments and Our Evaluation: Appendix I: Key GAO Contacts for DHS Mission and Management Areas: Appendix II: Comments from the Department of Homeland Security: Appendix III: GAO Contact and Staff Acknowledgments: Related GAO Products: Tables: Table 1: Summary of Our Assessments for DHS's Border Security Performance Expectations: Table 2: Summary of Our Assessments for DHS's Immigration Enforcement Performance Expectations: Table 3: Summary of Our Assessments for DHS's Immigration Services Performance Expectations: Table 4: Summary of Our Assessments for DHS's Aviation Security Performance Expectations: Table 5: Summary of Our Assessments for DHS's Surface Transportation Security Performance Expectations: Table 6: Summary of Our Assessments for DHS's Maritime Security Performance Expectations: Table 7: Summary of Our Assessments for DHS's Emergency Preparedness and Response Performance Expectations: Table 8: Summary of Our Assessments for DHS's Critical Infrastructure and Key Resources Protection Performance Expectations: Table 9: Summary of Our Assessments for DHS's Science and Technology Performance Expectations: Table 10: Summary of Our Assessments for DHS's Acquisition Management Performance Expectations: Table 11: Summary of Our Assessments for DHS's Financial Management Performance Expectations: Table 12: Summary of Our Assessments for DHS's Human Capital Management Performance Expectations: Table 13: Summary of Our Assessments for DHS's Information Technology Management Performance Expectations: Table 14: Summary of Our Assessments for DHS's Real Property Management Performance Expectations: Table 15: DHS Budget Authority for Fiscal Years 2004 through 2007 in Thousands of Dollars, as Reported by DHS as of January 2007: Table 16: Performance Expectations and Progress Made in Border Security: Table 17: Performance Expectations and Assessment of DHS Progress in Border Security: Table 18: Performance Expectations and Progress Made in Immigration Enforcement: Table 19: Performance Expectations and Assessment of DHS Progress in Immigration Enforcement: Table 20: Performance Expectations and Progress Made in Immigration Services: Table 21: Performance Expectations and Assessment of DHS Progress in Immigration Services: Table 22: Performance Expectations and Progress Made in Aviation Security: Table 23: Performance Expectations and Assessment of DHS Progress in Aviation Security: Table 24: Performance Expectations and Progress Made in Surface Transportation Security: Table 25: Performance Expectations and Assessment of DHS Progress in Surface Transportation Security: Table 26: Performance Expectations and Progress Made in Maritime Security: Table 27: Performance Expectations and Assessment of DHS Progress in Maritime Security: Table 28: Performance Expectations and Progress Made in Emergency Preparedness and Response: Table 29: Performance Expectations and Assessment of DHS Progress in Emergency Preparedness and Response: Table 30: Performance Expectations and Progress Made in Critical Infrastructure and Key Resources Protection: Table 31: Performance Expectations and Assessment of DHS Progress in Critical Infrastructure and Key Resources Protection: Table 32: Performance Expectations and Progress Made in Science and Technology: Table 33: Performance Expectations and Assessment of DHS Progress in Science and Technology: Table 34: Performance Expectations and Progress Made in Acquisition Management: Table 35: Performance Expectations and Assessment of DHS Progress in Acquisition Management: Table 36: Performance Expectations and Progress Made in Financial Management: Table 37: Performance Expectations and Assessment of DHS Progress in Financial Management: Table 38: Performance Expectations and Progress Made in Human Capital Management: Table 39: Performance Expectations and Assessment of DHS Progress in Human Capital Management: Table 40: Performance Expectations and Progress Made in Information Technology Management: Table 41: Performance Expectations and Assessment of DHS Progress in Information Technology Management: Table 42: Performance Expectations and Progress Made in Real Property Management: Table 43: Performance Expectations and Assessment of DHS Progress in Real Property Management: Figures: Figure 1: Example of Performance Expectations for Border Security: Figure 2: Selected Key Events That Have Affected Department of Homeland Security Implementation: Abbreviations: CBP: U.S. Customs and Border Protection: DHS: Department of Homeland Security: DNDO: Domestic Nuclear Detection Office: EDS: explosive detection system: ETD: explosive trace detection: FEMA: Federal Emergency Management Agency: GPRA: Government Performance and Results Act: ICE: U.S. Immigration and Customs Enforcement: IG: Inspector General: INS: U.S. Immigration and Naturalization Service: OMB: Office of Management and Budget: SBI: Secure Border Initiative: TSA: Transportation Security Administration: USCIS: U.S. Citizenship and Immigration Services: US-VISIT: United States Visitor and Immigrant Status Indicator Technology: United States Government Accountability Office: Washington, DC 20548: August 17, 2007: The Honorable Joseph I. Lieberman: Chairman: The Honorable Susan M. Collins: Ranking Member: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Bennie G. Thompson: Chairman: Committee on Homeland Security: House of Representatives: The Department of Homeland Security (DHS) recently passed its 4 year anniversary, and this anniversary provides an opportunity to reflect on the progress it has made since its establishment, determine challenges the department has faced in implementing its mission and management areas, and identify issues that will be important for the department to address as it moves forward. Pursuant to the Homeland Security Act of 2002, DHS began operations in March 2003 with missions that include preventing terrorist attacks from occurring within the United States, reducing U.S. vulnerability to terrorism, minimizing the damages from attacks that occur, and helping the nation recover from any attacks. Over the past 4 years, the department has initiated and continued the implementation of various policies and programs to address these missions as well as its nonhomeland security functions.[Footnote 1] In particular, DHS has implemented programs to secure the border and administer the immigration system; strengthen the security of the transportation sector; and defend against, prepare for, and respond to threats and disasters. DHS has also taken actions to integrate its management functions and to transform its component agencies into an effective cabinet department. We have evaluated many of DHS's programs and management functions since the department's establishment. We have issued over 400 products on major departmental programs in the areas of border security and immigration; transportation security; defense against, preparedness for, and response to threats and disasters; and the department's management functions--including acquisition, financial, human capital, information technology, and real property management. In November 2006, we provided congressional leadership with a list of government programs, functions, and activities that warrant further congressional oversight. Among the issues included were border security and immigration enforcement, security of transportation modes, preparedness and response for catastrophic threats, and DHS implementation and transformation.[Footnote 2] We have also reported on broad themes that have underpinned DHS's implementation efforts, including agency transformation, strategic planning and results management, risk management, information sharing, and partnerships and coordination. We have made about 700 recommendations to DHS on ways to improve its operations and address these key themes, such as to develop performance measures and set milestones for key programs, allocate resources based on assessments of risk, and develop and implement internal controls to help ensure program effectiveness. DHS has implemented some of these recommendations, taken actions to address others, and taken other steps to strengthen its mission activities and facilitate management integration. However, we have reported that the department still has much to do to ensure that it conducts its missions efficiently and effectively while simultaneously preparing to address future challenges that face the department and the nation. In 2003, we designated the implementation and transformation of DHS as high-risk because it represented an enormous undertaking that would require time to achieve in an effective and efficient manner.[Footnote 3] Additionally, the components merged into DHS already faced a wide array of existing challenges, and any DHS failure to effectively carry out its mission could expose the nation to potentially serious consequences. The area has remained on our high-risk list since 2003.[Footnote 4] Most recently, in our January 2007 high-risk update, we reported that although the department had made some progress transforming its 22 agencies into an effective, integrated organization, DHS had not yet developed a comprehensive management integration strategy and its management systems and functions-- especially related to acquisition, financial, human capital, and information management--were not yet fully integrated and wholly operational. We also noted that DHS faces a number of challenges to effectively carry out its program activities and enhance partnerships with private and public sector entities to leverage resources. We concluded that this array of management and programmatic challenges continues to limit DHS's ability to fulfill its homeland security roles in an effective, risk-based way. Furthermore, in 2005 we designated information sharing for homeland security as high-risk,[Footnote 5] and in 2006 we identified the National Flood Insurance Program as high- risk.[Footnote 6] In 2003 we expanded the scope of the high-risk area involving federal information security, which was initially designated as high-risk in 1997, to include the protection of the nation's computer-reliant critical infrastructure. We identified information sharing for homeland security as high-risk because of the lack of strategic plans; established processes, procedures, and mechanisms; and incentives for sharing information. We identified the National Flood Insurance Program as high-risk because it was highly unlikely that the program would generate sufficient revenues to repay funds borrowed from the Treasury to cover claims during catastrophic loss years and because of concerns related to the program's financial resources, compliance with mandatory purchase requirements, and the costly impact of repetitive loss properties. We expanded the scope of the federal information security high-risk area to include the protection of the nation's computer-reliant critical infrastructure because, as the focal point of federal efforts, DHS had not yet completely fulfilled any of its key responsibilities for enhancing cyber security. In designating the implementation and transformation of DHS as high- risk, we noted that the creation of DHS was an enormous management challenge.[Footnote 7] The size, complexity, and importance of the effort made the challenge especially daunting and incomparably critical to the nation's security. We noted that building an effective department would require consistent and sustained leadership from top management to ensure the needed transformation of disparate agencies, programs, and missions into an integrated organization. Our prior work on mergers and acquisitions, undertaken before the creation of DHS, found that successful transformations of large organizations, even those faced with less strenuous reorganizations than DHS, can take 5 to 7 years to achieve. We reported that in successful transformations, organizations undergo a change of their cultures to become more results-oriented, client-and customer-oriented, and collaborative in nature. To successfully transform, an organization must fundamentally reexamine its processes, organizational structures, and management approaches. Organizational changes such as these are complex and cannot be accomplished overnight. In the case of DHS, it will likely take at least several more years for the department to complete its transformation efforts. We also have recommended that Congress continue to monitor whether it needs to provide additional leadership authorities to the DHS Under Secretary for Management or create a Chief Operating Officer/Chief Management Officer position that could help elevate, integrate, and institutionalize DHS's management initiatives. The Implementing Recommendations of the 9/11 Commission Act of 2007, enacted in August 2007, designates the Under Secretary for Management as the Chief Management Officer and principal advisor on management- related matters to the Secretary.[Footnote 8] Under the Act, the Under Secretary is responsible for developing a transition and succession plan for the incoming Secretary and Under Secretary to guide the transition of management functions to a new administration. The Act further authorizes the incumbent Under Secretary as of November 8, 2008 (after the next presidential election), to remain in the position until a successor is confirmed to ensure continuity in the management functions of DHS. You asked us to review our past work on DHS and provide an assessment of DHS's progress and challenges during its first 4 years. This report addresses the following questions: (1) What progress has DHS made in implementing key mission and core management functions since its inception, and what challenges has the department faced in its implementation efforts? (2) What key themes have affected DHS's implementation of its mission and management functions?[Footnote 9] DHS's major mission and management areas include border security; immigration enforcement; immigration services; aviation security; surface transportation security; maritime security; emergency preparedness and response; critical infrastructure and key resources protection; science and technology; and acquisition, financial, human capital, information technology, and real property management. This report also identifies the key cross-cutting themes that have affected the department's efforts to implement its mission and management areas. These key themes include agency transformation, strategic planning and results management, risk management, information sharing, and partnerships and coordination. Scope and Methodology: This report is based primarily on work that we and the DHS Office of Inspector General (IG) have completed since the establishment of DHS in March 2003 and updated information and documentation provided by the department in March 2007 through July 2007. To determine the progress DHS has made in implementing various mission and management areas, we first identified key areas. To identify these mission and management areas, we analyzed the critical mission areas for homeland security identified in legislation, the National Strategy for Homeland Security, the goals and objectives set forth in the DHS Strategic Plan and homeland security presidential directives, and areas identified in our reports along with studies conducted by the DHS IG and other organizations and groups, such as the National Commission on Terrorist Attacks upon the United States (9-11 Commission) and the Century Foundation. We analyzed these documents to identify common mission and management areas and discussed the areas we identified with our subject matter experts[Footnote 10] and DHS officials.[Footnote 11] The mission and management areas we identified are: 1. Border security: 2. Immigration enforcement: 3. Immigration services: 4. Aviation security: 5. Surface transportation security: 6. Maritime security: 7. Emergency preparedness and response: 8. Critical infrastructure and key resources protection: 9. Science and technology: 10. Acquisition management: 11. Financial management: 12. Human capital management: 13. Information technology management: 14. Real property management: To determine the level of progress made by DHS in each mission and management area, we identified performance expectations for each area. We define performance expectations as a composite of the responsibilities or functions--derived from legislation, homeland security presidential directives and executive orders, DHS planning documents, and other sources--that the department is to achieve or satisfy in implementing efforts in its mission and management areas. The performance expectations are not intended to represent performance goals or measures for the department.[Footnote 12] Figure 1 provides an example of performance expectations for the border security mission area: Figure 1: Example of Performance Expectations for Border Security: DHS Mission and Management Areas: 1. Border security: Performance Expectations: Implement a biometric entry system to prevent unauthorized border crossers from entering the United States through ports of entry; Implement a biometric exit system to collect information on border crossers leaving the United States through ports of entry; Develop a program to detect and identify illegal border crossings between ports of entry; Implement a program to detect and identify illegal illegal border crossings between ports of entry. 2. Immigration enforcement: 3. Immigration services: 4. Aviation security: 5. Surface transportation security: 6. Maritime security: 7. Emergency preparedness and response: 8. Critical infrastructure and key resources protection: 9. Science and technology: 10. Acquisition management: 11. Financial management: 12. Human capital management: 13. Information technology management: 14. Real property management: [See PDF for image] [End of figure] We primarily focused the performance expectations on DHS's homeland security-related functions. We generally did not identify performance expectations related to DHS's nonhomeland security functions, although we did identify some performance expectations that relate to these functions. We also did not apply a weight to the performance expectations we developed for DHS, although qualitative differences between the expectations exist. We recognize that these expectations are not time bound, and DHS will take actions to satisfy these expectations over a sustained period of time. Therefore, our assessment of DHS's progress relative to each performance expectation refers to the progress made by the department during its first 4 years. Our assessment of DHS's progress relative to each performance expectation is not meant to imply that DHS should have fully achieved the performance expectation by the end of its fourth year. To identify the performance expectations, we examined responsibilities set for the department by Congress, the Administration, and department leadership. In doing so, we reviewed homeland security-related legislation, such as the Intelligence Reform and Terrorism Prevention Act of 2004,[Footnote 13] the Homeland Security Act of 2002,[Footnote 14] the Maritime Transportation Security Act of 2002,[Footnote 15] the Enhanced Border Security and Visa Entry Reform Act of 2002,[Footnote 16] and the Aviation and Transportation Security Act.[Footnote 17] We also reviewed DHS appropriations acts and accompanying conference reports for fiscal years 2004 through 2006. We did not consider legislation enacted since September 2006 in developing the performance expectations. To identify goals and measures set by the Administration, we reviewed relevant homeland security presidential directives and executive orders. For the goals and measures set by the department, we analyzed the DHS Strategic Plan, Performance Budget Overviews, Performance and Accountability Reports, and component agencies' strategic plans. For management areas, we also examined effective practices identified in our prior reports.[Footnote 18] We analyzed these documents to identify common or similar responsibilities for DHS mission and management areas and synthesized the responsibilities identified in the various documents to develop performance expectations for DHS. We obtained and incorporated feedback from our subject matter experts on these performance expectations. We also provided the performance expectations to DHS for review and incorporated DHS's feedback. Based primarily on our prior work and DHS IG work, as well as updated information provided by DHS between March and June 2007, we examined the extent to which DHS has taken actions to achieve the identified performance expectations in each area and make a determination as to whether DHS has achieved the key elements of each performance expectation based on the criteria listed below: * Generally achieved: Our work has shown that DHS has taken actions to satisfy most of the key elements of the performance expectation but may not have satisfied all of the elements. * Generally not achieved: Our work has shown that DHS has not yet taken actions to satisfy most of the key elements of the performance expectation but may have taken steps to satisfy some of the elements. * No assessment made: Neither we nor the DHS IG have completed work and/or the information DHS provided did not enable us to clearly assess DHS's progress in achieving the performance expectation. Therefore, we have no basis for making an assessment of the extent to which DHS has taken actions to satisfy the performance expectation.[Footnote 19] An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation; however, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." We analyzed the extent of our work, the DHS IG's work, and DHS's updated information and conferred with our subject matter experts to determine whether the work and information were sufficient for a making a determination of generally achieved or generally not achieved. Between March and June 2007, we obtained updated information from DHS and met with program officials to discuss DHS's efforts to implement actions to achieve the performance expectations in each mission and management area. We incorporated DHS's additional information and documentation into the report and, to the extent that DHS provided documentation verifying its efforts, considered them in making our assessments of DHS's progress. For each performance expectation, an analyst on our staff reviewed our relevant work, DHS IG reports, and updated information and documentation provided by DHS, including information received during meetings with DHS officials. On the basis of this review, the analyst made a determination that either DHS generally achieved the performance expectation or generally did not achieve the performance expectation, or the analyst identified that no determination could be made because neither we nor the DHS IG had completed work and DHS did not provide us with updated information and documentation. A second analyst then reviewed each determination to reach concurrence on the assessment for each performance expectation by reviewing the first analyst's summary of our reports, relevant DHS IG reports, and DHS's updated information and documentation. In cases when the first and second analyst disagreed, the two analysts reviewed and discussed the assessments and relevant documents to reach concurrence. Then, our subject matter experts reviewed the summary of our reports, relevant DHS IG reports, and DHS's updated information and documentation to reach concurrence on the assessment for each performance expectation. To develop criteria for assessing DHS's progress in each mission and management area, we analyzed criteria used for ratings or assessments in our prior work, in DHS IG reports, and in other reports and studies, such as those conducted by the 9-11 Commission and the Century Foundation. We also reviewed our past work in each mission and management area and obtained feedback from our subject matter experts and DHS officials on these criteria. Based on this analysis, we developed the following criteria for assessing DHS's progress in each mission and management area: * Substantial progress: DHS has taken actions to generally achieve more than 75 percent of the identified performance expectations. * Moderate progress: DHS has taken actions to generally achieve more than 50 percent but 75 percent or less of the identified performance expectations. * Modest progress: DHS has taken actions to generally achieve more than 25 percent but 50 percent or less of the identified performance expectations. * Limited progress: DHS has taken actions to generally achieve 25 percent or less of the identified performance expectations. After making a determination as to whether DHS has generally achieved or generally not achieved the identified performance expectations, we added up the number of performance expectations that we determined DHS has generally achieved. We divided this number by the total number of performance expectations for each mission and management area, excluding those performance expectations for which we could not make an assessment. Based on the resulting percentage, we identified DHS's overall progress in each mission and management area, as (1) substantial progress, (2) moderate progress, (3) modest progress, or (4) limited progress. Our subject matter experts reviewed the overall assessments of progress we identified for DHS in each mission and management area. Our assessments of the progress made by DHS in each mission and management area are based on the performance expectations we identified. The assessments of progress do not reflect, nor are they intended to reflect, the extent to which DHS's actions have made the nation more secure in each area. For example, in determining that DHS has made modest progress in border security, we are not stating or implying that the border is modestly more secure than it was prior to the creation of DHS. In addition, we are not assessing DHS's progress against a baseline in each mission and management area. We also did not consider DHS component agencies' funding levels or the extent to which funding levels have affected the department's ability to carry out its missions. We also did not consider the extent to which competing priorities and resource demands have affected DHS's progress in each mission and management area relative to other areas, although competing priorities and resource demands have clearly affected DHS's progress in specific areas. In addition, because we and the DHS IG have completed varying degrees of work (in terms of the amount and scope of reviews completed) for each mission and management area, and because different DHS components and offices provided us with different amounts and types of information, our assessments of DHS's progress in each mission and management area reflect the information available for our review and analysis and are not necessarily equally comprehensive across all 14 mission and management areas. For example, as a result of the post- September 11, 2001, focus on aviation, we have conducted more reviews of aviation security, and our methodology identified a much larger number of related performance expectations than for the department's progress in surface transportation security. Further, for some performance expectations, we were unable to make an assessment of DHS's progress because (1) we had not conducted work in that area, (2) the DHS IG's work in the area was also limited, and (3) the supplemental information provided by DHS was insufficient to form a basis for our analysis. Most notably, we were unable to make an assessment for four performance expectations in the area of immigration enforcement. This affected our overall assessment of DHS's progress in that area as there were fewer performance expectations to tally in determining the overall level of progress. We conducted our work for this report from September 2006 through July 2007 in accordance with generally accepted government auditing standards. Results in Brief: At the time of its creation in 2003 as one of the largest federal reorganizations in the last several decades, we designated the implementation and transformation of DHS as a high-risk area due to the magnitude of the challenges it confronted in areas vital to the physical and economic well being of the nation. After 4 years into its overall integration effort, DHS has attained some level of progress in all of its major mission and management areas. The rate of progress, however, among these areas varies. * DHS's border security mission includes detecting and preventing terrorists and terrorist weapons from entering the United States; facilitating the orderly and efficient flow of legitimate trade and travel; interdicting illegal drugs and other contraband; apprehending individuals who are attempting to enter the United States illegally; inspecting inbound and outbound people, vehicles, and cargo; and enforcing pertinent laws of the United States at the border. As shown in table 1, we identified 12 performance expectations for DHS in the area of border security and found that DHS has generally achieved 5 of them and has generally not achieved 7 others. Table 1: Summary of Our Assessments for DHS's Border Security Performance Expectations: Performance expectation: Generally achieved; Total: 5. Performance expectation: Implement a biometric entry system to prevent unauthorized border crossers from entering the United States through ports of entry; Performance expectation: Develop a program to detect and identify illegal border crossings between ports of entry; Performance expectation: Develop a strategy to detect and interdict illegal flows of cargo, drugs, and other items into the United States; Performance expectation: Provide adequate training for all border related employees; Performance expectation: Develop staffing plans for hiring and allocating human capital resources to fulfill the agency's border security mission. Performance expectation: Generally not achieved; Total: 7. Performance expectation: Implement a biometric exit system to collect information on border crossers leaving the United States through ports of entry; Performance expectation: Implement a program to detect and identify illegal border crossings between ports of entry; Performance expectation: Implement a strategy to detect and interdict illegal flows of cargo, drugs and other items into the United States; Performance expectation: Implement effective security measures in the visa issuance process; Performance expectation: Implement initiatives related to the security of certain documents used to enter the United States; Performance expectation: Ensure adequate infrastructure and facilities; Performance expectation: Leverage technology, personnel, and information to secure the border. Overall assessment of progress: Modest. Source: GAO analysis. [End of table] * DHS's immigration enforcement mission includes apprehending, detaining, and removing criminal and illegal aliens; disrupting and dismantling organized smuggling of humans and contraband as well as human trafficking; investigating and prosecuting those who engage in benefit and document fraud; blocking and removing employers' access to undocumented workers; and enforcing compliance with programs to monitor visitors. As shown in table 2, we identified 16 performance expectations for DHS in the area of immigration enforcement and found that DHS has generally achieved 8 of them and has generally not achieved 4 others. For 4 performance expectations, we could not make an assessment. Table 2: Summary of Our Assessments for DHS's Immigration Enforcement Performance Expectations: Performance expectation: Generally achieved; Total: 8. Performance expectation: Develop a program to ensure the timely identification and removal of noncriminal aliens subject to removal from the United States; Performance expectation: Assess and prioritize the use of alien detention resources to prevent the release of aliens subject to removal; Performance expectation: Develop a program to allow for the secure alternative detention of noncriminal aliens; Performance expectation: Develop a prioritized worksite enforcement strategy to ensure that only authorized workers are employed; Performance expectation: Develop a comprehensive strategy to interdict and prevent trafficking and smuggling of aliens into the United States; Performance expectation: Develop a law enforcement strategy to combat criminal alien gangs in the United States and cross-border criminal activity; Performance expectation: Develop a program to screen and respond to local law enforcement and community complaints about aliens who many be subject to removal; Performance expectation: Develop staffing plans for hiring and allocating human capital resources to fulfill the agency's immigration enforcement mission. Performance expectation: Generally not achieved; Total: 4. Performance expectation: Implement a program to ensure the timely identification and removal of noncriminal aliens subject to removal from the United States; Performance expectation: Ensure the removal of criminal aliens; Performance expectation: Implement a prioritized worksite enforcement strategy to ensure that only authorized workers are employed; Performance expectation: Implement a comprehensive strategy to interdict and prevent trafficking and smuggling of aliens into the United States. Performance expectation: No assessment made; Total: 4. Performance expectation: Implement a program to allow for the secure alternative detention of noncriminal aliens; Performance expectation: Implement a law enforcement strategy to combat criminal alien gangs in the United States and cross-border criminal activity; Performance expectation: Disrupt and dismantle mechanisms for money laundering and financial crimes; Performance expectation: Provide training, including foreign language training, and equipment for all immigration enforcement personnel to fulfill the agency's mission. Overall assessment of progress: Moderate. Source: GAO analysis. [End of table] * DHS's immigration services mission includes administering immigration benefits and working to reduce immigration benefit fraud. As shown in table 3, we identified 14 performance expectations for DHS in the area of immigration services and found that DHS has generally achieved 5 of them and has generally not achieved 9 others. Table 3: Summary of Our Assessments for DHS's Immigration Services Performance Expectations: Performance expectation: Generally achieved; Total: 5. Performance expectation: Institute process and staffing reforms to improve application processes; Performance expectation: Establish online access to status information about benefit applications; Performance expectation: Establish revised immigration application fees based on a comprehensive fee study; Performance expectation: Communicate immigration-related information to other relevant agencies; Performance expectation: Create an office to reduce immigration benefit fraud. Performance expectation: Generally not achieved; Total: 9. Performance expectation: Eliminate the benefit application backlog and reduce application completion times to 6 months; Performance expectation: Establish a timetable for reviewing the program rules, business processes, and procedures for immigration benefit applications; Performance expectation: Institute a case management system to manage applications and provide management information; Performance expectation: Develop new programs to prevent future backlogs from developing; Performance expectation: Establish online filing for benefit applications; Performance expectation: Capture biometric information on all benefits applicants; Performance expectation: Implement an automated background check system to track and store all requests for applications; Performance expectation: Establish training programs to reduce fraud in the benefits process; Performance expectation: Implement a fraud assessment program to reduce benefit fraud. Overall assessment of progress; Total: Modest. Source: GAO analysis. [End of table] * DHS's aviation security mission includes strengthening airport security; providing and training a screening workforce; prescreening passengers against terrorist watch lists; and screening passengers, baggage, and cargo. As shown in table 4, we identified 24 performance expectations for DHS in the area of aviation security and found that DHS has generally achieved 17 of them and has generally not achieved 7 others. Table 4: Summary of Our Assessments for DHS's Aviation Security Performance Expectations: Performance expectation: Generally achieved; Total: 17. Performance expectation: Implement a strategic approach for aviation security functions; Performance expectation: Ensure the screening of airport employees against terrorist watch lists; Performance expectation: Hire and deploy a federal screening workforce; Performance expectation: Develop standards for determining aviation security staffing at airports; Performance expectation: Establish standards for training and testing the performance of airport screener staff; Performance expectation: Establish a program and requirements to allow eligible airports to use a private screening workforce; Performance expectation: Train and deploy federal air marshals on high- risk flights; Performance expectation: Establish standards for training flight and cabin crews; Performance expectation: Establish a program to allow authorized flight deck officers to use firearms to defend against any terrorist or criminal acts; Performance expectation: Establish policies and procedures to ensure that individuals known to pose, or suspected of posing, a risk or threat to security are identified and subjected to appropriate action; Performance expectation: Develop and implement processes and procedures for physically screening passengers at airport checkpoints; Performance expectation: Develop and test checkpoint technologies to address vulnerabilities; Performance expectation: Deploy explosive detection systems (EDS) and explosive trace detection (ETD) systems to screen checked baggage for explosives; Performance expectation: Develop a plan to deploy in-line baggage screening equipment at airports; Performance expectation: Pursue the deployment and use of in-line baggage screening equipment at airports; Performance expectation: Develop a plan for air cargo security; Performance expectation: Develop and implement procedures to screen air cargo. Performance expectation: Generally not achieved; Total: 7. Performance expectation: Establish standards and procedures for effective airport perimeter security; Performance expectation: Establish standards and procedures to effectively control access to airport secured areas; Performance expectation: Establish procedures for implementing biometric identifier systems for airport secured areas access control; Performance expectation: Develop and implement an advanced prescreening system to allow DHS to compare domestic passenger information to the Selectee List and No Fly List; Performance expectation: Develop and implement an international passenger prescreening process to compare passenger information to terrorist watch lists before aircraft departure; Performance expectation: Deploy checkpoint technologies to address vulnerabilities; Performance expectation: Develop and implement technologies to screen air cargo. Overall assessment of progress: Moderate. Source: GAO analysis. [End of table] * DHS's surface transportation security mission includes establishing security standards and conducting assessments and inspections of surface transportation modes, which include passenger and freight rail; mass transit; highways, including commercial vehicles; and pipelines. As shown in table 5, we identified 5 performance expectations for DHS in the area of surface transportation security and found that DHS has generally achieved 3 of them and has generally not achieved 2. Table 5: Summary of Our Assessments for DHS's Surface Transportation Security Performance Expectations: Performance expectation: Generally achieved; Total: 3. Performance expectation: Develop and adopt a strategic approach for implementing surface transportation security functions; Performance expectation: Conduct threat, criticality, and vulnerability assessments of surface transportation assets; Performance expectation: Administer grant programs for surface transportation security. Performance expectation: Generally not achieved; Total: 2. Performance expectation: Issue standards for securing surface transportation modes; Performance expectation: Conduct compliance inspections for surface transportation systems. Overall assessment of progress: Moderate. Source: GAO analysis. [End of table] * DHS's maritime security responsibilities include port and vessel security, maritime intelligence, and maritime supply chain security. As shown in table 6, we identified 23 performance expectations for DHS in the area of maritime security and found that DHS has generally achieved 17 of them and has generally not achieved 4 others. For 2 performance expectations, we could not make an assessment. Table 6: Summary of Our Assessments for DHS's Maritime Security Performance Expectations: Performance expectation: Generally achieved; Total: 17. Performance expectation: Develop national plans for maritime security; Performance expectation: Develop national plans for maritime response; Performance expectation: Develop national plans for maritime recovery; Performance expectation: Develop regional (port-specific) plans for security; Performance expectation: Develop regional (port-specific) plans for response; Performance expectation: Ensure port facilities have completed vulnerability assessments and developed security plans; Performance expectation: Ensure that vessels have completed vulnerability assessments and developed security plans; Performance expectation: Exercise security, response, and recovery plans with key maritime stakeholders to enhance security, response, and recovery efforts; Performance expectation: Implement a port security grant program to help facilities improve their security capabilities; Performance expectation: Establish operational centers to monitor threats and fuse intelligence and operations at the regional/port level; Performance expectation: Collect information on incoming ships to assess risks and threats; Performance expectation: Develop a vessel-tracking system to improve intelligence and maritime domain awareness on vessels in U.S. waters; Performance expectation: Collect information on arriving cargo for screening purposes; Performance expectation: Develop a system for screening and inspecting cargo for illegal contraband; Performance expectation: Develop a program to work with foreign governments to inspect suspicious cargo before it leaves for U.S. ports; Performance expectation: Develop a program to work with the private sector to improve and validate supply chain security; Performance expectation: Develop an international port security program to assess security at foreign ports. Performance expectation: Generally not achieved; Total: 4. Performance expectation: Develop regional (port-specific) plans for recovery; Performance expectation: Implement a national facility access control system for port secured areas; Performance expectation: Develop a long-range vessel-tracking system to improve maritime domain awareness; Performance expectation: Develop a program to screen incoming cargo for radiation. Performance expectation: No assessment made; Total: 2. Performance expectation: Develop a national plan to establish and improve maritime; intelligence; Performance expectation: Develop standards for cargo containers to ensure their physical security. Overall assessment of progress: Substantial. Source: GAO analysis. [End of table] * DHS's emergency preparedness and response mission includes preparing to minimize the damage and recover from terrorist attacks and disasters; helping to plan, equip, train, and practice needed skills of first responders; and consolidating federal response plans and activities to build a national, coordinated system for incident management. As shown in table 7, we identified 24 performance expectations for DHS in the area of emergency preparedness and response and found that DHS has generally achieved 5 of them and has generally not achieved 18 others. For 1 performance expectation, we could not make an assessment. Table 7: Summary of Our Assessments for DHS's Emergency Preparedness and Response Performance Expectations: Performance expectation: Generally achieved; Total: 5. Performance expectation: Establish a program for conducting emergency preparedness exercises; Performance expectation: Develop a national incident management system; Performance expectation: Provide grant funding to first responders in developing and implementing interoperable communications capabilities; Performance expectation: Administer a program for providing grants and assistance to state and local governments and first responders; Performance expectation: Allocate grants based on assessment factors that account for population, critical infrastructure, and other risk factors. Performance expectation: Generally not achieved; Total: 18. Performance expectation: Establish a comprehensive training program for national preparedness; Performance expectation: Conduct and support risk assessments and risk management capabilities for emergency preparedness; Performance expectation: Ensure the capacity and readiness of disaster response teams; Performance expectation: Coordinate implementation of a national incident management system; Performance expectation: Establish a single, all-hazards national response plan; Performance expectation: Coordinate implementation of a single, all- hazards response plan; Performance expectation: Develop a complete inventory of federal response capabilities; Performance expectation: Develop a national, all-hazards preparedness goal; Performance expectation: Develop plans and capabilities to strengthen nationwide recovery efforts; Performance expectation: Develop the capacity to provide needed emergency assistance and services in a timely manner; Performance expectation: Provide timely assistance and services to individuals and communities in response to emergency events; Performance expectation: Implement a program to improve interoperable communications among federal, state, and local agencies; Performance expectation: Implement procedures and capabilities for effective interoperable communications; Performance expectation: Increase the development and adoption of interoperability communications standards; Performance expectation: Develop performance goals and measures to assess progress in developing interoperability; Performance expectation: Provide guidance and technical assistance to first responders in developing and implementing interoperable communications capabilities; Performance expectation: Provide assistance to state and local governments to develop all-hazards plans and capabilities; Performance expectation: Develop a system for collecting and disseminating lessons learned and best practices to emergency responders. Performance expectation: No assessment made; Total: 1. Performance expectation: Support citizen participation in national preparedness efforts. Overall assessment of progress: Limited. Source: GAO analysis. [End of table] * DHS's critical infrastructure and key resources protection activities include developing and coordinating implementation of a comprehensive national plan for critical infrastructure protection, developing partnerships with stakeholders and information sharing and warning capabilities, and identifying and reducing threats and vulnerabilities. As shown in table 8, we identified 7 performance expectations for DHS in the area of critical infrastructure and key resources protection and found that DHS has generally achieved 4 of them and has generally not achieved 3 others. Table 8: Summary of Our Assessments for DHS's Critical Infrastructure and Key Resources Protection Performance Expectations: Performance expectation: Generally achieved; Total: 4. Performance expectation: Develop a comprehensive national plan for critical infrastructure protection; Performance expectation: Develop partnerships and coordinate with other federal agencies, state and local, governments, and the private sector; Performance expectation: Identify and assess threats and vulnerabilities for critical infrastructure; Performance expectation: Support efforts to reduce threats and vulnerabilities for critical infrastructure. Performance expectation: Generally not achieved; Total: 3. Performance expectation: Improve and enhance public/private information sharing involving attacks, threats, and vulnerabilities; Performance expectation: Develop and enhance national analysis and warning capabilities for critical infrastructure; Performance expectation: Provide and coordinate incident response and recovery planning efforts for critical infrastructure. Overall assessment of progress: Moderate. Source: GAO analysis. [End of table] * DHS's science and technology efforts include coordinating the federal government's civilian efforts to identify and develop countermeasures to chemical, biological, radiological, nuclear, and other emerging terrorist threats. As shown in table 9, we identified 6 performance expectations for DHS in the area of science and technology and found that DHS has generally achieved 1 of them and has generally not achieved 5 others. Table 9: Summary of Our Assessments for DHS's Science and Technology Performance Expectations: Performance expectation: Generally achieved; Total: 1. Performance expectation: Coordinate with and share homeland security technologies with federal, state, local, and private sector entities. Performance expectation: Generally not achieved; Total: 5. Performance expectation: Develop a plan for departmental research, development, testing, and evaluation activities; Performance expectation: Assess emerging chemical, biological, radiological, and nuclear threats and homeland security vulnerabilities; Performance expectation: Coordinate research, development, and testing efforts to identify and develop countermeasures to address chemical, biological, radiological, nuclear, and other emerging terrorist threats; Performance expectation: Coordinate deployment of nuclear, biological, chemical, and radiological detection capabilities and other countermeasures; Performance expectation: Assess and evaluate nuclear, biological, chemical, and radiological detection capabilities and other countermeasures. Overall assessment of progress: Limited. Source: GAO analysis. [End of table] * DHS's acquisition management efforts include managing the use of contracts to acquire goods and services needed to fulfill or support the agency's missions, such as information systems, new technologies, aircraft, ships, and professional services. As shown in table 10, we identified 3 performance expectations for DHS in the area of acquisition management and found that DHS has generally achieved 1 of them and has generally not achieved 2 others. Table 10: Summary of Our Assessments for DHS's Acquisition Management Performance Expectations: Performance expectation: Generally achieved; Total: 1. Performance expectation: Assess and organize acquisition functions to meet agency needs. Performance expectation: Generally not achieved; Total: 2. Performance expectation: Develop clear and transparent policies and processes for all acquisitions; Performance expectation: Develop an acquisition workforce to implement and monitor acquisitions. Overall assessment of progress: Modest. Source: GAO analysis. [End of table] *DHS's financial management efforts include consolidating or integrating component agencies' financial management systems. As shown in table 11, we identified 7 performance expectations for DHS in the area of financial management and found that DHS has generally achieved 2 of them and has generally not achieved 5 others. Table 11: Summary of Our Assessments for DHS's Financial Management Performance Expectations: Performance expectation: Generally achieved; Total: 2. Performance expectation: Designate a department Chief Financial Officer who is appointed by the President and confirmed by the Senate; Performance expectation: Prepare corrective action plans for internal control weaknesses. Performance expectation: Generally not achieved; Total: 5. Performance expectation: Subject all financial statements to an annual financial statement audit; Performance expectation: Obtain an unqualified financial statement audit opinion; Performance expectation: Substantially comply with federal financial management system requirements, applicable federal accounting standards, and the U.S. Standard General Ledger at the transaction level; Performance expectation: Obtain an unqualified opinion on internal control over financial reporting; Performance expectation: Correct internal control weaknesses. Overall assessment of progress: Modest. Source: GAO analysis. [End of table] * DHS's key human capital management areas include pay, performance management, classification, labor relations, adverse actions, employee appeals, and diversity management. As shown in table 12, we identified 8 performance expectations for DHS in the area of human capital management and found that DHS has generally achieved 2 of them and has generally not achieved 6 others. Table 12: Summary of Our Assessments for DHS's Human Capital Management Performance Expectations: Performance expectation: Generally achieved; Total: 2. Performance expectation: Develop a results-oriented strategic human capital plan; Performance expectation: Create a comprehensive plan for training and professional development. Performance expectation: Generally not achieved; Total: 6. Performance expectation: Implement a human capital system that links human capital planning to overall agency strategic planning; Performance expectation: Develop and implement processes to recruit and hire employees who possess needed skills; Performance expectation: Measure agency performance and make strategic human capital decisions; Performance expectation: Establish a market-based and more performance- oriented pay system; Performance expectation: Seek feedback from employees to allow for their participation in the decision-making process; Performance expectation: Implement training and development programs in support of DHS's mission and goals. Overall assessment of progress: Limited. Source: GAO analysis. [End of table] * DHS's information technology management efforts include developing and using an enterprise architecture, or corporate blueprint, as an authoritative frame of reference to guide and constrain system investments; defining and following a corporate process for informed decision making by senior leadership about competing information technology investment options; applying system and software development and acquisition discipline and rigor when defining, designing, developing, testing, deploying, and maintaining systems; establishing a comprehensive, departmentwide information security program to protect information and systems; having sufficient people with the right knowledge, skills, and abilities to execute each of these areas now and in the future; and centralizing leadership for extending these disciplines throughout the organization with an empowered Chief Information Officer. As shown in table 13, we identified 13 performance expectations for DHS in the area of information technology management and found that DHS has generally achieved 2 of them and has generally not achieved 8 others. For 3 performance expectations, we could not make an assessment. Table 13: Summary of Our Assessments for DHS's Information Technology Management Performance Expectations: Performance expectation: Generally achieved; Total: 2. Performance expectation: Organize roles and responsibilities for information technology under the Chief Information Officer; Performance expectation: Develop policies and procedures to ensure protection of sensitive information. Performance expectation: Generally not achieved; Total: 8. Performance expectation: Develop a strategy and plan for information technology management; Performance expectation: Develop measures to assess performance in the management of information technology; Performance expectation: Implement a comprehensive enterprise architecture; Performance expectation: Develop a process to effectively manage information technology investments; Performance expectation: Implement a process to effectively manage information technology investments; Performance expectation: Develop policies and procedures for effective information systems development and acquisition; Performance expectation: Implement policies and procedures for effective information systems development and acquisition; Performance expectation: Implement policies and procedures to effectively safeguard sensitive information. Performance expectation: No assessment made; Total: 3. Performance expectation: Strategically manage information technology human capital; Performance expectation: Develop a comprehensive enterprise architecture; Performance expectation: Provide operational capabilities for information technology infrastructure and applications. Overall assessment of progress: Limited. Source: GAO analysis. [End of table] * DHS's responsibilities for real property management are specified in Executive Order 13327, "Federal Real Property Asset Management," and include establishment of a senior real property officer, development of an asset inventory, and development and implementation of an asset management plan and performance measures. As shown in table 14, we identified 9 performance expectations for DHS in the area of real property management and found that DHS has generally achieved 6 of them and has generally not achieved 3 others. Table 14: Summary of Our Assessments for DHS's Real Property Management Performance Expectations: Performance expectation: Generally achieved; Total: 6. Performance expectation: Establish a Senior Real Property Officer who actively serves on the Federal Real Property Council; Performance expectation: Complete and maintain a comprehensive inventory and profile of agency real property; Performance expectation: Provide timely and accurate information for inclusion in the governmentwide real property inventory database; Performance expectation: Develop an Office of Management and Budget- approved asset management plan; Performance expectation: Establish an Office of Management and Budget- approved 3-year rolling timeline with certain deadlines by which the agency will address opportunities and determine its priorities as identified in the asset management plan; Performance expectation: Establish real property performance measures. Performance expectation: Generally not achieved; Total: 3. Performance expectation: Demonstrate steps taken toward implementation of the asset management plan; Performance expectation: Use accurate and current asset inventory information and real property performance measures in management decision making; Performance expectation: Ensure the management of agency property assets is consistent with the agency's overall strategic plan, the agency asset management plan, and the performance measures. Overall assessment of progress: Moderate. Source: GAO analysis. [End of table] A variety of cross-cutting themes have affected DHS's efforts to implement its mission and management functions. These key themes include agency transformation, strategic planning and results management, risk management, information sharing, and partnerships and coordination. * In past work, we reported on the importance of integration and transformation in helping DHS ensure that it can implement its mission and management functions. We designated the implementation and transformation of DHS as a high-risk area in 2003 and continued that designation in our 2005 and 2007 updates. As of May 2007, we reported that DHS had yet to submit a corrective action plan to the Office of Management and Budget. We reported that the creation of DHS is an enormous management challenge and that DHS faces a formidable task in its transformation efforts as it works to integrate over 170,000 federal employees from 22 component agencies. We noted that it can take a minimum of 5 to 7 years until organizations complete their transformations. * We have identified strategic planning and the development and use of outcome-based performance measures as two of the key success factors for the management of any organization. DHS issued a departmentwide strategic plan that met most of the required elements for a strategic plan and is planning to issue an updated plan. However, we have reported that some component agencies have had difficulties in developing outcome-based goals and measures for assessing program performance. For example, in August 2005 we reported that U.S. Immigration and Customs Enforcement (ICE) had not yet developed outcome goals and measures for its worksite enforcement program, and in March 2006 we reported that U.S. Citizenship and Immigration Services (USCIS) had not yet established performance goals and measures to assess its benefit fraud activities. We have also noted that DHS faces inherent challenges in developing outcome-based goals and measures to assess the affect of its efforts on strengthening homeland security. * We have also reported on the importance of using a risk management approach to set homeland security priorities and allocate resources accordingly. The National Strategy for Homeland Security and DHS's strategic plan have called for the use of risk-based decisions to prioritize DHS's resource investments, and risk management has been widely supported by the President, Congress, and the Secretary of Homeland Security as a management approach for homeland security. In past work we found that while some DHS component agencies, such as the Coast Guard and the Transportation Security Administration (TSA), have taken steps to apply risk-based decision making in implementing some of their mission functions, other components have not utilized such an approach. For example, we reported that DHS has not applied a risk management approach in deciding whether and how to invest in specific capabilities for preparing for and responding to catastrophic threats. * In 2005 we designated information sharing for homeland security as high-risk. We recently reported that more than 5 years after September 11, 2001, the nation still lacked an implemented set of governmentwide policies and processes for sharing terrorism-related information and the area remained high-risk. However, we noted that the federal government has issued a strategy for how it will put in place the overall framework and policies for sharing information with critical partners and that DHS has taken actions to implement its information sharing responsibilities. For example, DHS has implemented an information system to share homeland security information and has supported the efforts of states and localities to create information "fusion" centers. We have reported that DHS faces challenges in continuing to develop productive information sharing relationships with federal agencies, state and local governments, and the private sector. * We have also reported on the important role that DHS plays in partnering and coordinating its homeland security efforts with federal, state, local, private sector, and international stakeholders. The National Strategy for Homeland Security underscores the importance of DHS partnering with other stakeholders, as the majority of the strategy's initiatives are intended to be implemented by three or more federal agencies. Our prior work has shown that, among other things, successful partnering and coordination involve collaborating and consulting with stakeholders to develop goals, strategies, and roles. DHS has taken steps to strengthen partnering frameworks and capabilities. For example, DHS has formed a working group to coordinate the federal response to cyber incidents of national significance. However, we have also reported on difficulties faced by DHS in its partnership efforts. For example, DHS faced challenges in coordinating with its emergency preparedness and response partners in the wake of Hurricanes Katrina and Rita due to, among other things, unclear designations of partners' roles and responsibilities. Given DHS's dominant role in securing the homeland, it is critical that the department's mission and management programs are operating as efficiently and effectively as possible. DHS has taken important actions to secure the border and transportation sectors and to prepare for and respond to disasters. DHS has had to undertake these missions while also working to transform itself into a fully functioning cabinet department--a difficult task for any organization. As DHS moves forward, it will be important for the department to continue to develop more measurable goals to guide implementation efforts and to enable better accountability of its progress toward achieving desired outcomes. It will also be important for DHS to continually reassess its mission and management goals, measures, and milestones to evaluate progress made, identify past and emerging obstacles, and examine alternatives to address those obstacles and effectively implement its missions. In its comments on a draft of this report, DHS took issues with our methodology and disagreed with our assessments for 42 of 171 performance expectations. DHS's five general issues were (1) perceptions that we altered our standards used to judge the department's progress; (2) concerns with the binary approach we used to assess the performance expectations; (3) concerns regarding perceived changes in criteria after DHS provided additional information; (4) concerns with consistency in our application of the methodology; and (5) concerns regarding our treatment of performance expectations as having equal weight. With regard to the first issue, as we communicated to DHS, we did not change our criteria; rather we made a change in language to better convey the intent behind the performance expectations that DHS achieve them instead of merely taken actions that apply or relate to them. Second, regarding our use of a binary standard to judge whether or not DHS generally met each of 171 performance expectations, we acknowledge the limitations of this standard, but believe it is appropriate for this review given the administration has generally not established quantitative goals and measures for the 171 expectations, which are necessary to systematically assess where along a spectrum of progress DHS stood in achieving each performance expectation. We applied a scale to assess different levels of progress made by DHS for its overall mission and management areas. With regard to the third issue, what DHS perceives as a change in criteria for certain performance expectations is not a change in criteria but simply the process by which we disclosed our preliminary assessment to DHS, analyzed additional documents and information from DHS, and updated and, in some cases revised, our assessments based on this additional input. Fourth, regarding concerns with consistency in our methodology application, our core team of GAO analysts and managers reviewed all inputs from GAO staff to ensure consistent application of our methodology, criteria, and analytical process. Finally, regarding concerns with our treatment of performance expectations as having equal weight, we acknowledge that differences exist between expectations, but we did not weight the performance expectations because congressional, departmental and others' views on the relative priority of each expectation may be different and we did not believe it was appropriate to substitute our judgment for theirs. With regard to DHS's disagreement with our assessments for 42 of the performance expectations, DHS generally contends that (1) we expected DHS to have achieved an entire expectation in cases when that ultimate achievement will likely take several more years, and (2) we did not adequately use or appropriately interpret additional information DHS provided. In general, we believe that it is appropriate, after pointing out the expectation for a multiyear program and documenting the activities DHS has actually accomplished to date, to reach a conclusion that DHS has not yet fully implemented the program. We also believe we have appropriately used the documents DHS has provided us. In some cases, the information and documents DHS provided were not relevant to the specific performance expectation; in these situations we did not discuss them in our assessment. In other cases, the information did not convince us that DHS had achieved the performance expectation as stated or as we had interpreted it. In the assessment portion of each performance expectation, we have described how we applied the information DHS provided to the performance expectation and describe the level of progress DHS has made. Overall, we appreciate DHS's concerns and recognize that in a broad- based endeavor such as this, some level of disagreement is inevitable, especially at any given point in time. However, we have been as transparent as possible regarding our purpose, methodology, and professional judgments. Background: In July 2002, President Bush issued the National Strategy for Homeland Security. The strategy set forth overall objectives to prevent terrorist attacks within the United States, reduce America's vulnerability to terrorism, and minimize the damage and assist in the recovery from attacks that may occur. The strategy set out a plan to improve homeland security through the cooperation and partnering of federal, state, local, and private sector organizations on an array of functions. The National Strategy for Homeland Security specified a number of federal departments, as well as nonfederal organizations, that have important roles in securing the homeland. In terms of federal departments, DHS was assigned a prominent role in implementing established homeland security mission areas. In November 2002, the Homeland Security Act of 2002 was enacted into law, creating DHS. This act defined the department's missions to include preventing terrorist attacks within the United States; reducing U.S. vulnerability to terrorism; and minimizing the damages, and assisting in the recovery from, attacks that occur within the United States. The act also specified major responsibilities for the department, including to analyze information and protect infrastructure; develop countermeasures against chemical, biological, radiological, and nuclear, and other emerging terrorist threats; secure U.S. borders and transportation systems; and organize emergency preparedness and response efforts. DHS began operations in March 2003. Its establishment represented a fusion of 22 federal agencies to coordinate and centralize the leadership of many homeland security activities under a single department.[Footnote 20] According to data provided to us by DHS, the department's total budget authority was about $39 billion in fiscal year 2004, about $108 billion in fiscal year 2005, about $49 billion in fiscal year 2006, and about $45 billion in fiscal year 2007.[Footnote 21] The President's fiscal year 2008 budget submission requests approximately $46 billion for DHS. Table 15 provides information on DHS's budget authority, as reported by DHS, for each fiscal year from 2004 though 2007. Table 15: DHS Budget Authority for Fiscal Years 2004 through 2007 in Thousands of Dollars, as Reported by DHS: DHS component agency/program: Departmental Operations; Fiscal year 2004 budget authority: $394,435; Fiscal year 2005 budget authority: $527,257; Fiscal year 2006 budget authority: $610,473; Fiscal year 2007 budget authority: $626,123. DHS component agency/program: Analysis and Operations; Fiscal year 2004 budget authority: Fiscal year 2005 budget authority: Fiscal year 2006 budget authority: $252,940; Fiscal year 2007 budget authority: $299,663. DHS component agency/program: DHS IG; Fiscal year 2004 budget authority: $80,318; Fiscal year 2005 budget authority: $97,317; Fiscal year 2006 budget authority: $84,187; Fiscal year 2007 budget authority: 98,685. DHS component agency/program: U.S. Secret Service; Fiscal year 2004 budget authority: $1,334,128; Fiscal year 2005 budget authority: $1,375,758; Fiscal year 2006 budget authority: $1,423,489; Fiscal year 2007 budget authority: $1,479,158. DHS component agency/program: U.S. Customs and Border Protection (CBP); Fiscal year 2004 budget authority: $5,994,287; Fiscal year 2005 budget authority: $6,520,698; Fiscal year 2006 budget authority: $7,970,695; Fiscal year 2007 budget authority: $9,344,781. DHS component agency/program: U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT)[A]; Fiscal year 2004 budget authority: $328,053; Fiscal year 2005 budget authority: $340,000; Fiscal year 2006 budget authority: $336,600; Fiscal year 2007 budget authority: $362,494. DHS component agency/program: U.S. Immigration and Customs Enforcement (ICE); Fiscal year 2004 budget authority: $3,669,615; Fiscal year 2005 budget authority: $4,244,228; Fiscal year 2006 budget authority: $4,206,443; Fiscal year 2007 budget authority: $4,726,641. DHS component agency/program: U.S. Citizenship and Immigration Services (USCIS); Fiscal year 2004 budget authority: $1,549,733; Fiscal year 2005 budget authority: $1,775,000; Fiscal year 2006 budget authority: $1,887,850; Fiscal year 2007 budget authority: $1,985,990. DHS component agency/program: Transportation Security Administration (TSA); Fiscal year 2004 budget authority: $4,578,043; Fiscal year 2005 budget authority: $5,405,375; Fiscal year 2006 budget authority: $6,167,014; Fiscal year 2007 budget authority: $6,329,291. DHS component agency/program: U.S. Coast Guard; Fiscal year 2004 budget authority: $7,097,405; Fiscal year 2005 budget authority: $7,853,427; Fiscal year 2006 budget authority: $8,782,689; Fiscal year 2007 budget authority: $8,729,152. DHS component agency/program: National Protection and Programs Directorate/Preparedness Directorate[A]; Fiscal year 2004 budget authority: Fiscal year 2005 budget authority: Fiscal year 2006 budget authority: $678,395; Fiscal year 2007 budget authority: $618,577. DHS component agency/program: Counter-Terrorism Fund; Fiscal year 2004 budget authority: $9,941; Fiscal year 2005 budget authority: $8,000; Fiscal year 2006 budget authority: $1,980; Fiscal year 2007 budget authority: DHS component agency/program: Federal Emergency Management Agency (FEMA); Fiscal year 2004 budget authority: $8,378,109; Fiscal year 2005 budget authority: $74,031,032; Fiscal year 2006 budget authority: $11,175,544; Fiscal year 2007 budget authority: $5,223,503. DHS component agency/program: FEMA: Office of Grant Programs[B]; Fiscal year 2004 budget authority: $4,013,182; Fiscal year 2005 budget authority: $3,984,846; Fiscal year 2006 budget authority: $3,377,737; Fiscal year 2007 budget authority: $3,393,000. DHS component agency/program: Science and Technology Directorate; Fiscal year 2004 budget authority: $912,751; Fiscal year 2005 budget authority: $1,115,450; Fiscal year 2006 budget authority: $1,487,075; Fiscal year 2007 budget authority: $973,109. DHS component agency/program: Domestic Nuclear Detection Office; Fiscal year 2004 budget authority: Fiscal year 2005 budget authority: Fiscal year 2006 budget authority: Fiscal year 2007 budget authority: $480,968. DHS component agency/program: Border and Transportation Security Directorate[A]; Fiscal year 2004 budget authority: $8,058; Fiscal year 2005 budget authority: $9,617; Fiscal year 2006 budget authority: Fiscal year 2007 budget authority: DHS component agency/program: Federal Law Enforcement Training Center; Fiscal year 2004 budget authority: $191,643; Fiscal year 2005 budget authority: $226,807; Fiscal year 2006 budget authority: $304,534; Fiscal year 2007 budget authority: $275,279. DHS component agency/program: Information Analysis and Infrastructure Protection Directorate[A]; Fiscal year 2004 budget authority: $834,348; Fiscal year 2005 budget authority: $887,108; Fiscal year 2006 budget authority: [Empty]; Fiscal year 2007 budget authority: [Empty]. DHS component agency/program: Total; Fiscal year 2004 budget authority: $39,374,049; Fiscal year 2005 budget authority: $108,401,920[C]; Fiscal year 2006 budget authority: $48,747,645; Fiscal year 2007 budget authority: $44,946,414. Source: DHS. Note: Data are rounded to the nearest thousand. Fiscal year 2007 amounts are as of January 31, 2007. The data reflect total budget authority amounts as reported to us by DHS. The amounts include annual and supplemental appropriations, rescissions, amounts reprogrammed or transferred, fee estimates, and mandatory amounts. The amounts do not reflect carryover or rescissions of unobligated balances. [A] The Border and Transportation Security Directorate, the Information Analysis and Infrastructure Protection Directorate, and the US-VISIT program are legacy organizations within DHS. The functions of these organizations have been realigned through DHS reorganizations. In particular, in March 2007 US-VISIT was reorganized under the National Protection and Programs Directorate. The Border and Transportation Security Directorate included U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, the Transportation Security Administration, and the Federal Law Enforcement Training Center. [B] The Office of Grant Programs has undergone several realignments. It was previously known as the Office of Grants and Training in the Preparedness Directorate, the Office of State and Local Government Coordination and Preparedness, and the Office for Domestic Preparedness. [C] The FEMA Fiscal Year 2005 Amount Includes About $45 Billion In Supplemental Funding For Hurricane Katrina.] [End of table] Since creating and issuing its first strategic plan, the department has undergone several reorganizations. Most notably, in July 2005, DHS announced the outcome of its Second-Stage Review, an internal study of the department's programs, policies, operations, and structures. As a result of this review, the department realigned several component agencies and functions. In particular, the Secretary of Homeland Security established a Directorate of Policy to coordinate departmentwide policies, regulations, and other initiatives and consolidated preparedness activities in one directorate, the Directorate for Preparedness. In addition, the Secretary established a new Office of Intelligence and Analysis and the Office of Infrastructure Protection composed of analysts from the former Information Analysis and Infrastructure Protection directorate. The Office of Infrastructure Protection was placed in the Directorate for Preparedness. The fiscal year 2007 DHS appropriations act provided for the further reorganization of functions within the department by, in particular, realigning DHS's emergency preparedness and response responsibilities.[Footnote 22] In addition to these reorganizations, a variety of factors have affected DHS's efforts to implement its mission and management functions. These factors include both domestic and international events, such as Hurricanes Katrina and Rita, and major homeland security-related legislation. Figure 2 provides a timeline of key events that have affected DHS's implementation. Figure 2: Selected Key Events That Have Affected Department of Homeland Security Implementation: [See PDF for image] [End of figure] DHS Has Made Varying Levels of Progress in Implementing its Core Mission and Management Functions, but Has Faced Difficulties in Its Implementation Efforts: Based on the performance expectations we identified, DHS has made progress in implementing its mission and management functions, but various challenges have affected its efforts. Specifically, DHS has made limited progress in the areas of emergency preparedness and response; science and technology; and human capital and information technology management. We found that DHS has made modest progress in the areas of border security; immigration services; and acquisition and financial management. We also found that DHS has made moderate progress in the areas of immigration enforcement, aviation security, surface transportation security; critical infrastructure and key resources protection, and real property management, and that DHS has made substantial progress in the area of maritime security. DHS Has Made Modest Progress in Border Security: The United States shares a 5,525 mile border with Canada and a 1,989 mile border with Mexico, and all goods and people traveling to the United States must be inspected at air, land, or sea ports of entry. In 2006, more than 400 million legal entries were made to the United States--a majority of all border crossings were at land border ports of entry. Within DHS, CBP is the lead agency responsible for implementing the department's border security mission. Specifically, CBP's two priority missions are (1) detecting and preventing terrorists and terrorist weapons from entering the United States, and (2) facilitating the orderly and efficient flow of legitimate trade and travel. CBP's supporting missions include interdicting illegal drugs and other contraband; apprehending individuals who are attempting to enter the United States illegally; inspecting inbound and outbound people, vehicles, and cargo; enforcing laws of the United States at the border; protecting U.S. agricultural and economic interests from harmful pests and diseases; regulating and facilitating international trade; collecting import duties; and enforcing U.S. trade laws. Within CBP, the United States Border Patrol is responsible for border security between designated official ports of entry, and CBP's Office of Field Operations enforces trade, immigration, and agricultural laws and regulations by securing the flow of people and goods into and out of the country, while facilitating legitimate travel and trade at U.S. ports of entry. As shown in table 16, we identified 12 performance expectations for DHS in the area of border security and found that overall DHS has made modest progress in meeting those expectations. Specifically, we found that DHS has generally achieved 5 of its performance expectations and has generally not achieved 7 of its performance expectations. Table 16: Performance Expectations and Progress Made in Border Security: Performance expectation: 1. Implement a biometric entry system to prevent unauthorized border crossers from entering the United States through ports of entry; Assessment: Generally achieved. Performance expectation: 2. Implement a biometric exit system to collect information on border crossers leaving the United States through ports of entry; Assessment: Generally not achieved. Performance expectation: 3. Develop a program to detect and identify illegal border crossings between ports of entry; Assessment: Generally achieved. Performance expectation: 4. Implement a program to detect and identify illegal border crossings between ports of entry; Assessment: Generally not achieved. Performance expectation: 5. Develop a strategy to detect and interdict illegal flows of cargo, drugs, and other items into the United States; Assessment: Generally achieved. Performance expectation: 6. Implement a strategy to detect and interdict illegal flows of cargo, drugs and other items into the United States; Assessment: Generally not achieved. Performance expectation: 7. Implement effective security measures in the visa issuance process; Assessment: Generally not achieved. Performance expectation: 8. Implement initiatives related to the security of certain documents used to enter the United States; Assessment: Generally not achieved. Performance expectation: 9. Provide adequate training for all border related employees; Assessment: Generally achieved. Performance expectation: 10. Develop staffing plans for hiring and allocating human capital resources to fulfill the agency's border security mission; Assessment: Generally achieved. Performance expectation: 11. Ensure adequate infrastructure and facilities; Assessment: Generally not achieved. Performance expectation: 12. Leverage technology, personnel, and information to secure the border; Assessment: Generally not achieved. Performance expectation: Total; Assessment: Generally achieved: 5; Assessment: Generally not achieved: 7; Assessment: No assessment made: 0. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [End of table] Table 17 provides more detailed information on the progress that DHS has made in taking actions to achieve each performance expectation in the area of border security and our assessment of whether DHS has taken steps to satisfy most of the key elements of the performance expectation (generally achieved) or has not taken steps to satisfy most of the performance expectation's key elements (generally not achieved). Table 17: Performance Expectations and Assessment of DHS Progress in Border Security: Performance expectation: 1. Implement a biometric entry system to prevent unauthorized border crossers from entering the United States through ports of entry; Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. According to DHS, the entry portion of US-VISIT has been deployed at 154 of 170 land ports of entry, 115 airports, and 14 seaports, as of December 2006. With regard to 14 of the 16 land ports of entry where US-VISIT was not installed, CBP and US-VISIT program office officials told us there was no operational need for US-VISIT because visitors who are required to be processed into US-VISIT are, by regulation, not authorized to enter the United States at these locations. We reported that US-VISIT needs to be installed at the remaining 2 ports of entry in order to achieve full implementation as required by law, but both of these locations present significant challenges to installation of US-VISIT. These ports of entry do not currently have access to appropriate communication transmission lines to operate US-VISIT. CBP officials told us that, given this constraint, they determined that they could continue to operate as before. CBP officials told us that having US-VISIT biometric entry capability generally improved their ability to process visitors required to enroll in US-VISIT because it provided them additional assurance that visitors are who they say they are and automated the paperwork associated with processing the I-94 arrival/departure form. For more information, see Border Security: US-VISIT Program Faces Strategic, Operational, and Technological Challenges at Land Ports of Entry, GAO-07-248; Assessment: Generally achieved. Performance expectation: 2. Implement a biometric exit system to collect information on border crossers leaving the United States through ports of entry; Summary of findings: GAO findings: DHS has faced challenges in deploying a biometric exit system at ports of entry. Legislation required US-VISIT to collect biometric exit data from all individuals who are required to provide biometric entry data, but did not set a specific deadline for this requirement. Although US-VISIT had set a December 2007 deadline for implementing exit capability at the 50 busiest land ports of entry, US-VISIT has since determined that implementing an exit capability by this date is no longer feasible. A new date for exit implementation has not been set. In March 2007, we reported that DHS has devoted considerable time and resources toward establishing an operational exit capability. Over the last 4 years, it has committed over $160 million to pilot test and evaluate an exit solution at 12 air, 2 sea, and 5 land ports of entry. Despite this considerable investment of time and resources, the US-VISIT program still does not have either an operational exit capability or a viable exit solution to deploy to all air, sea, and land ports of entry. With regard to air and sea ports of entry, we reported that although US- VISIT has pilot tested a biometric exit capability for these ports of entry, it has not been available at all ports. A pilot test in 2004 through 2005 identified issues that limited the operational effectiveness of the solution, such as the lack of traveler compliance with the processes. According to program officials, US-VISIT is now developing a plan for deploying a comprehensive, affordable exit solution at all ports of entry. However, no time frame has been established for this plan being approved or implemented. There are interrelated logistical, technological, and infrastructure constraints that have precluded DHS from achieving this mandate, and there are cost factors related to the feasibility of implementation of such a solution. With regard to land ports of entry, for example, we reported that the major constraint to performing biometric verification upon exit at this time, in the US-VISIT Program Office's view, is that the only proven technology available would necessitate mirroring the processes currently in use for US-VISIT at entry. The US-VISIT Program Office concluded in January 2005 that the mirror-imaging solution was "an infeasible alternative for numerous reasons, including but not limited to, the additional staffing demands, new infrastructure requirements, and potential trade and commerce impacts." US-VISIT officials stated that they believe that technological advances over the next 5 to 10 years will make it possible to utilize alternative technologies that provide biometric verification of persons exiting the country without major changes to facility infrastructure and without requiring those exiting to stop and/or exit their vehicles, thereby precluding traffic backup, congestion, and resulting delays. For more information, see GAO-07-248 and Homeland Security: US-VISIT Program Faces Operational, Technological and Management Challenges, GAO-07- 632T. DHS updated information: Between March and June 2007, DHS told us that, it expected that further land exit testing may be conducted in fiscal year 2008. DHS reported that it provided an exit strategy to Congress in the spring of 2007; Our assessment: We conclude that DHS has generally not achieved this performance expectation. Although DHS is continuing to explore various possibilities for implementing an exit capability, the department has not yet implemented a biometric exit system at land, air, and sea ports of entry. Assessment: Generally not achieved. Performance expectation: 3. Develop a program to detect and identify illegal border crossings between ports of entry; Summary of findings: GAO findings: DHS has made progress toward developing a program to detect illegal border crossings between ports of entry. In February 2007, we reported that the Secure Border Initiative is a comprehensive, multiyear program established in November 2005 by the Secretary of Homeland Security to secure U.S. borders and reduce illegal immigration. The Secure Border Initiative's mission is to promote border security strategies that help protect against and prevent terrorist attacks and other transnational crimes. Elements of the Secure Border Initiative will be carried out by several organizations within DHS. One element of the Secure Border Initiative is SBInet, the program within CBP responsible for developing a comprehensive border protection system. SBInet is responsible for leading the effort to ensure that the proper mix of personnel, tactical infrastructure, rapid response capability, and technology is deployed along the border. According to DHS, the SBInet solution is to include a variety of sensors, communications systems, information technology, tactical infrastructure (roads, barriers, and fencing), and command and control capabilities to enhance situational awareness of the responding officers. The solution is also to include the development of a common operating picture that provides uniform data, through a command center environment, to all DHS agencies and is interoperable with stakeholders external to DHS. We have ongoing work to further assess the Secure Border Initiative. For more information, see GAO-07-248 and Secure Border Initiative: SBInet Expenditure Plan Needs to Better Support Oversight and Accountability, GAO-07-309. DHS updated information: According to updated information provided by DHS between March and May 2007, the Secure Border Initiative program is in place, with a Program Management Office and governance structure, system integrator, and funding. In September 2006, the SBInet contract was awarded. CBP has been designated as the DHS executive agent for the SBInet program and has established a Program Management Office to oversee SBInet. With regard to other border security initiatives, DHS noted that Operation Streamline, launched in December 2005, is a coordinated effort among CBP, ICE, and the Department of Justice to create a zero-tolerance zone for illegal entries in the Del Rio Border Patrol sector. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has made progress in developing a strategy to detect and identify illegal border crossings between ports of entry- -namely the Secure Border Initiative--and has developed other initiatives to detect and deter illegal border crossings. Assessment: Generally achieved. Performance expectation: 4. Implement a program to detect and identify illegal border crossings between ports of entry; Summary of findings: GAO and DHS IG findings: DHS has not yet fully implemented a program to effectively detect and identify illegal border crossings between ports of entry. In past work, we and the DHS IG identified challenges in implementing earlier border security programs designed to detect and deter illegal border crossings. For example, in February 2006 the DHS IG reported that initiatives using technology, such as unmanned aerial vehicles and remote video surveillance, had failed to consistently demonstrate the predicted force multiplier effect for border security. More recently, we reported that although DHS has published some information on various aspects of the Secure Border Initiative and SBInet, it remains unclear how SBInet will be linked, if at all, to US-VISIT so that the two systems can share technology, infrastructure, and data across programs. In addition, we reported that according to DHS, work on the northern border for the Secure Border Initiative is not projected to begin before fiscal year 2009. We have ongoing work to further assess the Secure Border Initiative. For more information, see GAO-07-309; GAO-07-248; Border Security: Key Unresolved Issues Justify Reevaluation of Border Surveillance Technology Program, GAO-06-295; and Border Security: Agencies Need to Better Coordinate Their Strategies and Operations on Federal Lands, GAO-04-590. Also, see Department of Homeland Security Office of the Inspector General, A Review of Remote Surveillance Technology Along U.S. Land Borders, OIG-06-15 (Washington, D.C.: December 2005). DHS updated information: DHS provided evidence of SBInet progress, including the award of four task orders as of May 2007. At the end of fiscal year 2006, DHS reported that 75 miles of fence were constructed and a total of 370 miles are planned to be constructed by the end of calendar year 2008. CBP also plans to establish 200 miles of vehicle barriers by the end of calendar year 2008, with 67 miles completed. Further, DHS has established a Miles of Effective Control goal. The goal is to gain effective control of the entire southwest border by 2013. According to DHS, effective control indicates that defense-in- depth capabilities in the area are robust enough to (1) detect illegal entries; (2) identify and classify the entries; (3) efficiently and effectively respond; and (4) bring events to a satisfactory law enforcement resolution. As of March 2007, DHS reported that it had 392 miles under effective control, and the goal for the end of calendar year 2008 is 642 miles. DHS stated that SBInet Technology Coverage goal is to cover 387 miles of the border completed by the end of calendar year 2008 in the Tucson and Yuma sectors. With regard to Operation Streamline, CBP reported that beginning with a 5-mile stretch of the border, the initiative now spans the entire 210 mile Del Rio Sector Border. DHS also noted that National Guard resources have been deployed to the border to enhance capabilities under Operation Jumpstart. As of February 28, 2007, DHS reported that nearly 46,000 aliens were apprehended and more than 520 vehicles were seized through Operation Jumpstart. Additionally, CBP plans to add 6,000 Border Patrol agents by the end of calendar year 2008. In fiscal year 2007, DHS plans to increase its Border Patrol presence between ports of entry by hiring, training, and deploying 1,500 additional agents. Our assessment: We conclude that DHS has generally not achieved this performance expectation. The Secure Border Initiative and SBInet are in the early phases of implementation, and DHS has taken actions to implement the initiative, particularly in awarding four task orders under SBInet. However, these contracts have only recently been awarded, and it is unclear what progress contractors have made in implementing the activities specified in the task orders. Moreover, DHS reported that it has effective control of 380 miles of the border as of March 2007, but the U.S. land border encompasses more than 6,000 miles, and DHS does not expect to begin work on the northern border until fiscal year 2009. Although DHS has only recently begun to implement SBInet, which is a multi-year program, DHS and its legacy components implemented programs to secure the border between ports of entry prior to the Secure Border Initiative and SBInet. We and the DHS IG reported on challenges faced by DHS in implementing programs that pre-dated the Secure Border Initiative and SBInet. Assessment: Generally not achieved. Performance expectation: 5. Develop a strategy to detect and interdict illegal flows of cargo, drugs, and other items into the United States; Summary of findings: GAO findings: DHS has taken steps to develop a strategic approach for interdicting illegal flows of cargo, drugs, and other items into the United States.[A] For example, according to DHS, in August 2006 DHS and the Department of Justice submitted a National Southwest Border Counternarcotics Strategy and Implementation Plan to the International Drug Control Policy Coordinating Committee. This document identified the major goals, objectives, and resource requirements for closing gaps in U.S. and Mexico counternarcotics capabilities along the southwest border. DHS has also taken steps to plan for the deployment of radiation portal monitors at ports of entry. For more information, see Combating Nuclear Smuggling: DHS Has Made Progress Deploying Radiation Detection Equipment at U.S. Ports-of- Entry, but Concerns Remain, GAO-06-389; Prescription Drugs: Strategic Framework Would Promote Accountability and Enhance Efforts to Enforce the Prohibitions on Personal Importation, GAO-05-372; and Cigarette Smuggling: Federal Law Enforcement Efforts and Seizures Increasing, GAO-04-641. DHS updated information: According to updated information provided by DHS, the CBP Office of Field Operations developed a comprehensive strategic plan entitled Securing America's Borders at the Ports of Entry that defines CBP's national strategy specifically at all air, land, and sea ports of entry. This plan was finalized and published in September 2006 concurrent with the development of the Secure Border Initiative. According to DHS, it complements the national strategy for gaining operational control of the borders between ports of entry and addresses the specific security concerns and required actions that are the direct responsibility of the Office of Field Operations. Programs under the auspices of the Office of Field Operations that support enhanced detection and interdiction of illegal flows of contraband and harmful substances into the United States include the National Targeting Center for Cargo; the Automated Targeting System; the Customs Trade Partnership Against Terrorism; the Container Security Initiative; the Secure Freight Initiative; and deployment of radiation portal monitors, large-scale, non-intrusive inspection technology, and canine enforcement teams. Additionally, according to the Office of Counternarcotics, in March 2006, the National Southwest Border Counternarcotics Strategy was approved by the International Drug Control Policy Coordinating Committee. This document identified the major goals, objectives, and recommendations for closing gaps in U.S. and Mexico counternarcotics capabilities along the southwest border. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has made progress in developing a strategy to implement its various programs for detecting and interdicting illegal flows of cargo, drugs, and other items into the United States. With regard to flows of illegal drugs in particular, the National Southwest Border Counternarcotics Strategy has been approved by the International Drug Control Policy Coordinating Committee. Assessment: Generally achieved. Performance expectation: 6. Implement a strategy to detect and interdict illegal flows of cargo, drugs, and other items into the United States. Summary of findings: GAO findings: We have identified challenges in DHS's efforts to interdict flows of illegal goods into the United States.[B] DHS has implemented the Container Security Initiative to allow CBP officials to target containers at foreign seaports so that any high-risk containers maybe inspected prior to their departure for the United States. We have identified challenges in implementation of the program, including staffing imbalances that, in the past, impeded CBP's targeting of containers. DHS has also implemented the Customs- Trade Partnership Against Terrorism, a voluntary program design to improve the security of international supply chain through which CBP officials work in partnership with private companies to review supply chain security plans. Our work has identified a number of challenges in implementation of the Customs-Trade Partnership Against Terrorism, including that CBP's standard for validation is hard to achieve and, given that the program is voluntary, there are limits on how intrusive CBP can be in its validations. With regard to radiation portal monitors, we reported as of December 2005, DHS had completed deployment of portal monitors at two categories of entry--a total of 61 ports of entry--and had begun work on two other categories; overall, however, progress had been slower than planned. According to DHS officials, the slow progress resulted from a late disbursal of funds and delays in negotiating deployment agreements with seaport operators. Further, we noted the expected cost of the program was uncertain because DHS's plans to purchase newer, more advanced equipment were not yet finalized, and we projected that the program's final cost would be much higher than CBP anticipated at the time of our review. In 2006, we reported on the results of our investigation of potential security weaknesses associated with the installation of radiation detection equipment at ports of entry. As part of this investigation, we deployed two teams of investigators to the field to make simultaneous border crossings at the northern and southern borders in an attempt to transport radioactive sources into the United States. The radiation portal monitors properly signaled the presence of radioactive material when our two teams of investigators conducted simultaneous border crossings. Our investigators' vehicles were inspected in accordance with most of the CBP policy at both the northern and southern borders. However, our investigators, using counterfeit documents, were able to enter the United States with the radioactive sources in the trunks of their vehicles. In 2005 we also reported that inspection and interdiction efforts at international mail branches and express carrier facilities had not prevented a reported substantial volume of prescription drugs from being illegally imported from foreign Internet pharmacies into the United States. We acknowledged that CBP and other agencies, including ICE, the Food and Drug Administration, and the Drug Enforcement Administration, had taken a step in the right direction by collaborating to establish a task force designed to address challenges that we identified, but nonetheless, an unknown number of illegal drugs entered the country each day. In addition, in 2004 we noted that CBP reported that the number of cigarette seizures by CBP and ICE increased dramatically, from 12 total seizures in 1998 to 191 seizures in 2003. CBP attributed this increase to better intelligence and better inspections--based on electronic methods such as its Automated Targeting System. For more information, see GAO-06-389; GAO-05-372; GAO- 04-641; Border Security: Investigators Transported Radioactive Sources Across Our Nation's Borders at Two Locations, GAO-06-940T; and Maritime Security: Observations on Selected Aspects of the SAFE Port Act, GAO-07- 754T. DHS updated information: DHS provided updated information related to its implementation of a strategy to detect and interdict illegal flows of cargo, drugs, and other items into the United States. In general, the Strategic Plan on Securing America's Borders at the Ports of Entry, which defines CBP's national strategy at all air, land, and sea ports of entry, outlines programs designed to achieve border security objectives. CBP's Office of Field Operations has developed a formal implementation process to execute the Securing America's Borders at the Ports of Entry strategic plan that includes regular senior executive participations, steering committee oversight, and the creation of Securing America's Borders at the Ports of Entry Implementation Division to provide ongoing oversight and coordination of a comprehensive development schedule for the Office of Field Operations' high priority programs. More specifically, DHS has several programs in place to help detect and interdict illegal flows of cargo, drugs, and other items into the United States. These programs include the National Targeting Center for Cargo, the Automated Targeting System, the Customs- Trade Partnership Against Terrorism, the Container Security Initiative, deployment of radiation portal monitors, large-scale non-intrusive inspection technology, canine enforcement programs, and the Secure Freight Initiative.[C] With regard to the National Targeting Center for Cargo, CBP reported that this center expands CBP's capability to do cargo shipment targeting to provide ports of entry with immediate analysis capabilities. With regard to radiation portal monitors, as of March 9, 2007, CBP has deployed 966 radiation portal monitors to ports of entry. According to CBP, these radiation portal monitor deployments provide CBP with the capability to screen approximately 91 percent of containerized cargo and 88 percent of personally owned vehicles entering the United States. With regard to non-intrusive technology, CBP reported deploying about 189 systems and is scheduled to have 224 large-scale systems deployed by the end of fiscal year 2009. CBP's canine enforcement teams are assigned to 73 ports of entry and more than 300 detector dog teams were trained in fiscal year 2006. DHS provided us with other sensitive data on the outputs of its efforts, which we considered in making our assessment. Furthermore, according to the Office of Counternarcotics, the Implementation Plan for the National Southwest Border Counternarcotics Strategy includes recommendations on funding and resource requirements and estimated timelines for implementing the National Southwest Border Counternarcotics Strategy in fiscal years 2008 through 2011. In addition, in fiscal year 2007, DHS plans to increase its Border Patrol presence between ports of entry by hiring, training, and deploying 1,500 additional agents. Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has taken actions to implement various programs to detect and interdict illegal flows of goods into the United States. For example, DHS has deployed radiation portal monitors and large scale non-intrusive detection systems at ports of entry and has developed the Container Security Initiative and Customs-Trade Partnership Against Terrorism Program. However, we have reported on challenges in implementation efforts associated with these programs. Moreover, CBP's Securing America's Borders at the Ports of Entry plan is still in the early stages of implementation, but once implemented, will help CBP detect and interdict illegal flows of goods into the United States. Further, the Implementation Plan for the National Southwest Border Counternarcotics Strategy has only recently been developed. In addition, we considered the sensitive data provided by DHS on the outputs of its efforts as well as our prior work in making our assessment. Assessment: Generally not achieved. Performance expectation: 7. Implement effective security measures in the visa issuance process. Summary of findings: GAO findings: DHS has made progress but still faces challenges in its efforts to implement effective security measures as part of the visa issuance process.[D] In 2005 we reported that DHS had not yet expanded the Visa Security Program as it planned. The Visa Security Program is DHS's program to oversee the assigning of visa security officers to locations overseas to review visa applications. In prior work we reported that DHS had begun supplying Visa Security Officers to the U.S. embassy and consulate in Saudi Arabia. According to DHS, the Department of State's consular officials, and the deputy chief of mission in Saudi Arabia, the Visa Security Officers strengthened visa security at these posts. Visa Security Officers offer law enforcement and immigration experience and have access to and experience using information from law enforcement databases, which are not readily available to consular officers. DHS planned to expand the Visa Security Program to additional posts throughout fiscal years 2005 and 2006, but faced various difficulties in its efforts to expand. For example, chiefs of mission at the posts chosen for expansion in fiscal year 2005 delayed approval of DHS's requests. Embassy and Department of State officials attributed the delays to questions about the program's goals, objectives, and staffing requirements, as well as DHS's plans to coordinate with existing law enforcement and border security staff and programs at post at that time. For more information, see Border Security: Actions Needed to Strengthen Management of Department of Homeland Security's Visa Security Program, GAO-05-801. DHS updated information: Since the time of our review, DHS has made progress in expanding the Visa Security Program to additional posts; Our assessment: We conclude that DHS has generally not achieved this performance expectation. Although the department has made some progress in expanding the Visa Security Program, the department has reported facing similar challenges to those that we previously identified in its expansion and implementation efforts and did not provide us with evidence that it has fully addressed those challenges. Assessment: Generally not achieved. Performance expectation: 8. Implement initiatives related to the security of certain documents used to enter the United States; Summary of findings: GAO findings: DHS has various initiatives related to the security of documents used to enter the United States but has faced difficulties in implementing these initiatives.[E] With regard to the Western Hemisphere Travel Initiative, we reported in May 2006 on challenges faced by DHS in implementation. This initiative is DHS's program to implement requirements for U.S. citizens and citizens of Bermuda, Canada, and Mexico to show a passport or other documents that the Secretary of Homeland Security deems sufficient to show identity and citizenship to CBP officers when those individuals enter the United States from certain countries in North, Central, or South America. We reported that alternative programs or documents, such as frequent traveler programs and driver's licenses with enhanced security features, had various challenges and using them in lieu of a passport would not easily resolve the management issues faced by DHS. We reported that once decisions are made on what documents will be needed, DHS and the Department of State will face challenges in program implementation and management. Major challenges would remain in developing (1) an implementation plan, (2) budget estimates, (3) awareness programs for the public, (4) training programs for DHS staff, (5) bilateral coordination with Canada, and (6) a common understanding of how the Travel Initiative links to the overall strategy for securing the nation's borders. Falling short in any of these areas may hinder the ability of the agencies to achieve their goal of improving security while facilitating commerce and tourism. According to DHS officials, they have formed working groups to take action in each of these areas, but much more work remains in developing plans and approaches that improve the likelihood of program success; With regard to the Visa Waiver Program, the program enables citizens of 27 countries to travel to the United States for tourism or business for 90 days or less without obtaining a visa. In July 2004, we reported that DHS established a Visa Waiver Program Oversight Unit, which completed security assessments of the 27 countries that participate in the Visa Waiver Program. DHS also submitted a report to Congress summarizing the assessment findings. However, we identified several problems with the 2004 review process, as key stakeholders were not consulted during portions of the process, the review process lacked clear criteria and guidance to make key judgments, and the final reports were untimely. Furthermore, the monitoring unit could not effectively achieve its mission to monitor and report on ongoing law enforcement and security concerns in visa waiver countries due to insufficient resources. In September 2006 we testified that while DHS had taken some actions to mitigate the program's risks, the department faced difficulties in further mitigating these risks. In particular, the department had not established time frames and operating procedures regarding timely stolen passport reporting--a program requirement since 2002. Furthermore, DHS sought to require the reporting of lost and stolen passport data to the United States and the International Criminal Police Organization, but it had not issued clear reporting guidelines to participating countries; With regard to the Immigration Advisory Program, this pilot program is designed to increase the level of scrutiny given to the travel documents of certain high-risk passengers before they board international flights traveling to the United States. Under this program, CBP assigns officers to selected foreign airports where they utilize an automated risk-targeting system that identifies passengers as potentially high-risk--including passengers who do not need a visa to travel to the United States. CBP officers then personally interview some of these passengers and evaluate the authenticity and completeness of these passengers' travel documents. CBP has reported several successes through the Immigration Advisory Program pilot. According to CBP documents, from the start of the program in June 2004 through February 2006, Immigration Advisory Program teams made more than 700 no-board recommendations for inadmissible passengers and intercepted approximately 70 fraudulent travel documents. However, in May 2007 we reported that CBP had not taken all of the steps necessary to fully learn from its pilot sites in order to determine whether the program should be made permanent and the number of sites that should exist. These steps are part of a risk management approach to developing and evaluating homeland security programs; In addition, in prior work our agents have attempted to enter the United States using fictitious documents. Our periodic tests since 2002 clearly showed that CBP officers were unable to effectively identify counterfeit driver's licenses, birth certificates, and other documents. Specifically, in 2003 our agents were able to easily enter the United States from Canada and Mexico using fictitious names and counterfeit driver's licenses and birth certificates. Later in 2003 and 2004, we continued to be able to successfully enter the United States using counterfeit identification at land border crossings, but were denied entry on one occasion. In 2006, the results of our work indicated that CBP officers at the nine land border crossings we tested at that time did not detect the counterfeit identification we used. At the time of our review, CBP agreed that its officers were not able to identify all forms of counterfeit identification presented at land border crossings and fully supported the Western Hemisphere Travel Initiative that will require all travelers to present a passport before entering the United States. We did not assess whether this initiative would be effective in preventing terrorists from entering the United States or whether it would fully address the vulnerabilities shown by our work. We have ongoing work assessing the Western Hemisphere Travel Initiative and the use of fraudulent travel documents. For more information, see GAO-07-248; Border Security: Stronger Actions Needed to Assess and Mitigate Risks of the Visa Waiver Program, GAO-06-854; Observations on Efforts to Implement the Western Hemisphere Travel Initiative on the U.S. Border with Canada, GAO-06-741R; Border Security: Consular Identification Cards Accepted within United States, but Consistent Federal Guidance Needed, GAO-04-881; Aviation Security: Efforts to Strengthen International Passenger Prescreening Are Under Way, but Planning and Implementation Issues Remain, GAO-07-346; and Border Security: Continued Weaknesses in Screening Entrants into the United States, GAO-06-976T. DHS updated information: According to updated information provided by DHS, CBP has undertaken a variety of efforts associated with the security of documents used to enter the United States. These efforts include implementation of the Western Hemisphere Travel Initiative in the air environment; enhancements to the Visa Waiver Program; increased access to lost and stolen passport information from multiple sources; introduction of the Fraudulent Documents Analysis Unit, which issues notices to the field regarding detection of fraudulent documents; and training of carrier agents overseas in documentary requirements and fraudulent document detection. With regard to the Western Hemisphere Travel Initiative, since January 23, 2007, all U.S. citizens and nonimmigrant aliens from Canada, Bermuda and Mexico entering the United States from within the Western Hemisphere at air ports of entry are required to present a valid passport. CBP has reported more than 99 percent compliance with these requirements at air ports of entry. DHS stated that the department is working toward implementation of the Western Hemisphere Travel Initiative for travelers entering the United States through land and sea ports of entry, and in June 2007 announced the Notice of Proposed Rulemaking for the land and sea portions. U.S. and Canadian citizens entering the United States from within the Western Hemisphere at land and sea ports currently may make a verbal declaration of citizenship or present a myriad of forms and documents to enter the country such as birth certificates and drivers' licenses. On June 8, 2007, because of delays in processing applications for U.S. passports, U.S. citizens traveling to Canada, Mexico, the Caribbean, and Bermuda who have applied for but not yet received passports can temporarily enter and depart from the United States by air with a government issued photo identification and Department of State official proof of application for a passport through September 30, 2007. With regard to fraudulent documents, CBP reported that it has electronic copies of all U.S.-issued travel and citizenship documents, with the exception of U.S.-issued passports, which CBP is working to gain access to with the Department of State. When travelers apply for admission at a port of entry, CBP officers are to scan the document presented by the travelers to help minimize the risk of photograph substitution on the documents and the use of canceled travel documents. Over 4,400 CBP officers have access to the Department of State Consolidated Consular Database, which allows officers to view unique visa information. During 2006, CBP stated that it provided ports of entry with the highest rate of fraudulent document interceptions with comprehensive document examination workstations to better equip them with the ability to examine questioned documents presented for entry to the United States. According to CBP, workstations have been deployed at 11 ports of entry, where the equipment improves the ability of officers to thoroughly inspect documents to detect forgeries. CBP reported that its Fraudulent Document Analysis Unit received 40,362 fraudulent documents from the ports of entry during fiscal year 2006. Of this number, there were 7,252 passports from 84 countries, the majority of which were issued by Mexico and the United States. CBP also reported that it has deployed ePassport readers to 200 primary inspection lanes at the 33 largest airports to enhance document verification. With regard to lost and stolen passports, DHS reported that it has a real-time interface with the State Department that provides data on all lost or stolen passports reported to the State Department, both United States and foreign. CBP noted that the programs mentioned above are used in conjunction with US-VISIT fingerprinting of non-U.S. citizens and resident aliens to provide a biometric authentication of the document-bearers' identity and verification of documents' validity. With regard to the Immigration Advisory Program, DHS has issued a strategic plan for fiscal years 2007 through 2012. Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has taken actions related to the security of certain documents used to enter the country by, for example, implementing the Western Hemisphere Travel Initiative at air ports of entry. However, we have reported on management challenges faced by DHS with regard to the Western Hemisphere Travel Initiative and, although the requirement for implementing the initiative is not until 2009, we reported that the Departments of Homeland Security and State have a long way to go to implement their proposed plans, and the time to get the job done has been slipping by. We have also reported on risks and challenges faced by DHS with regard to the Visa Waiver Program, such as the timely reporting of stolen passports, and DHS did not provide us with evidence that it has taken actions to fully address these risks and challenges. Furthermore, while DHS has made progress in deploying document examination workstations and ePassport readers to lanes at ports of entry, DHS did not provide us with evidence that it has yet determined proposed locations for deploying additional workstations. In addition, DHS has not yet fully used a risk management approach in implementing its Immigration Advisory Program. Assessment: Generally not achieved. Performance expectation: 9. Provide adequate training for all border related employees; Summary of findings: GAO findings: DHS has taken steps to provide training to border security personnel. In September 2005, we reported that the creation of CBP within DHS merged border inspection functions at U.S. ports of entry, which had previously been performed by three separate agencies. We reported that the "One Face at the Border," initiative created the positions of CBP officer and CBP agriculture specialist and combined aspects of three former inspector functions. CBP created a series of training courses to provide former U.S. Customs and former Immigration and Naturalization Service officers with the knowledge and skills necessary to carry out the responsibilities of this new position. In addition, CBP officers received training to meet CBP's new mission priority of terrorism prevention. Because agricultural inspections were more specialized, CBP officers received training sufficient to enable them to identify potential agricultural threats, make initial regulatory decisions, and determine when to make referrals to CBP agriculture specialists. We reported that CBP emphasized on-the-job training in an effort not to place officers on the job without direct supervisory and tutorial backup. CBP's main strategy to prepare for field delivery of training was to provide extensive train-the-trainer courses so that trainers could return to their field sites and instruct officers there. We reported that change had not come about without challenges, as many officers were reported to have resisted changes to their responsibilities, mainly related to the difficulties in learning a new set of procedures and laws. Officials noted that there has been an enormous amount of required training for CBP officers, and it could sometimes be overwhelming. For former officers, in addition to completing an extensive cross-training schedule and new training related to terrorism prevention, there were many other required courses related to their mission. We reported that although staffing challenges may ultimately have been relieved with trained officers able to perform dual inspections, officials noted that it had been extremely difficult to take staff off-line to complete the "One Face at the Border" training. In March 2007, we reported that Border Patrol's basic training program exhibited attributes of an effective training program. However, we also reported while Border Patrol officials were confident that the academy could accommodate the large influx of new trainees anticipated over the next 2 years, they have expressed concerns over the sectors' ability to provide sufficient field training. For example, officials were concerned with having a sufficient number of experienced agents available in the sectors to serve as field training officers and first-line supervisors. We reported that the Border Patrol is considering several alternatives to improve the efficiency of basic training delivery and to return agents to the sectors more quickly. For example, the Border Patrol is pilot-testing a proficiency test for Spanish that will allow those who pass the test to shorten their time at the academy by about 30 days. However, we concluded that the Border Patrol's plan to hire an unprecedented number of new agents over the next 2 years could strain the sectors' ability to provide adequate supervision and training. Moreover, the field training new agents receive has not been consistent from sector to sector, a fact that has implications for how well agents perform their duties. To ensure that these new agents become proficient in the safe, effective, and ethical performance of their duties, it will be extremely important that new agents have the appropriate level of supervision and that the Border Patrol has a standardized field training program. For more information, see Department of Homeland Security: Strategic Management of Training Important for Successful Transformation, GAO-05-888 and Homeland Security: Information on Training New Border Patrol Agents, GAO-07- 540R. DHS updated information: In May 2007, DHS provided us with updated information on its efforts to provide training for border security personnel. Specifically, CBP reported that it has implemented a plan to hire and train 3,900 Border Patrol agents in fiscal year 2007; 4,800 agents in fiscal year 2008; and 850 agents in the first quarter of fiscal year 2009. CBP, working with the Federal Law Enforcement Training Center, reported making various modifications to the Border Patrol basic training program to accommodate the volume of new trainees. CBP also reported that it is designing its post-Academy training to align with the new Academy program and to use the 2-year Federal Career Intern Program. In addition, CBP has an annual call for training and uses a National Training Plan and a Training Advisory Board to determine ongoing basic and advanced training requirements. Post-Academy training for Border Patrol Agents includes a structured academic program with two pass or fail probationary exams, and Border Patrol local offices provide agents with area-specific training through the Border Patrol Field Training Program. Post-Academy training for CBP officers working at ports of entry feature classroom, online, and on- the-job experiences linked to the job that the individual CBP officer will perform in his or her home duty post. According to CBP, CBP provides in-depth, task-based training to CBP officers that address tasks that the CBP officer will be called on to perform. In addition, CBP provides "cross-training" to officers from the former U.S. Immigration and Naturalization Service or Customs Services based on operational requirements. Our assessment: We conclude that DHS has generally achieved this performance expectation. CBP has established and implemented programs for training its border security personnel. With regard to basic training, we previously reported that Border Patrol's basic training program exhibited attributes of an effective training program. CBP also uses a National Training Plan and a Training Advisory Board to determine training requirements. However, in prior work we reported on various challenges in CBP's provision and adequacy of field-based training. For example, with regard to Border Patrol agents, we reported that the field training new agents receive has not been consistent from sector to sector, which has implications for how well agents perform their duties. In addition, we identified concerns regarding CBP's capacity to provide training to the projected large influx of new Border Patrol agents over the next 2 years. Assessment: Generally achieved. Performance expectation: 10. Develop staffing plans for hiring and allocating human capital resources to fulfill the agency's border security mission. Summary of findings: GAO findings: CBP has taken actions to develop staffing plans for hiring and allocating human capital resources to fulfill the agency's border security mission. In July 2005 we reported that CBP had taken steps to increase management flexibility in assigning staff to inspection functions and improve staff allocation in an effort to minimize passenger wait times and ensure the most efficient use of existing staff at airports. We reported that CBP had introduced its "One Face at the Border" program to increase staffing flexibility so that staff could conduct different types of inspections within airports. We also reported that CBP was developing a national staffing model to more systematically allocate existing staff levels at airports nationwide, however, the model did not address weaknesses identified in Customs' and U.S. Immigration and Naturalization Service's staffing models in our and the Department of Justice Inspector General's previous audit work. In February 2006, we reported that for program acquisitions like the America's Shield Initiative to be successful, DHS needed to, among other things, have adequate staff to fill positions that have clearly defined roles and responsibilities and that it had not fully staffed the America's Shield Initiative program office. One criticism we had of the former U.S. Immigration and Naturalization Service was that because of staffing shortages, mission staff often had to assume administrative or other functions as a collateral duty. One effect of assigning mission staff to administrative work was that they were not spending all of their time on duties needed to accomplish the program's mission and thus were not reaching the full potential of the program position. In 2005 we found that this was a problem in some offices. Some officials we contacted in CBP said they had to use mission staff in this way because they did not have enough administrative support to compensate for the realignment of administrative staff to shared services, the addition of mission personnel that came as a result of mergers of some programs in the transition, and hiring freezes. As a result, officers, adjudicators, and investigators in some field offices were taking on administrative work full-time or as a collateral duty. For more information, see GAO- 06-295 and Homeland Security: Management Challenges Remain in Transforming Immigration Programs, GAO-05-81. DHS updated information: In May 2007, DHS provided us with data on CBP's fiscal year 2007 hiring projections and documentation of its staffing models for various positions within CBP, such as CBP officers and Border Patrol agents. Information on these staffing models is sensitive; Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed staffing models and plans for border security personnel. Assessment: Generally achieved. Performance expectation: 11. Ensure adequate infrastructure and facilities. Summary of findings: GAO findings: DHS has not yet satisfactorily ensured that CBP inspectors and Border Patrol have adequate infrastructure and facilities to support their activities. CBP Field Operations maintains programs at 20 field operations offices and 327 ports of entry, of which 15 are pre-clearance stations in Canada and the Caribbean. Border Patrol agents are assigned to patrol more than 6,000 miles of the nation's land borders and are coordinated through 20 sectors. CBP's facilities and tactical infrastructure portfolio consisted of CBP-owned and leased facilities and real estate; temporary structures, such as modular buildings for rapid deployment and temporary base camps; and other tactical infrastructure, such as fences, lights, and barriers. Additionally, CBP owned and maintained a motor vehicle fleet; a variety of aircraft including fixed wing aircraft, helicopters, and unmanned aerial vehicles; and different types of marine vessels such as hovercrafts, airboats, and high-speed interceptors. Further, the agency acquired different types of scanning and detection equipment, such as large-scale x-ray and gamma-imaging systems, nuclear and radiological detection equipment, as well as a variety of portable and hand-held devices. In February 2007, we reported that CBP's capital planning process was evolving and not yet mature. Although the agency has established a review and approval framework that required documentation to (1) describe how a proposed capital project supports the agency's strategic goals and (2) identify the mission need and gap between current and required capabilities, we were unable to verify implementation of these practices due to a lack of non-information technology examples. Additionally, we reported that CBP has not developed a comprehensive, agencywide, long-term capital plan, although it produced several documents that included some elements of such a plan. For land ports of entry, CBP implemented a capital investment planning process to ensure that facility and real property funding is allocated in a manner that supports critical facility projects. CBP piloted the capital investment planning process and the strategic resource assessments on the land port of entry. In December 2006, we reported that with regard to US-VISIT going forward, DHS plans to introduce changes and enhancements to US-VISIT at land ports of entry, including a transition from digitally scanning 2 fingerprints to 10. While such changes are intended to further enhance border security, deploying them may have an impact on aging and space- constrained land ports of entry facilities because they could increase inspection times and adversely affect port of entry operations. Moreover, our previous work showed that the US-VISIT program office had not taken necessary steps to help ensure that US-VISIT entry capability operates as intended. For example, in February 2006 we reported that the approach taken by the US-VISIT program office to evaluate the impact of US-VISIT on land port of entry facilities focused on changes in I-94 processing time at 5 ports of entry and did not examine other operational factors, such as US-VISIT's impact on physical facilities or work force requirements. As a result, program officials did not always have the information they needed to anticipate problems that occurred, such as problems processing high volumes of visitors in space constrained facilities. For more information please see GAO-07-248 and Federal Capital: Three Entities' Implementation of Capital Planning Principles is Mixed. GAO-07-274. DHS updated information: In May 2007, DHS provided updated information outlining steps it has and is taking to improve land ports of entry inspection and Border Patrol facilities so they effectively meet mission requirements. CBP plans to extend the methodology piloted on land ports of entry to air and sea ports of entry by the end of 2007. According to DHS, its fiscal year 2007 to 2011 Construction Spending Plan includes a rapid response component to address urgent facility requirements for the 6,000 new Border Patrol agents who will be deployed between fiscal year 2007 and December 2008 as well as the existing facility gap for 3,400 currently deployed agents. According to DHS, the focus of the rapid response effort is the Border Patrol Stations, which will accommodate the vast majority of new agents. Border Patrol sector headquarters, checkpoints, horse stables, and remote processing facilities are included in CBP's investment strategy, but not in the rapid response solutions since they are minimally affected by the increase in deployment. Our assessment: We conclude that DHS has generally not achieved this performance expectation. According to DHS, there is an existing facility gap for 3,400 currently deployed Border Patrol agents, and although DHS is planning a rapid response to a legislative mandate requiring a large staffing increase by the end of 2008, DHS has not yet sufficiently increased infrastructure and facilities. Furthermore, as we previously reported, DHS's capital investment planning process is not yet mature and has only been piloted at the land ports of entry. In addition, with regard to US-VISIT, we reported on various infrastructure-related difficulties which could affect effective implementation of the program. Assessment: Generally not achieved. Performance expectation: 12. Leverage technology, personnel, and information to secure the border. Summary of findings: GAO and DHS IG findings: DHS has worked to leverage its resources to secure the border, but has faced challenges in doing so. For example, CBP's Interagency Border Inspection System has sought to improve screening of travelers entering the United States at ports of entry by utilizing terrorist information that the National Terrorist Screening Center gathers and consolidates. The DHS IG reported, though, that the name-based watch lists that this system utilizes had been prone to repeated false hits for the same individual on different trips, a situation that results in CBP officers conducting secondary inspections of the travelers every time they enter the United States, an inefficient use of the officers' time. In addition, in December 2006 we reported that DHS has not yet articulated how US-VISIT is to strategically fit with other land-border security initiatives and mandates, and thus cannot ensure that these programs work in harmony to meet mission goals and operate cost effectively. We noted that agency programs need to properly fit within a common strategic context governing key aspects of program operations, such as what functions are to be performed, what facility or infrastructure changes will be needed to ensure that they operate in harmony and as intended, and what standards govern the use of technology. We reported that until decisions on DHS's border security initiatives are made, it remains unclear how programs will be integrated with US-VISIT, if at all-- raising the possibility that CBP would be faced with managing differing technology platforms and border inspection processes at each land port of entry. We reported that knowing how US-VISIT is to work in concert with other border security and homeland security initiatives and what facility or facility modifications might be needed could help Congress, DHS, and others better understand what resources and tools are needed to ensure success. For more information, see GAO-07-248 and Terrorist Watch List Screening: Efforts to Help Reduce Adverse Effects on the Public, GAO-06-1031. Also, see Department of Homeland Security Office of Inspector General, Review of CBP Actions Taken to Intercept Suspected Terrorists at U.S. Ports of Entry, OIG-06-43 (Washington, D.C.: June 2006). DHS updated information: In April 2007, DHS reported that its interagency Border Inspection System and US-VISIT are well integrated at air, sea and land border ports. According to CBP, CBP officers at these ports of entry are able to screen travelers against both biographic and biometric watch lists in addition to verifying identities and travel documents. CBP reported that false hits on watch lists have been addressed with an enhancement that allows port personnel to identify the subjects if false hits in the system to prevent hits on subsequent trips. US-VISIT and other border and port systems utilize the same architecture and infrastructure to minimize costs and promote information sharing. Additionally, DHS stated that the Secure Border Initiative Strategic Plan is bringing clarity of mission, effective coordination of DHS assets, and greater accountability to the work of DHS in securing the nation's borders. Moreover, according to DHS, Operation Streamline, launched in December 2005, is a coordinated effort among CBP, ICE, and the Department of Justice to create a zero tolerance zone for illegal entries in the Del Rio Office of Border Patrol sector. Beginning with a 5 mile stretch of the border, Operation Streamline now spans the entire 210 mile Del Rio Sector Border. Our assessment: We conclude that DHS has generally not achieved this performance expectation. Although DHS has taken some actions to leverage technology, personnel, and information to secure the border, such as using watch lists, more work remains. For example, it is still unclear how US-VISIT will work with other border security initiatives, including the Secure Border Initiative. While the Secure Border Strategic Plan provides some information on how the various border security initiatives relate, the plan does not fully describe how these initiatives will interact once implemented. In addition, the further development and implementation of SBInet will be key to DHS efforts in achieving this performance expectation, but SBInet is still in the early phases of implementation. Assessment: Generally not achieved. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [A] In addition to DHS, other agencies, such as the Department of Justice, have a role to play in developing a strategy to detect and interdict illegal flows of goods in the country. This performance expectation is focused on DHS's roles and responsibilities in developing a strategy for detecting and interdicting illegal flows of goods into the United States. [B] In addition to DHS, other agencies, such as the Department of Justice, have a role to play in detecting and interdicting illegal flows of goods in the country. This performance expectation is focused on DHS's roles and responsibilities in implementing a strategy for detecting and interdicting illegal flows of goods into the United States. We address cargo security in the context of maritime security in a later section of this report. [C] We address those programs related to maritime cargo security, for example the Customs-Trade Partnership Against Terrorism and the Container Security Initiative, in a later section of this report. [D] In addition to DHS, other agencies, such as the Department of State, have a role to play in implementing effective security measures in the visa issuance process. This performance expectation is focused on DHS's roles and responsibilities in implementing effective security measures in the visa issuance process--namely the Visa Security Program. [E] Other agencies, such as the Department of State, have responsibilities for enhancing the security of documents used to enter the United States. [End of table] DHS Has Made Moderate Progress in Immigration Enforcement: DHS is responsible for enforcing U.S. immigration laws. Immigration enforcement includes apprehending, detaining, and removing criminal and illegal aliens; disrupting and dismantling organized smuggling of humans and contraband as well as human trafficking; investigating and prosecuting those who engage in benefit and document fraud; blocking and removing employers' access to undocumented workers; and enforcing compliance with programs to monitor visitors. Within DHS, ICE is primarily responsible for immigration enforcement efforts. In particular, ICE's Office of Investigations is responsible for enforcing immigration and customs laws and its Office of Detention and Removal Operations is responsible for processing, detaining, and removing aliens subject to removal from the United States. As shown in table 18, we identified 16 performance expectations for DHS in the area of immigration enforcement, and we found that overall DHS has made moderate progress in meeting those expectations.[Footnote 23] Specifically, we found that DHS has generally achieved 8 of the performance expectations and has generally not achieved 4 other performance expectations.[Footnote 24] For 4 performance expectations, we could not make an assessment. In meeting its performance expectations, ICE faced budget constraints that significantly affected its overall operations during fiscal year 2004. For example, ICE was faced with a hiring freeze in fiscal year 2004 that affected its ability to recruit, hire, and train personnel. Over the past 2 years, ICE has reported taking actions to strengthen its immigration enforcement functions and has, for example, hired and trained additional personnel to help fulfill the agency's mission. Table 18: Performance Expectations and Progress Made in Immigration Enforcement: Performance expectation: 1. Develop a program to ensure the timely identification and removal of noncriminal aliens subject to removal from the United States. Assessment: Generally achieved. Performance expectation: 2. Implement a program to ensure the timely identification and removal of noncriminal aliens subject to removal from the United States. Assessment: Generally not achieved. Performance expectation: 3. Ensure the removal of criminal aliens. Assessment: Generally not achieved. Performance expectation: 4. Assess and prioritize the use of alien detention resources to prevent the release of aliens subject to removal. Assessment: Generally achieved. Performance expectation: 5. Develop a program to allow for the secure alternative detention of noncriminal aliens. Assessment: Generally achieved. Performance expectation: 6. Implement a program to allow for the secure alternative detention of noncriminal aliens. Assessment: No assessment made. Performance expectation: 7. Develop a prioritized worksite enforcement strategy to ensure that only authorized workers are employed. Assessment: Generally achieved. Performance expectation: 8. Implement a prioritized worksite enforcement strategy to ensure that only authorized workers are employed. Assessment: Generally not achieved. Performance expectation: 9. Develop a comprehensive strategy to interdict and prevent trafficking and smuggling of aliens into the United States. Assessment: Generally achieved. Performance expectation: 10. Implement a comprehensive strategy to interdict and prevent trafficking and smuggling of aliens into the United States. Assessment: Generally not achieved. Performance expectation: 11. Develop a law enforcement strategy to combat criminal alien gangs in the United States and cross-border criminal activity. Assessment: Generally achieved. Performance expectation: 12. Implement a law enforcement strategy to combat criminal alien gangs in the United States and cross-border criminal activity. Assessment: No assessment made. Performance expectation: 13. Disrupt and dismantle mechanisms for money laundering and financial crimes. Assessment: No assessment made. Performance expectation: 14. Develop a program to screen and respond to local law enforcement and community complaints about aliens who many be subject to removal. Assessment: Generally achieved. Performance expectation: 15. Develop staffing plans for hiring and allocating human capital resources to fulfill the agency's immigration enforcement mission. Assessment: Generally achieved. Performance expectation: 16. Provide training, including foreign language training, and equipment for all immigration enforcement personnel to fulfill the agency's mission. Assessment: No assessment made. Performance expectation: Total; Assessment: Generally achieved: 8; Assessment: Generally not achieved: 4; Assessment: No assessment made: 4. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [End of table] Table 19 provides more detailed information on the progress that DHS has made in taking actions to achieve each performance expectation in the area of immigration enforcement and our assessment of whether DHS has taken steps to satisfy most of the key elements of the performance expectation (generally achieved) or has not taken steps to satisfy most of the performance expectation's key elements (generally not achieved). Table 19: Performance Expectations and Assessment of DHS Progress in Immigration Enforcement: Performance expectation: 1. Develop a program to ensure the timely identification and removal of noncriminal aliens subject to removal from the United States. Summary of findings: GAO and DHS IG findings: DHS has taken actions to develop programs to help ensure the timely identification and removal of noncriminal aliens subject to removal from the United States. In June 2003, ICE established the Compliance Enforcement Unit to reduce the number of aliens who had violated the terms of certain types of visas and were residing in the United States. According to the DHS IG, the National Security Entry-Exit Registration System, the Student and Exchange Visitor System, and the United States Visitor and Immigrant Status Indicator Technology identify visa violators. These three systems are designed to track a specific segment of the nonimmigrant population and provide ICE with information concerning visa overstays. The DHS IG reported that when compliance violations were identified, enforcement actions must identify, locate, and apprehend violators. Once apprehended, violators must be detained, adjudicated, and removed. We have ongoing work assessing DHS guidelines for removing aliens from the United States who are subject to removal. For more information, see Department of Homeland Security Office of Inspector General, Review of the Immigration and Customs Enforcement's Compliance Enforcement Unit, OIG-05-50 (Washington, D.C: September 2005); Detention and Removal of Illegal Aliens, OIG-06-33 (Washington, D.C.: April 2006); An Assessment of United States Immigration and Customs Enforcement's Fugitive Operations Teams, OIG-07-34 (Washington, D.C.: March 2007); and Review of U.S. ICE's Detainee Tracking Process, OIG-07-08 (Washington, D.C.: November 2006). DHS updated information: In March, April, and May 2007, ICE provided updated information on its efforts to ensure the timely identification and removal of aliens subject to removal from the United States. ICE established the National Fugitive Operations Program in fiscal year 2003 to reduce the number of fugitive aliens in the United States and established the Fugitive Operations Support Center in June 2006 to aid in accounting for and reporting on the U.S. fugitive alien population, reviewing cases in ICE's Deportable Alien Control System, developing targeted field operational initiatives, assessing national absconder data, and providing comprehensive leads and other support to field offices. ICE reported establishing fiscal year goals for the Fugitive Operations Teams located throughout its field offices. Each field office, based on the number of teams located within its area of operational responsibility, is expected to arrest 1,000 fugitive targets and targets' associates. Furthermore, the Fugitive Operations Support Center has a goal of eliminating another 26,000 fugitive cases annually as a result of data integrity updates to ICE's Deportable Alien Control System. Our assessment: We conclude that DHS has generally achieved this performance expectation as DHS has taken actions to develop a program to ensure the timely identification and removal of aliens subject to removal from the United States. Assessment: Generally achieved. Performance expectation: 2. Implement a program to ensure the timely identification and removal of noncriminal aliens subject to removal from the United States. Summary of findings: GAO and DHS IG findings: Various factors have affected DHS's efforts to identify and remove noncriminal aliens subject to removal from the United States in a timely manner. According to the DHS IG, in recent years the number of "other than Mexican" aliens that DHS has apprehended has been rising, and such aliens have consumed more ICE resources because they cannot simply be returned over the border. In April 2006, the DHS IG found that Detention and Removal Operations was unable to ensure the departure from the United States of all removable aliens. In April 2006, the DHS IG reported that of the 774,112 illegal aliens apprehended during the prior 3 years, 280,987 (36 percent) were released largely due to a lack of personnel, bed space, and funding needed to detain illegal aliens while their immigration status was being adjudicated. The DHS IG noted that their release presented a significant risk due to the inability of CBP and ICE to verify the identity, country of origin, and terrorist or criminal affiliation of many of the aliens being released. Further, the DHS IG reported that the declining personnel and bed space level was occurring when the number of illegal aliens apprehended was increasing. The DHS IG stated that even though the Detention and Removal Operations had received additional funding and enhanced its Fugitive Operations Program, it was unlikely that many of the released aliens would ever be removed. ICE has encountered trouble deporting other than Mexican aliens because it has to first obtain travel documents from the aliens' countries of origin in order to repatriate them, and some countries have been unwilling to issue these documents. The DHS IG found that this unwillingness on the part of the countries of origin to issue travel documents created a "mini-amnesty" program for some aliens and also encouraged aliens to enter the United States illegally if they knew that their countries did not cooperate. DHS reported that it was working with the Department of State to address travel documents and related issues preventing or impeding the repatriation of aliens, particularly to Central and South American countries. However, the DHS IG reported that these efforts had yet to fully address the potential national security and public safety risks associated with DHS's inability to remove tens of thousands of illegal aliens. In addition, in March 2007, the DHS IG reported on DHS's National Fugitive Operations Program. The purpose of the program is to identify, locate, apprehend, and remove aliens--both criminal and noncriminal--who have unexecuted final orders of removal. This program analyzes data contained in various systems, such as the Student and Exchange Visitor Information System that contains information on international students and exchange visitors, to identify those who may have violated their terms of entry or who might otherwise pose a threat to national security. The DHS IG found that the backlog of fugitive aliens increased despite Fugitive Operation Teams' efforts and that the teams' efforts were hampered by insufficient detention capacity; database limitations; and inadequate working space. Additionally, the DHS IG reported that the removal rate of fugitive aliens apprehended by the teams could not be determined. The DHS IG noted that progress had been made in staffing the teams and that the teams had effective partnerships with federal, state, and local agencies. We have ongoing work assessing DHS guidelines for removing aliens from the United States who are subject to removal. For more information, see Department of Homeland Security Office of Inspector General, Detention and Removal of Illegal Aliens, OIG-06-33 (Washington, D.C.: April 2006); An Assessment of United States Immigration and Customs Enforcement's Fugitive Operations Teams, OIG-07-34 (Washington, D.C.: March 2007); and Review of U.S. ICE's Detainee Tracking Process, OIG-07-08 (Washington, D.C.: November 2006). DHS updated information: In March, April, and May 2007, ICE provided data on the results of its efforts to implement a program to ensure the timely identification and removal of aliens subject to removal from the United States. According to DHS, under the Secure Border Initiative, DHS has ended "catch and release" of non-Mexican nationals apprehended at or near U.S. borders. DHS stated that it remains committed to a "catch and return" regime, ensuring that no alien is released due to lack of detention capacity in fiscal years 2006 and 2007. DHS also reported that the average length of time spent in detention by an alien during removal proceedings has generally decreased from about 41.5 days in fiscal year 2002 to about 33.7 days as of August 31, 2006. However, ICE reported that during the first 5 months of fiscal year 2007, the average length of stay increased to 38.5 days. ICE officials noted that various factors can affect the average length of stay, such as the unwillingness of foreign countries to issue travel documents and the type of proceeding in which an alien is placed (e.g., expedited removal or a full hearing).[A] ICE also stated that increased use of electronic travel documents and video teleconferencing have helped reduce delays that have contributed to longer periods of detention. ICE officials noted that decisions by foreign countries to refuse or delay issuance of travel documents are outside the control of DHS, and ICE has stationed a full-time liaison officer at the Department of State to help improve relations with the Department of State and foreign countries. ICE reported that it has improved relations with Central American countries in particular regarding the issuance of travel documents and noted, for example, that El Salvador, Guatemala, and Honduras--which are among the countries with the highest number of removals from the United States--have agreed to use ICE's Electronic Travel Document System. With regard to its National Fugitive Operations Program, ICE reported that at the end of fiscal year 2006, it had deployed 50 Fugitive Operations Teams nationwide and noted that 75 such teams have been fully funded for fiscal year 2007. Additional information reported by ICE on its effort to identify and remove criminal aliens from the United States is provided under the next performance expectation; Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has undertaken efforts to ensure the timely identification of aliens subject to removal from the United States and provided us with data on its efforts, including data on the number of removable aliens arrested. DHS also provided us with data on the average length of time spent in detention by aliens during removal proceedings. While the average length of stay has generally decreased over time, DHS still faces difficulties in ensuring the removal of all aliens subject to removal from the United States in a timely manner. First, the average length of stay for an alien in detention between October 2006 and the end of February 2007 has increased from the fiscal year 2006 level; it remains to be seen whether the average of length of stay in fiscal year 2007 will increase, decrease, or stay the same as the fiscal year 2006 level. Second, the DHS IG reported that DHS has faced difficulties in removing aliens from the United States because of the unwillingness of some countries to provide the necessary travel documents, a circumstance that may be outside of DHS's control but that DHS has implemented efforts to help address, such as negotiating memoranda of understanding with foreign countries. DHS has finalized memorandum of understanding with three countries, and is working with other countries to expand use of the Electronic Travel Document System. Nevertheless, as previously suggested by the DHS IG, these efforts may not yet fully address the potential national security and public safety risks associated with DHS's inability to remove tens of thousands of illegal aliens. Third, DHS has faced challenges in identifying aliens for removal from the United States and, according to the DHS IG, the fugitive alien population appears to be growing at a rate that exceeds Fugitive Operations Teams' ability to apprehend. Assessment: Generally not achieved. Performance expectation: 3. Ensure the removal of criminal aliens. Summary of findings: GAO and DHS IG findings: Our work and the DHS IG's work have shown that DHS has faced difficulties in its efforts to ensure the removal of criminal aliens from the United States. In October 2004 we reported that although the legacy U.S. Immigration and Naturalization Service was to identify and remove criminal aliens as they came out of federal and state prison systems, it had failed to identify all removable imprisoned criminal aliens. Some who were released from prison committed and were convicted of new felonies. At that time, ICE Detention and Removal Operations officials, who took over the program from the Immigration and Naturalization Service, stated that they were taking steps to ensure the departure of all removable aliens. For example, they established fugitive operations teams. In April 2006, the DHS IG also reported that the expansion of the Criminal Alien Program, which identifies and processes criminal aliens incarcerated in federal, state, and local correctional institutions and jails who have no legal right to remain in the United States after serving out their sentence, would create more demands for the Detention and Removal Operations to detain, process, and remove illegal aliens. The DHS IG concluded that DHS and ICE needed to ensure that any planned increase in the Detention and Removal Operations' ability to identify and remove criminal aliens be accompanied by a comparable increase in support personnel, detention bed space, equipment, infrastructure, and funding to ensure the timely removal of criminal aliens from the United States. Besides the lack of bed space, the DHS IG reported that the Detention and Removal Operations' ability to detain and remove illegal aliens with final orders of removal was affected by (1) the propensity of illegal aliens to disobey orders to appear in immigration court; (2) the penchant of released illegal aliens with final orders to abscond; (3) the practice of some countries to block or inhibit the repatriation of its citizens; and (4) two U.S. Supreme Court decisions that mandate the release of criminal and other high-risk aliens 180 days after the issuance of the final removal order except in "Special Circumstances." The DHS IG reported that, collectively, the bed space, personnel, and funding shortages, coupled with the other factors, had created an unofficial "mini-amnesty" program for criminal and other high-risk aliens. For more information, see Immigration Enforcement: DHS Has Incorporated Immigration Enforcement Objectives and Is Addressing Future Planning Requirements, GAO-05-66. Also, see Department of Homeland Security Office of Inspector General, Detention and Removal of Illegal Aliens, OIG-06-33 (Washington, D.C.: April 2006); An Assessment of United States Immigration and Customs Enforcement's Fugitive Operations Teams, OIG- 07-34 (Washington, D.C.: March 2007); and Review of U.S. ICE's Detainee Tracking Process, OIG-07-08 (Washington, D.C.: November 2006); DHS updated information: During March, April, and May 2007, ICE provided updated information on its efforts to ensure the removal of criminal aliens from the United States. According to ICE, there are no data on the universe of aliens incarcerated in state and local jails who are amenable to removal proceedings. This is because prisons and jails utilize independent booking software that tracks place of birth in different ways. Additionally, information on place of birth is not sufficient to determine whether an individual is an alien subject to removal from the United States. According to ICE, while it does not know the exact number of incarcerated criminal aliens subject to removal at this time, there are approximately 158,000 incarcerated criminal aliens with immigration detainers within the Enforcement Operational Immigration Records system, ICE's administrative case management system. In June 2006 and in support of its Criminal Alien Program, ICE established the National Detection Enforcement and Processing Offenders by Remote Technology Center in Chicago, Illinois to help in the screening, interviewing, and removal processing of criminal aliens in federal detention facilities throughout the United States to help ensure that these criminal aliens are deported rather than released into the community upon completion of their federal sentences. ICE reported that this center has screened more than 9,200 incarcerated criminal aliens, issued nearly 7,000 charging documents, and located nearly 1,000 alien absconders. Moreover, ICE reported that it has finalized agreements with nine local law enforcement agencies to work with these agencies to take into custody and remove aliens convicted of crimes at the state and local level. Using these partnerships and other measures, ICE reported that as of March 2007, its Criminal Alien Program has provided coverage for 1,674 of the 4,828 federal, state, and local jails and prisons nationwide, including for all 114 Bureau of Prisons federal detention facilities. ICE reported that for fiscal year 2007 it has set a target of removing 90,000 aliens from U.S. prisons and jails and, for fiscal year 2007, is on pace to double the approximately 60,000 charging documents it issued through the Criminal Alien Program in fiscal year 2006. ICE plans to expand coverage of the Criminal Alien Program to 3,400 covered facilities by fiscal year 2009. According to ICE, each Criminal Alien Program team is expected to process 1,800 new administrative cases per year. ICE also reported that from October 1, 2006, through March 31, 2007, it has removed more than 17,000 Bureau of Prison non-U.S. citizen inmates. If the bureau releases a similar number in fiscal year 2007 as it released in fiscal year 2006 (about 26,600, according to ICE), ICE reported that it is on track to remove all removable aliens released from the Bureau of Prisons in fiscal year 2007. Overall, ICE projects that in fiscal year 2007, it will process for removal more than 120,000 removable aliens located in prisons and jails nationwide; Our assessment: We conclude that DHS has generally not achieved this performance expectation. Although DHS has made progress in removing criminal aliens from the United States, much more work remains. For example, DHS has taken actions to expand its Criminal Alien Program to remove criminal aliens subject to removal from the United States after they complete their sentences in federal, state, and local correctional institutions and jails. However, ICE has not yet expanded the Criminal Alien Program or taken actions to ensure coverage of all federal, state, and local correctional institutions and jails. ICE has reached agreements with only nine local law enforcement agencies to remove aliens convicted of crimes at the state or local level. As a result, ICE may not be able to fully ensure the removal of criminal aliens from facilities that are not covered through the Criminal Alien Program or agreements with local law enforcement agencies. Moreover, the DHS IG reported that ICE faces a variety of challenges in its efforts to expand the Criminal Alien Program, and DHS did not provide us with evidence that it has yet addressed these challenges; Assessment: Generally not achieved. Performance expectation: 4. Assess and prioritize the use of alien detention resources to prevent the release of aliens subject to removal; Summary of findings: GAO and DHS IG findings: DHS has taken actions to assess and prioritize use of alien detention and removal resources. In November 2005, the DHS IG reported that the separation of CBP's apprehension components from Detention and Removal Operations created challenges in national coordination because the two are part of different agencies that pursued different sets of priorities and each has its own planning process. The DHS IG noted that Detention and Removal Operations prepared detention bed space and staff needs projections without the benefit of CBP apprehension and arrest projections, while CBP developed its future apprehension initiatives without the benefit of insight into Detention and Removal Operations' future processing capability. In an effort to achieve better efficiency and effectiveness, ICE and CBP negotiated a memorandum of understanding between Border Patrol agents and ICE investigators, although employees of both agencies noted persisting coordination problems in the apprehension and detention process. Other factors that increased the number of aliens that the Detention and Removal Operations have detained include the rising number of aliens that require mandatory detention and Detention and Removal Operations' improved ability to identify criminal aliens who are incarcerated in correctional institutions and jails and who will be subject to removal upon release from jail. The DHS IG also found that ICE has worked to improve strategic planning for detention resources, and the ICE Detention and Removal Operations issued a strategic plan in 2003 called "Endgame." This plan includes specific objectives for optimizing the means for detaining illegal aliens, including (1) ensuring sufficient and appropriate bed space is available based on detention category, characteristic, and condition of release; (2) enhancing partnerships with other federal detention agencies for better use of their resources, to include facilities and training; and (3) developing a National Custody Management Plan promoting the effective utilization of available bed space and alternative detention settings. The plan identified several significant challenges, many beyond DHS's control, including the number of aliens to remove, limited resources, political will, foreign governments, and nonremovable aliens. The DHS IG reported that, for these reasons, DHS needed to intensify its efforts to provide ICE with the resources and interagency support needed to overcome these challenges. For more information, see Department of Homeland Security Office of Inspector General, An Assessment of the Proposal to Merge Customs and Border Protection with Immigration and Customs Enforcement, OIG-06-04 (Washington, D.C.: November 2005); ICE's Compliance with Detention Limits for Aliens with a Final Order of Removal from the United States, OIG-07-28 (Washington, D.C.: February 2007); Treatment of Immigration Detainees Housed at Immigration and Customs Enforcement Facilities, OIG-07-01 (Washington, D.C.: December 2006); Review of U.S. ICE's Detainee Tracking Process, OIG-07-08 (Washington, D.C.: November 2006); and Detention and Removal of Illegal Aliens, OIG-06-33 (Washington, D.C.: April 2006). DHS updated information: In March 2007, ICE provided updated information on efforts to assess and prioritize use of alien detention and removal resources. According to ICE, successful enforcement strategies and the requirement to manage within ICE's operational budget have resulted in a situation where Detention and Removal Operations has exceeded its funded bed space level and therefore must apply rigorous criteria to determine which apprehended aliens are detained. According to DHS, ICE detains all aliens who pose a threat to community safety or national security, and those required to be detained under the nation's immigration laws. In fiscal year 2006, ICE added 7,000 beds in facilities along the southern border, and in the first quarter of fiscal year 2007 added 2,000 beds. In order to ensure the availability of bed space in the future, ICE introduced a formal capacity planning program designed to provide advance notice of future bed space requirements and collaborated with apprehending entities to obtain apprehension forecasts to project short and long term needs. The Detention Operations Coordination Center, established in July 2006, coordinates the transfer of detainees from field offices with a shortage of detention space to those with available beds. ICE also reported that the detainee transportation system has been restructured to increase in-flight service routes for longer, more cost effective flights. ICE reported that as it creates models to determine detention capacity needs, Detention and Removal Operations is taking account of the capacity needs of CBP and ICE and is working with the U.S. Bureau of Prisons, U.S. Citizenship and Immigration Services, and the Departments of Justice and State to develop a more efficient detention and removal system. Our assessment: We conclude that DHS has generally achieved this performance expectation. While the availability of detention space depends on resources, DHS has taken actions to assess and prioritize the use of alien detention resources to prevent the release of aliens subject to removal by increasing bed space, relocating detainees, and better coordinating with relevant agencies. DHS has also taken actions to develop and implement a capacity planning program to identify future bed space requirements and has established priorities for bed space needs. Assessment: Generally achieved. Performance expectation: 5. Develop a program to allow for the secure alternative detention of noncriminal aliens. Summary of findings: GAO findings: DHS has made progress in developing programs to allow secure alternatives to detention. In October 2004, we reported that Detention and Removal Operations planned to use the results of its pilot programs (e.g., electronic monitoring and home visits of nondetained aliens) to determine which efforts intended to prevent nondetained aliens from fleeing while in immigration proceedings would merit additional funding. DHS updated information: In March 2007, ICE provided updated information on its Intensive Supervision Appearance Program and its Electronic Monitoring Program. According to ICE, under the Intensive Supervision Appearance Program, established in June 2004 and only available to aliens not subject to mandatory detention, all participants must agree to comply with the conditions of their release. Case specialists are then assigned a limited caseload of participants and are responsible for monitoring those participants in the community by using tools such as electronic monitoring (bracelets), home visits, work visits, and reporting by telephone. The Electronic Monitoring Program is a reporting and case management tool for aliens released from custody that utilizes telephone reporting and electronic devices, such as radio frequency and Global Positioning System technology, to identify a nondetained alien's location and help ensure the alien's appearance at scheduled hearings and, as appropriate, the alien's scheduled removal. Last, DHS is conducting research on piloting a program that would utilize a kiosk-type hardware like the US-VISIT program to which an alien could report monthly. Instead of reporting to a deportation officer, the alien would scan his fingerprint and have his photo taken at the kiosk, which would be linked to appropriate databases. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed two programs that allow for the secure alternative detention of noncriminal aliens--the Intensive Supervision Appearance program and the Electronic Monitoring Program-- and is exploring other alternatives to detention for noncriminal aliens. Assessment: Generally achieved. Performance expectation: 6. Implement a program to allow for the secure alternative detention of noncriminal aliens. Summary of findings: GAO findings: We have not conducted work on DHS's efforts to provide for the secure alternative detention of noncriminal aliens. DHS updated information: In March 2007, ICE provided updated information on its efforts to provide alternatives to detention. ICE reported that under its Intensive Supervision Appearance Program there has been an 82 percent court appearance rate, as compared to 61 percent for the general nondetained population and that 47 percent of program- enrolled aliens who received final removal orders were confirmed to have left the United States compared to 13 percent of aliens in the nondetained general population believed to have compiled with removal orders. According to ICE, since the inception of the Electronic Monitoring Program in 2003, the program has been used by almost 9,100 aliens and is currently used by 6,500 aliens. ICE noted that the number of aliens who have participated in these programs has been relatively small and that only certain aliens are eligible to be detained through these programs. ICE noted that no limit exists on the total number of aliens who can be monitored under the program. Furthermore, ICE noted that it is working to improve its alternative to detention programs by, for example, exploring additional supervision technologies and developing a memorandum of understanding with the Executive Office for Immigration Review to fast-track alternative-to-detention participants through the immigration hearing process. In addition, ICE reported that it is planning to expand its programs for secure alternative detention to increase programs' capacity to allow for a total detained population of 10,500 aliens. Our assessment: We cannot assess of the extent to which DHS has generally achieved this performance expectation. We have not completed work related to DHS's effort to implement a program for secure alternatives to detention, and while DHS provided us with some information on its implementation efforts, we are unable to assess DHS's progress in achieving this performance expectation based on this information. Assessment: No assessment made. Performance expectation: 7. Develop a prioritized worksite enforcement strategy to ensure that only authorized workers are employed. Summary of findings: GAO findings: Our work has shown that DHS has taken actions to develop a prioritized worksite enforcement program. As part of the Secure Border Initiative, in April 2006 ICE announced a new interior enforcement strategy to target employers of unauthorized aliens, immigration violators, and criminal networks. As we testified in June 2006, under this strategy, ICE has planned to target employers who knowingly employ unauthorized workers by bringing criminal charges against them. For more information, see Immigration Enforcement: Weaknesses Hinder Employment Verification and Worksite Enforcement Efforts, GAO-06-895T and Immigration Enforcement: Weaknesses Hinder Employment Verification and Worksite Enforcement Efforts, GAO-05-813. DHS updated information: In March 2007, ICE provided updated information on its worksite enforcement program. Specifically, ICE reported that its worksite enforcement strategy includes (1) critical infrastructure protection, (2) criminal investigations of egregious employer violators, and (3) enhanced employer compliance and outreach through implementation of the ICE Mutual Agreement between Government and Employers. As part of its critical infrastructure protection efforts, ICE has undertaken enforcement actions to remove unauthorized workers from critical infrastructure sites, as those unauthorized workers may pose a threat to sensitive facilities. ICE has also engaged in criminal investigations targeting unscrupulous employers for significant criminal violations and has sought to prosecute employers' managers who knowingly hire unauthorized workers. ICE has also announced the first nine charter members of the ICE Mutual Agreement between Government and Employers, a program designed to build cooperative relationships between the federal government and businesses to strengthen hiring practices and reduce the employment of unauthorized workers. Through the program, ICE seeks to encourage industry compliance through enhanced employer training and education. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed a prioritized worksite enforcement strategy focused on critical infrastructure protection and egregious employers and has provided employers with a tool for enhanced training and education on compliance with laws prohibiting the employment of unauthorized workers. Assessment: Generally achieved. Performance expectation: 8. Implement a prioritized worksite enforcement strategy to ensure that only authorized workers are employed. Summary of findings: GAO findings: Our work has shown that DHS has faced challenges in implementing a prioritized worksite enforcement strategy. In August 2005 and June 2006 we reported that worksite enforcement was one of various immigration enforcement programs that competed for resources among ICE responsibilities and that worksite enforcement had been a relatively low priority. We reported that competing needs for resources and difficulties in proving that employers knowingly hired unauthorized workers hindered ICE's worksite enforcement efforts. In addition, ICE officials stated that the lack of sufficient detention space limited the effectiveness of worksite enforcement efforts. We also noted that the availability and use of fraudulent documents made it difficult for ICE agents to prove that employers knowingly hired unauthorized workers. We reported that the number of notices of intent to fine issued to employers for improperly completing paperwork or knowingly hiring unauthorized workers generally declined between fiscal years 1999 and 2004. We also reported that the percentage of ICE agent work-years spent on worksite enforcement generally decreased between fiscal years 1999 and 2003. In addition, we reported that ICE lacked outcome goals and measures that hindered its ability to effectively assess the results of its worksite enforcement efforts. For example, we noted that until ICE fully develops outcome goals and measures, it may not be able to determine the extent to which its critical infrastructure protection efforts have resulted in the elimination of unauthorized workers' access to secure areas of critical infrastructure sites, one possible goal that ICE may use for its worksite enforcement program. For more information, see GAO-06-895T and GAO-05-813. DHS updated information: In March 2007, ICE provided updated information on its worksite enforcement implementation efforts. ICE reported that during fiscal year 2006 it initiated about 1,200 worksite enforcement investigations, seized property and assets valued at approximately $1.7 million at the time of the initial enforcement action, and made 716 criminal arrests, a substantial increase over criminal arrests made in previous fiscal years. ICE reported that during fiscal year 2006 criminal fines, forfeitures, and payments in lieu of forfeiture yielded more than $2.5 million. ICE reported that it obtained criminal and civil judgments totaling $26.7 million as a result of its worksite enforcement efforts for the first quarter of fiscal year 2007. With regard to the third prong of ICE's worksite enforcement strategy--the ICE Mutual Agreement between Government and Employers--as of January 2007, ICE had nine employers as members.[B] One requirement for participation in this program is that member employers enroll in the Employment Eligibility Verification system, which allows participating employers to electronically verify the work authorization status of newly hired employees. ICE reported that it does not yet have systems in place to measure the effectiveness and success of its program. ICE reported that it does not collect data on program effectiveness because it would require the law enforcement agency to collect data from a wide range of agencies that are responsible for carrying out the specific law enforcement mission. ICE reported that it uses its law enforcement statistics (e.g., numbers of arrests, indictments, convictions, seizures, and forfeitures); consequences resulting from closed cases (e.g., indictments and convictions); and risk assessments to assess efficiency and effectiveness of its efforts. With regard to the consequences resulting from closed cases, ICE noted that a measure of success is if an investigation results in an indictment and a conviction. ICE reported that it measures the quality of cases and focuses its efforts on those cases that are the highest priority for protecting the United States. With regard to risk assessments, ICE reported that it conducts threat, vulnerability, and consequences assessments of customs and immigration systems to determine the greatest risks for exploitation by terrorists and other criminals and to determine the optimal application of resources to ensure the maximum contribution to national security and public safety. ICE reported that additional time is needed to afford its programs the opportunity to mature into an outcome-based system. Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has taken actions to implement its worksite enforcement strategy and, among other things, has conducted more worksite enforcement investigations and made more criminal arrests in fiscal year 2006 in comparison to prior fiscal years. However, millions of unauthorized workers face little likelihood of confronting ICE worksite enforcements actions. Moreover, DHS did not provide us with evidence on the extent to which its efforts have contributed to the achievement of ICE's desired outcomes for its worksite enforcement program and on the extent to which ICE has developed outcome goals and measures for its worksite enforcement program. We previously reported, without these goals and measures, it may be difficult for ICE to fully determine whether its worksite enforcement program is achieving its desired outcomes. With regard to the ICE Mutual Agreement between Government and Employers, the third prong of ICE's worksite enforcement strategy, we have previously identified weaknesses in one of the program's key requirements--participation in the Employment Eligibility Verification program. These weaknesses include the program's inability to identify document fraud, DHS delays in entering information into its databases, and some employer noncompliance with program. DHS has undertaken some efforts to address these weakness, but they would have to be fully addressed to help ensure the efficient and effective operation of an expanded program. Assessment: Generally not achieved. Performance expectation: 9. Develop a comprehensive strategy to interdict and prevent trafficking and smuggling of aliens into the United States. Summary of findings: GAO findings: In prior work we reported that as of April 2005, ICE had not yet finalized a national strategy for combating alien smuggling.[C] For more information, see Combating Alien Smuggling: Opportunities Exist to Improve the Federal Response, GAO-05- 305. DHS updated information: In March 2007, ICE provided updated information on its efforts to develop a strategy to combat human smuggling and trafficking. For example, the Secure Border Initiative is a comprehensive, multiyear program established by the Secretary of Homeland Security to secure U.S. borders and reduce illegal immigration. The Secure Border Initiative includes DHS's efforts to identify and dismantle smuggling organizations. According to DHS, the Human Smuggling and Trafficking Center is an important component of DHS's strategy to combat alien smuggling. Additionally, ICE reported that, in 2006, it initiated its Trafficking in Persons Strategy to target criminal organizations and individuals engaged in human trafficking worldwide. The Trafficking in Persons Strategy focuses on building partnerships and collaboration with other DHS agencies, foreign governments, nongovernmental organizations, the Department of Justice Civil Rights Division, and federal, state, and local law enforcement. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has made progress toward developing a comprehensive strategy to interdict and prevent trafficking and smuggling of aliens into the United States by, for example, establishing the Human Smuggling and Trafficking Center and the Trafficking in Persons Strategy. Assessment: Generally achieved. Performance expectation: 10. Implement a comprehensive strategy to interdict and prevent trafficking and smuggling of aliens into the United States. Summary of findings: GAO findings: Our work has shown that DHS has faced challenges in implementing its antismuggling and trafficking mission.[D] In May 2005 we reported that ICE and CBP--two DHS components with antismuggling missions--signed a memorandum of understanding in November 2004 to address their respective roles and responsibilities, including provisions to ensure proper and timely sharing of information and intelligence. However, we reported that there was no mechanism in place for tracking the number and the results of referrals or leads made by CBP to ICE for investigation. Without such a mechanism, there may have been missed opportunities for identifying and developing cases on large or significant alien- smuggling organizations. CBP and ICE officials acknowledged that establishing a tracking mechanism would have benefits for both agencies. Such a mechanism would help ICE ensure that appropriate action is taken on the referrals. Also, CBP could continue to pursue certain leads if ICE--for lack of available resources or other reasons- -could not take action on the referrals. For more information, see GAO- 05-305. DHS updated information: In March 2007, DHS provided updated information on its antismuggling and trafficking efforts. With regard to smuggling, CBP established its Office of Alien Smuggling Interdiction to set guidelines for the development and maintenance of a program to address human smuggling incidents. This office is also intended to institutionalize information sharing within CBP on migrant smuggling, trafficking in persons, and clandestine terrorist travel. CBP noted that the office is still a work in progress, and CBP has established various goals and associated time frames for completing these goals. With regard to human trafficking, ICE reported that in fiscal year 2006 it opened nearly 300 human trafficking investigations and made about 180 arrests as a result of human trafficking investigations. ICE reported that since 2005 it has hosted or participated in training sessions on human trafficking and has collaborated with nongovernmental organizations that provide services to human trafficking victims. In addition, ICE reported on various initiatives to share information with CBP regarding human smuggling and trafficking. As previously discussed, ICE reported that it does not yet have systems in place to measure the effectiveness and success of its program. ICE reported that it does not collect data on program effectiveness because doing so would require the law enforcement agency to collect data from a wide range of agencies that are responsible for carrying out the specific law enforcement mission. ICE reported that it uses its law enforcement statistics (e.g., numbers of arrests, indictments, convictions, seizures, and forfeitures); consequences resulting from closed cases (e.g., indictments and convictions); and risk assessments to assess efficiency and effectiveness of its efforts. ICE reported that in May 2007, the ICE Offices of Investigations and International Affairs issued a joint memorandum to field offices providing guidance in accomplishing the component of the human trafficking strategy and requiring quarterly outreach reports and annual assessments. According to ICE, these quarterly reports and annual assessments will be used to monitor future progress in antitrafficking efforts. Our assessment: We conclude that DHS has generally not achieved this performance expectation. In prior work, we noted that effectiveness of a strategy for smuggling depends partly on having clearly defined roles and responsibilities for those agencies with antismuggling missions. CBP and ICE largely addressed this point in signing a memorandum of understanding and undertaking other information sharing initiatives. However, coordination between these two agencies and implementation of antismuggling efforts could be enhanced by development and use of a mechanism for sharing information. In addition, as part of its efforts to implement its antismuggling and trafficking strategy, DHS has identified the importance of performance evaluation but has not yet developed outcome goals and measures to assess the extent to which its efforts are achieving desired outcomes and has only recently initiated efforts to obtain quarterly reports and annual assessments from field offices. Until DHS has developed a mechanism to better share information among the responsible agencies and the ability to evaluate the outcomes of its efforts, DHS will not have a comprehensive strategy in place. In addition, although CBP has established goals for its Office of Alien Smuggling Interdiction, the majority of these goals have target time frames later than May 2007, or CBP noted that time frames are ongoing. Assessment: Generally not achieved. Performance expectation: 11. Develop a law enforcement strategy to combat criminal alien gangs in the United States and cross-border criminal activity. Summary of findings: GAO findings: We have not completed work on DHS efforts to combat criminal alien gangs.[E]. DHS updated information: In March 2007, ICE provided updated information on its efforts to combat alien gangs. According to ICE, one of the goals of the Secure Border Initiative is to identify and remove immigration violators who are criminal aliens at large in the United States. ICE stated that it will use the additional resources in the proposed fiscal year 2008 budget to enhance ICE's anti-gang initiative-- Operation Community Shield--and increase the number of transnational gang members that are identified, arrested, and removed from the United States. Operation Community Shield, a national law enforcement initiative, partners ICE with other federal, state, and local law enforcement. Additionally, ICE participates in the National Gang Targeting, Enforcement, and Coordination Center, a multi-agency national anti-gang enforcement targeting center, and in regular policy coordination meetings at the National Security Council concerning international organized crime. As a participant in the National Security Council Policy Coordination Committee meetings, ICE is assisting in the development of a strategy to combat transnational gangs in the United States, Mexico, and Central America. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has initiated various efforts, such as Operation Community Shield, in developing a strategy for combating criminal alien gangs. ICE has also worked with other agencies and groups to develop a strategy to combat alien gangs. Assessment: Generally achieved. Performance expectation: 12. Implement a law enforcement strategy to combat criminal alien gangs in the United States and cross-border criminal activity. Summary of findings: GAO findings: We have not completed work on DHS efforts to combat criminal alien gangs.[F]. DHS updated information: In March 2007, ICE provided updated information on its efforts to combat criminal alien gangs. Operation Community Shield was initiated by ICE in February 2005 to combat violent transnational street gangs and expanded to include all criminal and prison gangs. Under Operation Community Shield, ICE identifies violent gangs and develops intelligence on their membership; deters, disrupts, and dismantles gang operations by tracing and seizing their cash, weapons, and other assets; criminally prosecutes or removes gang members from the United States; partners with other law enforcement agencies at the federal, state and local levels to develop a force multiplier effect for gang investigations; and conducts outreach to boost public awareness about gangs. In March 2007, ICE reported that since its inception in February 2005, Operation Community Shield has resulted in the arrests of more than 4,000 gang members and associates. Additionally, ICE stated that it will provide staffing positions to identified high-threat gang areas based on the current transnational threat at the time the positions and funding are received. Given the mobility of transnational gangs, ICE will make a determination on the placement of resources in specific areas needing staffing based on tactical intelligence and other operational considerations. As previously discussed, ICE reported that it does not yet have systems in place to measure the effectiveness and success of its program, but uses its law enforcement statistics (e.g., numbers of arrests, indictments, convictions, seizures, and forfeitures); consequences resulting from closed cases (e.g., indictments and convictions); and risk assessments to assess efficiency and effectiveness of its efforts. Our assessment: We cannot make an assessment of the extent to which DHS has generally achieved this performance expectation. We have not completed work related to DHS's effort to combat criminal alien gangs, and while DHS provided us with some information on its implementation efforts, we are unable to assess DHS's progress in achieving this performance expectation based on the information DHS provided. Specifically, DHS did not provide us with information that would clearly enable us to assess the extent to which DHS's efforts to implement a strategy to combat alien gangs have resulted in desired outcomes. Assessment: No assessment made. Performance expectation: 13. Disrupt and dismantle mechanisms for money laundering and financial crimes. Summary of findings: GAO findings: We have not completed work related to ICE's ability to disrupt and dismantle mechanisms for money laundering and financial crimes.[G]. DHS updated information: In March 2007, ICE provided updated information on its efforts to combat money laundering and financial crimes. With regard to a strategy for money laundering, ICE reported that it was a major contributor to the 2005 U.S. Money Laundering Threat Assessment produced by an interagency group to assess the progress that the United States had made in combating money laundering, evaluating the changing environment, and identifying areas that require further attention. ICE was also active in preparing the 2006 and 2007 National Money Laundering Strategies that addressed the findings and recommendations in the earlier report and set out goals, strategies, and specific actions for agencies to follow. The 2007 National Money Laundering Strategy noted that to measure the effectiveness of U.S. enforcement measures, ICE will compile investigative data. To support investigations with a potential nexus to terrorism and other financial crimes investigations, in July 2003, ICE launched Operation Cornerstone, an outreach program designed to identify and eliminate systemic vulnerabilities in financial systems that could be exploited by individuals, criminal organizations, and terrorists. ICE reported conducting more than 4,000 outreach presentations that have resulted in over 275 criminal investigations and $3 million seized since its establishment. With regard to bulk cash smuggling, ICE reported that the launch of Operation Firewall in August 2005, and its subsequent expansion in fiscal years 2006 and 2007, helped combat bulk cash smuggling. ICE reported that since its inception, Operation Firewall has resulted in the seizure of more than $76 million and the arrest of more than 200 suspects. ICE noted that the November 2004 establishment of Trade Transparency Units created cooperative international investigative efforts to identify and eliminate trade-based money laundering system, which supports the trafficking of drugs, people, and other contraband as well as terrorism. ICE also reported that it launched the Unlicensed Money Service Business/Informal Value Transfer System to prevent terrorists and other criminals from moving illicit funds through unlicensed money service businesses. Overall, in fiscal year 2006, ICE reported conducting nearly 4,000 financial investigations that resulted in more than 1,200 arrests and the seizure of more than $137 million in suspected illicit proceeds. As previously discussed, ICE reported that it does not yet have systems in place to prove that it has disrupted and dismantled mechanisms for money laundering and financial crimes. ICE reported that it uses its law enforcement statistics (e.g., numbers of arrests, indictments, convictions, seizures, and forfeitures); consequences resulting from closed cases (e.g., indictments and convictions); and risk assessments to assess efficiency and effectiveness of its efforts. Our assessment: We cannot make an assessment of the extent to which DHS has generally achieved this performance expectation. We have not completed work related to DHS efforts to disrupt and dismantle mechanisms for money laundering and financial crimes. Although DHS provided us with some information on its implementation efforts, we are unable to assess DHS's progress in achieving this performance expectation based on the information DHS provided. Specifically, DHS did not provide us with information that would clearly enable us to assess the extent to which DHS's efforts to disrupt and dismantle mechanisms for money laundering and financial crimes have resulted in desired outcomes. Assessment: No assessment made. Performance expectation: 14. Develop a program to screen and respond to local law enforcement and community complaints about aliens who may be subject to removal. Summary of findings: GAO findings: We have not completed work related to ICE programs for screening and responding to local law enforcement and community complaints about aliens who may be subject to removal. DHS updated information: In March 2007, ICE provided updated information on its efforts to work with state and local law enforcement agencies. ICE reported that it in 2006 it initiated a pilot program, called the Law Enforcement Agency Response, in Phoenix, Arizona, to provide full-time response to local law enforcement agencies' requests for immigration-related assistance. As of March 2007, ICE reported that this program unit has received nearly 400 requests for assistance. ICE is studying the feasibility of continuing the pilot program and expanding it to other locations. In addition, ICE has established memoranda of agreement with 21 law enforcement agencies to provide training and assistance to state and local police and correctional personnel in the enforcement of federal immigration laws. ICE reported that as a result of these efforts, in fiscal year 2006 more than 6,000 individuals were arrested and, as of March 2007, more than 4,000 individuals have been arrested during fiscal year 2007 for violating misdemeanor and felony state and local laws. According to ICE, its Law Enforcement Support Center also provides information to law enforcement agencies relating to foreign nationals suspected of criminal activity and immigration status information of foreign nationals under arrest or investigation. Further, the Forensic Document Laboratory provides assistance to federal, state, tribal, local, and foreign authorities in making authenticity determinations of travel and identity documents. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed a number of programs to screen and respond to local law enforcement and community complaints about aliens who may be subject to removal. Additionally DHS has provided field guidance directing an enhanced response to state and local requests for information. Assessment: Generally achieved. Performance expectation: 15. Develop staffing plans for hiring and allocating human capital resources to fulfill the agency's immigration enforcement mission. Summary of findings: GAO and DHS IG findings: Since the transfer of responsibilities to DHS in March 2003, ICE has faced resource and financial management challenges that affected its ability to fully address all of its competing priorities. For example, ICE was faced with a hiring freeze in fiscal year 2004, which affected its ability to recruit, hire, and train personnel. Moreover, in June 2006 we reported that ICE did not yet have a formal risk management process for prioritizing and allocating its limited resources. Rather ICE primarily relied on the judgment of staff in major field offices in addition to national programs developed in headquarters. For more information, see Information on Immigration Enforcement and Supervisory Promotions in the Department of Homeland Security's Immigration and Customs Enforcement and Customs and Border Protection, GAO-06-751R. DHS updated information: In March 2007, ICE provided updated information on its human capital functions. ICE reported that it has developed comprehensive staffing plans for all of the agency's critical positions in support of ICE's immigration enforcement mission and provided us with the operational assumptions underlying the staffing models. ICE also reported streamlining its hiring process and noted meeting all of its 2006 hiring goals. ICE reported (1) establishing preliminary guidance to provide ICE leadership and program managers with a framework for hiring and funding decisions and (2) implementing a workforce planning initiative to examine interdependencies and relationships among component programs. ICE stated that it has a hiring plan for supplemental, enhancement, and attrition hiring and that it is currently filling these positions. As of April 10, 2007, ICE reported that it has hired 1,213 employees in key occupations with 892 remaining for this fiscal year. ICE noted that Detention and Removal Operations is currently working toward hiring to its authorized and funded level for positions of 6,762 and that approximately 5,222 positions are filled with 1,540 vacancies. Due to the number of vacancies, Detention and Removal Operations stated that it is striving to achieve a hiring goal that would ensure that at least 90 percent of its field and 85 percent of its headquarters vacancies are filled by the end of fiscal year 2007. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has provided information outlining its current staffing allocations and the operational basis of staffing models and has created initiatives to facilitate hiring and staffing. ICE staffing models are taken into consideration when requesting funds in the budget. Assessment: Generally achieved. Performance expectation: 16. Provide training, including foreign language training, and equipment for all immigration enforcement personnel to fulfill the agency's mission. Summary of findings: GAO findings: We have not completed work on DHS's provision of training for immigration enforcement personnel. DHS updated information: In March and April 2007, ICE provided updated information on its training efforts. ICE reported that its ICE-D Basic Law Enforcement Training Program is an 18.5-week basic law enforcement training program that provides newly hired Detention and Removal Operations employees with entry-level training in law, tactical physical techniques, firearms, and operational training. ICE also reported that the Federal Law Enforcement Training Center has added a 5- week Spanish language immersion course that became part of the ICE-D program in April 2007. According to ICE, in November 2006 ICE offered a 4-hour instructor-led course on Alien Smuggling/Victims of Trafficking, but is in the process of developing a more balanced course that is not just focused on the southern border. ICE also offers other training courses. See Department of Homeland Security Office of the Inspector General, A Review of Immigration and Customs Enforcement Discipline Procedures, OIG-06-57 (Washington, D.C.: August 2006). Our assessment: We cannot make an assessment of the extent to which DHS has generally achieved this performance expectation. We have not completed work related to DHS's effort to provide training and equipment to immigration enforcement personnel. While DHS provided us with some information on its training efforts, we are unable to assess DHS's progress in achieving this performance expectation based on the information DHS provided. Specifically, DHS did not provide us with information that would clearly enable us to assess the extent to which DHS has provided training, beyond basic training, for all immigration enforcement personnel. Assessment: No assessment made. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken a sufficient number of actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken a sufficient number of actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [A] Under expedited removal, aliens apprehended within 100 miles of the border and within 14 days of entry who do not have documents, or who have false documents, can be removed from the United States without a hearing before an immigration judge. [B] The other two prongs of ICE's worksite enforcement strategy are critical infrastructure protection and criminal investigations of egregious employer violators. [C] In addition to DHS, other agencies, such as the Department of Justice, have a role to play in developing a strategy for antismuggling and trafficking. This performance expectation is focused on DHS's roles and responsibilities. [D] In addition to DHS, other agencies, such as the Department of Justice, have a role to play antismuggling and trafficking efforts. This performance expectation is focused on DHS's roles and responsibilities. [E] In addition to DHS, other agencies, such as the Department of Justice, have a role to play in developing a strategy for combating alien gangs. This performance expectation is focused on DHS's roles and responsibilities. [F] In addition to DHS, other agencies, such as the Department of Justice, have a role to play in combating criminal alien gangs. This performance expectation is focused on DHS's roles and responsibilities. [G] In addition to DHS, other agencies, such as the Department of Justice, have a role to play in disrupting and dismantling mechanisms for money laundering and financial crimes. This performance expectation is focused on DHS's roles and responsibilities. [End of table] DHS Has Made Modest Progress in Providing Immigration Services: USCIS is the agency within DHS that is responsible for processing millions of immigration benefit applications received each year for various types of immigration benefits, determining whether applicants are eligible to receive immigration benefits, and detecting suspicious information and evidence to refer for fraud investigation and possible sanctioning by other DHS components or external agencies. USCIS processes applications for about 50 types of immigration benefits with a goal of ensuring that processing of benefits applications takes place within a 6 month time frame. USCIS has introduced new initiatives to modernize business practices and upgrade information technology infrastructure to transform its current, paper-based data systems into a digital processing resource to enhance customer service, prevent future backlogs of immigration benefit applications, and improve efficiency with expanded electronic filing. As shown in table 20, we identified 14 performance expectations for DHS in the area of immigration services and found that overall DHS has made modest progress in meeting those expectations. Specifically, we found that DHS has generally achieved 5 performance expectations and has generally not achieved 9 others. Table 20: Performance Expectations and Progress Made in Immigration Services: Performance expectation: 1. Eliminate the benefit application backlog and reduce application completion times to 6 months. Assessment: Generally not achieved. Performance expectation: 2. Institute process and staffing reforms to improve application processes. Assessment: Generally achieved. Performance expectation: 3. Establish a timetable for reviewing the program rules, business processes, and procedures for immigration benefit applications. Assessment: Generally not achieved. Performance expectation: 4. Institute a case management system to manage applications and provide management information. Assessment: Generally not achieved. Performance expectation: 5. Develop new programs to prevent future backlogs from developing. Assessment: Generally not achieved. Performance expectation: 6. Establish online access to status information about benefit applications. Assessment: Generally achieved. Performance expectation: 7. Establish online filing for benefit applications. Assessment: Generally not achieved. Performance expectation: 8. Establish revised immigration application fees based on a comprehensive fee study. Assessment: Generally achieved. Performance expectation: 9. Capture biometric information on all benefits applicants. Assessment: Generally not achieved. Performance expectation: 10. Implement an automated background check system to track and store all requests for applications. Assessment: Generally not achieved. Performance expectation: 11. Communicate immigration-related information to other relevant agencies; Assessment: Generally achieved. Performance expectation: 12. Establish training programs to reduce fraud in the benefits process. Assessment: Generally not achieved. Performance expectation: 13. Create an office to reduce immigration benefit fraud. Assessment: Generally achieved. Performance expectation: 14. Implement a fraud assessment program to reduce benefit fraud. Assessment: Generally not achieved. Performance expectation: Total; Assessment: Generally achieved: 5; Assessment: Generally not achieved: 9; Assessment: No assessment made: 0. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [End of table] Table 21 provides more detailed information on the progress that DHS has made in taking actions to achieve each performance expectation in the area of immigration services and our assessment of whether DHS has taken steps to satisfy most of the key elements of the performance expectation (generally achieved) or has not taken steps to satisfy most of the performance expectation's key elements (generally not achieved). Table 21: Performance Expectations and Assessment of DHS Progress in Immigration Services: Performance expectation: 1. Eliminate the benefit application backlog and reduce application completion times to 6 months. Summary of findings: GAO and DHS IG findings: DHS has made significant progress in reducing the number of immigration benefit applications pending adjudication and has prioritized pending applications in a reasonable manner. However, USCIS cannot yet ensure that it has eliminated the backlog and reduced application completion time to 6 months primarily because (1) a large number of applications are still pending before the agency, many of which USCIS stated are of lower priority in its backlog elimination efforts, and (2) USCIS does not yet have a case management system for tracking applications it receives to determine whether applications are processed within 6 months of receipt. In addition, USCIS has yet to demonstrate that it has overcome long-standing technology problems. With respect to an immigration benefit application, the term backlog, as defined by statute, means the period of time in excess of 180 days (6 months) that such application has been pending before USCIS. USCIS, using its operational definition of backlog, measures the volume of its backlog as the number of applications pending before the agency in excess of the number of applications received in the most recent 6 months. USCIS then subtracts from this number all applications pending where either benefits would not be immediately available even if the applications were granted or further adjudication of the application depends on action by another agency or the applicant; USCIS stated that by consistently completing more applications than are filed each month, the agency should gradually reduce its pending workload of applications to a level at which it can complete all incoming applications within the workload targets established for each application type. Eventually, according to the agency's backlog elimination plan, as long as USCIS is processing more applications than it is receiving, there should be no backlog. However, we reported that under USCIS's definition of backlog, the agency cannot guarantee that every applicant requesting a benefit will receive a decision within 6 months of filing. Moreover, although USCIS's data showed a significant decrease in the backlog from January 2004 through June 2005, we reported that the sharp drop in the backlog was due to USCIS's decision in July 2004 to remove from its backlog count those 1.15 million cases for which an immigration visa was not immediately available and a benefit therefore could not be provided. In September 2005, the DHS IG noted that removal of some applications from the backlog, as well as other backlog reduction efforts such as the hiring of temporary staff, may have benefited the agency in the short- term. However, the DHS IG reported that these actions would not resolve the long-standing processing and information technology problems that contributed to the backlog in the first place and that, until these problems were addressed, USCIS would not be able to apply its resources to meet mission and customer needs effectively; In our previous work, we noted that USCIS's automated systems were not complete and reliable enough to determine how long it actually takes to process specific benefit applications or to determine the exact size of its backlog. USCIS has identified requirements for transforming its information technology systems to address deficiencies in its capabilities, but these transformation efforts have not yet been fully developed or implemented. We reported that until USCIS develops this capability, it cannot assure Congress that it has successfully eliminated the backlog, and it will not be able to provide accurate information about the actual number of applications that have been pending in excess of 180 days or the actual amount of time they have been pending. For more information, see Immigration Benefits: Improvements Needed to Address Backlogs and Ensure Quality of Adjudications, GAO-06-20. Also, see Department of Homeland Security Office of Inspector General, U.S. Citizenship and Immigration Services' Progress in Modernizing Information Technology, OIG-07-11 (Washington, D.C.: November 2006) and USCIS Faces Challenges in Modernizing Information Technology, OIG-05-41 (Washington, D.C.: September 2005). DHS updated information: In March through June 2007, DHS provided updated information on its backlog. In January 2004, USCIS had approximately 3.8 million applications backlogged pending adjudication, including applications that, according to USCIS, if granted would not provide the applicant or petitioner with an immediate immigration benefit or were pending as a result of delays outside of USCIS's control. Based on an analysis of data provided in USCIS's Backlog Elimination Plan Update for the fourth quarter of fiscal year 2006, as of September 2006, USCIS had a total of about 1.0 million backlogged applications, including applications that, according to USCIS, if granted would not provide the applicant or petitioner with an immediate immigration benefit or were pending as a result of delays outside of USCIS's control. As a subset of this 1.0 million, USCIS reported that the backlog under its control was less then 10,000. Specifically, for each application type, USCIS removed from the calculated backlog the total number of pending applications that, even if the application were granted, the ultimate benefit sought would not be immediately available due to annual numerical caps set by statute. As reported in the USCIS Backlog Elimination Plan updates, certain applications and petitions were removed from the backlog count because (1) the benefit was not immediately available to the applicant or beneficiary; (2) USCIS was waiting for applicants or petitioners to respond to requests for information; (3) applicants were afforded the opportunity to retake naturalization tests; or (4) USCIS was waiting for actions from outside federal agencies, such as Federal Bureau of Investigation name checks. USCIS has previously acknowledged that there may be some applications that have been pending more than 6 months and reported to us that the agency cannot determine the precise composition of the total applications pending adjudication as of September 2006 because such data are not available for all applications within USCIS; Our assessment: We conclude that DHS has generally not achieved this performance expectation. USCIS has made significant progress in reducing the number of applications pending adjudication and processing times for adjudicating applications. However, USCIS's method of calculating its backlog leaves the possibility of individual applications pending for longer than 6 months, so long as in the aggregate the number of pending applications on any given date does not exceed the number received in the previous 6 months. USCIS has acknowledged that some applications received in fiscal years 2005 and 2004, or even earlier, may still be pending. Moreover, USCIS removed from its backlog calculation any pending applications for which a benefit would not be immediately available, even if the application were granted, or that were awaiting action outside of USCIS. While giving such applications lower priority is a reasonable approach to backlog reduction and is useful for workload analysis, those applications--1 million as of September 2006--are still awaiting adjudication. For example, about 750,000 of these applications are those for which a benefit would not be immediately available even if granted, according to USCIS. Adjudicating these applications would let applicants or their beneficiaries know their eligibility for benefits, however, and could prevent future delays if large numbers of these benefits suddenly became immediately available due to a statutory increase in the caps, as happened when a 2005 law eliminated the annual cap on asylum beneficiaries. Additionally, DHS's current data systems cannot produce backlog information based on the date of the filing of a benefit application, which contributes to USCIS's difficulty in measuring its backlog consistent with the statutory definition, upon which the performance expectation is in part based, and in providing information on whether it is processing applications within 6 months of receipt. USCIS has not yet demonstrated that it has overcome long- standing technology problems which, according to the DHS IG, contributed to the backlog in the first place. Without information on whether individual applications have been pending for more than 6 months, we cannot verify that USCIS has eliminated its backlog and reduced application completion time to 6 months. Assessment: Generally not achieved. Performance expectation: 2. Institute process and staffing reforms to improve application processes. Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. We reported that in fiscal year 2002 USCIS committed about 70 percent of its backlog reduction funds to employing about 1,100 temporary adjudicator staff and authorizing overtime. In May 2005, USCIS finalized a staffing allocation model to address how many and where staff were needed to better match projected workloads. On the basis of this model, USCIS determined it had to retain the temporary adjudicators currently on hand (about 1,100) through the end of fiscal year 2006 and fill vacancies to increase its level of permanent adjudicator staff by 27 percent (about 460) to maintain productivity and prevent future backlogs through fiscal year 2007. Additionally, USCIS's staffing model addressed how many and where staff were needed to better match projected workloads. USCIS officials said that the need for future staffing adjustments could be offset by future efficiencies gained during its transition to more robust information technology capabilities. We reported that reflection in its planning processes and documents of expected gains as a result of new technologies should improve USCIS's ability to make strategic staffing decisions. In addition, we reported that USCIS issued guidance and regulations to streamline processes, including clarifying guidance to adjudicators about requests for additional evidence and notices of intent to deny, and establishing greater flexibility in setting the length of validity of the employment authorization document. For more information, see GAO- 06-20; Assessment: Generally achieved. Performance expectation: 3. Establish a timetable for reviewing the program rules, business processes, and procedures for immigration benefit applications; Summary of findings: GAO and DHS IG findings: DHS has not yet established a timetable for reviewing program rules, processes, and procedures for immigration benefits applications. In November 2006, the DHS IG reported that USCIS had undertaken a structured approach to address process challenges through its business transformation program and established cross-functional teams with dedicated management participation and generated several strategic level plans to provide a business-centric vision and guidance for implementing technical solutions. The DHS IG reported that the accomplishments to date were steps in the right direction for both business and information technology modernization, but that USCIS remained entrenched in a cycle of continual planning, with limited progress toward achieving its long- term transformation goals. Obtaining the funding needed to support implementation of the business transformation program was a continual concern. The DHS IG reported that establishing a clearly defined transformation strategy, including the funding plans, goals, and performance measures needed to manage its execution, is fundamental. Linking information technology objectives to this transformation strategy and ensuring sufficient internal and external stakeholder involvement in information technology and process improvement initiatives also would be key. The DHS IG reported that until USCIS addresses these issues, it would not be in a position to either effectively manage existing workloads or handle the potentially dramatic increase in immigration benefits processing workloads that could result from proposed immigration reform legislation. For more information, see Department of Homeland Security Office of Inspector General, U.S. Citizenship and Immigration Services' Progress in Modernizing Information Technology, OIG-07-11 (Washington, D.C.: November 2006). DHS updated information: According to updated information provided by USCIS in March and April 2007, the USCIS Transformation Program Office will prepare its detailed timetable for reviewing program rules, business processes, and procedures for each benefit category once it receives and awards the contract for information technology services. USCIS reported analyzing over 50 existing transactions and grouped them into lines of business--the adjudication of citizenship benefit applications, immigrant benefit applications, humanitarian benefit applications, and non-immigrant benefit applications. USCIS has incorporated a timetable for incrementally implementing each of the lines of business in its transformation expenditure plan. USCIS plans to transform benefit adjudication for citizenship benefits by October 2008; immigrant benefits by October 2010; humanitarian benefits by October 2011; and non-immigrant benefits by October 2012. USCIS reported that the Transformation Spend Plan has been approved by the Office of Management and the Budget and that the plan's transmittal to Congress should occur shortly. According to the tentative schedule, USCIS plans to transform its paper-based process into an electronic end- to-end adjudicative process. Our assessment: We conclude that DHS has generally not achieved this performance expectation. USCIS has made progress in meeting this performance expectation, but has not yet established a detailed timetable for reviewing program rules, processes, and procedures for immigration benefits applications. USCIS officials noted that the agency will prepare its detailed timetable for reviewing program rules, business processes, and procedures for each benefit category once it receives and awards the contract for information technology services. Until USCIS establishes such a timetable, it has not yet achieved this performance expectation. Assessment: Generally not achieved. Performance expectation: 4. Institute a case management system to manage applications and provide management information. Summary of findings: GAO findings: DHS has not yet instituted a case management system for managing applications and providing management information. In November 2005, we reported that USCIS cannot readily determine the number of applications that have been pending for more than 6 months from the data management systems it is currently using to manage its backlog elimination efforts. However, USCIS has identified the technology improvements necessary to develop this capability. Since fiscal year 2002, the agency has invested about 2 percent ($10.5 million) of its funds allocated for backlog elimination for technology improvements. We reported that among the critical elements of USCIS's planned technology modernization efforts was a new case management system that should provide the agency with the capability to produce management reports on the age of all pending benefit applications. We reported that an integrated case management system is a tool that will be used by USCIS staff in processing benefits and adjudicating cases. USCIS reported that system development began during fiscal year 2006 as part of the agency's transformation efforts. In November 2005, we reported that USCIS was assembling the system requirements and conducting surveys of industry best practices. In addition, USCIS reviewed a cost-benefit analysis to evaluate alternative implementation strategies for the new integrated case management system. USCIS anticipated that its current case management systems would be decommissioned by fiscal year 2011. We reported that USCIS did not expect these systems to be fully deployed before fiscal year 2010. For more information, see GAO-06-20. DHS updated information: According to USCIS, a case management system to manage applications and provide management information will be incorporated in the Secure Information Management Service, for which the first increment pilot was deployed in July 2007. This increment will include forms related to USCIS's citizenship function. Three additional increments will address the functions of immigrant, asylum/refugee, and nonimmigrant. USCIS noted that development of its case management system is tied to transformation that began in fiscal year 2006. Our assessment: We conclude that DHS has generally not achieved this performance expectation. Although USCIS is planning to pilot the first phase of its Secure Information Management Service, USCIS does not yet have a case management system that provides reliable information on its application processing and backlog. Assessment: Generally not achieved. Performance expectation: 5. Develop new programs to prevent future backlogs from developing. Summary of findings: GAO findings: DHS has taken actions to examine and test new programs to prevent future backlogs, but these programs are still in the pilot stages. In 2005 we reported that in response to recommendations made in the USCIS Ombudsman's 2004 annual report, USCIS conducted a number of pilot projects designed to reduce benefit application processing times and was considering adopting several practices it determined to be successful. We reported that the agency studied the processing of two types of applications during the pilots: (1) applications to replace permanent resident cards (form I-90) and (2) applications to register permanent residence or adjust status (form I-485). First, during the period March 2004 through November 2004, USCIS conducted a pilot program designed to reduce processing time for applications for permanent resident cards. The pilot, conducted in the Los Angeles area, allowed for electronically filed permanent resident cards to be processed at application support centers, where applicants have their initial contact with the agency and have their photographs and fingerprints taken. During the pilot, average processing times were reduced from over 8 months to about 2 weeks. USCIS's Performance Management Division recommended that USCIS implement the pilot nationwide. Second, beginning in March 2004 and May 2004 respectively, USCIS conducted pilot programs in the New York and Dallas district offices that focused on testing new processes for adjudicating family- based applications for adjustments of status within 90 days. Each sought to streamline and accelerate application processing by shifting aspects of processing responsibility from the National Benefits Center, a central processing hub for certain benefit applications, to the district offices. Using elements of processes tested in the Dallas and New York pilot projects, USCIS has implemented up-front processing at three district officesæSan Diego, San Antonio, and Buffalo--that did not have a backlog of adjustment of status applications when implemented. USCIS anticipates expanding the number of offices on a quarterly basis as they become current in their processing so that applicants with pending applications are not disadvantaged. The pilot in Dallas will also continue as long as USCIS determines that additional information may be gleaned and until the district office becomes current in processing applications. In March 2004, a third adjustment of status pilot for employment-based applications was implemented at the California service center. The focus was to adjudicate within 75 days petitions for immigrant workers with advanced degrees concurrently with the associated applications for adjustment of status. Ultimately, USCIS deemed the pilot inefficient and adverse to the service center backlog elimination goals because resources were diverted from addressing backlogged cases. For more information, see GAO-06-20. DHS updated information: According to information provided by DHS in March, April, and May 2007, in September of 2006, USCIS expanded its District Office Rapid Adjudication Pilot program by extending that program in Dallas, the office of origin, and by including field offices located in El Paso and Oklahoma City. USCIS noted that for applicants within the jurisdiction of these offices, the pilot program makes it mandatory that adjustment of status applications be filed in person rather than by mail, after the applicant has scheduled an appointment using InfoPass. According to USCIS, the pilot is slated to run through September 21, 2007. Additionally, USCIS stated that it is monitoring the adjustment of status workflow in three identified offices, Buffalo, San Antonio, and San Diego, which are currently within a 90-day processing time frame. Under the "90-Day Office" process, processing is initiated on the application at the National Benefits Center. To date, USCIS noted that it has not captured sufficient statistical data to assess the effects of expanding the Dallas pilot to El Paso and Oklahoma City. Moreover, it has yet been able to assess whether the process in the Dallas pilot or the "90-Day Office" process is more likely to result in better customer service, administrative efficiency, and national security. USCIS issued a final rule in May 2007 to adjust the Immigration and Naturalization Benefit Application and Petition Schedule. According to USCIS, this rule will help ensure that the agency has the resources necessary to prevent backlogs from developing by providing a stable source of revenue to support staff and technology to meet USCIS's goal of at least a 20 percent reduction in processing times by the end of fiscal year 2009. Our assessment: We conclude that DHS has generally not achieved this performance expectation. Although USCIS has explored reducing processing times through a number of programs, these programs are still in the pilot stages. In some cases, USCIS ended the pilot programs because they were inefficient or did not meet program goals. In other cases, USCIS has not yet fully assessed the results of its pilot programs to determine the extent to which the programs could be implemented on a national basis. Moreover, USCIS has not yet demonstrated that it has addressed its long-standing technology challenges, which have contributed to backlog development. In addition, USCIS reported that its revisions to the Immigration and Naturalization Benefit Application and Petition Schedule will help it ensure that future backlogs do not develop. However, at the time of this review, the extent to which these revisions will help to prevent the development of future backlogs is unknown. Assessment: Generally not achieved. Performance expectation: 6. Establish online access to status information about benefit applications. Summary of findings: GAO findings and assessment: DHS has established online access to status information about benefits applications. In June 2005, we reported that private attorneys, paralegals, and other representatives can use the USCIS Internet Web site to check the status of their clients' immigration cases using a USCIS receipt number. Under the system, USCIS also notifies the representatives via e-mail when a case status changes; for example, when actions are taken, such as the approval or denial of an application. As of April 2005, over 300,000 customers, attorneys, and other representatives had used this system. For more information, see Immigration Services: Better Contracting Practices Needed at Call Centers, GAO-05-526. Assessment: Generally achieved. Performance expectation: 7. Establish online filing for benefit applications. Summary of findings: GAO findings: On November 1, 2006, USCIS announced a new Web portal to serve as a "one-stop shop" for all information about U.S. immigration and citizenship. According to DHS, the new site should facilitate downloading of petitions and applications, filing applications electronically, and signing up online for appointments. DHS updated information: In March and April 2007, DHS provided updated information on its efforts to establish online filing for benefit applications. In fiscal year 2006, USCIS reported that of the 5,953,490 forms filed, a total of 350,838 were filed online. According to updated information provided by DHS in April 2007, eight forms are available online for e-filing, and other forms are available on the USCIS Web site for downloading, completing, and mailing to the appropriate Service Center. According to USCIS, the Secure Information Management Service, with the citizenship increment released in July 2007, will serve as the foundation for the paperless, account-based case processing environment, and subsequent releases of the immigration, asylum/refugee, and nonimmigration increments will result in additional online e-filing capabilities. In addition, USCIS stated that while it may be feasible to automate additional forms and make them available electronically, USCIS transformation will fundamentally reengineer e- filing, increase data integrity, and increase operational efficiency. Our assessment: Until USCIS expands its online filing capabilities and further defines requirements and capabilities and implements those capabilities through its Secure Information Management Service, we conclude that DHS has generally not achieved this performance expectation. Although DHS has established online filing for eight types of applications, there are other types of applications for which online filing is not yet available. Moreover, USCIS plans to expand its online filing capabilities through its Secure Information Management Service, but this service is still in the development stages and has not yet been implemented. Assessment: Generally not achieved. Performance expectation: 8. Establish revised immigration application fees based on a comprehensive study. Summary of findings: GAO findings: USCIS issued a proposed rule to adjust immigration benefit fees and issued the final rule in May 2007. As required under the Homeland Security Act of 2002, we reviewed the USCIS's funding to determine whether in the absence of appropriated funds USCIS was likely to derive sufficient funds from fees to carry out its functions. In January 2004, we concluded that USCIS fees were not sufficient to fully fund USCIS's operations, in part because (1) the fee schedule was based on an outdated fee study that did not include all costs of USCIS's operations and (2) costs had increased since that study was completed due to an additional processing requirement and other actions. We reported that although fees were not sufficient, there were insufficient data to determine the full extent of the shortfall. A fundamental problem was that USCIS has not had a system to track the status of each application as it moves through the process. Accordingly, USCIS did not have information on the extent to which work on applications in process remained to be finished. In addition, USCIS did not know the current cost of each step to process each application. The effect was that USCIS knew neither the cost to process new applications nor the cost to complete pending applications. Further because DHS was still determining how administrative and overhead functions would be carried out and the related costs allocated, USCIS did not know what future administrative and overhead costs would be. For the 3-year period from fiscal year 2001 through 2003, USCIS reported operating costs exceeded available fees by almost $460 million, thus creating the need for appropriated funds. USCIS projected that this situation would remain in fiscal year 2004. We reported that absent actions to increase fees, reduce processing costs and times, or both, as well as to improve the timeliness and completeness of fee schedule updates, USCIS would continue to need appropriated funds to avoid even greater increases in the backlog of pending applications. We recommended that in order to determine the cost to process new and pending applications, USCIS should perform a comprehensive fee study to determine the cost to process new immigration applications and determine the cost to eliminate the backlog of pending applications. For more information, see Immigration Application Fees: Current Fees Are Not Sufficient to Fund U.S. Citizenship and Immigration Services' Operations, GAO-04-309R. DHS updated information: On February 1, 2007, USCIS issued a Proposed Rule for the Adjustment of the Immigration and Naturalization Benefit Applications and Petition Fee Schedule and issued the final rule in May 2007. Based on a 2004 GAO recommendation, USCIS conducted a comprehensive review of its resources and activities for the first time in 10 years, employing the Activity Based Costing methodology to determine the full costs of immigration benefit applications and in which USCIS fees are based on the complexity of the work. In updated information provided by DHS in March and April 2007, USCIS stated that the new fee structure ensures appropriate funding to meet customer service needs and national security requirements and modernizes an outdated business infrastructure. According to DHS, the fiscal year 2008 President's budget reflects that 99 percent of USCIS funding would be derived from fee collections. The remaining 1 percent, $30 million, is requested as an appropriation to support the Employment Eligibility Verification program. According to USCIS, a number of problems caused the present day funding gap, including (1) the failure of fees to reflect the actual cost of doing business, (2) the loss of significant appropriated funding for backlog reduction, (3) the need for payment of additional fees because of processing delays, (4) reliance on money from temporary programs to fund operating costs, (5) reallocation of funds from their intended purpose to cover base operations, and (6) insufficient funds to provide for additional, costly security requirements. USCIS indicated that additional funding was necessary to enhance the security and integrity of the immigration system, improve service delivery, and modernize business infrastructure. Our assessment: We conclude that DHS has generally achieved this performance expectation. In following up on our prior recommendations, we found that USCIS has conducted a comprehensive review of its resources and activities and determined that the current fees did not reflect current processes or recover the full cost of services being provided. USCIS employed an activity-based costing methodology to determine the full costs of immigration benefit applications. As a result of its comprehensive fee review, USCIS published a proposed rule in February 2007 in the Federal Register and a final rule in May 2007 to increase the immigration and naturalization benefit application fees. Assessment: Generally achieved. Performance expectation: 9. Capture biometric information on all benefits applicants. Summary of findings: GAO and DHS IG findings: DHS does not yet have the capabilities in place to capture and store biometric information on all benefits applicants. In 2006 we reported that USCIS was developing various systems for capturing and storing biometric information including the Biometric Storage System, which would allow USCIS to store biometrics information for verification of identity and for future form submissions. USCIS planned to expand biometric storage capacity to allow storage of biometric information for all USCIS customers, allowing information to be resubmitted for subsequent security checks. The system would capture 10 prints for Federal Bureau of Investigation fingerprint checks and image sets (photograph, press- prints, and signatures). Senior officials told the DHS IG that USCIS's use of biometrics had been constrained by the capacity of application support centers to collect the data. In addition, the DHS IG reported in November 2005 that USCIS collected photographs with many applications but did not have a system for automated, facial recognition screening. For more information, see GAO-06-20. Also, see Department of Homeland Security Office of Inspector General, A Review of U.S. Citizenship and Immigration Services' Alien Security Checks, OIG-06-06 (Washington, D.C.: November 2005). DHS updated information: According to DHS officials, the Biometric Storage System is in the design phase. According to the Biometric Storage System Project Management Plan, the system is intended to facilitate the deterrence, detection, and pursuit of immigration benefit fraud and promote identification and communication of immigration-related information to partners in support of the DHS Strategic Plan. In developing the system, USCIS plans to leverage existing capabilities already being developed by other components in the immigration and border management enterprise. USCIS plans to share Biometric Storage System data with the US-VISIT biometric repository called IDENT. This should enable data sharing and provide USCIS information about applicants with a record in IDENT. USCIS estimated that the first phase of Biometric Storage System, which will replace existing outdated biometrics infrastructure with a foundation for the new system, would begin in the first quarter of fiscal year 2008. At that time, USCIS plans to have access to limited biometrics data available to the intra-agency community--ICE, CBP, and USCIS--on a view- only basis. USCIS reported that although the Biometric Storage System is not yet in place, the agency shares biometric information with US- VISIT and the Federal Bureau of Investigation, for example. Our assessment: Until the Biometric Storage System is more fully developed and implemented, we conclude that DHS has generally not achieved this performance expectation. DHS has not yet deployed its Biometric Storage System, but plans to implement the first phase of the system in 2008. Assessment: Generally not achieved. Performance expectation: 10. Implement an automated background check system to track and store all requests for applications. Summary of findings: GAO findings: DHS has not yet implemented an automated background check system to track and store all requests for applications. In 2006 we reported that USCIS's Background Check Service system automated and managed the submission of all security checks including name and fingerprints from the Federal Bureau of Investigation and the Interagency Border Inspection System. We noted that the Background Check Service system was intended to track and store security check responses in a centralized system and that USCIS was preparing to initiate the testing and implementation phase, but USCIS had to first select a hosting and production facility for the system. For more information, see GAO-06-20. DHS updated information: In March, April, and June 2007, USCIS provided us with updated information on its efforts to develop and implement its Background Check Service. According to USCIS, the schedule for deploying the Background Check Service has changed from May 2007 to December 2007 because USCIS moved the Background Check Service to a new location and encountered problems at the new center. According to USCIS, there were several firewall issues and other communication problems, but the problems are being worked on by the contractor. Our assessment: Until DHS more fully develops and implements its Background Check Service, we conclude that DHS has generally not achieved this performance expectation. DHS has worked toward deployment of the first phase of its Background Check Service, but has pushed back its target time frame for deploying the first phase until December 2007. Assessment: Generally not achieved. Performance expectation: 11. Communicate immigration related information to other relevant agencies. Summary of findings: GAO findings: DHS has taken some actions to share immigration information for enforcement and fraud prevention purposes. In 2006 we reported that USCIS had three major projects under way to improve its ability to receive and share data within the agency as well as with other agencies as part of its information technology transformation. First, the data layer/repository project was intended to present users with a consolidated system to access information from 63 USCIS systems rather than the situation where users had to log onto separate systems to obtain data. This capability would be available to adjudicators and, eventually, to external users. Second, the software updates project was intended to upgrade, among other things, USCIS's desktop and software capabilities, USCIS's servers and network, and USCIS's capability to support the new electronic processes. Third, the e-adjudication pilot project was intended to allow paperless (electronic) adjudication for certain immigration forms. USCIS could not provide a completion date for the data layer and e-adjudication pilots due, in part, to uncertainty regarding future funding. USCIS expected to complete full implementation for its information technology transformation by fiscal year 2010. With regard to US-VISIT, we reported that the program intended to collect, maintain, and share information on certain foreign nationals who enter and exit the United States and facilitate information sharing and coordination within the immigration and border management community. For more information, see Taxpayer Information: Options Exist to Enable Data Sharing between IRS and USCIS but Each Presents Challenges, GAO-06-100 and GAO-06-20. DHS updated information: According to updated information provided by DHS in March, April, and May 2007, in fiscal year 2006 USCIS launched the Integrated Digitization Document Management Program to convert existing paper-based A-files and related documents into a digitized format; ensure that data are accurately captured electronically from paper A files; and provide storage, discovery, and electronic delivery of digitized files. USCIS stated that the last function was released in June 2007. USCIS has entered into a number of memoranda of understanding that outline agreements on immigration-related information sharing with other federal agencies and foreign governments. In addition, immigration information is shared though others programs, such as US-VISIT. US-VISIT, for example, provides for the sharing of biometric and biographic-related information between DHS components, and the Departments of Justice and State. USCIS, CBP, and ICE have also entered into memoranda of understanding with other federal agencies and foreign governments to enhance information sharing. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has taken some actions to develop and launch systems to facilitate information sharing with other agencies, such as by allowing for the electronic delivery of files and information. Moreover, USCIS has completed memoranda of understanding with other agencies. Assessment: Generally achieved. Performance expectation: 12. Establish training programs to reduce fraud in the benefits process. Summary of findings: GAO findings: DHS has made progress in establishing training programs to reduce fraud in the benefits process, but more work remains. In 2006 we reported that adjudicators at USCIS service centers and district offices that we visited received some fraud-related information or training subsequent to their initial hire. We reported that USCIS initial adjudicator training provided approximately 4 hours of fraud-related training that focused primarily on detecting fraudulent documents. However, USCIS headquarters officials responsible for field operations told us that there was no standard training regarding fraud trends and that fraud-related training varied across field offices. Our interviews indicated that the frequency and method for distributing ongoing information about fraud detection was not uniform across the service centers and district offices we visited. For more information, see Immigration Benefits: Additional Controls and a Sanctions Strategy Could Enhance DHS's Ability to Control Benefit Fraud, GAO-06-259. DHS updated information: In March and April 2007, DHS provided updated information outlining its training programs to reduce fraud in the benefits process. With regard to adjudication officers, the Office of Fraud Detection and National Security has created an hour anti-fraud module that is provided to adjudicators attending immigration officer basic training, journeyman Immigration Officer training, and supervisory adjudications training. USCIS has also developed training for specific areas with a past history of fraud. For example, USCIS has provided Religious Worker anti-fraud training to 145 officers at the California Service Center where adjudication of religious worker petitions is centralized. With regard to Office of Fraud Detection and National Security Officers, during a basic 3-week national security and anti-fraud course at the Federal Law Enforcement Training Center, instruction is provided to these officers on such areas as Fraud Detection and National Security anti-fraud standard operating procedures, practical training on USCIS and other government systems, interviewing techniques, national security reporting, Headquarters Fraud Detection and National Security intelligence processes, legal issues, and report writing. Additionally, all Immigration Officers and Intelligence Research Specialists must attend the Fraud Detection and National Security Data System training, which serves as the case management system for all fraud and national security related work conducted by the Office of Fraud Detection and National Security, as part of the basic 3-week course and will continue to be provided ongoing training as systems evolve through the use of formal correspondence, informal conference calls, e-newsletters. Our assessment: We conclude that DHS has generally not achieved this performance expectation. USCIS has initiated a number training programs focused on detecting fraud in the benefits process. However, the intent of this performance expectation is not only that DHS has anti-fraud training programs, but also that these programs are delivered to individuals according to their roles and responsibilities for adjudicating applications. DHS did not provide us with evidence on the extent to which it has taken actions to ensure that its anti-fraud training courses have been distributed and implemented appropriately across all field offices, a key concern we identified in our prior work. In addition, DHS did not provide us with evidence that it has taken actions to ensure that all staff receive the anti-fraud training appropriate to their roles and responsibilities in adjudicating certain types of applications. Assessment: Generally not achieved. Performance expectation: 13. Create an office to reduce immigration benefit fraud. Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. USCIS established the Fraud Detection and National Security office to enhance its fraud control efforts by serving as its focal point for addressing immigration benefit fraud. Established in 2003, Fraud Detection and National Security is intended to combat fraud and foster a positive control environment by pursuing objectives to develop, coordinate, and lead the national antifraud operations for USCIS; oversee and enhance policies and procedures pertaining to the enforcement of law enforcement background checks on those applying for immigration benefits; identify and evaluate vulnerabilities in the various policies, practices, and procedures that threaten the legal immigration process; recommend solutions and internal controls to address these vulnerabilities; and act as the primary USCIS conduit and liaison with ICE, CBP, and other members of the law enforcement and intelligence community. For more information, see GAO-06-259; Assessment: Generally achieved. Performance expectation: 14. Implement a fraud assessment program to reduce benefit fraud; Summary of findings: GAO findings: DHS has taken steps to implement a fraud assessment program, but much more work remains. In 2006 we reported that the Office of Fraud Detection and National Security, established in 2003, outlined a strategy for detecting immigration benefit fraud, and undertook two assessments in a series of fraud assessments to identify the extent and nature of fraud for certain immigration benefits. A complimentary effort is USCIS's plan to develop automated fraud analysis tools. USCIS has hired a contractor to develop the Fraud Detection and National Security, an automated capability to screen incoming applications against known fraud indicators, such as multiple applications received from the same person. According to the Office of Fraud Detection and National Security, it planned to deploy an initial data analysis capability by the third quarter of fiscal year 2006 and release additional data analyses capabilities at later dates but could not predict when these latter capabilities would be achieved. However, according to a Fraud Detection and National Security operations manager, the near and midterm plans were not aimed at providing a full data-mining capability. In the long term, USCIS planned to integrate these data analyses tools for fraud detection into a new application management system being developed as part of USCIS's efforts to transform its business processes for adjudicating immigration benefits, which includes developing the information technology needed to support these business processes. Also, in the long term, according to the Fraud Detection and National Security Office Director, a new USCIS application management system would ideally include fraud filters to screen applications and remove suspicious applications from the processing stream before they are seen by adjudicators. For more information, see GAO-06-259. DHS updated information: According to USCIS, the purpose of the benefit fraud assessment is to use statistically valid methods to determine the amount, percentage, and type of fraud in benefit applications to aid USCIS in its efforts to develop anti-fraud strategies, establish priorities for planning purposes, and identify fraud patterns and linkages for referral to ICE. In updated information provided by USCIS in April 2007, USCIS reported that it has completed benefit fraud assessments for the I-140 Immigrant Petition for Alien Workers, I-90 Application to Replace a Permanent Resident Card, and Religious Worker applications. USCIS reported that it is analyzing data from other assessments of the I-129 H1B Employment-based, I-130 Marriage-based, I- 130 Yemeni-specific Family-based, and 1-589 Asylum applications and expect final reports on these assessments to be issued by the end of fiscal year 2007. USCIS also reported that it is conducting an assessment for I-129 L-1A Employment-based application. USCIS reported that as a result of these assessments, it now has baseline data and can focus on developing a more comprehensive benefit fraud assessment strategy. In fiscal year 2008, USCIS intends to issue a roadmap outlining the visa categories for which it will conduct benefit fraud assessments in the future. In addition, USCIS officials stated that development work for the Fraud Detection and National Security Program Data Systems' initial analytical capabilities was completed in the first quarter of fiscal year 2007. USCIS indicated that development delays for the initial analytical capabilities were encountered due to budgetary, contractual, and performance issues. Full implementation of the initial capability was delayed until the second quarter of fiscal year 2007 due to hardware acquisition issues. According to USCIS, procurement activities are underway to award the next development contract with a plan that includes a contract award in early third quarter of fiscal year 2007 with the implementation of follow-on analytical capabilities early in the first quarter of fiscal year 2008. USCIS stated that this procurement was briefly delayed due to an evaluation of another case management software application. A final decision was made in February 2007 to move forward with the development of Fraud Detection and National Security Data System. Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has completed fraud assessments for three types of immigration benefits--having completed two at the time of our March 2006 report--and expects to issue final reports on four additional assessments later in fiscal year 2007. However, USCIS has not yet fully developed a comprehensive strategy for conducting benefit fraud assessments. Until DHS does so and demonstrates successful application of a strategy and approach for conducting fraud assessment, we conclude that DHS has generally not achieved this performance expectation. In addition, DHS has taken actions to develop a data system to identify fraud through automated analysis tools. However, this data analysis capability has not yet been fully implemented. Assessment: Generally not achieved. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [End of table] DHS Has Made Moderate Progress in Securing the Aviation Sector: DHS has implemented a variety of programs to help secure the aviation sector. Within the department, TSA is the primary agency with responsibility for aviation security efforts. TSA was established in 2001 with the mission to protect the transportation network while also ensuring the free movement of people and commerce. Since its inception, TSA has focused much of its efforts on aviation security and has developed and implemented a variety of programs and procedures to secure commercial aviation. For example, TSA has undertaken efforts to strengthen airport security; provide and train a screening workforce; prescreen passengers against terrorist watch lists; and screen passengers, baggage, and cargo. TSA has implemented these efforts in part to meet numerous mandates for strengthening aviation security placed on the agency following the September 11, 2001, terrorist attacks. These mandates set priorities for the agency and guided TSA's initial efforts to enhance aviation security. In addition to TSA, CBP, and DHS's Science and Technology Directorate play roles in securing commercial aviation. In particular, CBP has responsibility for conducting passenger prescreening--or the matching of passenger information against terrorist watch lists--for international flights operating to or from the United States, as well as inspecting inbound air cargo upon its arrival in the United States. The Science and Technology Directorate is responsible for the research and development of aviation security technologies. As shown in table 22, we identified 24 performance expectations for DHS in the area of aviation security, and we found that overall DHS has made moderate progress in meeting those expectations. Specifically, we found that DHS has generally achieved 17 performance expectations and has generally not achieved 7 performance expectations. Table 22: Performance Expectations and Progress Made in Aviation Security: Performance expectation: 1. Implement a strategic approach for aviation security functions. Assessment: Generally achieved. Performance expectation: 2. Establish standards and procedures for effective airport perimeter security. Assessment: Generally not achieved. Performance expectation: 3. Establish standards and procedures to effectively control access to airport secured areas. Assessment: Generally not achieved. Performance expectation: 4. Establish procedures for implementing biometric identifier systems for airport secured areas access control. Assessment: Generally not achieved. Performance expectation: 5. Ensure the screening of airport employees against terrorist watch lists. Assessment: Generally achieved. Performance expectation: 6. Hire and deploy a federal screening workforce. Assessment: Generally achieved. Performance expectation: 7. Develop standards for determining aviation security staffing at airports. Assessment: Generally achieved. Performance expectation: 8. Establish standards for training and testing the performance of airport screener staff. Assessment: Generally achieved. Performance expectation: 9. Establish a program and requirements to allow eligible airports to use a private screening workforce. Assessment: Generally achieved. Performance expectation: 10. Train and deploy federal air marshals on high-risk flights. Assessment: Generally achieved. Performance expectation: 11. Establish standards for training flight and cabin crews. Assessment: Generally achieved. Performance expectation: 12. Establish a program to allow authorized flight deck officers to use firearms to defend against any terrorist or criminal acts. Assessment: Generally achieved. Performance expectation: 13. Establish policies and procedures to ensure that individuals known to pose, or suspected of posing, a risk or threat to security are identified and subjected to appropriate action. Assessment: Generally achieved. Performance expectation: 14. Develop and implement an advanced prescreening system to allow DHS to compare domestic passenger information to the Selectee List and No Fly List. Assessment: Generally not achieved. Performance expectation: 15. Develop and implement an international passenger prescreening process to compare passenger information to terrorist watch lists before aircraft departure. Assessment: Generally not achieved. Performance expectation: 16. Develop and implement processes and procedures for physically screening passengers at airport checkpoints. Assessment: Generally achieved. Performance expectation: 17. Develop and test checkpoint technologies to address vulnerabilities. Assessment: Generally achieved. Performance expectation: 18. Deploy checkpoint technologies to address vulnerabilities. Assessment: Generally not achieved. Performance expectation: 19. Deploy explosive detection systems (EDS) and explosive trace detection (ETD) systems to screen checked baggage for explosives. Assessment: Generally achieved. Performance expectation: 20. Develop a plan to deploy in-line baggage screening equipment at airports; Assessment: Generally achieved. Performance expectation: 21. Pursue the deployment and use of in-line baggage screening equipment at airports. Assessment: Generally achieved. Performance expectation: 22. Develop a plan for air cargo security. Assessment: Generally achieved. Performance expectation: 23. Develop and implement procedures to screen air cargo. Assessment: Generally achieved. Performance expectation: 24. Develop and implement technologies to screen air cargo. Assessment: Generally not achieved. Performance expectation: Total; Assessment: Generally achieved: 17; Assessment: Generally not achieved: 7; Assessment: No assessment made: 0. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [End of table] Table 23 provides more detailed information on the progress that DHS has made in taking actions to achieve each performance expectation in the area of aviation security and our assessment of whether DHS has taken steps to satisfy most of the key elements of the performance expectation (generally achieved) or has not taken steps to satisfy most of the performance expectation's key elements (generally not achieved). Table 23: Performance Expectations and Assessment of DHS Progress in Aviation Security: Performance expectation: 1. Implement a strategic approach for aviation security functions: Summary of findings: GAO findings: DHS has adhered to a strategic approach for implementing its aviation security functions, governed largely by legislative requirements. TSA, which has responsibility for securing all modes of transportation, has also taken steps to ensure that it implements its aviation security functions in a strategic manner. For example, in April 2006, we reported that TSA has spent billions of dollars and implemented a wide range of initiatives to strengthen the key components of its passenger and checked baggage screening systems--people, processes, and technology. These components are interconnected and are critical to the overall security of commercial aviation. For more information, see Aviation Security: Enhancements Made in Passenger and Checked Baggage Screening, but Challenges Remain, GAO-06-371T. DHS updated information: In March 2007, the National Strategy on Aviation Security and its six supporting plans were released. The six supporting plans are Aviation Transportation System Security, Aviation Operational Threat Response, Aviation Transportation System Recovery, Aviation Domain Surveillance and Intelligence Integration, Domestic Outreach, and International Outreach. According to TSA, an Interagency Implementation Working Group was established under TSA leadership in January 2007 to initiate implementation efforts for the 112 actions specified in the supporting plans. Our assessment: We conclude that DHS has generally achieved this performance expectation, as DHS has taken a strategic approach to implementing its aviation security functions, and the National Strategy on Aviation Security has been issued. Assessment: Generally achieved. Performance expectation: 2. Establish standards and procedures for effective airport perimeter security. Summary of findings: GAO findings: In June 2004, we reported on TSA's efforts to strengthen the security of airport perimeters (such as airfield fencing and access gates), the adequacy of controls restricting unauthorized access to secured areas (such as building entryways leading to aircraft), and security measures pertaining to individuals who work at airports. At the time of our review, we found TSA had begun evaluating commercial airport security but had not yet implemented a number of congressionally mandated requirements. We reported that TSA had begun evaluating the security of airport perimeters, but had not yet determined how the results of these evaluations could be used to make improvements to the nation's airport system as a whole. Specifically, we found that TSA had begun conducting regulatory compliance inspections, covert testing of selected security procedures, and vulnerability assessments at selected airports. These evaluations, though not yet complete at the time of our report, identified perimeter security concerns. In addition, we reported that TSA intended to compile baseline data on security vulnerabilities to enable it to conduct a systematic analysis of airport security vulnerabilities on a nationwide basis. TSA said such an analysis was essential since it would allow the agency to determine minimum standards and the adequacy of security policies and help the agency and airports better direct limited resources. Nonetheless, at the time of our review, TSA had not yet developed a plan that prioritized its assessment efforts, provided a schedule for completing these assessments, or described how assessment results would be used to help guide agency decisions on what, if any, security improvements were needed. We are conducting follow-on work in this area. For more information, see Aviation Security: Transportation Security Administration Has Made Progress in Managing a Federal Security Workforce and Ensuring Security at U.S. Airports, but Challenges Remain, GAO-06-597T and Aviation Security: Further Steps Needed to Strengthen the Security of Commercial Airport Perimeters and Access Controls, GAO-04-728. DHS updated information: In April and July 2007, DHS provided us with updated sensitive information on efforts to secure airport perimeters. This information described TSA's plans to assess technology being used to enhance perimeter security, as well as a summary of TSA's policies and procedures related to perimeter security. DHS also provided us with updated sensitive information on its efforts to enhance security procedures for gate screening, aircraft cabin searches, and security measures for personnel identification media. Our assessment: We conclude that DHS has generally not achieved this performance expectation. While DHS has taken actions to enhance perimeter security, DHS did not provide us with evidence that these actions provide for effective airport perimeter security and thus satisfy the intent of this performance expectation. DHS also did not provide information or documentation that it had addressed all of the relevant requirements established in the Aviation and Transportation Security Act and our 2004 recommendations related to (1) identifying security weaknesses of the commercial airport system as a whole, (2) prioritizing funding to address the most critical needs, or (3) reducing the risks posed by airport workers. Until DHS demonstrates how the security efforts it has undertaken have strengthened commercial airport perimeters security, it will be difficult for it to justify its resources needs and clearly identify progress made in the area. Assessment: Generally not achieved. Performance expectation: 3. Establish standards and procedures to effectively control access to airport secured areas. Summary of findings: GAO findings and DHS IG findings: In June 2004 we reported that TSA had begun evaluating the controls that limit access into secured airport areas, but had not completed actions to ensure that all airport workers employed in these areas were vetted prior to being hired and trained. We also reported that TSA had begun evaluating the security of the controls that limited access into secured airport areas, but had not yet determined how the results of these evaluations could be used to make improvements to the nation's airport system as a whole. Specifically, we found that TSA had begun conducting regulatory compliance inspections, covert testing of selected security procedures, and vulnerability assessments at selected airports. These evaluations- -though not completed at the time of our report--identified access control security concerns. For example, TSA identified instances where airport operators failed to comply with existing security requirements. In addition, we reported that TSA intended to compile baseline data on security vulnerabilities to enable it to conduct a systematic analysis of airport security vulnerabilities on a nationwide basis. TSA said such an analysis was essential since it would allow the agency to determine minimum standards and the adequacy of security policies and help the agency and airports better direct limited resources. Nonetheless, at the time of our review, TSA had not yet developed a plan that prioritized its assessment efforts, provided a schedule for completing these assessments, or described how assessment results would be used to help guide agency decisions on what, if any, security improvements were needed. More recently, in March 2007, the DHS IG reported the results of its access control testing at 14 domestic airports of various sizes nationwide. As a result of more than 600 access control tests, the DHS IG identified various recommendations to enhance the overall effectiveness of controls that limit access to airport secured areas. We are conducting follow-on work in this area. For more information, see GAO-06-597T and GAO-04-728. See also Department of Homeland Security Office of Inspector General, Audit of Access to Airport Secured Areas (Unclassified Summary), OIG-07-35 (Washington, D.C., March 15, 2007). DHS updated information: In March, April, and July 2007, DHS provided us with updated information on its efforts to establish standards and procedures for effective access control of airport secured areas. TSA reported that its Aviation Direct Access Screening Program was piloted in March 2006 and disseminated to Federal Security Directors in August 2006 to provide for random screening of airport and airline employees and employees' property and vehicles as they enter secure areas of airports. Transportation security officers screen for the presence of explosives, incendiaries, weapons, and other items of interest as well as improper airport identification. TSA reported that the Aviation Direct Access Screening Program was reissued in March 2007 to include boarding gate screening and aircraft cabin searches and to mandate participation for airports nationwide. TSA also reported that it verifies the identification of individuals present in airport secured areas and assists operators and air carriers in performance of security responsibilities. DHS also provided us with updated sensitive information on its efforts to enhance security procedures for gate screening, aircraft cabin searches, and security measures for personnel identification media, as well as a description of TSA's plans to assess technology being used to enhance access controls and a summary of TSA's access control policies and procedures. Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has taken actions to establish procedures for access control of airport secured areas. However, DHS did not provide us with evidence that these actions provide for effective access control for airport secured areas and thus satisfy the intent of this performance expectation. Additionally, DHS did not provide information or documentation that it had addressed all of the relevant requirements established in the Aviation and Transportation Security Act and our 2004 recommendations related to (1) identifying security weaknesses of the commercial airport system as a whole, (2) prioritizing funding to address the most critical needs, or (3) reducing the risks posed by airport workers. The recent assessment by the DHS OIG identified continuing weaknesses in TSA's procedures to prevent unauthorized individuals from access to secured airport areas. Until DHS demonstrates how the security efforts it has undertaken have strengthened the security of airport access controls, it will be difficult for it to justify its resource needs and clearly identify progress in this area. Assessment: Generally not achieved. Performance expectation: 4. Establish procedures for implementing biometric identifier systems for airport secured areas access control. Summary of findings: GAO findings: In June 2004, we reported that TSA had begun efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems. However, we reported that TSA had not developed a plan for implementing new technologies or balancing the costs and effectiveness of these technologies with the security needs of individual airports and the commercial airport system as a whole. In September 2005, TSA issued a guidance package for biometrics for airport access control. This guidance was primarily directed at airport operators who own and operate access control systems at airports and manufacturers of biometric devices who would need to submit their devices for qualification, including performance testing, in order to be potentially placed on a TSA biometric Qualified Products List. The guidance package includes information on technical and operational requirements and standards, implementation guidance, and a plan for biometric qualified products list. DHS updated information: DHS did not provide us with updated information on its efforts to establish procedures for implementing biometric identifier systems. Our assessment: We conclude that DHS has generally not achieved this performance expectation. Although TSA issued a guidance package, we reported in April 2007 that DHS and industry stakeholders continue to face difficult challenges in ensuring that the biometric access control technologies will work effectively in the maritime environment where the Transportation Worker Identification Credential program (DHS's effort to develop biometric access control systems to verify the identity of individuals accessing secure transportation areas) is being initially tested. Because of the challenges in implementing the system in the maritime environment, DHS has not yet determined how and when it will implement a biometric identification system for access controls at commercials airports. We have initiated ongoing work to further assess DHS's efforts to establish procedures for implementing biometric identifier systems for airport secured areas access control. Assessment: Generally not achieved. Performance expectation: 5. Ensure the screening of airport employees against terrorist watch lists. Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation, as it has worked to ensure the screening of airport employees against terrorist watch lists. We reported that TSA requires most airport workers who perform duties in secured and sterile areas to undergo a fingerprint-based criminal history records check. TSA further requires airport operators to compare applicants' names against the No Fly List and Selectee List. Once workers undergo this review, they are granted access to airport areas in which they perform duties. For more information, see GAO-06- 597T and GAO-04-728. Assessment: Generally achieved. Performance expectation: 6. Hire and deploy a federal screening workforce. Summary of findings: GAO findings: DHS has hired and deployed a federal screening workforce at airports. TSA initially deployed over 50,000 screeners (now called transportation security officers) at over 440 commercial airports nationwide. However, TSA has experienced staffing shortages, and we reported that to accomplish its security mission, TSA needs a sufficient number of passenger and checked baggage transportation security officers trained and certified in the latest screening procedures and technology. We reported in February 2004 that staffing shortages and TSA's hiring process had hindered the ability of some Federal Security Directors to provide sufficient resources to staff screening checkpoints and oversee screening operations at their checkpoints without using additional measures such as overtime. TSA has taken action to address some of these staffing challenges by, for example, developing a model to determine the most appropriate allocation of transportation security officers among airports and implementing human capital initiatives to address hiring and retention challenges. For more information, see GAO-06-597T; Airport Passenger Screening: Preliminary Observations on Progress Made and Challenges Remaining, GAO-03-1173; and Aviation Security: TSA's Staffing Allocation Model Is Useful for Allocating Staff among Airports, but Its Assumptions Should Be Systematically Reassessed, GAO-07-299. DHS updated information: In March 2007, DHS reported that TSA deployed a pay-for-performance system, called Performance Accountability and Standards System, for transportation security officers, lead and supervisory transportation security officers, and screening managers. TSA also reported that it has developed a local, decentralized hiring process to give Federal Security Directors more control over aspects of hiring. Our assessment: We conclude that DHS has generally achieved this performance expectation. We have not yet fully evaluated TSA's pay-for- performance system or its hiring process. However, DHS has hired and deployed a federal screening workforce at airports. Assessment: Generally achieved. Performance expectation: 7. Develop standards for determining aviation security staffing at airports. Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation as DHS has developed standards for determining aviation security staffing levels. In June 2005, TSA submitted its report on aviation security staffing standards to Congress. Known as the Staffing Allocation Model, these standards are intended to provide an objective measure for determining staffing levels for transportation security officers, while staying within the congressionally mandated limit of 45,000 full-time equivalent screeners. In February 2007, we reported that TSA's Staffing Allocation Model is intended to provide a sufficient number of transportation security officers--or screeners--to perform passenger and checked baggage screening through built-in assumptions, which are designed to ensure the necessary levels of security and to minimize wait times, along with multiple monitoring mechanisms to assess the sufficiency of the model's outputs. However, we identified concerns with some of the fiscal year 2006-model assumptions. Further, although TSA officials stated that they plan to conduct an annual review of select assumptions, and based changes to the fiscal year 2007 model on such a review, TSA does not have a mechanism in place for prioritizing its review and for ensuring that all assumptions are periodically validated to help ensure that they reflect operating conditions. We reported that TSA risks basing its staffing allocations on assumptions that do not reflect operating conditions if periodic validations are not conducted. For more information, see GAO-06-597T; Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, GAO-07-448T; and GAO-07-299; Assessment: Generally achieved. Performance expectation: 8. Establish standards for training and testing the performance of airport screener staff; Summary of findings: GAO findings: DHS has established standards for training and testing airport transportation security officers. For example, TSA introduced an Online Learning Center that made self-guided courses available over the Internet. In December 2005, TSA reported completing enhanced explosives detection training for over 18,000 transportation security officers. TSA also implemented and strengthened efforts to collect performance data on the effectiveness of screening operations. For example, TSA increased its use of covert testing to assess the performance of screening operations. However, we identified concerns with transportation security officers' access to online training. In May 2005, we also noted that TSA had not yet begun to use data from local covert testing to identify training and performance needs because of difficulties in ensuring that local covert testing was implemented consistently nationwide, although TSA is taking some actions to address this issue. In April 2007, we reported that TSA monitors transportation security officers' compliance with passenger checkpoint screening standard operating procedures through its performance accountability and standards system and through local and national covert testing. According to TSA officials, the agency developed the performance accountability and standards system in response to our 2003 report that recommended that TSA establish a performance management system that makes meaningful distinctions in employee performance and in response to input from TSA airport staff on how to improve passenger and checked baggage screening measures. This system is used by TSA to measure transportation security officers' compliance with passenger checkpoint screening procedures. We have ongoing work assessing TSA's covert testing program, which we will complete later this year. For more information, see GAO-597T; Aviation Security: Screener Training and Performance Measurement Strengthened, but More Work Remains, GAO-05-457; and GAO-07-448T. DHS updated information: In March 2007, DHS provided us with updated information on its efforts to train and test the performance of airport screener staff. TSA reported that its Aviation Screening Assessment Program, which is to be implemented at all airports this year, is intended to use local screening workforce and Bomb Appraisal Officers to perform covert testing of passenger and baggage screening capabilities. TSA reported that the program is intended to measure screening performance using standardized test scenarios. In addition, TSA reported that it is implementing Improvised Explosive Devices Checkpoint Screening Drills in which transportation security officers will be routinely exposed to simulated items, without warning. Our assessment: We conclude that DHS has generally achieved this performance expectation, as DHS has established standards for training and testing for airport transportation security officers. Assessment: Generally achieved. Performance expectation: 9. Establish a program and requirements to allow eligible airports to use a private screening workforce. Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation, as DHS has taken actions to establish a program that allows eligible airports to use private screeners. In March 2006, we reported that TSA created the Screening Partnership Program to allow all commercial airports an opportunity to apply to TSA for permission to use qualified private screening contractors and private sector screeners. We noted that TSA developed performance goals and began drafting related measures and targets to assess the performance of private screening contractors under the Screening Partnership Program in the areas of security, customer service, costs, workforce management, and innovation. However, we noted that as TSA moved forward with this program, it had opportunities to strengthen the management and oversight of the program, including providing clear guidance to program applicants on their roles and responsibilities at airports where a privatized screener workforce operates and identifying the underlying reasons for the small number of program applicants. For more information, see Aviation Security: Progress Made to Set Up Program Using Private-Sector Airport Screeners, but More Work Remains, GAO-06-166 and Aviation Security: Preliminary Observations on TSA's Progress to Allow Airports to Use Private Passenger and Baggage Screening Services, GAO-05-126; Assessment: Generally achieved. Performance expectation: 10. Train and deploy federal air marshals on high-risk flights; Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation, as DHS has trained and deployed federal air marshals on flights deemed high-risk. To carry out its mission, the Federal Air Marshal Service deploys federal air marshals on board flights either destined for or originating in the United States. Deployed to passenger flights, federal air marshals dress in plain clothes to blend in with other passengers and perform their duties discreetly in an effort to avoid drawing undue attention to themselves. We have ongoing work assessing the Federal Air Marshal Service program. For more information, see Aviation Security: Federal Air Marshal Service Could Benefit from Improved Planning and Controls, GAO-06-203; Assessment: Generally achieved. Performance expectation: 11. Establish standards for training flight and cabin crews; Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation, as it has established standards for training flight and cabin crews. In September 2005, we reported that TSA enhanced guidance and standards for flight and cabin crew member security training with input from stakeholders. Specifically, TSA revised the guidance and standards to include additional training elements required by law and to improve the organization and clarity of the guidance and standards. TSA also took steps to strengthen its efforts to oversee air carriers' flight and cabin crew security training to ensure they were complying with the required guidance and standards. For example, in January 2005, TSA added staff with expertise in designing training programs to review air carriers' crew member security training curriculums and developed a standard form for staff to use to conduct their reviews. TSA also developed an advanced voluntary self-defense training program with input from stakeholders and implemented the program in December 2004. However, we noted that TSA had not established strategic goals and performance measures for assessing the effectiveness of the training because it considered its role in the training program as regulatory. We also noted that TSA lacked adequate controls for monitoring and reviewing air carriers' crew member security training, including written procedures for conducting and documenting these reviews. For more information, see Aviation Security: Flight and Cabin Crew Member Security Training Strengthened, but Better Planning and Internal Controls Needed, GAO-05-781; Assessment: Generally achieved. Performance expectation: 12. Establish a program to allow authorized flight deck officers to use firearms to defend against any terrorist or criminal acts; Summary of findings: GAO and DHS IG findings: According to the DHS IG, TSA's Federal Flight Deck Officer program is to select, train, deputize, arm with handguns, and supervise volunteer airline pilots and other flight deck crew members for the purpose of defending the flight decks of passenger and cargo aircraft. The IG reported in December 2006, they surveyed a sample of federal flight deck officers to identify pilot concerns about the Federal Flight Deck Officer program. Pilot concerns included not being given time off to attend training, the remote location of the training and the amount of time needed to get to the training site, TSA's weapons carriage policy, and the type of credentials used to identify federal flight deck officers. These concerns may have dissuaded pilots from participating in the program, thus reducing the number of federal flight deck officers. In December 2005, management of the Federal Flight Deck Officer program was assigned to TSA's Office of Law Enforcement-Federal Air Marshal Service. This office established focus groups to foster communications among the federal flight deck officer community, the airline industry, and professional associations, and to address federal flight deck officer operational concerns. Also, the office management established a federal flight deck officer working group to assess recommendations on proposals concerning federal flight deck officer credentials and badges, checkpoint requirements, weapons issues (including transport, storage, and qualifications), communications protocols, training, and industry liaison. While TSA has now trained and deputized federal flight deck officers and has addressed various procedural and process issues, the DHS IG concluded that more needed to be accomplished to maximize the use of federal flight deck officers on international and domestic flights. TSA continues to work with federal flight deck officers, Federal Security Directors, and industry to improve Federal Flight Deck Officer program effectiveness. For more information, see Department of Homeland Security Office of Inspector General, Improvements Needed in TSA's Federal Flight Deck Officer Program, OIG- 07-14 (Washington, D.C.: December 2006). DHS updated information: In March 2007, DHS reported that it has implemented a Federal Flight Deck Officer program for all-cargo aircraft operators and noted that this program provides training to pilots, program management, resources, and equipment to protect the aircraft. Our assessment: We conclude that DHS has generally achieved this performance expectation. The DHS IG reported that TSA has established and is working to improve the Federal Flight Deck Officer Program. However, the DHS IG also reported that a variety of challenges have affected the program, including the amount of time and location of training, the weapons carriage policy, and type of credentials used to identify federal flight deck officers. Assessment: Generally achieved. Performance expectation: 13. Establish policies and procedures to ensure that individuals known to pose, or suspected of posing, a risk or threat to security are identified and subjected to appropriate action. Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. TSA ensures that all passengers on domestic flights are checked against the Selectee List and No Fly List. Passenger prescreening is used to identify passengers who may pose a higher risk to aviation security than other passengers and therefore should receive additional and more thorough security scrutiny. Air carriers check passenger information against government supplied watch lists that contain the names of individuals who, for certain reasons, are either not allowed to fly (the No Fly List) or pose a higher than normal risk and therefore require additional security attention (the Selectee List). Passengers on the No Fly List are denied boarding passes and are not permitted to fly unless cleared by law enforcement officers. Passengers who are on the Selectee List are issued boarding passes, and they and their baggage undergo additional security measures. For more information, see Aviation Security: Secure Flight Development and Testing Under Way, but Risks Should Be Managed as System Is Further Developed, GAO-05-356; Assessment: Generally achieved. Performance expectation: 14. Develop and implement an advanced prescreening system to allow DHS to compare domestic passenger information to the Selectee List and No Fly List; Summary of findings: GAO findings: DHS is developing an advanced passenger prescreening system called Secure Flight. However, TSA has faced challenges in developing and implementing Secure Flight and has not yet completed its development efforts. In 2006 we reported that TSA had not conducted critical activities in accordance with best practices for large-scale information technology programs and had not followed a disciplined life cycle approach in developing Secure Flight, in which all phases of the project are defined by a series of orderly steps and the development of related documentation. We also found that while TSA had taken steps to implement an information security management program for protecting Secure Flight information and assets, its efforts were incomplete, based on federal standards and industry best practices. In addition, in 2006 we reported that prior to TSA's rebaselining effort of Secure Flight, several oversight reviews of the program had been conducted that raised questions about program management, including the lack of fully defined requirements. In January 2007, TSA reported that it has completed its rebaselining efforts, which included reassessing program goals and capabilities and developing a new schedule and cost estimates. However, we have not yet assessed TSA's progress in addressing past problems. In February 2007, we reported that as TSA moves forward with Secure Flight, it will need to employ a range of program management disciplines, which we previously found missing, to control program cost, schedule, performance, and privacy risks. We have ongoing work reviewing DHS's efforts to develop and implement Secure Flight, including progress made during its rebaselining efforts. For more information, see Aviation Security: Management Challenges Remain for the Transportation Security Administration's Secure Flight Program, GAO-06-864T; Aviation Security: Transportation Security Administration Did Not Fully Disclose Uses of Personal Information during Secure Flight Program Testing in Initial Privacy Notes, but Has Recently Taken Steps to More Fully Inform the Public, GAO-05-864R; and Aviation Security: Secure Flight Development and Testing Under Way, but Risks Should Be Managed as System Is Further Developed, GAO-05-356; DHS updated information: In March 2007, DHS provided us with updated information on its efforts to develop and implement Secure Flight. DHS reported that as a result of its rebaselining efforts, government controls were developed to implement Secure Flight, and DHS provided information on Secure Flight's technical and system engineering management plans and requirements, concept of operations, risk assessments, and privacy issues. DHS reported that it plans to begin parallel operations with the first groups of domestic aircraft operators in the first quarter of fiscal year 2009 and to take over full responsibility for watch list matching in fiscal year 2010; Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS is continuing efforts to develop the Secure Flight program, but has not yet completed its development efforts and has not yet implemented the program; Assessment: Generally not achieved. Performance expectation: 15. Develop and implement an international passenger prescreening process to compare passenger information to terrorist watch lists before aircraft departure; Summary of findings: GAO findings: DHS has not yet implemented enhancements to its passenger prescreening process for passengers on international flights departing from or bound to the United States. We recently reported that the existing identity-matching component of DHS's process involves separate matching activities conducted by air carriers (prior to a flight's departure and pursuant to TSA requirements) and by CBP (generally after a flight's departure). We reported that as with domestic passenger prescreening, air carriers conduct an initial match of self-reported passenger name record data against the No Fly List and Selectee List before international flight departures. CBP's process, in effect, supplements the air carrier identity-matching for international flights by comparing additional passenger information collected from passports (this information becomes part of Advanced Passenger Information System data), against the No Fly List and Selectee List and other government databases. Under current federal regulations for CBP's prescreening of passengers on international flights, air carriers are required to provide the U.S. government with passenger name record data as well as Advanced Passenger Information System data to allow the government to conduct, among other things, identity matching procedures against the No Fly List and Selectee List--which typically occur just after or at times just before the departure of international flights traveling to or from the United States, respectively. To address a concern that the federal government's identity matching may not be conducted in a timely manner, in 2004, Congress mandated that DHS issue a proposed rule requiring that the U.S. government's identity-matching process occur before the departure of international flights. CBP published this proposed rule in July 2006 and, if implemented, it would allow the U.S. government to conduct passenger prescreening in advance of flight departure, and would eliminate the need for air carriers to continue performing an identity-matching function for international flights. For more information, see GAO-07-448T and Aviation Security: Efforts to Strengthen International Passenger Prescreening Are Under Way, but Planning and Implementation Issues Remain, GAO-07-346; DHS updated information: In March 2007, TSA reported that it was working with CBP to combine the predeparture Advance Passenger Information System and Secure Flight into one DHS solution; Our assessment: We conclude that DHS has generally not achieved this performance expectation. We identified various problems with DHS's implementation of the international prescreening process and made recommendations to help address some of those concerns. In addition, while efforts to define functional requirements and operations are underway for aligning international and domestic passenger prescreening, full implementation of an integrated system will not occur for several years, as Secure Flight is not yet operational for domestic passenger prescreening; Assessment: Generally not achieved. Performance expectation: 16. Develop and implement processes and procedures for physically screening passengers at airport checkpoints; Summary of findings: GAO findings: DHS has developed and implemented processes and procedures for screening passengers at checkpoints. Passenger screening is a process by which authorized TSA personnel inspect individuals and property to deter and prevent the carriage of any unauthorized explosives, incendiary, weapon, or other dangerous item onboard an aircraft or into a sterile area. Authorized TSA personnel must inspect individuals for prohibited items at designated screening locations. The passenger-screening functions are X-ray screening of property, walk-through metal detector screening of individuals, hand-wand or pat-down screening of individuals, physical search of property and trace detection for explosives, and behavioral observation. We have also reported that TSA has developed processes and procedures for screening passengers at security checkpoints, balancing security needs with efficiency and customer service considerations. TSA has also revised these policies and procedures to generally improve the efficiency, effectiveness, and clarity of the procedures, but could improve the evaluation of procedures before they are implemented. In April 2007, we reported that standard operating procedures modifications were proposed based on the professional judgment of TSA senior-level officials and program-level staff. In some cases, TSA tested proposed modifications at selected airports to help determine whether the changes would achieve their intended purpose. However, we reported that TSA's data collection and analyses could be improved to help TSA determine whether proposed procedures that are operationally tested would achieve their intended purpose. We also reported that TSA's documentation on proposed modifications to screening procedures was not complete. We noted that without more complete documentation, TSA may not be able to justify key modifications to passenger screening procedures to Congress and the traveling public. For more information, see Aviation Security: Risk, Experience, and Customer Concerns Drive Changes to Airline Passenger Screening Procedures, but Evaluation and Documentation of Proposed Changes Could Be Improved, GAO-07-634; Aviation Security: TSA's Change to Its Prohibited Items List Has Not Resulted in Any Reported Security Incidents, but the Impact of the Change on Screening Operations Is Inconclusive, GAO-07-623R; GAO-03- 1173; and GAO-06-371T. DHS updated information: In March 2007, DHS reported that it trained tens of thousands of transportation security officers and took various regulatory actions to address concerns regarding liquids and gels carried aboard aircraft. DHS reported that TSA worked with technical experts and counterparts in other countries to harmonize security procedures. TSA also reported making changes to the Prohibited Items List to allow transportation security officers to focus on detecting high-risk threats which have the ability to cause catastrophic damage, such as improvised explosive devices. Moreover, TSA provided information on two recent initiatives intended to strengthen the passenger checkpoint screening process. TSA's Screening Passenger by Observation Technique program is a behavior observation and analysis program designed to provide TSA Behavior Detection Officers with a nonintrusive means of identifying potentially high-risk individuals who exhibit behaviors indicative of inordinate levels of stress, fear, and/or deception that could indicate possible terrorist or criminal activity. TSA reported that this program is implemented using a threat- based strategy and is based on other behavioral analysis programs used by law enforcement and security personnel. In addition, TSA's Travel Document Checker program replaces current travel document checkers with transportation security officers who have access to sensitive security information on the threat posture of the aviation industry and check for fraudulent documents. Our assessment: We conclude that DHS has generally achieved this performance expectation, as DHS has developed and implemented processes and procedures for screening passengers at airport checkpoints. Assessment: Generally achieved. Performance expectation: 17. Develop and test checkpoint technologies to address vulnerabilities. Summary of findings: GAO findings: DHS has undertaken efforts to develop and test checkpoint technologies to address vulnerabilities that may be exploited by identified threats such as improvised explosive devices. For example, TSA recently placed increased focus on the threats posed by liquid explosives and has been developing technology to automatically detect liquid explosives in bottles. TSA has also been modifying commercial-off-the-shelf technologies to mitigate threats posed by passengers bearing improvised explosive devices. However, these machines do not automatically detect explosives. For example, TSA is modifying a whole body image to screen passengers for explosives, plastics, and metals otherwise obfuscated by clothing. The machine uses x-ray backscatter technology to produce an image that transportation security officers interpret. We are currently reviewing DHS and TSA's efforts to develop and test technologies and will be reporting on these efforts later this year. For more information, see GAO-06-371T. DHS updated information: In March 2007, DHS provided us with updated information on its efforts to develop and test checkpoint technologies. TSA reported that it is exploring portable explosive detection system units and explosive trace portals at various airport locations and is operationally testing a whole body imaging system. TSA also reported that it is planning to pilot test a cast and prosthetics screening technology and an automated explosives detection system for carry-on baggage. TSA also reported that, in partnership with the Science and Technology Directorate, it is assessing the capabilities of advanced x- ray technologies to provide enhanced capabilities in the detection of improvised explosives devices in carry-on items. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has reported taking actions to develop and test checkpoint technologies. The full extent of DHS's efforts is the focus of an ongoing GAO review scheduled for completion later this year. Assessment: Generally achieved. Performance expectation: 18. Deploy checkpoint technologies to address vulnerabilities. Summary of findings: GAO findings: DHS has not yet deployed checkpoint technologies to address key existing vulnerabilities. For example, in July 2006, TSA provided us with information that 97 explosives trace portal machines had been installed at over 37 airports. This new technology uses puffs of air to help detect the presence of explosives on individuals. However, DHS identified problems with these machines and has halted their deployment. DHS's fiscal year 2007 budget request stated that TSA expected that 434 explosives trace portal machines would be in operation throughout the country by September 2007. TSA is also developing backscatter technology, but limited progress has been made in fielding this technology at airport passenger screening checkpoints. We are currently reviewing TSA's technology development and deployment efforts and will be reporting on these efforts later this year. For more information, see GAO-06-371T. DHS updated information: DHS reported in March 2007 that extensive deployment of new technologies will not be realized for another 2 years. Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has faced challenges and delays in deploying checkpoint technologies to effectively address vulnerabilities, and TSA has reported that deployment of new technologies is likely 2 years away. Assessment: Generally not achieved. Performance expectation: 19. Deploy EDS and ETD systems to screen checked baggage for explosives. Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation, as TSA has deployed EDS and ETD systems at the nation's airports. From November 2001 through June 2006, TSA procured and installed about 1,600 EDS machines and about 7,200 ETD machines to screen checked baggage for explosives at over 400 commercial airports. TSA made progress in fielding EDS and ETD equipment at the nation's airports, placing this equipment in a stand-alone mode--usually in airport lobbies--to conduct the primary screening of checked baggage for explosives, due to congressional mandates to field the equipment quickly and limitations in airport design. For more information, see Aviation Security: TSA Oversight of Checked Baggage Screening Procedures Could Be Strengthened, GAO-06-869 and GAO-06-371T. Assessment: Generally achieved. Performance expectation: 20. Develop a plan to deploy in-line baggage screening equipment at airports. Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed a plan to deploy in-line baggage screening equipment at airports, based in part on a recommendation we made. The plan is aimed at increasing security through deploying more EDS machines, lowering program life- cycle costs, minimizing impacts on TSA and airport and airline operations, and providing a flexible security infrastructure. In March 2005, we reported that at nine airports where TSA had agreed to help fund the installation of in-line EDS systems, TSA estimated that screening with in-line EDS machines could save the federal government about $1.3 billion over 7 years. In February 2006, TSA reported that many of the initial in-line EDS systems did not achieve the anticipated savings. However, recent improvements in the design of the in-line EDS systems and EDS screening technology offer the opportunity for higher- performance and lower-cost screening systems. Screening with in-line EDS systems may also result in security benefits by reducing the need for TSA to use alternative screening procedures, such as screening with explosives detection canines and physical bag searches, which involve trade-offs in security effectiveness. For more information, see GAO-06- 869; GAO-06-371T; and GAO-07-448T. Assessment: Generally achieved. Performance expectation: 21. Pursue the deployment and use of in-line baggage screening equipment at airports. Summary of findings: GAO findings: Despite delays in the widespread deployment of in-line systems due to the high upfront capital investment required, DHS is pursuing the deployment and use of in-line explosives detection equipment and is seeking creative financing solutions to fund the deployment of these systems. TSA determined that recent improvements in the design of the in-line EDS systems and EDS screening technology offer the opportunity for higher performance and lower cost screening systems. Screening with in-line EDS systems could also result in security benefits by reducing congestion in airport lobbies and reducing the need for TSA to use alternative screening procedures, such as screening with explosives detection canines and physical bag searches. TSA's use of these procedures, which are to be used only when volumes of baggage awaiting screening pose security vulnerabilities or when TSA officials determine that there is a security risk associated with large concentrations of passengers in an area, has involved trade-offs in security effectiveness. TSA has begun to systematically plan for the optimal deployment of checked baggage screening systems, but resources have not been made available by Congress to fund the installation of in-line EDS machines on a large- scale basis. TSA reported that as of June 2006, 25 airports had operational in-line EDS systems and an additional 24 airports had in- line systems under development. In May 2006, TSA reported that under current investment levels, installation of optimal checked baggage screening systems would not be completed until approximately 2024. For more information, see GAO-06-869 and GAO-06-371T. DHS updated information: In March 2007, DHS reported that it is working with its airport and air carrier stakeholders to improve checked baggage screening solutions and to look creatively at in-line baggage screening system solutions to enhance security and free up lobby space at airports. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has undertaken efforts to deploy and use in-line baggage screening equipment, but challenges exist to deploying in-line systems due to the high costs of the systems and questions regarding how the systems will be funded. Assessment: Generally achieved. Performance expectation: 22. Develop a plan for air cargo security. Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed a strategic plan for domestic air cargo security and has taken actions to use risk management principles to guide investment decisions related to air cargo bound for the United States from a foreign country, referred to as inbound air cargo, but these actions are not yet complete. With regard to domestic air cargo, we reported that TSA completed an Air Cargo Strategic Plan in November 2003 that outlined a threat-based risk management approach to securing the nation's air cargo transportation system. TSA's plan identified strategic objectives and priority actions for enhancing air cargo security based on risk, cost, and deadlines. With regard to inbound air cargo, in April 2007, we reported that TSA and CBP have taken some preliminary steps to use risk management principles to guide their investment decisions related to inbound air cargo, as advocated by DHS, but most of these efforts are in the planning stages. We reported that although TSA completed a risk-based strategic plan to address domestic air cargo security, it has not developed a similar strategy for addressing inbound air cargo security, including how best to partner with CBP and international air cargo stakeholders. Further, TSA has identified the primary threats associated with inbound air cargo, but has not yet assessed which areas of inbound air cargo are most vulnerable to attack and which inbound air cargo assets are deemed most critical to protect. TSA plans to assess inbound air cargo vulnerabilities and critical assets--two crucial elements of a risk-based management approach--but has not yet established a methodology or time frame for how and when these assessments will be completed. Without such assessments, we reported that TSA may not be able to appropriately focus its resources on the most critical security needs. We recommended that TSA more fully develop a risk-based strategy to address inbound air cargo security, including establishing goals and objectives for securing inbound air cargo and establishing a methodology and time frames for completing assessments of inbound air cargo vulnerabilities and critical assets that can be used to help prioritize the actions necessary to enhance security. For more information, see Aviation Security: Federal Action Needed to Strengthen Domestic Air Cargo Security, GAO-06-76, and Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, GAO-07-660. Assessment: Generally achieved. Performance expectation: 23. Develop and implement procedures to screen air cargo. Summary of findings: GAO findings: DHS has taken actions to develop and implement procedures for screening domestic air cargo.[A] With regard to domestic air cargo, air carriers are responsible for implementing TSA security requirements that include measures related to the acceptance, handling, and inspection of cargo; training of employees in security and cargo inspection procedures; testing employee proficiency in cargo inspection; and access to cargo areas and aircraft, and TSA inspects carriers' compliance. We reported in October 2005 that TSA had significantly increased the number of domestic air cargo inspections conducted of air carrier and indirect air carrier compliance with security requirements. We also reported that TSA exempted certain cargo from random inspection because it did not view the exempted cargo as posing a significant security risk. However, airline industry stakeholders told us that while the rationale for exempting certain types of cargo from random inspection was understandable, the exemptions may have created potential security risks and vulnerabilities. Partly on the basis of a recommendation we made, TSA is evaluating existing exemptions to determine whether they pose a security risk and has reduced some exemptions that were previously allowed. We also noted that TSA had not developed performance measures to determine to what extent air carriers and indirect air carriers were complying with security requirements and had not analyzed the results of inspections to systematically target future inspections on those entities that pose a higher security risk to the domestic air cargo system. We have reported that without these performance measures and systematic analyses, TSA would be limited in its ability to effectively target its workforce for future inspections and fulfill its oversight responsibilities for this essential area of aviation security. With regard to inbound air cargo, in April 2007, we reported that TSA issued its air cargo security rule in May 2006, which included a number of provisions aimed at enhancing the security of inbound air cargo. For example, the final rule acknowledged that TSA amended its security directives and programs to triple the percentage of cargo inspected on domestic and foreign passenger aircraft. To implement the requirements contained in the air cargo security rule, TSA drafted revisions to its existing security programs for domestic and foreign passenger air carriers and created new security programs for domestic and foreign all- cargo carriers. However, we reported that TSA requirements continue to allow inspection exemptions for certain types of inbound air cargo transported on passenger air carriers. We reported that this risk was further heightened because TSA has limited information on the background of and security risk posed by foreign shippers whose cargo may fall within these exemptions. TSA officials stated that the agency is holding discussions with industry stakeholders to determine whether additional revisions to current air cargo inspection exemptions are needed. We also reported that TSA inspects domestic and foreign passenger air carriers with service to the United States to assess whether the air carriers are complying with air cargo security requirements, such as inspecting a certain percentage of air cargo. We reported, however, that TSA did not currently inspect all air carriers transporting cargo into the United States. While TSA's compliance inspections provide useful information, the agency has not developed an inspection plan that includes performance goals and measures to determine to what extent air carriers are complying with security requirements. For more information, see GAO-06-76 and GAO-07-660. DHS updated information: In March 2007, DHS provided us with updated information on its efforts to develop and implement procedures for screening air cargo. DHS noted that because the Aviation and Transportation Security Act set specific milestones for screening cargo and baggage carried on passenger aircraft, TSA focused initially on passenger aircraft. DHS issued the Air Cargo Security Requirements Final Rule in May 2006 that requires airports that currently maintain a Security Identification Display Area to expand the area to air cargo operating areas. At airports where a Security Identification Display Area is nonexistent but all-cargo operations occur, TSA requires aircraft operators to incorporate other security measures, such as security threat assessments for all persons with unescorted access to cargo, into their programs. TSA also reported that as of March 2007, it had 300 inspectors dedicated solely to oversight of the air cargo supply chain. During 2006, TSA reported that inspectors conducted more than 31,000 compliance reviews of air carriers and freight consolidators and have conducted covert testing of the domestic air cargo supply chain. TSA also reported that it is developing an air cargo risk-based targeting system to assess the risk of cargo to be moved on all aircraft operating within the United States. Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed and implemented procedures to screen domestic and inbound air cargo. Furthermore, TSA has significantly increased the number of domestic air cargo inspections conducted of air carrier and indirect air carrier compliance with security requirements. However, as we previously reported, TSA requirements continue to allow inspection exemptions for certain types of inbound air cargo transported on passenger air carriers, which could create security vulnerabilities, and TSA has limited information on the background of and security risk posed by foreign shippers whose cargo may fall within these exemptions. Assessment: Generally achieved. Performance expectation: 24. Develop and implement technologies to screen air cargo. Summary of findings: GAO findings: DHS has not yet developed and implemented technologies needed to screen air cargo. TSA's plans for enhancing air cargo security include developing and testing air cargo inspection technology. However, these planned enhancements may pose operational, financial, and technological challenges to the agency and air cargo industry stakeholders. In October 2005 we reported that TSA had completed a pilot program focused on testing the applicability of EDS technology to inspect individual pieces of air cargo, referred to as break bulk cargo. Although EDS is an approved method for inspecting passenger baggage, it had not been tested by TSA to determine its effectiveness in inspecting air cargo. According to TSA officials, TSA must review the results of its EDS pilot test before the agency would determine whether to certify EDS for inspecting air cargo. According to TSA officials, the agency has also been pursuing multiple technologies to automate the detection of explosives in the types and quantities that would cause catastrophic damage to an aircraft in flight. TSA planned to develop working prototypes of these technologies by September 2006 and complete operational testing by 2008. TSA acknowledged that full development of these technologies may take 5 to 7 years. In April 2007, we reported that DHS has taken some steps to incorporate new technologies into strengthening the security of air cargo, which will affect both domestic and inbound air cargo. However, we reported that TSA and DHS's Science and Technology Directorate were in the early stages of evaluating available aviation security technologies to determine their applicability to the domestic air cargo environment. TSA and the Science and Technology Directorate are seeking to identify and develop technologies that can effectively inspect and secure air cargo with minimal impact on the flow of commerce. According to TSA officials, there is no single technology capable of efficiently and effectively inspecting all types of air cargo for the full range of potential terrorist threats, including explosives and weapons of mass destruction. Accordingly, TSA, together with the Science and Technology Directorate, is conducting a number of pilot programs that are testing a variety of different technologies that may be used separately or in combination to inspect and secure air cargo. These pilot programs seek to enhance the security of air cargo by improving the effectiveness of air cargo inspections through increased detection rates and reduced false alarm rates, while addressing the two primary threats to air cargo identified by TSA--hijackers on an all-cargo aircraft and explosives on passenger aircraft. TSA anticipates completing its pilot tests by 2008, but has not yet established time frames for when it might implement these methods or technologies for the inbound air cargo system. According to DHS and TSA officials, further testing and analysis will be necessary to make determinations about the capabilities and costs of these technologies when employed for inspecting inbound air cargo at foreign locations. For more information, see GAO-06-76 and GAO-07-660. DHS updated information: In March 2007, DHS provided us with updated information on its efforts to develop and implement air cargo screening technologies. TSA reported that new technologies to physically screen air cargo will not be available in the near term. TSA reported that it is using and improving existing technologies to screen air cargo. For example, TSA reported increasing the use of canine teams and stated that these teams dedicate about 25 percent of their time of air cargo security activities. Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS focused initial aviation security efforts on fulfilling congressional mandates related to passenger and baggage screening and has faced challenges in its efforts to develop and implement air cargo screening technologies. In prior work, we reported that TSA has taken actions to develop technologies for screening air cargo, but had not yet tested the effectiveness of various technologies in inspecting air cargo. We also reported that full development of technologies for screening air cargo may be years away. Assessment: Generally not achieved. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken a sufficient number of actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [A] The terms "inspecting" and "screening" have been used interchangeably by TSA to denote some level of examination of a person or good, which can entail a number of different actions, including manual physical inspections to ensure that cargo does not contain weapons, explosives, or stowaways, or inspections using nonintrusive technologies that do not require the cargo to be opened in order to be inspected. For this and the subsequent performance expectation, we use the term "screen" to refer to this broad range of activities. However, in our April 2007 report that is referenced in this performance expectation's associated findings section, the term "screening" was used when referring to TSA or CBP efforts to apply a filter to analyze cargo related information to identify cargo shipment characteristics or anomalies for security risks. The term "inspection" was used to refer only to air carrier, TSA, or CBP efforts to examine air cargo through physical searches and the use of nonintrusive technologies. [End of table] DHS Has Made Moderate Progress in Securing Surface Transportation Modes: DHS has undertaken various initiatives to secure surface transportation modes, and within the department, TSA is primarily responsible for surface transportation security efforts. Since its creation following the events of September 11, 2001, TSA has focused much of its efforts and resources on meeting legislative mandates to strengthen commercial aviation security. However, TSA has more recently placed additional focus on securing surface modes of transportation, which includes establishing security standards and conducting assessments and inspections of surface transportation modes such as passenger and freight rail; mass transit; highways, including commercial vehicles; and pipelines. Although TSA has primary responsibility within the department for surface transportation security, the responsibility for securing rail and other transportation modes is shared among federal, state, and local governments and the private sector. For example, with regard to passenger rail security, in addition to TSA, DHS's Office of Grant Programs provides grant funds to rail operators and conducts risk assessments for passenger rail agencies. Within the Department of Transportation, the Federal Transit Administration and Federal Railroad Administration have responsibilities for passenger rail safety and security. In addition, public and private passenger rail operators are also responsible for securing their rail systems. As shown in table 24, we identified five performance expectations for DHS in the area of surface transportation security, and we found that overall DHS has made moderate progress in meeting those performance expectations. Specifically, we found that DHS has generally achieved three of these performance expectations and has generally not achieved two others. Table 24: Performance Expectations and Progress Made in Surface Transportation Security: Performance expectation: 1. Develop and adopt a strategic approach for implementing surface transportation security functions. Assessment: Generally achieved. Performance expectation: 2. Conduct threat, criticality, and vulnerability assessments of surface transportation assets. Assessment: Generally achieved. Performance expectation: 3. Issue standards for securing surface transportation modes. Assessment: Generally not achieved. Performance expectation: 4. Conduct compliance inspections for surface transportation systems. Assessment: Generally not achieved. Performance expectation: 5. Administer grant programs for surface transportation security. Assessment: Generally achieved. Performance expectation: Total; Assessment: Generally achieved: 3; Assessment: Generally not achieved: 2; Assessment: No assessment made: 0. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [End of table] Table 25 provides more detailed information on the progress that DHS has made in taking actions to achieve each performance expectation in the area of surface transportation security and our assessment of whether DHS has taken steps to satisfy most of the key elements of the performance expectation (generally achieved) or has not taken steps to satisfy most of the performance expectation's key elements (generally not achieved). Table 25: Performance Expectations and Assessment of DHS Progress in Surface Transportation Security: Performance expectation: 1. Develop and adopt a strategic approach for implementing surface transportation security functions; Summary of findings: GAO findings: DHS has developed a strategic approach for securing surface transportation modes, which include mass transit, passenger rail, freight rail, commercial vehicles, pipelines, and related infrastructure such as roads and highways. In the past we have reported that TSA had not issued the Transportation Sector Specific Plan or supporting plans for securing all modes of transportation, in accordance with DHS's National Infrastructure Protection Plan and a December 2006 executive order. We reported that until TSA issued the sector-specific plan and supporting plans, it lacked a clearly communicated strategy with goals and objectives for securing the transportation sector. In addition, in March 2007, we testified that as of September 2005, DHS had begun developing, but had not yet completed a framework to help federal agencies and the private sector develop a consistent approach for analyzing and comparing risks to transportation and other critical sectors. For more information, see Passenger Rail Security: Enhanced Leadership Needed to Prioritize and Guide Security Efforts, GAO-07-225T and Passenger Rail Security: Federal Strategy and Enhanced Coordination Needed to Prioritize and Guide Security Efforts, GAO-07-583T; DHS updated information: In May 2007, DHS issued the sector-specific plan for transportation systems and supporting annexes for surface transportation assets, and reported taking actions to adopt the strategic approach outlined by the plan. The Transportation Systems Sector-Specific Plan and its supporting modal implementation plans and appendixes establish a strategic approach based on the National Infrastructure Protection Plan and Executive Order 13416, Strengthening Surface Transportation Security. The Transportation Systems Sector-Specific Plan describes the security framework that is intended to enable sector stakeholders to make effective and appropriate risk-based security and resource allocation decisions. The key efforts to be undertaken according to the plan include the (1) identification of assets, systems, networks and functions to be protected; (2) assessment of risks; (3) prioritization of risk management options; (4) development and implementation of security programs; (5) measurement of progress; (6) assessment and prioritization of research and development investments; and (7) management and coordination of sector responsibilities, including the sharing of information. In addition, during the course of our ongoing work assessing mass transit, freight rail, commercial vehicles, and highway infrastructure, we identified that DHS has begun to implement some of the security initiatives outlined in the sector-specific plan for transportation systems and supporting annexes; Our assessment: We conclude that DHS has generally achieved this performance expectation because TSA has issued the Transportation Sector-Specific Plan and supporting plans, a significant step in its efforts to develop and adopt a strategic approach for surface transportation security functions. While DHS has issued a strategy for securing all transportation modes, and has demonstrated that it has begun to take actions to implement the goals and objectives outlined in the strategy, we have not yet analyzed the overall quality of the plan or supporting modal annexes, the extent to which efforts outlined in the plans and annexes were implemented, or the effectiveness of identified security initiatives. The four performance expectations in the surface transportation security mission area discussed below are generally related to DHS's implementation of the strategy. In addition, we recognize that the acceptance of DHS's approach by federal, state, local, and private sector stakeholders is crucial to its successful implementation. However, we have not assessed the extent to which the plan and supporting modal annexes were coordinated with or adopted by these stakeholders. We will continue to assess DHS' efforts to implement its strategy for securing surface transportation modes as part of our ongoing reviews of mass transit, freight rail, commercial vehicles, and highway infrastructure security; Assessment: Generally achieved. Performance expectation: 2. Conduct threat, criticality, and vulnerability assessments of surface transportation assets; Summary of findings: GAO findings: DHS has taken actions to conduct threat, criticality, and vulnerability assessments of some surface transportation assets, particularly passenger and freight rail, but has not provided us with evidence that it has completed assessments in other surface transportation modes. In 2005, we reported that DHS and TSA conducted threat and vulnerability assessments of passenger rail systems. More recently, we testified that TSA had reported completing an overall threat assessment for mass transit, passenger, and freight rail modes and had conducted criticality assessments of nearly 700 passenger rail stations. In addition, in March 2007 we testified that DHS's Office of Grants and Training, now called the Office of Grant Programs, developed and implemented a risk assessment tool to help passenger rail operators better respond to terrorist attacks and prioritize security measures. Passenger rail operators must have completed a risk assessment to be eligible for financial assistance through the fiscal year 2007 Transit Security Grant Program, which includes funding for passenger rail. To receive grant funding, rail operators are also required to have a security and emergency preparedness plan that identifies how the operator intends to respond to security gaps identified by risk assessments. As of February 2007, DHS had completed or planned to conduct risk assessments of most passenger rail operators. According to rail operators, DHS's risk assessment process enabled them to prioritize investments on the basis of risk and allowed them to target and allocate resources toward security measures that will have the greatest impact on reducing risk across their rail systems. However, TSA has not provided us with evidence that it has yet conducted threat and vulnerability assessments of all surface transportation assets, which may adversely affect its ability to adopt a risk-based approach for prioritizing security initiatives within and across all transportation modes. Until threat, criticality, and vulnerability assessments have been coordinated and completed, and until TSA determines how to use the results of these assessments to analyze and characterize risk, it may not be possible to effectively prioritize passenger rail assets and guide investment decisions about protecting them. TSA has reported conducting additional risk assessments in rail and other transportation modes since the issuance of our September 2005 report. We will review these assessments and other TSA efforts to secure surface transportation modes in our ongoing and planned work related to passenger and freight rail, highway infrastructure, and commercial vehicle security. For more information, see GAO-07-225T; Passenger Rail Security: Enhanced Federal Leadership Needed to Prioritize and Guide Security Efforts, GAO-06-181T; and Passenger Rail Security: Enhanced Federal Leadership Needed to Prioritize and Guide Security Efforts, GAO-05-851; DHS updated information: In March and April 2007, and as part of ongoing work assessing freight rail, commercial vehicles, and highway infrastructure, DHS provided us with updated information on its efforts to conduct threat, criticality, and vulnerability assessments for surface transportation assets. With regard to threat assessments, DHS receives and uses threat information as part of its surface transportation security efforts. TSA's Office of Intelligence provides annual intelligence summaries, periodic updates, and other current intelligence briefings to the rest of TSA. The annual assessments are shared with TSA stakeholders, and TSA provided us copies for all transportation modes. With regard to criticality assessments, DHS has conducted such assessments for some surface transportation modes. For example, TSA has conducted Corporate Security Reviews with 38 state Department of Transportation highway programs. For commercial vehicles, TSA has conducted 32 Corporate Security Reviews with large motor carriers, in an industry with over one million firms. It has also completed a pilot program with the state of Missouri to supplement the state's regular safety inspections of trucking firms with Corporate Security Reviews. TSA reports that over 1,800 Corporate Security Reviews have been completed in Missouri as part of this program. In addition, the National Protection and Programs Directorate Infrastructure Protection conducts highway infrastructure assessments that look at tier one and tier two critical highway infrastructure. The National Protection and Programs Directorate completed 54 highway infrastructure assessments performed from 2004 through May 2007. With regard to vulnerability assessments, DHS has conducted such assessments for surface transportation modes. For example, TSA reported that its Security Analysis and Action Program utilizes several different tools to identify vulnerabilities based on specific scenarios, such as an improvised explosive device on a passenger train. The purpose of the program is to gather information, identify generally accepted best practices, and benchmark existing security operations in comparison to established industry security practices. According to TSA, among other things, the Security Analysis and Action Program creates a baseline for future multimodal security assessments, develops a road map for future passenger rail security evaluations, and helps prioritize security countermeasures and emergency response enhancement needs based on threats and risks. For freight rail, we found that TSA has conducted vulnerability assessments of High Threat Urban Area rail corridors where toxic inhalation hazard shipments are transported. TSA reported that these corridor assessments provide site-specific mitigation strategies and lessons learned as well as tactics that can be modified for use at the corporate or national level. Furthermore, TSA reported that its Visible Intermodal Prevention and Protection Teams are deployed randomly to prepare for emergency situations in which TSA assets would be invited to assist a local transit agency. According to TSA, these teams allow TSA and local entities to develop templates that can be implemented in emergency situations and to supplement existing security resources. As of March 20, 2007, TSA reported that 50 Visible Intermodal Prevention and Protection team exercises have been conducted at various mass transit and passenger rail systems since December 2005. In addition, TSA reported that through its Pipeline Security Division, it has conducted 63 Corporate Security Reviews, on-site reviews of pipeline companies' security planning. The goals of these reviews are to develop knowledge of security planning and execution at pipeline sites; establish and maintain working relationships with pipeline security personnel; and identify and share security practices; Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has taken actions to conduct threat, criticality, and vulnerability assessments in surface transportation sectors, but we have not yet reviewed the quality of many of these assessments. DHS uses threat assessments and information as part of its surface transportation security efforts and has used criticality assessments to help prioritize its efforts. DHS has also conducted vulnerability assessment of assets within surface transportation modes, particularly for mass transit, freight rail, and highway infrastructure. However, with regard to High Threat Urban Area rail corridor assessments, DHS has not yet fully designated those corridors for which it plans to conduct future assessments. Moreover, for commercial vehicles and highway infrastructure, DHS has not yet completed all planned vulnerability assessments; Assessment: Generally achieved. Performance expectation: 3. Issue standards for securing surface transportation modes; Summary of findings: GAO findings: DHS has initiated efforts to develop security standards for surface transportation modes, but DHS did not provide us with information on its efforts beyond passenger and freight rail. In 2006, TSA was planning to issue security standards for all modes of transportation. TSA planned to issue only a limited number of standards--that is, standards will be issued only when assessments of the threats, vulnerabilities, and criticality indicate that the level of risk is too high or unacceptable. TSA has developed security directives and security action items--recommended measures for passenger rail operators to implement in their security programs to improve both security and emergency preparedness--for passenger rail and issued a proposed rule in December 2006 on passenger and freight rail security requirements. For more information, see GAO-07-225T; GAO- 06-181T; and GAO-05-851; DHS updated information: In April 2007, and as part of ongoing work, DHS provided us with updated information on TSA's efforts to issue standards for securing surface transportation modes. According to DHS, TSA uses field activities to assess compliance with security directives and implementation of noncompulsory security standards and protective measures with the objective of a broad-based enhancement of passenger rail and rail transit security. Through the Baseline Assessment for Security Enhancement inspectors review implementation by mass transit and passenger rail systems of the 17 Security and Emergency Management Action Items (security action items) that TSA and the Federal Transit Administration jointly developed, in coordination with the Mass Transit Sector Coordinating Council. This initiative aims to elevate security posture throughout the mass transit and passenger rail mode by implementation of baseline security measures adaptable to the operating circumstances of any system. TSA also reported that in December 2006, it issued a notice of proposed rulemaking on new security measures for freight rail carriers designed to ensure 100 percent positive handoff of toxic inhalation hazard shipments that enter high threat urban areas and establish security protocols for custody transfers of toxic inhalation hazard rail cars in high-threat urban areas. TSA also reported that its High Threat Urban Area rail corridor assessments supported the development of the Recommended Security Action Items for the Rail Transportation of Toxic Inhalation Materials issued by DHS and the Department of Transportation in June 2006; Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has taken actions to develop and issue surface transportation security standards for passenger and freight rail modes. However, DHS did not provide us with evidence of its efforts to develop and issue security standards for all surface transportation modes or a rationale or explanation why standards may not be needed for other modes; Assessment: Generally not achieved. Performance expectation: 4. Conduct compliance inspections for surface transportation systems; Summary of findings: GAO findings: DHS has made progress in conducting compliance inspections, particularly in hiring and deploying inspectors, but inspectors' roles and missions have not yet been fully defined. TSA officials stated the agency has hired 100 surface transportation inspectors whose stated mission is to, among other duties, monitor and enforce compliance with TSA's rail security directives. However, some passenger rail operators have expressed confusion and concern about the role of TSA's inspectors and the potential that TSA inspections could be duplicative of other federal and state rail inspections. TSA rail inspector staff stated that they were committed to avoiding duplication in the program and communicating their respective roles to rail agency officials. According to TSA, since the initial deployment of surface inspectors, these inspectors have developed relationships with security officials in passenger rail and transit systems, coordinated access to operations centers, participated in emergency exercises, and provided assistance in enhancing security. However, the role of inspectors in enforcing security directives has not been fully defined. We will continue to assess TSA's compliance efforts during follow-on reviews of surface transportation modes For more information, see GAO-07-225T; GAO-06- 181T; and GAO-05-851; DHS updated information: In March and April 2007, and as part of ongoing reviews, DHS provided us with updated information on its efforts to conduct compliance inspections for surface transportation systems. For example, with regard to freight rail, TSA reported visiting terminal and railroad yards to measure implementation of 7 of 24 recommended security action items for the rail transportation of toxic inhalation hazard materials. TSA reported that during the end of 2006, its inspectors visited about 150 individual railroad facilities. Through its Surface Transportation Security Inspection program, TSA reported that its inspectors conduct inspections of key facilities for rail and transit systems to assess transit systems' implementation of core transit security fundamentals and comprehensive security action items; conduct examinations of stakeholder operations, including compliance with security directives; identify security gaps; and develop effective practices. TSA noted that its field activities also assess compliance with security directives and implementation of noncompulsory security standards and protective measures. For example, TSA reported that through the Baseline Assessment for Security Enhancements program, inspectors review mass transit and passenger rail systems' implementation of the 17 Security and Emergency Management Action Items jointly developed by TSA and the Federal Transit Administration. The program is a means to establish baseline security program data applicable to all surface mass transit systems. TSA also noted that it deploys inspectors to serve as federal liaisons to mass transit and passenger rail system operations centers and provide other security support and assistance in periods of heightened alert or in response to security incidents; Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has taken steps to conduct compliance inspections for surface transportation systems and has made progress in hiring and deploying inspectors. Although DHS has deployed inspectors to conduct compliance inspections and carry out other security activities in the mass transit (mass transit includes passenger rail) and freight rail modes, DHS did not provide us with evidence that it has conducted compliance inspections for other surface transportation modes or information on whether the department believes compliance inspections are needed for other modes. Moreover, we reported that the role of inspectors in enforcing security requirements has not been fully defined, and DHS did not provide us with documentation on its efforts to better define these roles; Assessment: Generally not achieved. Performance expectation: 5. Administer grant programs for surface transportation security; Summary of findings: GAO findings: In March 2007, we reported that the DHS Office of Grants and Training, now called the Office of Grant Programs, has used various programs to fund passenger rail security since 2003. Through the Urban Area Security Initiative grant program, the Office of Grants and Training has provided grants to urban areas to help enhance their overall security and preparedness level to prevent, respond to, and recover from acts of terrorism. In 2003 and 2004, $65 million and $50 million, respectively, were provided to rail transit agencies through the Urban Area Security Initiative program. In addition, the 2005 DHS appropriations action provided $150 million for intercity passenger rail transportation, freight rail, and transit security grants. In fiscal year 2006, $150 million was appropriated, and in fiscal year 2007 $175 million was appropriated for the same purposes. The Office of Grants and Training used this funding to build on the work under way through the Urban Area Security Initiative program and create and administer new programs focused specifically on transportation security, including the Transit Security Grant Program and the Intercity Passenger Rail Security Grant Program. During fiscal year 2006, the Office of Grants and Training provided $110 million to passenger rail transit agencies through the Transit Security Grant Program and about $7 million to Amtrak through the Intercity Passenger Rail Security Grant Program. During fiscal year 2007, the Office of Grants and Training plans to distribute $156 million for rail and bus security grants and $8 million to Amtrak. In January 2007, the Office of Grants and Training reported that the Intercity Passenger Rail Security Program had been incorporated into the Transit Security Grant Program. We reported that although the Office of Grants and Training has distributed hundreds of millions of dollars in grants to improve passenger rail security, issues have surfaced about the grant process. For example, we reported that as DHS works to refine its risk assessment methodologies, develop better means of assessing proposed investments using grant funds, and align grant guidance with the implementation of broader emergency preparedness goals, such as implementation of the National Preparedness Goal, it has annually made changes to the guidance for the various grants it administers. These changes include changes in the eligibility for grants. As a result of these annual changes, awardees and potential grant recipients must annually review and understand new information on the requirements for grant applications including justification of their proposed use of grant funds. We also reported that funds awarded through the Transit Security Grant Program can be used to supplement funds received from other grant programs. However, allowable uses are not clearly defined. For example, Transit Security Grant Program funds can be used to create canine teams but cannot be used to maintain these teams--that is, the grant funds cannot be used for food, medical care, and other such maintenance costs for the dogs on the team. Grant recipients have expressed a need for clear guidance on the allowable use of grants and how they can combine funds from more than one grant to fund and implement specific projects. In addition, some industry stakeholders have raised concerns regarding DHS's current grant process, noting that there are time delays and other barriers in grant funding reaching owners and operators of surface transportation assets. We will be assessing grants for mass transit as part of our ongoing work. For more information, see GAO-06-181T and Passenger Rail Security: Federal Strategy and Enhanced Coordination Needed to Prioritize and Guide Security Efforts, GAO-07-583T; DHS updated information: In March 2007, DHS provided us with updated information on its grant programs for surface transportation security. For example, TSA considers various factors in Transit Security Grant Program proposals, including the enhancement of capabilities to (1) deter, detect, and respond to terrorist attacks employing improvised explosive devices; (2) mitigate high-consequence risks identified in individual transit system risk assessments; (3) implement technology for detection of explosives and monitoring for suspicious activities; (4) improve coordination with law enforcement and emergency responders; and (5) expand security training and awareness among employees and passengers. TSA reported using the Transit Security Grant Program to drive improvements in areas such as training for key personnel, drills, exercises, and public awareness and preparedness; Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed and administered grant programs for various surface transportation modes. However, some industry stakeholders have raised concerns regarding DHS's current grant process, such as time delays and other barriers in the provision of grant funding. We have not yet assessed DHS's provision of grant funding or the extent to which DHS monitors use of the funds. A recent legislative proposal would have the Department of Transportation, rather than DHS, distribute grant funds for specified surface transportation security purposes; Assessment: Generally achieved. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [End of table] DHS Has Made Substantial Progress in Maritime Security: DHS has undertaken various programs to secure the maritime sector. In general, these maritime security programs fall under one of three areasæport and vessel security, maritime intelligence, and maritime supply chain security. Within DHS, various component agencies are responsible for maritime security efforts, including the Coast Guard, CBP, TSA, and the Domestic Nuclear Detection Office. The Coast Guard is responsible for port facility inspections and has lead responsibility in coordinating maritime information sharing efforts. CBP is responsible for addressing the threat posed by terrorist smuggling of weapons in oceangoing containers. TSA is responsible for the implementation of the transportation worker identification credential program. The Domestic Nuclear Detection Office is responsible for acquiring and supporting the deployment of radiation detection equipment, including portal monitors, within the United States. As shown in table 26, we identified 23 performance expectations for DHS in the area of maritime security, and we found that overall DHS has made substantial progress in meeting those expectations. Specifically, we found that DHS has generally achieved 17 performance expectations and has generally not achieved 4 others. For 2 performance expectations, we did not make an assessment. Table 26: Performance Expectations and Progress Made in Maritime Security: Performance expectation: 1. Develop national plans for maritime security; Assessment: Generally achieved. Performance expectation: 2. Develop national plans for maritime response; Assessment: Generally achieved. Performance expectation: 3. Develop national plans for maritime recovery; Assessment: Generally achieved. Performance expectation: 4. Develop regional (port-specific) plans for security; Assessment: Generally achieved. Performance expectation: 5. Develop regional (port-specific) plans for response; Assessment: Generally achieved. Performance expectation: 6. Develop regional (port-specific) plans for recovery; Assessment: Generally not achieved. Performance expectation: 7. Ensure port facilities have completed vulnerability assessments and developed security plans; Assessment: Generally achieved. Performance expectation: 8. Ensure that vessels have completed vulnerability assessments and developed security plans; Assessment: Generally achieved. Performance expectation: 9. Exercise security, response, and recovery plans with key maritime stakeholders to enhance security, response, and recovery efforts; Assessment: Generally achieved. Performance expectation: 10. Implement a national facility access control system for port secured areas; Assessment: Generally not achieved. Performance expectation: 11. Implement a port security grant program to help facilities improve their security capabilities; Assessment: Generally achieved. Performance expectation: 12. Develop a national plan to establish and improve maritime intelligence; Assessment: No assessment made. Performance expectation: 13. Establish operational centers to monitor threats and fuse intelligence and operations at the regional/port level; Assessment: Generally achieved. Performance expectation: 14. Collect information on incoming ships to assess risks and threats; Assessment: Generally achieved. Performance expectation: 15. Develop a vessel-tracking system to improve intelligence and maritime domain awareness on vessels in U.S. waters; Assessment: Generally achieved. Performance expectation: 16. Develop a long-range vessel-tracking system to improve maritime domain awareness; Assessment: Generally not achieved. Performance expectation: 17. Collect information on arriving cargo for screening purposes; Assessment: Generally achieved. Performance expectation: 18. Develop a system for screening and inspecting cargo for illegal contraband; Assessment: Generally achieved. Performance expectation: 19. Develop a program to screen incoming cargo for radiation; Assessment: Generally not achieved. Performance expectation: 20. Develop a program to work with foreign governments to inspect suspicious cargo before it leaves for U.S. ports; Assessment: Generally achieved. Performance expectation: 21. Develop a program to work with the private sector to improve and validate supply chain security; Assessment: Generally achieved. Performance expectation: 22. Develop standards for cargo containers to ensure their physical security; Assessment: No assessment made. Performance expectation: 23. Develop an international port security program to assess security at foreign ports; Assessment: Generally achieved. Performance expectation: Total; Assessment: Generally achieved: 17; Assessment: Generally not achieved: 4; Assessment: No assessment made: 2. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [End of table] Table 27 provides more detailed information on the progress that DHS has made in taking actions to achieve each performance expectation in the area of maritime security and our assessment of whether DHS has taken steps to satisfy most of the key elements of the performance expectation (generally achieved) or has not taken steps to satisfy most of the performance expectation's key elements (generally not achieved). Table 27: Performance Expectations and Assessment of DHS Progress in Maritime Security: Performance expectation: 1. Develop national plans for maritime security; Summary of findings: GAO findings: The President and the Secretaries of Homeland Security, Defense, and State approved the supporting plans for National Strategy for Maritime Security in October 2005. The National Strategy for Maritime Security has eight supporting plans that are intended to address the specific threats and challenges of the maritime environment. The supporting plans are the National Plan to Achieve Domain Awareness; the Global Maritime Intelligence Integration Plan; the Maritime Operational Threat Response Plan; the International Outreach and Coordination Strategy; the Maritime Infrastructure Recovery Plan; the Maritime Transportation System Security Plan; the Maritime Commerce Security Plan; and the Domestic Outreach Plan. In addition, in September 2005, the Coast Guard issued Maritime Sentinel. Maritime Sentinel provides a framework for the Coast Guard's Ports, Waterways and Coastal Security program, setting out the Coast Guard's mission and goals in that area. Our review of Maritime Sentinel showed that the plan is results-oriented with outcome-based goals but that it needs to better describe the human capital resources necessary to achieve them; DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to develop national plans for maritime security. DHS reported that the Coast Guard has issued a number of plans supporting or relating to maritime security; Our assessment: Based on our review of Maritime Sentinel and updated information DHS provided, we conclude that that DHS has generally achieved this expectation; Assessment: Generally achieved. Performance expectation: 2. Develop national plans for maritime response; Summary of findings: GAO findings: DHS has developed a national plan for response in conjunction with the Department of Defense. We have reported that the Maritime Operational Threat Response Plan establishes roles and responsibilities for responding to marine terrorism to help resolve jurisdictional issues among responding agencies. For more information, see Homeland Security: Process for Reporting Lessons Learned from Seaport Exercises Needs Further Attention, GAO-05-170; DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to develop national plans for maritime response. For example, DHS reported that the Maritime Operational Threat Response Plan is a strategic plan that addresses the full range of maritime threats including terrorism, piracy, drug smuggling, migrant smuggling, weapons of mass destruction proliferation, maritime hijacking, and fisheries incursions. DHS stated that this interagency national plan supersedes Presidential Directive- 27 (in the maritime domain only) for addressing nonmilitary incidents of national security significance and has been successfully exercised numerous times among agencies, including actual effective threat resolution. DHS further stated that the Maritime Operational Threat Response Plan is a national-level process to achieve consistently coordinated action and desired outcomes that directly support National Security Presidential Directive-41/Homeland Security Presidential Directive-13; Our assessment: We conclude that DHS has generally achieved this performance expectation as DHS has developed the Maritime Operational Threat Response Plan, which details agency responsibilities during incidents of marine terrorism; Assessment: Generally achieved. Performance expectation: 3. Develop national plans for maritime recovery; Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation, as DHS has developed the Maritime Infrastructure Recovery Plan, and the plan establishes a framework for maritime recovery. In April 2006, DHS released the Maritime Infrastructure Recovery Plan. The Maritime Infrastructure Recovery Plan is intended to facilitate the restoration of maritime commerce after a terrorist attack or natural disaster and reflects the disaster management framework outlined in the National Response Plan. The Maritime Infrastructure Recovery Plan addresses issues that should be considered by ports when planning for natural disasters. However, it does not set forth particular actions that should be taken at the port level, leaving those determinations to be made by the port operators themselves. For more information, see Port Risk Management: Additional Federal Guidance Would Aid Ports in Disaster Planning and Recovery, GAO-07-412; Assessment: Generally achieved. Performance expectation: 4. Develop regional (port-specific) plans for security; Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed regional (port-specific) plans for security. The Coast Guard led efforts to conduct a security assessment of each of the nation's seaports and develop a security plan for each seaport zone. Under regulations implementing the Maritime Transportation Security Act, a Coast Guard Captain of the Port must develop an area plan in consultation with an Area Maritime Security Committee. These committees are typically composed of members from federal, local, and state governments; law enforcement agencies; maritime industry and labor organizations; and other port stakeholders that may be affected by security policies. In April 2007 we reported that implementing regulations for the Maritime Transportation Security Act specified that area plans include, among other things, operational and physical security measures in place at the port under different security levels, details of the security incident command and response structure, procedures for responding to security threats including provisions for maintaining operations in the port, and procedures to facilitate the recovery of the marine transportation system after a security incident. A Coast Guard Navigation and Vessel Inspection Circular provided a common template for area plans and specified the responsibilities of port stakeholders under the plans. Currently, 46 area plans are in place at ports around the country. For more information, see Maritime Security: Observations on Selected Aspects of the SAFE Port Act, GAO- 07-754T; Coast Guard: Observations on Agency Performance, Operations and Future Challenges, GAO-06-448T; Maritime Security: Enhancements Made, but Implementation and Sustainability Remain Key Challenges, GAO- 05-448T; and Maritime Security: Better Planning Needed to Help Ensure an Effective Port Security Assessment Program, GAO-04-1062; Assessment: Generally achieved. Performance expectation: 5. Develop regional (port-specific) plans for response; Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed regional (port-specific) plans for response. We have reported that the Captain of the Port is responsible for establishing both spill and terrorism response plans. In doing so, the Captain of the Port must identify local public and private port stakeholders who will develop and revise separate plans for marine spills of oil and hazardous materials and for terrorism response. Both plans call for coordinated implementation with other plans, such as the response and security plans developed by specific facilities or vessels. At the port level, effectively integrating spill and terrorism emergency responses requires all plans to operate in unison--the port spill response plan and the port terrorism response plan, as well as facility and vessel response plans; Assessment: Generally achieved. Performance expectation: 6. Develop regional (port-specific) plans for recovery; Summary of findings: GAO findings: DHS has generally not developed regional (port-specific) plans for recovery. We have reported that guidance in the Maritime Infrastructure Recovery Plan suggests that ports develop priorities for bringing vessels into port after a closure. Additionally, port terrorism response plans must include a section on crisis management and recovery to ensure the continuity of port operations; DHS updated information: In April 2007, DHS provided us with updated information on its efforts to develop regional (port- specific) plans for recovery. DHS reported that the Coast Guard and CBP have developed protocols for recovery and resumption of trade. DHS stated that these protocols are currently being discussed with other federal agencies for coordination purposes and with the private sector to ensure that federal activities facilitate private sector recovery efforts. DHS also reported that Coast Guard headquarters is preparing guidance for field units for including recovery in their plans for creating Maritime Transportation System Recovery Units at the local (sector) level. Further, DHS reported that several ports have included recovery as part of their area plans, such as all ports in the Coast Guard's Atlantic Area, the Ports of Los Angeles and Long Beach, and San Francisco. DHS stated that the level of detail in these plans varies but noted that many are working to enhance the section on recovery and resumption of trade. DHS added that these plans are developing as all- hazard plans to include both natural and man-made incidents; Our assessment: We conclude that DHS has generally not achieved this performance expectation. Our prior work has shown that work remains in DHS's efforts to develop regional (port-specific) plans for recovery; Assessment: Generally not achieved. Performance expectation: 7. Ensure port facilities have completed vulnerability assessments and developed security plans; Summary of findings: GAO findings: DHS has taken steps to ensure that port facilities have completed vulnerability assessments and developed security plans. Maritime Transportation Security Act implementing regulations require designated owners or operators of maritime facilities to identify vulnerabilities and develop security plans for their facilities. In May 2005 we reported that the Coast Guard had reviewed and approved the security plans of the over 3,000 facilities that were required to identify their vulnerabilities and take action to reduce them. Six months after July 1, 2004, the date by which the security plans were to be implemented, the Coast Guard reported that it had completed on-site inspections of all facilities to ensure the plans were being implemented as approved. In April 2007 we reported that Coast Guard guidance calls for the Coast Guard to conduct on-site facility inspections to verify continued compliance with security plans on an annual basis. A Security and Accountability for Every (SAFE) Port Act amendment to the Maritime Transportation Security Act requires the Coast Guard to conduct at least two inspections of each facility annually, and it required that one of these inspections be unannounced. We are currently conducting a review of the Coast Guard's efforts for ensuring facilities' compliance with various Maritime Transportation Security Act requirements. For more information, see GAO-07-754T; GAO- 05-448T; and Maritime Security: Substantial Work Remains to Translate New Planning Requirements into Effective Port Security, GAO-04-838; DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to ensure that port facilities have completed vulnerability assessments and developed security plans. DHS reported that its Alternative Security Program allows for participants to use templates pre-approved by the Coast Guard for developing their security plans. Facilities that use these plans then undergo security plan verifications, as required by the Maritime Transportation Security Act; Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has made progress in ensuring that port facilities have completed vulnerability assessments and developed security plans; Assessment: Generally achieved. Performance expectation: 8. Ensure that vessels have completed vulnerability assessments and developed security plans; Summary of findings: GAO findings: DHS has made progress in ensuring that vessels have done vulnerability assessments and developed security plans. In May 2005 we reported that the Coast Guard had reviewed and approved the security plans of the more than 9,000 vessels that were required to identify their vulnerabilities and take action to reduce them. Six months after July 1, 2004, the date by which the security plans were to be implemented, the Coast Guard reported that it had completed on-site inspections of thousands of vessels to ensure the plans were being implemented as approved. For more information, see Maritime Security: Substantial Work Remains to Translate New Planning Requirements into Effective Port Security, GAO-04-838 and GAO-05-448T; DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to ensure that vessels have completed vulnerability assessments and developed security plans. DHS reported that the Coast Guard completed security plan verifications for all inspected U.S.-flagged vessels by July 2005. DHS further reported that to date, the Coast Guard has completed security plan verifications on 98 percent of uninspected U.S.-flagged vessels regulated in accordance with the Maritime Transportation Security Act. DHS noted that uninspected vessels are not required to undergo security plan verifications exams by regulation but stated the Coast Guard was committed to the goal of encouraging all vessel owners of uninspected vessels to undergo such examinations on a voluntary basis by the end of 2006; Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has taken steps to ensure that vessels have completed vulnerability assessments and developed security plans; Assessment: Generally achieved. Performance expectation: 9. Exercise security, response, and recovery plans with key maritime stakeholders to enhance security, response, and recovery efforts; Summary of findings: GAO findings: DHS has generally exercised security, response, and recovery plans (at least at the regional level) with key stakeholders. The Coast Guard has primary responsibility for such testing and evaluation in the nation's ports and waterways, and as part of its response, it has added multi-agency and multicontingency terrorism exercises to its training program. These exercises vary in size and scope and are designed to test specific aspects of the Coast Guard's terrorism response plans, such as communicating with state and local responders, raising maritime security levels, or responding to incidents within the port. For each exercise the Coast Guard conducts, an after-action report detailing the objectives, participants, and lessons learned must be produced. We reported in January 2005 on the issues identified in port security exercises. For example, we found that 59 percent of the exercises raised communications issues, and 28 percent raised concerns with participants' knowledge about who has jurisdiction or decision-making authority. In April 2007, we reported that the Coast Guard had conducted a number of exercises of its area plans over the past several years. For example, in fiscal year 2004, the Coast Guard conducted 85 port-based terrorism exercises that addressed a variety of possible scenarios. In August 2005, the Coast Guard and TSA initiated the Port Security Training Exercise Program--an exercise program designed to involve the entire port community, including public governmental agencies and private industry, and intended to improve connectivity of various surface transportation modes and enhance area plans. Between August 2005 and October 2007, the Coast Guard expects to conduct Port Security Training Exercise Program exercises for 40 area committees and other port stakeholders. For more information, see GAO-07-754T and Homeland Security: Process for Reporting Lessons Learned from Seaport Exercises Needs Further Attention, GAO-05-170; DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to exercise security, response, and recovery plans with key maritime stakeholders to enhance security, response, and recovery efforts. DHS reported that for each exercise the Coast Guard conducts, an after- action report detailing the objectives, participants, and lessons learned must be produced within 21 days for non-contract-supported exercises and within 81 days for contract-supported exercises; Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has made progress in exercising security, response, and recovery plans with key maritime stakeholders to enhance security, response, and recovery efforts; Assessment: Generally achieved. Performance expectation: 10. Implement a national facility access control system for port secured areas; Summary of findings: GAO and DHS IG findings: While DHS has taken steps to provide for an effective national facility access control system at ports, significant challenges remain. In September 2006 we identified several major challenges DHS and industry stakeholders face in addressing problems identified during Transportation Worker Identification Credential program testing and ensuring that key components of the Transportation Worker Identification Credential program can work effectively in the maritime sector, such as ensuring that the access control technology required to operate the Transportation Worker Identification Credential program, such as biometric card readers, works effectively in the maritime sector. Further, stakeholders at all 15 Transportation Worker Identification Credential testing locations we visited told us that TSA did not effectively communicate and coordinate with them regarding any problems that arose during testing at their facility. In July 2006 the DHS IG found that significant security vulnerabilities existed relative to the Transportation Worker Identification Credential prototype systems, documentation, and program management. Further, the DHS IG reported that the Transportation Worker Identification Credential prototype systems were vulnerable to various internal and external security threats and that security-related issues identified could threaten the confidentiality, integrity, and availability of sensitive Transportation Worker Identification Credential data. In April 2007 we testified that DHS had made progress toward implementing the Transportation Worker Identification Credential. We reported, for example, that DHS had issued a rule that sets forth the requirements for enrolling and issuing cards to workers in the maritime sector and developed a schedule for enrolling worker and issuing Transportation Worker Identification Credential cards at ports; In April 2007 we reported that the SAFE Port Act contained a requirement for implementing the first major phase of the Transportation Worker Identification Credential program by mid-2007. More specifically, it required DHS to implement Transportation Worker Identification Credential at the 10 highest risk ports by July 1, 2007; conduct a pilot program to test various aspects relating to Transportation Worker Identification Credential security card readers including access control technologies in the maritime environment; issue regulations requiring Transportation Worker Identification Credential card readers based on the findings of the pilot; and periodically report to Congress on the status of the program. DHS is taking steps to address these requirements, such as establishing a rollout schedule for enrolling workers and issuing Transportation Worker Identification Credential cards at ports and conducting a pilot program to test Transportation Worker Identification Credential access control technologies. However, we identified a number of challenges. For example, while DHS reports taking steps to address contract planning and oversight problems, the effectiveness of these steps will not be clear until implementation of the Transportation Worker Identification Credential program begins. Additionally, significant challenges remain in enrolling about 770,000 persons at about 3,500 facilities in the Transportation Worker Identification Credential program. Sufficient communication and coordination to ensure that all individuals and organizations affected by the Transportation Worker Identification Credential program are aware of their responsibilities will require concerted effort on the part of DHS and the enrollment contractor. Further DHS and industry stakeholders need to address challenges regarding Transportation Worker Identification Credential access control technologies to ensure that the program is implemented effectively. Without fully testing all aspects of the technology, DHS may not be able ensure that the Transportation Worker Identification Credential access control technology can meet the requirements of the system. For more information, see GAO-07-754T; Transportation Security: TSA Has Made Progress in Implementing the Transportation Worker Identification Credential Program, but Challenges Remain, GAO-07-681T; Transportation Security: DHS Should Address Key Challenges before Implementing the Transportation Worker Identification Credential Program, GAO-06-982; Maritime Security: Enhancements Made, But Implementation and Sustainability Remain Key Challenges, GAO-05-448T; and Port Security: Better Planning Needed to Develop and Operate Maritime Worker Identification Card Program, GAO-05-106. Also, see Department of Homeland Security Office of Inspector General, DHS Must Address Significant Security Vulnerabilities Prior to TWIC Implementation (Redacted), OIG-06-47 (Washington, D.C.: July 2006); DHS updated information: In March 2007, DHS provided us with updated information on its efforts to implement a national facility access control system for port secured areas. DHS reported that the Coast Guard is moving forward with TSA and its contractor to begin enrollments in the Transportation Worker Identification Credential program. DHS stated that Version 1 of the Transportation Worker Identification Credential will contain all of the required biometric information and that a second Notice of Proposed Rulemaking will be published in February 2008 to address the technical requirements for readers that will be used at facilities and aboard vessels. DHS stated that in the meantime, a field test of card reader technology is scheduled for the Long Beach/Los Angeles port complex beginning in July 2007 and that this activity is in compliance with the timeline established in the SAFE Port Act. Further, DHS stated that the Coast Guard will request legislation requiring all persons who are deemed to need unescorted access to the secure areas of regulated vessels and facilities possess a valid Transportation Worker Identification Credential. DHS also reported that the Coast Guard is consolidating a number of merchant mariner licenses and documents into a single Merchant Mariner Credential. This consolidation is described in a supplemental notice of proposed rulemaking that was published in the Federal Register simultaneously with the Transportation Worker Identification Credential final rule on January 25, 2007, which will result in an effective date of March 26, 2007; Our assessment: We conclude that DHS has generally not achieved this performance expectation. Although DHS has taken some actions to implement a national facility access control system for port secured areas, more work is needed for the department to achieve this performance expectation. As our previous work demonstrated, DHS faces a number of problems in implementing the Transportation Worker Identification Credential, such as ensuring that access control technology meets system requirements and ensuring sufficient communication and coordination so that all individuals and organizations affected by the Transportation Worker Identification Credential program are aware of their responsibilities. Further, while DHS reported a number of actions it has taken to meet this expectation, it did not provide us with documentation for some aspects of its efforts. For example, DHS did not provide us with documentation showing that it is making progress in starting enrollments; Assessment: Generally not achieved. Performance expectation: 11. Implement a port security grant program to help facilities improve their security capabilities; Summary of findings: GAO and DHS IG findings and our assessment: We conclude that DHS has generally achieved this performance expectation. The port security grant program provides assistance to nonfederal stakeholders for making security improvements at the nation's ports. During fiscal years 2002 through 2004, grants from the program totaled about $560 million and covered such concerns as more fencing, cameras, and communications equipment. For fiscal year 2005, the appropriations act for DHS provided $150 million for port security grants. For fiscal year 2006 the DHS appropriations act provided $175 million for the port security grant program, and in fiscal year 2007 the appropriations act provided $210 million for the program. While DHS has made progress in applying risk management to the port security grant program, it faces challenges in strengthening its approach, as demonstrated in part by its experience in awarding past grants. For example, DHS has established overall goals for the grant program but faces challenges in setting specific and measurable program objectives, in part because this effort hinges on similar action by other federal agencies. In February 2006 the DHS IG reported that DHS had improved the administration and effectiveness of the most recent round of port security grants, which totaled $142 million for 132 projects. For example, the DHS IG reported that DHS had directed funds to the nation's 66 highest risk ports using a risk-based formula and tiering process and had instituted a new funding allocation model. However, the DHS IG also found several challenges, identifying, for example, 20 projects that reviewers determined did not meet national security priorities but were funded nonetheless. In its fiscal year 2006 Performance and Accountability Report, DHS reported that a risk-based grant allocation process was completed in the third quarter of fiscal year 2006 and was a critical component of the process by which allocations were determined for the Port Security Grant Program. For more information, see Risk Management: Further Refinements Needed to Assess Risks and Prioritize Protective Measures at Ports and Other Critical Infrastructure, GAO-06-91. Also, see Department of Homeland Security Office of Inspector General, Follow Up Review of the Port Security Grant Program, OIG-06-24 (Washington, D.C.: February 2006, Revised) and Department of Homeland Security Office of Inspector General, Review of the Port Security Grant Program, OIG-05-10 (Washington, D.C.: January 2005); Assessment: Generally achieved. Performance expectation: 12. Develop a national plan to establish and improve maritime intelligence; Summary of findings: GAO findings: We generally have not conducted work on DHS's efforts to develop a national plan to establish and improve maritime intelligence, and as a result we cannot make an assessment of the extent to which DHS has taken actions to address this performance expectation; DHS updated information: In March and May 2007, DHS provided us with updated information on its efforts to develop a national plan to establish and improve maritime intelligence. DHS reported that the President approved the Global Maritime Intelligence Integration Plan in October 2005 in support of the National Strategy for Maritime Security; Our assessment: We did not make an assessment of DHS's progress in achieving this performance expectation. While DHS reported that the President approved the Global Maritime Intelligence Integration Plan, we were not able to determine the extent to which the plan has established and improved maritime intelligence; Assessment: No assessment made. Performance expectation: 13. Establish operational centers to monitor threats and fuse intelligence and operations at the regional/port level; Summary of findings: GAO findings: DHS has established operational centers to monitor threats and fuse intelligence and operations at the regional/port level. In April 2005, we reported that the Coast Guard had two Maritime Intelligence Fusion Centers, located on each coast, that receive intelligence from, and provide intelligence to, the Coast Guard Intelligence Coordination Center. Maritime Intelligence Fusion Centers also provide actionable intelligence to Coast Guard commanders at the district and port levels and share that analysis with interagency partners. Another approach at improving information sharing and port security operations involves interagency operational centers-- command centers that bring together the intelligence and operational efforts of various federal and nonfederal participants. In April 2007, we reported that three ports currently have such centers, which are designed to have a unified command structure that can act on a variety of incidents ranging from possible terrorist attacks to search and rescue and environmental response operations. Several new interagency operational centers are about to come on line, but in continuing the expansion, DHS may face such challenges as creating effective working relationships and dealing with potential coordination problems. We also reported that the Coast Guard has the authority to create area committees--composed of federal, state, local, and industry members-- that help to develop the area plan for the port. Area committees serve as forums for port stakeholders, facilitating the dissemination of information through regularly scheduled meetings, issuance of electronic bulletins, and sharing key documents. As of June 2006, the Coast Guard had organized 46 area committees. Each has flexibility to assemble and operate in a way that reflects the needs of its port area, resulting in variations in the number of participants, the types of state and local organizations involved, and the way in which information is shared. The Coast Guard also reported that it had implemented a maritime monitoring system--known as the Common Operating Picture system--that fuses data from different sources. According to the Coast Guard, this system is the primary tool for Coast Guard commanders in the field to attain maritime domain awareness. For more information, see GAO-07-754T; Maritime Security: Information sharing Efforts Are Improving, GAO-06-933T; Maritime Security: New Structures Have Improved Information Sharing, but Security Clearance Processing Requires Further Attention, GAO-05-394; and GAO-05-448T; DHS updated information: In March 2007, DHS provided us with updated information on its efforts to establish operational centers to monitor threats and fuse intelligence and operations at the regional/port level. DHS reported that at the port level, it is using pre-existing, primarily Coast Guard, command centers to foster information sharing and coordination of the operations of various federal and nonfederal participants. However, DHS noted that in most locations, these efforts are hampered by the limitations of pre-9/11 technology and physical space constraints; Our assessment: We conclude that DHS has generally achieved this performance expectation. The Coast Guard established two regional Maritime Intelligence Fusion Centers, one on each coast. Further, the Coast Guard, with local federal port security stakeholders, has established three interagency operational centers with several new centers scheduled to come on line, and as of June 2006, the Coast Guard had organized 46 area committees; Assessment: Generally achieved. Performance expectation: 14. Collect information on incoming ships to assess risks and threats; Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. DHS has taken steps to collect information on incoming ships to assess risks and threats. This includes information relating to, for example, crew, passengers, and cargo. In March 2004, we reported that the Coast Guard had extended the former 24-hour notice of arrival prior to entering a United States port to 96 hours. The information provided with the notice of arrival includes details on the crew, passengers, cargo, and the vessel itself. This increase in notice has enabled the Coast Guard to screen more vessels in advance of arrival and allows additional time to prepare for boardings. For more information, see Coast Guard Programs: Relationship between Resources Used and Results Achieved Needs to Be Clearer, GAO-04-432; Assessment: Generally achieved. Performance expectation: 15. Develop a vessel-tracking system to improve intelligence and maritime domain awareness on vessels in U.S. waters; Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. DHS has made progress in developing a vessel-tracking system to improve intelligence/maritime domain awareness on vessels in U.S. waters. The Nationwide Automatic Identification System uses a device aboard a vessel to transmit an identifying signal to a receiver located at the seaport and other ships in the area. This signal gives seaport officials and other vessels nearly instantaneous information and awareness about a vessel's identity, position, speed, and course. The Coast Guard intends to provide Nationwide Automatic Identification System coverage to meet maritime domain awareness requirements in all navigable waters of the United States and farther offshore. As of May 2005, the Coast Guard had Nationwide Automatic Identification System coverage in several seaports and coastal areas. For more information, see GAO-05-448T and Maritime Security: Partnering Could Reduce Federal Costs and Facilitate Implementation of Automatic Vessel Identification System, GAO-04-868; Assessment: Generally achieved. Performance expectation: 16. Develop a long-range vessel-tracking system to improve maritime domain awareness; Summary of findings: GAO findings: While DHS has taken steps to develop a long-range vessel-tracking system, more work remains. In May 2005 we testified that the Coast Guard was working with the International Maritime Organization to develop functional and technical requirements for long-range tracking out to 2,000 nautical miles and had proposed an amendment to the International Convention for Safety of Life at Sea for this initiative. The International Maritime Organization adopted amendments for the long-range identification and tracking of ships in May 2006. We have also reported that a recently passed International Maritime Organization requirement calls for most commercial vessels, including tankers, to begin transmitting identification and location information on or before December 31, 2008, to Safety of Life at Sea contracting governments under certain specified circumstances. This will allow the vessels to be tracked over the course of their voyages. Under this requirement, information on the ship's identity, location, date, and time of the position will be made available to the ship's flag state, the ship's destination port state, and any coastal state within 1,000 miles of the ship's route. For more information, see GAO- 05-448T; DHS updated information: In March, April, and June 2007, DHS provided us with updated information on its efforts to develop a long- range vessel-tracking system to improve maritime domain awareness. DHS reported that it has classified and unclassified means available to perform long-range tracking. DHS stated that unclassified systems, including the Nationwide Automatic Identification System, are currently in the process of being fielded. DHS reported that the Nationwide Automatic Identification System, when implemented, will provide automatic identification system coverage from commercial satellites in all U.S. waters and up to 2,000 miles offshore. DHS stated that it expects initial capability in 2007. DHS also stated that it purchases tracking data from commercial sources in places where those capabilities are not currently fielded by the United States Coast Guard. DHS reported that work is in progress to establish a system through the International Maritime Organization that will provide an unclassified global tracking capability by 2008 as a part of an existing International Maritime Organization convention and give the United States a system that is compatible and interoperable with the Global maritime community. DHS reported that the Coast Guard will need to establish the capability to receive signals and interact with the International Maritime Organization's international data center and that the Coast Guard has funded various studies and demonstrations to address the implementation of long-range-tracking. Further, DHS reported that the Coast Guard has developed rule-making language that supports the International Maritime Organization rules regarding implementation of long-range tracking under the recently approved Safety of Life at Sea Chapter V. DHS stated that the proposed rule- making is in final development and is expected to be published for comment later this year; Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has some vessel-tracking capabilities and is working with the International Maritime Organization to develop a long-range vessel-tracking system. However, DHS did not provide evidence that it has developed a long- range vessel-tracking system out to 2,000 nautical miles; Assessment: Generally not achieved. Performance expectation: 17. Collect information on arriving cargo for screening purposes; Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. DHS collects information on arriving cargo for screening purposes.[A] Pursuant to federal law, CBP required ocean carriers to electronically transmit cargo manifests to CBP's Automated Manifest System 24 hours before the cargo is loaded on a ship at a foreign port. In March 2004 we reported that according to CBP officials we contacted, although no formal evaluations had been done, the 24-hour rule was beginning to improve both the quality and timeliness of manifest information. CBP officials acknowledged, however, that although improved, manifest information had not always provided accurate or reliable data for targeting purposes. For more information see Container Security: A Flexible Staffing Model and Minimum Equipment Requirements Would Improve Overseas Targeting and Inspection Efforts, GAO-05-557 and 04-577T; Assessment: Generally achieved. Performance expectation: 18. Develop a system for screening and inspecting cargo for illegal contraband; Summary of findings: GAO and DHS IG findings and our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed a system for screening incoming cargo for illegal contraband--called the Automated Targeting System.[B] However, our previous work has identified a number of challenges to the implementation of this program. CBP employs its Automated Targeting System computer model to review documentation on all arriving containers and help select or target containers for additional scrutiny. The Automated Targeting System was originally designed to help identify illegal narcotics in cargo containers, but was modified to help detect all types of illegal contraband used by smugglers or terrorists. In addition, CBP has a program, called the Supply Chain Stratified Examination, which supplements the Automated Targeting System by randomly selecting additional containers to be physically examined. We identified a number of challenges to the implementation of the Automated Targeting System. For example, in March 2006 we testified that CBP did not yet have key controls in place to provide reasonable assurance that the Automated Targeting System was effective at targeting oceangoing cargo containers with the highest risk of containing smuggled weapons of mass destruction. Further, we reported that while CBP strove to refine the Automated Targeting System to include intelligence information it acquires and feedback it receives from its targeting officers at the seaports, it was not able to systematically adjust the system for inspection results. In November 2006, the DHS IG reported that national Automatic Targeting System performance measures were still being developed to determine the effectiveness of the Automatic Targeting System oceangoing container targeting system. The DHS IG also found that that CBP did not use all intelligence/information sources available for targeting purposes. In April 2007 we reported CBP faced the challenge of implementing the program while internal controls are being developed. CBP's vital mission does not allow it to halt its screening efforts while it puts these controls in place, and CBP thus faces the challenge of ensuring that it inspects the highest-risk containers even though it lacks information to optimally allocate inspection resources. For more information, see GAO-07-754T; Cargo Container Inspections: Preliminary Observations on the Status of Efforts to Improve the Automated Targeting System, GAO-06-591T; and Homeland Security: Summary of Challenges Faced in Targeting Oceangoing Cargo Containers for Inspection, GAO-04-557T. Also, see Department of Homeland Security Office of Inspector General, Audit of Targeting Oceangoing Cargo Containers (Unclassified Summary), OIG-07-09 (Washington, D.C.: November 2006) and Department of Homeland Security Office of Inspector General, Audit of Targeting Oceangoing Cargo Containers (Unclassified Summary), OIG-05-26 (Washington, D.C.: July 2005); Assessment: Generally achieved. Performance expectation: 19. Develop a program to screen incoming cargo for radiation; Summary of findings: GAO findings: While DHS has taken steps to develop a program to screen incoming cargo for radiation, challenges remain.[C] As of December 2005, DHS had deployed 670 of 3,034 radiation portal monitors--about 22 percent of the portal monitors DHS plans to deploy. As of February 2006, CBP estimated that with these deployments CBP had the ability to screen about 62 percent of all containerized shipments entering the United States, and roughly 77 percent of all private vehicles. Within these total percentages, CBP could screen 32 percent of all containerized seaborne shipments; 90 percent of commercial trucks and 80 percent of private vehicles entering from Canada; and approximately 88 percent of all commercial trucks and 74 percent of all private vehicles entering from Mexico. However, in March 2006 we reported that the deployment of portal monitors had fallen behind schedule, making DHS's goal of deploying 3,034 by 2009 unlikely. Further, in October 2006 we reviewed DHS's cost-benefit analysis for the deployment and purchase of $1.2 billion worth of new portal monitors. We found that DHS's cost-benefit analysis did not provide a sound analytical basis for the decision to purchase and deploy new portal monitor technology. For example, DHS did not use the results of its own performance tests in its cost-benefit analysis and instead relied on assumptions of the new technology's anticipated performance level. Further, the department's analysis did not include all of the major costs and benefits required by DHS guidelines. Finally, DHS used questionable assumptions in estimating the costs of current portal monitors. In March 2007 we reported that DHS has not yet collected a comprehensive inventory of testing information on commercially available polyvinyl toluene portal monitors. Such information--if collected and used--could improve the Domestic Nuclear Detection Office's understanding of how well portal monitors detect different radiological and nuclear materials under varying conditions. In turn, this understanding would assist the Domestic Nuclear Detection Office's future testing, development, deployment, and purchases of portal monitors. Further, while DHS is improving its efforts to provide technical and operational information about radiation portal monitors to state and local authorities, some state representatives with whom we spoke, particularly those from states with less experience conducting radiation detection programs, would like to see the Domestic Nuclear Detection Office provide more prescriptive advice on what types of radiation detection equipment to deploy and how to use it. For more information, see Combating Nuclear Smuggling: DHS's Decision to Procure and Deploy the Next Generation of Radiation Detection Equipment Is Not Supported by Its Cost-Benefit Analysis, GAO-07-581T;Combating Nuclear Smuggling: DNDO Has Not Yet Collected Most of the National Laboratories' Test Results on Radiation Portal Monitors in Support of DNDO's Testing and Development Program, GAO-07-347R; Combating Nuclear Smuggling: DHS's Cost-Benefit Analysis to Support the Purchase of New Radiation Detection Portal Monitors Was Not Based on Available Performance Data and Did Not Fully Evaluate All the Monitors' Costs and Benefits, GAO-07-133R; and Combating Nuclear Smuggling: DHS Has Made Progress Deploying Radiation Detection Equipment at U.S. Ports-of- Entry, but Concerns Remain, GAO-06-389; DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to develop a program to screen incoming cargo for radiation. DHS reported that the Coast Guard continues to develop the procedures and capabilities for detecting chemical, biological, radiological, nuclear and high-yield explosive threats in the maritime environment. DHS reported that through these efforts, the Coast Guard has partnered with the Domestic Nuclear Detection Office and reported that it partnered with the Federal Bureau of Investigation, Department of Energy, and Department of Defense. DHS stated that the Coast Guard maintains three dedicated response teams, on call 365 days a year, to respond to and mitigate various environmental incidents. DHS reported that the Coast Guard has distributed personal radiation detectors, hand-held isotope identifiers, and radiation sensor backpacks to the field, and continues to pursue procurement of additional equipment through a joint acquisition strategy with Domestic Nuclear Detection Office. Further, DHS as of March 9, 2007, CBP had deployed 966 radiation portal monitors. DHS stated that these deployments provide CBP with the capability to screen approximately 91 percent of containerized cargo and 88 percent of personally owned vehicles entering the United States. DHS further stated that within these totals, CBP could screen about 89 percent of seaborne containerized cargo; 91 percent of commercial trucks and about 81 percent of personally owned vehicles arriving from Canada; and 96 percent of commercial trucks and 91 percent of personally owned vehicles arriving from Mexico; Our assessment: We conclude that DHS has generally not achieved this performance expectation. In our prior work, we reported that DHS was unlikely to reach its 2009 goal for radiation portal deployment. We also reported that in conducting its cost-benefit analysis of the decision to purchase and deploy new portal monitor technology, DHS did not include all of the major costs and benefits required by DHS guidelines and did not use the results of its own performance tests. The department instead relied on assumptions of the new technology's anticipated performance level. The lack of adequate means for acquiring technology is a major impediment to the development and implementation of the program; Assessment: Generally not achieved. Performance expectation: 20. Develop a program to work with foreign governments to inspect suspicious cargo before it leaves for U.S. ports; Summary of findings: GAO findings: DHS has developed a program to work with foreign governments to inspect suspicious cargo before leaving for U.S. ports. Announced in January 2002, the Container Security Initiative program was implemented to allow CBP officials to target containers at foreign seaports so that any high-risk containers may be inspected prior to their departure for U.S. destinations. The Security and Accountability for Every Port Act, which took effect in October 2006, codified the Container Security Initiative. CBP first solicited the participation of the 20 foreign ports that shipped the highest volume of ocean containers to the United States. These top 20 ports are located in 14 countries and regions and shipped a total of 66 percent of all containers that arrived in U.S. seaports in 2001. CBP has since expanded the Container Security Initiative to strategic ports, which may ship lesser amounts of cargo to the United States but may also have terrorism or geographical concerns. We identified a number of challenges to the Container Security Initiative. For example, in April 2005 we reported that staffing imbalances were impeding CBP from targeting all containers shipped from Container Security Initiative ports before they leave for the United States. However, we reported that CBP had been unable to staff the Container Security Initiative teams at the levels called for in the Container Security Initiative staffing model because of diplomatic and practical considerations. In terms of diplomatic considerations, the host government may limit the overall number of U.S. government employees to be stationed in the country and may restrict the size of the Container Security Initiative team. In terms of practical considerations, the host governments may not have enough workspace available for Container Security Initiative staff and may thus restrict the size of the Container Security Initiative team. The U.S. Department of State would also have to agree to the size of the Container Security Initiative teams, a decision that has to be balanced with the mission priorities of the embassy, the programmatic and administrative costs associated with increases in staffing, and security issues related to the number of Americans posted overseas. We reported that as a result of these staff imbalances, 35 percent of U.S.-bound shipments from Container Security Initiative ports were not targeted and were therefore not subject to inspection overseas. We also reported the existence of limitations in one data source Container Security Initiative teams use for targeting high-risk containers. In April 2007 we reported that the number of seaports that participate in the program had grown to 50, with plans to expand to a total of 58 ports by the end of this fiscal year. We also identified several challenges to the Container Security Initiative. For example, we reported that there are no internationally recognized minimum technical requirements for the detection capability of nonintrusive inspection equipment used to scan containers. Consequently, host nations at Container Security Initiative seaports use various types of nonintrusive inspection equipment, and the detection capabilities of such equipment can vary. Further, we reported that some containers designated as high-risk did not receive an inspection at the Container Security Initiative seaport. Containers designated as high-risk by Container Security Initiative teams that are not inspected overseas (for a variety of reasons) are supposed to be referred for inspection upon arrival at the U.S. destination port. However, CBP officials noted that between July and September 2004, only about 93 percent of shipments referred for domestic inspection were inspected at a U.S. seaport. According to CBP, it is working on improvements in its ability to track such containers to ensure that they are inspected. We have ongoing work to further assess the Container Security Initiative. For more information, see GAO-07-754T; Homeland Security: Key Cargo Security Programs Can Be Improved, GAO-05-466T; Container Security: A Flexible Staffing Model and Minimum Equipment Requirements Would Improve Overseas Targeting and Inspection Efforts, GAO-05-557; Homeland Security: Summary of Challenges Faced in Targeting Oceangoing Cargo Containers for Inspection, GAO-04-557T; and Container Security: Expansion of Key Customs Programs Will Require Greater Attention to Critical Success Factors, GAO-03-770. DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to develop a program to work with foreign governments to inspect suspicious cargo before it leaves for U.S. ports. DHS reported that in April 2005 the Container Security Initiative began implementing revisions to the Container Security Initiative staffing model to have optimal levels of staff at Container Security Initiative ports to maximize the benefits of targeting and inspection activities, in conjunction with host nation customs officials, and to increase its staff at the National Targeting Center in the United States to complement the work of targeters overseas. DHS stated that this enabled Container Security Initiative ports to review and screen 100 percent of manifest information for containers destined to the United States; Our assessment: We conclude that DHS has generally achieved this performance expectation. The department has developed a program to work with foreign governments to inspect suspicious cargo before it leaves for U.S. ports. DHS has developed the Container Security Initiative, and the program allows CBP officials to target containers at foreign seaports for inspection. However, our previous work has identified a number of challenges to the implementation of this program, such as the detection capabilities of host nations' inspection equipment. Assessment: Generally achieved. Performance expectation: 21. Develop a program to work with the private sector to improve and validate supply chain security; Summary of findings: GAO findings: DHS has developed a program to work with the private sector to improve and validate supply chain security, but some challenges remain. Initiated in November 2001, the Customs- Trade Partnership Against Terrorism is a voluntary program designed to improve the security of the international supply chain while maintaining an efficient flow of goods. Under the Customs-Trade Partnership Against Terrorism, CBP officials work in partnership with private companies to review their supply chain security plans to improve members' overall security. In return for committing to making improvements to the security of their shipments by joining the program, Customs-Trade Partnership Against Terrorism members may receive benefits that result in reduced scrutiny of their shipments. The Security and Accountability For Every Port Act, which took effect in October 2006, codified the program. In April 2007, we reported that since the inception of the Customs-Trade Partnership Against Terrorism, CBP has certified 6,375 companies, and as of March 2007, it had validated the security of 3,950 of them (61.9 percent). We also reported that while CBP initially set a goal of validating all companies within their first 3 years as Customs-Trade Partnership Against Terrorism members, the program's rapid growth in membership made the goal unachievable. CBP then moved to a risk-based approach to selecting members for validation, considering factors such as the company having foreign supply chain operations in a known terrorist area or involving multiple foreign suppliers. CBP further modified its approach to selecting companies for validation to achieve greater efficiency by conducting "blitz" operations to validate foreign elements of multiple members' supply chains in a single trip. Blitz operations focus on factors such as Customs-Trade Partnership Against Terrorism members within a certain industry, supply chains within a certain geographic area, or foreign suppliers to multiple Customs-Trade Partnership Against Terrorism members. Risks remain a consideration, according to CBP, but the blitz strategy drives the decision of when a member company will be validated. However, we identified a number of challenges to Customs-Trade Partnership Against Terrorism. For example, CBP's standard for validations--to ensure that members' security measures are reliable, accurate and effective--is hard to achieve. Since the Customs-Trade Partnership Against Terrorism is a voluntary rather than a mandatory program, there are limits on how intrusive CBP can be in its validations. Further, challenges developing Customs-Trade Partnership Against Terrorism outcome-based performance measures persist because of difficulty measuring deterrent effect. CBP has contracted with the University of Virginia for help in developing useful measures. We have ongoing work to further assess the Customs- Trade Partnership Against Terrorism program. For more information, see GAO-07-754T; Homeland Security: Key Cargo Security Programs Can Be Improved, GAO-05-466T; Cargo Security: Partnership Program Grants Importers Reduced Scrutiny with Limited Assurance of Improved Security, GAO-05-404; and Container Security: Expansion of Key Customs Programs Will Require Greater Attention to Critical Success Factors, GAO-03- 770; DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to develop a program to work with the private sector to improve and validate supply chain security. For example, DHS reported that the Customs-Trade Partnership Against Terrorism program now has a Web based portal system that allows data storage and statistical tracking of all participants and also allows for reports to be run ensuring that performance goals are being met. DHS also stated that the Customs-Trade Partnership Against Terrorism reached its full staffing level of 156 Supply Chain Security Specialists in December of 2006; Our assessment: We conclude that DHS has generally achieved this performance expectation. The department has developed a program to work with the private sector to improve and validate supply chain security. Through the Customs-Trade Partnership Against Terrorism, DHS officials work in partnership with private companies to improve members' overall security. However, our previous work has identified a number of challenges to the implementation of this program. For example, because the Customs-Trade Partnership Against Terrorism is a voluntary program, CBP is limited in how intrusive its validations can be, and CBP also faces challenges in developing outcome-based performance measures for the program; Assessment: Generally achieved. Performance expectation: 22. Develop standards for cargo containers to ensure their physical security; Summary of findings: GAO findings and assessment: We generally have not conducted work on DHS's efforts to develop standards to better secure containers, and as a result we cannot make an assessment of the extent to which DHS has taken actions to address this performance expectation; Assessment: No assessment made. Performance expectation: 23. Develop an international port security program to assess security at foreign ports; Summary of findings: GAO findings and assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed a program to assess security at foreign ports. However, our previous work has identified a number of challenges to the implementation of this program. To help secure the overseas supply chain, the Maritime Transportation Security Act required the Coast Guard to develop a program to assess security measures in foreign ports and, among other things, recommend steps necessary to improve security measures in their ports. In April 2007, we reported that the Coast Guard established this program, called the International Port Security Program, in April 2004. Under this program, the Coast Guard and host nations review the implementation of security measures in the host nations' ports against established security standards, such as the International Maritime Organization's International Ship and Port Facility Security Code. Coast Guard teams have been established to conduct country visits, discuss security measures implemented, and collect and share best practices to help ensure a comprehensive and consistent approach to maritime security in ports worldwide. The conditions of these visits, such as timing and locations, are negotiated between the Coast Guard and the host nation. Coast Guard officials also make annual visits to the countries to obtain additional observations on the implementation of security measures and ensure deficiencies found during the country visits are addressed. As of April 2007, the Coast Guard reported that it has visited 86 countries under this program and plans to complete 29 more visits by the end of fiscal year 2007. We are currently conducting a review of the Coast Guard's international enforcement programs, such as the International Port Security Program. Although this work is still in process and not yet ready to be included in this assessment, we have completed a more narrowly scoped review required under the Security and Accountability For Every Port Act regarding security at ports in the Caribbean Basin. As part of this work, we looked at the efforts made by the Coast Guard in the region under the program and the Coast Guard's findings from the country visits it made in the region. In this review we found a number of challenges concerning program implementation. For example, for the countries in this region for which the Coast Guard had issued a final report, the Coast Guard reported that most had "substantially implemented the security code," while one country that was just recently visited was found to have not yet implemented the code and will be subject to a reassessment. At the facility level, the Coast Guard found several facilities needing improvements in areas such as access controls, communication devices, fencing, and lighting. Because our review of the Coast Guard's International Port Security Program is still ongoing, we have not yet reviewed the results of the Coast Guard's findings in other regions of the world. While our larger review is still not complete, Coast Guard officials have told us they face challenges in carrying out this program in the Caribbean Basin. These challenges include ensuring sufficient numbers of adequately trained personnel and addressing host nation sovereignty issues. For more information, see GAO-07-754T and GAO-05-448T; Assessment: Generally achieved. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [A] The terms "inspecting" and "screening" have been used interchangeably to denote some level of examination of a person or good, which can entail a number of different actions, including manual physical inspections to ensure that cargo does not contain weapons, explosives, or stowaways, or inspections using noninstrusive technologies that do not require the cargo to be opened in order to be inspected. However, for this performance expectation, we use the term "inspect" to refer to this broad range of activities and "screening" to refer to an assessment of the security risk posed by a container based on available information. [B] The terms "inspecting" and "screening" have been used interchangeably to denote some level of examination of a person or good, which can entail a number of different actions, including manual physical inspections to ensure that cargo does not contain weapons, explosives, or stowaways, or inspections using noninstrusive technologies that do not require the cargo to be opened in order to be inspected. However, for this performance expectation, we use the term "inspect" to refer to this broad range of activities and "screening" to refer to an assessment of the security risk posed by a container based on available information. [C] The terms "inspecting" and "screening" have been used interchangeably to denote some level of examination of a person or good, which can entail a number of different actions, including manual physical inspections to ensure that cargo does not contain weapons, explosives, or stowaways, or inspections using noninstrusive technologies that do not require the cargo to be opened in order to be inspected. For this performance expectation, we use the terms "screen" and "inspect" to refer to this broad range of activities. [End of table] DHS Has Made Limited Progress in Its Emergency Preparedness and Response Efforts: Several federal legislative and executive provisions support preparation for and response to emergency situations. The Robert T. Stafford Disaster Relief and Emergency Assistance Act (the Stafford Act)[Footnote 25] primarily establishes the programs and processes for the federal government to provide major disaster and emergency assistance to state, local, and tribal governments; individuals; and qualified private nonprofit organizations. FEMA, within DHS, has responsibility for administering the provisions of the Stafford Act. FEMA's emergency preparedness and response efforts include programs that prepare to minimize the damage and recover from terrorist attacks and disasters; help to plan, equip, train, and practice needed skills of first responders; and consolidate federal response plans and activities to build a national, coordinated system for incident management. DHS's emergency preparedness and response efforts have been affected by DHS reorganizations and, in the wake of the 2005 Gulf Coast hurricanes, reassessments of some initiatives, such as the National Response Plan and its Catastrophic Incident Supplement. DHS is undergoing its second reorganization of its emergency preparedness and response programs in about 18 months. The first reorganization was initiated by the Secretary of Homeland Security in the summer of 2005 and created separate organizations within DHS responsible for preparedness and for response and recovery. The second reorganization was required by the fiscal year 2007 DHS appropriations act and largely took effect on April 1, 2007. As shown in table 28, we identified 24 performance expectations for DHS in the area of emergency preparedness and response and found that overall DHS has made limited progress in meeting those performance expectations. In particular, we found that DHS has generally achieved 5 performance expectations and has generally not achieved 18 others. For 1 performance expectation, we did not make an assessment. Table 28: Performance Expectations and Progress Made in Emergency Preparedness and Response: Performance expectation: 1. Establish a comprehensive training program for national preparedness; Assessment: Generally not achieved. Performance expectation: 2. Establish a program for conducting emergency preparedness exercises; Assessment: Generally achieved. Performance expectation: 3. Conduct and support risk assessments and risk management capabilities for emergency preparedness; Assessment: Generally not achieved. Performance expectation: 4. Ensure the capacity and readiness of disaster response teams; Assessment: Generally not achieved. Performance expectation: 5. Develop a national incident management system; Assessment: Generally achieved. Performance expectation: 6. Coordinate implementation of a national incident management system; Assessment: Assessment: Generally not achieved. Performance expectation: 7. Establish a single, all-hazards national response plan; Assessment: Generally not achieved. Performance expectation: 8. Coordinate implementation of a single, all- hazards response plan; Assessment: Generally not achieved. Performance expectation: 9. Develop a complete inventory of federal response capabilities; Assessment: Generally not achieved. Performance expectation: 10. Develop a national, all-hazards preparedness goal; Assessment: Generally not achieved. Performance expectation: 11. Support citizen participation in national preparedness efforts; Assessment: No assessment made. Performance expectation: 12. Develop plans and capabilities to strengthen nationwide recovery efforts; Assessment: Generally not achieved. Performance expectation: 13. Develop the capacity to provide needed emergency assistance and services in a timely manner; Assessment: Generally not achieved. Performance expectation: 14. Provide timely assistance and services to individuals and communities in response to emergency events; Assessment: Generally not achieved. Performance expectation: 15. Implement a program to improve interoperable communications among federal, state, and local agencies; Assessment: Generally not achieved. Performance expectation: 16. Implement procedures and capabilities for effective interoperable communications; Assessment: Generally not achieved. Performance expectation: 17. Increase the development and adoption of interoperability communications standards; Generally not achieved. Performance expectation: 18. Develop performance goals and measures to assess progress in developing interoperability; Assessment: Generally not achieved. Performance expectation: 19. Provide grant funding to first responders in developing and implementing interoperable communications capabilities; Assessment: Generally achieved. Performance expectation: 20. Provide guidance and technical assistance to first responders in developing and implementing interoperable communications capabilities; Assessment: Generally not achieved. Performance expectation: 21. Provide assistance to state and local governments to develop all-hazards plans and capabilities; Assessment: Generally not achieved. Performance expectation: 22. Administer a program for providing grants and assistance to state and local governments and first responders; Assessment: Generally achieved. Performance expectation: 23. Allocate grants based on assessment factors that account for population, critical infrastructure, and other risk factors; Assessment: Generally achieved. Performance expectation: 24. Develop a system for collecting and disseminating lessons learned and best practices to emergency responders; Assessment: Generally not achieved. Performance expectation: Total; Assessment: Generally achieved: 5; Assessment: Generally not achieved: 18; Assessment: No assessment made: 1. Source: GAO analysis. Note: An assessment of "generally achieved" indicates that DHS has taken sufficient actions to satisfy most elements of the expectation. However, an assessment of "generally achieved" does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, "generally not achieved" indicates that DHS has not yet taken sufficient actions to satisfy most elements of the performance expectation. An assessment of "generally not achieved" may be warranted even where DHS has put forth substantial effort to satisfy some but not most elements of an expectation. In cases when we or the DHS IG have not completed work upon which to base an assessment of DHS actions to satisfy a performance expectation, and/or the information DHS provided did not enable us to clearly determine the extent to which DHS has achieved the performance expectation, we indicated "no assessment made." [End of table] Table 29 provides more detailed information on the progress that DHS has made in taking actions to achieve each performance expectation in the area of emergency preparedness and response and our assessment of whether DHS has taken steps to satisfy most of the key elements of the performance expectation (generally achieved) or has not taken steps to satisfy most of the performance expectation's key elements (generally not achieved). Table 29: Performance Expectations and Assessment of DHS Progress in Emergency Preparedness and Response: Performance expectation: 1. Establish a comprehensive training program for national preparedness; Summary of findings: GAO and DHS IG findings: DHS has developed and implemented various training programs, but it is unclear how these programs contribute or link to a comprehensive training program for national preparedness. In July 2005, we reported that according to DHS's National Training and Exercises and Lessons Learned Implementation Plan, DHS intended to implement a system to develop and maintain state and local responders' all-hazards capabilities. The goal of this system was to provide integrated national programs for training, exercise, and lessons learned that would reorient existing initiatives at all government levels in order to develop, achieve, and sustain the capabilities required to achieve the National Preparedness Goal. As part of this system, DHS intended to implement a national training program including providing criteria for accreditation of training courses, a national directory of accredited training providers, and a National Minimum Qualification Standards Guide. In March 2006, the DHS IG reported that FEMA provided regular training for emergency responders at the federal, state, and local levels; managed the training and development of FEMA employees internally; and provided disaster-specific training through the Disaster Field Training Operations cadre. FEMA's Training Division increased the size and number of classes it delivered, even as budgets decreased. The DHS IG found that courses provided by the Emergency Management Institute were one of FEMA's primary interactions with state and local emergency managers and responders. However, the DHS IG reported that the ability of Emergency Management Institute classes to improve emergency management during a hurricane was not quantifiable with available measurements. The DHS IG reported that employee development lacked the resources and organizational alignment to improve performance. Specifically, the DHS IG reported that FEMA had no centralized and comprehensive information on employee training. FEMA used several incompatible systems, including databases operated by the Employee Development branch, Emergency Management Institute, Disaster Field Training Operations cadre, and information technology security. Additional classes, including classes provided at conferences, classes provided by state or local entities, and leadership training courses, were not consistently tracked. The DHS IG reported that FEMA regional training managers maintained records on their own, drawing from each of these systems. The DHS IG concluded that not only was this process inefficient and susceptible to error, it also complicated efforts to monitor employee development of mission-critical skills and competencies. For more information, see Statement by Comptroller General David M. Walker on GAO's Preliminary Observations Regarding Preparedness and Response to Hurricanes Katrina and Rita, GAO-06-365R and Homeland Security: DHS's Efforts to Enhance First Responders' All- Hazards Capabilities Continue to Evolve, GAO-05-652. Also, see Department of Homeland Security Office of Inspector General, A Performance Review of FEMA's Disaster Management Activities in Response to Hurricane Katrina, OIG-06-32 (Washington, D.C.: March 2006); DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to establish a comprehensive training program for national preparedness. DHS has developed a series of training programs on the National Response Plan and the National Incident Management System to improve national preparedness. In particular, DHS reported that more than 100 Office of Grants and Training-supported courses are available to emergency responders and that in fiscal year 2006, there were more than 336,000 participants in Office of Grants and Training courses. DHS has also developed and implemented a Multi-Year Training and Exercise Plan designed to guide states in linking training and exercise activities. According to DHS, states identify priorities in their state strategies, translate them into target capabilities that they need to build, and then attend a workshop in which they build a schedule for training and exercises to address the capabilities. DHS reported that course content in the National Training Program is being aligned to target capabilities so that there is a direct link between the capabilities a state needs to build and the courses that its responders need to take to build those skills. In addition, DHS reported that the U.S. Fire Administration's National Fire Academy and FEMA's Emergency Management Institute have coordinated to develop a curriculum for first responder training across federal, state, local, and tribal governments and that in fiscal year 2006, more than 26,000 and 13,000 students attended training at the National Fire Academy and the Emergency Management Institute, respectively. DHS noted that with the re-creation of the National Integration Center in FEMA's new National Preparedness Directorate, FEMA will be coordinating development of a comprehensive national training strategy to ensure course curriculum is consistent among training facilities and to avoid duplication or overlap; Our assessment: Until DHS issues a comprehensive national training strategy, we conclude that DHS has generally not achieved this performance expectation. Although DHS has developed and implemented a variety of training programs related to national preparedness, specifically on the National Response Plan and National Incident Management System, DHS did not provide us with evidence on how these various programs have contributed to the establishment of a comprehensive, national training program. Moreover, DHS reported that it is working to develop a comprehensive national training strategy, but did not provide us with a target time frame for completing and issuing the national strategy; Assessment: Generally not achieved. Performance expectation: 2. Establish a program for conducting emergency preparedness exercises; Summary of findings: GAO and DHS IG findings: DHS has taken actions to establish a program for conducting emergency preparedness exercises, but much more work remains. In July 2005 we reported that as part of its plan for national training, exercises, and lessons learned, DHS intended to establish a national exercise program. This program was intended to reorient the existing National Exercise Program to incorporate the capabilities-based planning process and provide standardized guidance and methodologies to schedule, design, develop, execute, and evaluate exercises at all levels of government. This program was also intended to provide requirements for the number and type of exercises that communities of varying sizes should conduct to meet the National Preparedness Goal. In March 2006, the DHS IG reported on the long-term deterioration in FEMA's exercise program. The DHS IG reported that emergency management exercises were developed to test and validate existing programs, policies, plans, and procedures to address a wide range of disasters to which FEMA must respond. There were numerous types of exercises, ranging from tabletop exercises, where participants discussed actions and responses, to command post exercises, where specific aspects of a situation were exercised, to large-scale exercises, which involved multiple entities and a significant planned event with activation of personnel and resources. Further, the DHS IG reported that FEMA no longer had a significant role in the development, scope, and conduct of state exercises, though FEMA personnel maintained a presence at state events. FEMA participated in exercises administered by other agencies, but those exercises limited FEMA's ability to choose which plans, objectives, and relationships to test. For more information, see GAO-06-365R and GAO-05-652. Also, see Department of Homeland Security Office of Inspector General, A Performance Review of FEMA's Disaster Management Activities in Response to Hurricane Katrina, OIG-06-32 (Washington, D.C.: March 2006); DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to establish a program for conducting emergency preparedness exercises. DHS has developed a Homeland Security Exercise Evaluation Program that, according to DHS, has been adopted by every major federal agency involved in emergency preparedness. This program provides a standardized methodology for exercise design, development, conduct, evaluation, and improvement planning and provides guidance and doctrine for exercises that are conducted with homeland security grant funding. According to DHS, all exercise grant recipients are mandated to comply with Homeland Security Exercise Evaluation Program guidelines. DHS reported that for exercises for which the department collected and analyzed information in fiscal year 2006, 33 out of 48 Direct Support Exercises were compliant with the Homeland Security Exercise Evaluation Program and 40 out of 110 state or locally funded grant exercises were compliant. DHS noted that it has not evaluated regional and national exercises' compliance with the Homeland Security Exercise Evaluation Program. DHS has also developed a Homeland Security Exercise Evaluation Program Toolkit, which is an online system that walks users through scheduling, planning, evaluating, and tracking corrective actions from an exercise. DHS has also developed the Corrective Action Program to track and monitor corrective actions following exercises and the National Exercise Schedule to facilitate the scheduling and synchronization of national, federal, state, and local exercises. In addition, DHS reported that the National Exercise Program charter was approved by the Homeland Security Council, and DHS reported that the National Exercise Program Implementation Plan has been approved by the President and is scheduled to be released shortly; Our assessment: We conclude that DHS has generally achieved this performance expectation. The National Exercise Program charter has been established and approved. Moreover, DHS has developed and begun to implement the Homeland Security Exercise Evaluation Program. This program provides standardized guidance and methodologies for scheduling, developing, executing, and evaluating emergency preparedness exercises; Assessment: Generally achieved. Performance expectation: 3. Conduct and support risk assessments and risk management capabilities for emergency preparedness; Summary of findings: GAO findings: DHS has taken actions to support efforts to conduct risk assessments and develop risk management capabilities for emergency preparedness, but much more work remains. In July 2005 we reported that, according to DHS's Assessment and Reporting Implementation Plan, DHS intended to implement an assessment and reporting system to collect preparedness data to inform decision makers at all levels on the capabilities of the federal government, states, local jurisdictions, and the private sector. According to the plan, DHS intended to collect data from all governmental recipients of direct funding, using states to collect data from local jurisdictions and using federal regulatory agencies and other appropriate sources to collect private sector data. According to DHS, aggregating these data at all levels would provide information needed to allocate resources, execute training and exercises, and develop an annual status report on the nation's preparedness. The purpose of the assessment and reporting system was to provide information about the baseline status of national preparedness and to serve as the third stage of DHS's capability-based planning approach to ensure that state and local first responder capabilities fully support the National Preparedness Goal. For more information, see Homeland Security: Applying Risk Management Principles to Guide Federal Investments, GAO-07-386T and GAO-05-652; DHS updated information: In March 2007, DHS provided us with updated information on its efforts to conduct and support risk assessments and risk management capabilities for emergency preparedness. In particular, in April 2007, DHS established the new Office of Risk Management and Analysis to serve as the DHS Executive Agent for national-level risk management analysis standards and metrics; develop a standardized approach to risk; develop an approach to risk management to help DHS leverage and integrate risk expertise across components and external stakeholders; assess DHS risk performance to ensure programs are measurably reducing risk; and communicate DHS risk management in a manner that reinforces the risk- based approach; Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS did not provide us with documentation on its efforts to actually conduct risk assessments and support risk management capabilities specifically for emergency preparedness. Moreover, DHS has only recently established the new Office of Risk Management and Analysis, and this office's effect on DHS's efforts to support risk management capabilities for emergency preparedness is not yet known; Assessment: Generally not achieved. Performance expectation: 4. Ensure the capacity and readiness of disaster response teams; Summary of findings: GAO and DHS IG findings: DHS has faced challenges in ensuring the capacity and readiness of emergency response teams. In our work reviewing the response to Hurricane Katrina, we reported that while there were aspects that worked well, it appeared that logistics systems for critical resources were often totally overwhelmed by the hurricane, with critical resources apparently not available, properly distributed, or provided in a timely manner. We also reported that the magnitude of the affected population in a major catastrophe calls for greater capabilities for disaster response. In March 2006, the DHS IG reported that, historically, FEMA has established a 72-hour time period as the maximum amount of time for emergency response teams to arrive on scene. However, the DHS IG concluded that it was unclear whether this was responsive to the needs of a state and the needs of disaster victims. The DHS IG reported that a 72-hour response time did not meet public expectations, as was vividly demonstrated by media accounts within 24 hours after landfall of Hurricane Katrina. The DHS IG noted that shorter time periods, such as 60 hours, 48 hours, or even 12 hours, had been mentioned. However, to meet this level of expectation, several factors had to be addressed. According to the DHS IG, once strategic performance measures and realistic expectations were established, other actions could be taken to support those response goals. For more information, see GAO-06-365R. Also, see Department of Homeland Security Office of Inspector General, A Performance Review of FEMA's Disaster Management Activities in Response to Hurricane Katrina, OIG-06-32 (Washington, D.C.: March 2006); DHS updated information: In March and May 2007, DHS provided us with updated information on its efforts to ensure the capacity and readiness of disaster response teams. DHS reported that FEMA has completed efforts to identify and categorize more than 100 resources, including teams and pieces of equipment, which are then grouped into eight disciplines, such as law enforcement resources, emergency medical services, and search and rescue resources. DHS also provided information on its various disaster response teams currently in use. DHS's Emergency Response Teams- National are to be deployed in response to incidents of national significance and major disasters to coordinate disaster response activities, coordinate and deploy key national response assets and resources, provide situational awareness, and maintain connectivity with DHS operations centers and components. DHS's Emergency Response Teams-Advanced are designed to be deployed in the early phases of an incident to work directly with states to assess disaster impact, gain situational awareness, help coordinate disaster response, and respond to specific state requests for assistance. DHS's Rapid Needs Assessment Teams are small regional teams that are designed to collect disaster information to determine more specific disaster response requirements. In addition, Federal Incident Response Support Teams are designed to serve as the forward component of Emergency Response Teams-Advanced to provide preliminary on-scene federal management in support of the local Incident or Area Commander. DHS has established readiness indicators for the Federal Incident Response Support Teams and Urban Search and Rescue teams have their own indicators, but FEMA officials stated that they have not yet developed readiness indicators for other types of response teams. DHS reported that its Federal Incident Response Teams were tested during Tropical Storm Ernesto and other events, such as tornadoes. In addition, FEMA reported that it is developing a concept for new rapidly deployable interagency incident management teams designed to provide a forward federal presence to facilitate managing the national response for catastrophic incidents, called National Incident Management and Regional Incident Management Teams; Our assessment: We conclude that DHS has generally not achieved this performance expectation. Although DHS provided us with documentation on its various response teams and efforts taken to strengthen teams' readiness and capacity, DHS did not provide us with concrete evidence to demonstrate that response teams' readiness and capacity have improved since Hurricanes Katrina and Rita. Although DHS has tested its response team capabilities in several small-scale disasters, they have not been tested in a large-scale disaster. In addition, DHS did not provide us with documentation of the results of exercises, tests, or after-action reports on the small-scale disasters in which the response teams have been used that would indicate enhancements in teams' readiness and capacity. Moreover, DHS has not yet developed readiness indicators for its disaster responses teams other than Urban Search and Rescue and Federal Incident Response Support Teams; Assessment: Generally not achieved. Performance expectation: 5. Develop a national incident management system; Summary of findings: GAO findings: DHS has developed a national incident management system. The National Incident Management System is a policy document that defines roles and responsibilities of federal, state, and local first responders during emergency events. The intent of the system described in the document is to establish a core set of concepts, principles, terminology, and organizational processes to enable effective, efficient, and collaborative emergency event management at all levels. These concepts, principles, and processes are designed to improve the ability of different jurisdictions and first responder disciplines to work together in various areas--command, resource management, training, and communications. For more information, see Catastrophic Disasters: Enhanced Leadership, Capabilities, and Accountability Controls Will Improve the Effectiveness of the Nation's Preparedness, Response, and Recovery System, GAO-06-618 and GAO-05-652; DHS updated information: In March and April 2007, DHS provided us with updated information on efforts to further develop the National Incident Management System. DHS reported that the National Incident Management System has been undergoing review and revision by federal, state, and local government officials; tribal authorities; and nongovernmental and private sector authorities. According to DHS, the National Incident Management System document is under review pending release of the revised National Response Plan, now the National Response Framework. The current version of the National Incident Management System document remains in effect during the 2007 hurricane season; Our assessment: We conclude that DHS has generally achieved this performance expectation. DHS has developed the National Incident Management System, and the system defines the roles and responsibilities of various entities during emergency events; Assessment: Generally achieved. Performance expectation: 6. Coordinate implementation of a national incident management system; Summary of findings: GAO findings: Much more work remains for DHS to effectively coordinate implementation of the National Incident Management System. Drawing on our prior work identifying key practices for helping to enhance and sustain collaboration among federal agencies, key practices for collaboration and coordination include, among other things, defining and articulating a common outcome; establishing mutually reinforcing or joint strategies to achieve the outcome; identifying and addressing needs by leveraging resources; agreeing upon agency roles and responsibilities; establishing compatible policies, procedures, and other means to operate across agency boundaries; developing mechanisms to monitor, evaluate, and report the results of collaborative efforts; and reinforcing agency accountability for collaborative efforts through agency plans and reports. Homeland Security Presidential Directive 5 requires all federal departments and agencies to adopt and use the system in their individual preparedness efforts, as well as in support of all actions taken to assist state and local governments. However, in our work on Hurricane Katrina, we reported on examples of how an incomplete understanding of the National Incident Management System roles and responsibilities led to misunderstandings, problems, and delays. In Louisiana, for example, some city officials were unclear about federal roles. In Mississippi, we were told that county and city officials were not implementing the National Incident Management System because they did not understand its provisions. For more information, see GAO-06-618 and GAO-05-652; DHS updated information: In March and April 2007, DHS provided us with updated information on efforts to coordinate implementation of the National Incident Management System. DHS reported that in March 2004, it established the National Incident Management System Integration Center to coordinate implementation of the system. This center issues compliance guidelines to state and local responders annually and collects data on efforts to coordinate implementation of the National Incident Management System. DHS reported that more than 1 million state and local responders have taken training following guidelines established by the center for National Incident Management System compliance and that about 5.4 million students have received National Incident Management System-required training through the Emergency Management Institute as of February 2007. DHS also reported that the center, in conjunction with the Emergency Management Institute, released seven new National Incident Management System training programs in fiscal year 2006, including courses on multiagency coordination, public information systems, and resource management, among others. DHS has also developed sample National Incident Management System-compliant tabletop, functional, and command post exercises for use by federal, state, and local government agencies in testing system policies, plans, procedures, and resources in emergency operations plans. In addition, the National Incident Management System specifies 34 requirements that state and local governments must meet to be compliant with the system, and as of October 1, 2006, all federal preparedness assistance administered by DHS became contingent on states' compliance with the system, including federal funding through the DHS Emergency Management Performance Grants, Homeland Security Grant Program, and Urban Area Security Initiative. DHS reported that during fiscal years 2005 and 2006, National Incident Management System requirements, including the completion of training, were based on a self-certification process. For fiscal year 2007, DHS reported that the self-certification process will not be used; rather DHS provided states a specific set of metrics for implementation of the National Incident Management System, and states are required to report on the establishment of these measurements; Our assessment: We conclude that DHS has generally not achieved this performance expectation. In fiscal years 2005 and 2006, states self-certified that they had met National Incident Management System requirements, and DHS has not fully verified the extent to which states were compliant with system requirements during those years. DHS has provided states with a specific set of metrics for fiscal year 2007, but the extent to which these metrics will enhance DHS's ability to monitor states' compliance with the National Incident Management System is not yet known. In addition, although DHS has taken actions, such as issuing compliance guidelines, providing training, developing sample exercises, and collecting data on implementation of the National Incident Management System, DHS did not provide us with documentation demonstrating how these actions have contributed to DHS's effective coordination of implementation of the system. For example, DHS did not provide us with documentation on how these training and exercise programs have contributed to ensuring effective coordination of National Incident Management System implementation; Assessment: Generally not achieved. Performance expectation: 7. Establish a single, all-hazards national response plan; Summary of findings: GAO findings: DHS has established a single all- hazards national response plan, but the plan is undergoing revision. In December 2004, DHS issued the National Response Plan, which was intended to be an all-discipline, all-hazards plan establishing a single, comprehensive framework for the management of domestic incidents where federal involvement is necessary. The National Response Plan is applicable to incidents that go beyond the state and local levels and require a coordinated federal response, and the plan, operating within the framework of the National Incident Management System, provides the structure and mechanisms for national-level policy and operational direction for domestic incident management. The plan also includes a Catastrophic Incident Annex, which describes an accelerated, proactive national response to catastrophic incidents. DHS revised the National Response Plan following Hurricane Katrina, but we reported that these revisions did not fully address, or they raised new, challenges faced in implementing the plan. For more information, see GAO-06-618; DHS updated information: In March 2007, DHS provided us with updated information on efforts to establish an all-hazards national response plan. DHS reported that the National Response Plan is currently undergoing review and revision by federal, state, and local government officials; tribal authorities; and nongovernmental and private sector officials. According to DHS, this review includes all major components of the National Response Plan, including the base plan, Emergency Support Functions, annexes, and the role of the Principal Federal Official, Federal Coordinating Officer, and Joint Field Office Structure. A Catastrophic Planning Work Group is examining the Catastrophic Incident Annex and Supplement. DHS noted that this review is being conducted in four phases, with the first phase focused on prioritization of key issues, the second phase focused on the rewriting process, the third phase focused on releasing the revised documents, and the fourth phase focused on providing a continuous cycle of training, exercises, and periodic reviews. DHS reported that, as of March 2007, it was in the rewriting phase and has gathered input on key issues from internal and external stakeholders, after-action reports, Hurricane Katrina reports, and other resources. According to DHS, the revised document is renamed the National Response Framework and was released to internal stakeholders for review at the end of July 2007. Based on the review, edits and updates will be made to the document prior to its anticipated release on August 20, 2007 for a 30 day public comment period. DHS reported that the current version of the National Response Plan document remains in effect during the 2007 hurricane season; Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS issued the National Response Plan and a limited post-Katrina revision in May 2006, but we and others have identified concerns with those revisions. DHS also recognized the need for a more in-depth, substantive review and revision of the plan and expects to issue the latest revision in August 2007. DHS has acknowledged that some complex issues have taken more time than expected to assess and resolve. The changes made to the plan may affect roles and responsibilities under the plan and federal, state, and local agencies' training, exercises, and implementation plans. Until the National Response Plan and its annexes and Catastrophic Supplement are completed and distributed to all those with roles and responsibilities under the plan, federal agencies and others that have new or amended responsibilities under the revised plan cannot complete their implementation plans and the agreements needed to make the National Response Plan, its annexes, and supplements fully operational; Assessment: Generally not achieved. Performance expectation: 8. Coordinate implementation of a single, all- hazards response plan; Summary of findings: GAO and DHS IG findings: Much more work remains for DHS to effectively coordinate implementation of the National Response Plan. Drawing on our prior work identifying key practices for helping to enhance and sustain collaboration among federal agencies, key practices for collaboration and coordination include, among other things, defining and articulating a common outcome; establishing mutually reinforcing or joint strategies to achieve the outcome; identifying and addressing needs by leveraging resources; agreeing upon agency roles and responsibilities; establishing compatible policies, procedures, and other means to operate across agency boundaries; developing mechanisms to monitor, evaluate, and report the results of collaborative efforts; and reinforcing agency accountability for collaborative efforts through agency plans and reports. In March 2006, the DHS IG reported on FEMA's disaster management activities in the wake of Hurricane Katrina. The DHS IG reported that during the response, several significant departures from National Response Plan protocols occurred: (1) DHS's actions to apply National Response Plan protocols for Incidents of National Significance and catastrophic incidents were ambiguous; (2) DHS defined a new, operational role for the Principal Federal Officer by assigning the officer both Federal Coordinating Officer and Disaster Recovery Manager authorities; and (3) the Interagency Incident Management Group took an operational role not prescribed in the National Response Plan. As a backdrop to these changes, the DHS IG reported that FEMA had not yet developed or implemented policies and training for roles and responsibilities necessary to supplement the National Response Plan. In reviewing DHS's response to Hurricanes Katrina and Rita, we also identified numerous weaknesses in efforts to implement the plan. For example, in the response to Hurricane Katrina, we reported in September 2006 that there was confusion regarding roles and responsibilities under the plan. DHS revised the National Response Plan following Hurricane Katrina, but we reported that these revisions did not fully address, or they raised new, challenges faced in implementing the plan. For more information, see GAO-06-618. Also, see Department of Homeland Security Office of Inspector General, A Performance Review of FEMA's Disaster Management Activities in Response to Hurricane Katrina, OIG-06-32 (Washington, D.C.: March 2006); DHS updated information: In March 2007, DHS provided us with updated information on efforts to coordinate implementation of the National Response Plan. DHS reported that it developed and released training programs to support the National Response Plan and that this training has been required as a condition of certification of National Incident Management System compliance by state and local governments. DHS also reported that it is revising the National Response Framework and intends to release the revised plan in August 2007; Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS did not provide us with documentation on how its training programs have contributed overall to the department's efforts to coordinate implementation of the National Response Plan and could not demonstrate to us that the department has made progress in improving its ability to coordinate plan implementation since Hurricane Katrina. As we previously stated, the revised National Response Plan may require changes in federal, state, and local agencies' training, exercises, and implementation plans. It is also unclear how the revised plan will be implemented by states and first responders during the coming hurricane season, given that these entities will not have had an opportunity to train and practice under the revised version of the plan. We are concerned that if the revisions are not completed prior to the beginning of the 2007 hurricane season, it is unlikely that the changes resulting from these revisions could be effectively implemented for the 2007 hurricane season; Assessment: Generally not achieved. Performance expectation: 9. Develop a complete inventory of federal response capabilities; Summary of findings: GAO findings: DHS has undertaken efforts related to development of an inventory of federal response capabilities, but did not provide us with evidence on the extent to which its efforts have resulted in the development of a complete inventory. In July 2005 we reported that DHS began the first stage of the capabilities-based planning process identifying concerns using 15 National Planning Scenarios that were developed by the Homeland Security Council. As it moved to the step in the process of developing a sense of preparedness needs and potential capabilities, DHS created a list of tasks that would be required to manage each of the 15 National Planning Scenarios. Then, in consultation with federal, state, and local emergency response stakeholders, it consolidated the list to eliminate redundancies and create a Universal Task List of over 1,600 discrete tasks. Next, DHS identified target capabilities that encompassed these critical tasks. From this universe of potential tasks, DHS worked with stakeholders to identify a subset of about 300 critical tasks that must be performed during a large-scale event to reduce loss of life or serious injuries, mitigate significant property damage, or are essential to the success of a homeland security mission. The final step of the first stage of DHS's planning process was to decide on goals, requirements, and metrics. To complete this step, DHS, working with its stakeholders, developed a Target Capabilities List that identified 36 capabilities needed to perform the critical tasks for the events illustrated by the 15 scenarios. In December 2005, DHS issued an updated version of the Target Capabilities List. For more information, see GAO-05-652; DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to develop a complete inventory of federal response capabilities. For example, the Catastrophic Incident Supplement of the National Response Plan has been approved and includes identified specific capabilities from federal agencies that will be deployed according to a specified time frame in the event of a catastrophic incident (the Supplement may be revised based on the ongoing review of the National Response Plan and its annexes and supplements). DHS also reported that the National Incident Management System Incident Response Information System is currently undergoing development and testing. When testing is complete, the system will be provided to all federal agencies involved in the National Response Plan for collection of their inventory of National Incident Management System-typed resources. DHS reported that it is preparing to issue information to federal agencies that are signatories to the National Response Plan for agencies' use in creating an inventory of their resources. According to DHS, the database of these resources and capabilities is expected to be operational by the end of 2007. At this point, however, FEMA officials told us that the department does not have one comprehensive inventory of response capabilities. In addition, DHS reported that the Common Operating Picture Function in the Homeland Security Information Network serves as a communication tool that allows the DHS National Operations Center to gain real-time situational awareness of disaster response. During disaster response operations, automated reporting templates are populated by appropriate federal departments and agencies as specified under the National Response Plan; Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS has taken a variety of steps to develop a complete inventory of federal response capabilities, including finalizing the National Response Plan Catastrophic Incident Supplement. DHS is also taking steps to develop the National Incident Management System Incident Response Information System, but has not yet released the system. While DHS provided us with information on its various tools for identifying and specifying federal capabilities that will be deployed in the event of an incident, DHS reported that it does not yet have a complete inventory of all federal capabilities; Assessment: Generally not achieved. Performance expectation: 10. Develop a national, all-hazards preparedness goal; Summary of findings: GAO findings: DHS has developed an interim, national, all-hazards preparedness goal, but has not yet issued a final version of the goal. The December 2005 version of the National Preparedness Goal defines both the 37 major capabilities that first responders should possess to prevent, protect from, respond to, and recover from a wide range of incidents and the most critical tasks associated with these capabilities. We reported that an inability to effectively perform these critical tasks would, by definition, have a detrimental impact on effective protection, prevention, response, and recovery capabilities. For more information, see GAO-06-618 and GAO-05- 652; DHS updated information: In March 2007, DHS reported to us that public release of the final National Preparedness Goal was imminent, but did not provide us with a target time frame for issuing the final version of the goal. DHS officials noted that the department has worked with various federal, state, and local entities to develop, review, and get approval of the final National Preparedness Goal; Our assessment: Until the final version of the National Preparedness Goal is issued, we conclude that DHS has generally not achieved this performance expectation. Although DHS has developed and issued an interim National Preparedness Goal, it has not yet issued a final version of the goal and did not provide a target time frame for doing so. Issuing a final version of the goal is important for finalizing the major capabilities required of first responders in preparing for and responding to various incidents; Assessment: Generally not achieved. Performance expectation: 11. Support citizen participation in national preparedness efforts; Summary of findings: GAO findings and assessment: We have not completed work on DHS's efforts to support citizen participation in national preparedness efforts, and DHS did not provide us with information on its actions to meet this performance expectation. As a result, we cannot make an assessment of DHS's progress for this performance expectation; Assessment: No assessment made. Performance expectation: 12. Develop plans and capabilities to strengthen nationwide recovery efforts; Summary of findings: GAO and DHS IG findings: DHS has faced challenges in developing plans and capabilities needed to strengthen nationwide recovery efforts.[A] In February 2006 we reported that beginning and sustaining community and economic recovery, including restoring a viable tax base for essential services, calls for immediate steps so residents can restore their homes and businesses. Removing debris and restoring essential gas, electric, oil, communications, water, sewer, transportation and transportation infrastructure, other utilities, and services such as public health and medical support are vital to recovery and rebuilding. However, these recovery efforts in the aftermath of Hurricane Katrina were hindered by various factors, including the magnitude and scope of the hurricane. For more information, see GAO-06-365R; DHS updated information: In March and May 2007, DHS provided us with updated information on its efforts to develop plans and capabilities to strengthen nationwide recovery efforts. DHS and the American Red Cross developed the National Sheltering System to provide a Web-based data system to support shelter management and reporting and identification activities. DHS also issued a recovery strategy for mass sheltering and housing assistance in June 2006 to address contingencies for providing sheltering and housing assistance for declared emergencies and major disasters. FEMA also developed a Web-based Housing Portal to consolidate available rental resources for evacuees from federal agencies, private organization, and individuals. In addition, DHS reported making enhancements to its debris removal processes by, for example, adjusting its debris removal policy to ensure cost sharing for federal contracting, establishing a list of debris removal contractors, and developing guidance for local government debris removal contractors. DHS reported that an interagency work group, initiated in 2005, is working to develop federal contaminated debris policy and operational procedure guidance. In addition, FEMA officials noted that the agency is using a cost estimating format to capture all costs for construction projects by taking into account allowances for uncertainties in the construction process; Our assessment: We conclude that DHS has generally not achieved this performance expectation. DHS did not provide us with documentation on how its various initiatives have contributed overall to develop the department's capabilities to strengthen nationwide recovery efforts. DHS has taken steps to develop plans, policies, and guidance for recovery efforts. However, DHS did not provide us with evidence of its capabilities for recovery efforts; Assessment: Generally not achieved. Performance expectation: 13. Develop the capacity to provide needed emergency assistance and services in a timely manner; Summary of findings: GAO and DHS IG findings: DHS has faced difficulties in developing the capacity to provide emergency services and assistance in a timely manner and has not provided us with documentation to demonstrate that it has effectively met this performance expectation. The various reports and our own work on FEMA's performance before, during, and after Hurricane Katrina suggested that FEMA's human, financial, and technological resources and capabilities were insufficient to meet the challenges posed by the unprecedented degree of damage and the resulting number of hurricane victims. Our work pointed out that the National Response Plan did not specify the proactive means or capabilities the federal government should use to conduct damage assessments and gain situational awareness when the responsible state and local officials were overwhelmed. As a result, response efforts were hampered by the federal government's failure to fully use its available assets to conduct timely, comprehensive damage assessments in Louisiana and Mississippi. With regard to logistics, our work and that of others indicated that logistics systems--the capability to identify, dispatch, mobilize, and demobilize and to accurately track and record available critical resources throughout all incident management phases--were often totally overwhelmed by Hurricane Katrina. Critical resources were not available, properly distributed, or provided in a timely manner. The result was duplication of deliveries, lost supplies, or supplies never being ordered. Reviews of acquisition efforts indicated that while these efforts were noteworthy given the scope of Hurricane Katrina, agencies needed additional capabilities to (1) adequately anticipate requirements for needed goods and services (2) clearly communicate responsibilities across agencies and jurisdictions and (3) deploy sufficient numbers of personnel to provide contractor oversight. For more information, see Hurricanes Katrina and Rita: Unprecedented Challenges Exposed the Individuals and Households Program to Fraud and Abuse; Actions Needed to Reduce Such Problems in the Future, GAO-06-1013, and GAO-06-618. Also, see Department of Homeland Security Office of Inspector General, A Performance Review of FEMA's Disaster Management Activities in Response to Hurricane Katrina, OIG-06-32 (Washington, D.C.: March 2006); DHS updated information: In March and April 2007, DHS provided us with updated information on its efforts to develop the capacity to provide needed emergency assistance and services in a timely manner. For example, DHS reported that FEMA and the American Red Cross have developed and improved methods to better identify and more quickly assist individuals evacuated to a shelter, including developing and implementing methods to identify and reunify missing and separated family members during a disaster. DHS reported that it has developed interim guidance regarding sending FEMA registration intake staff to Red Cross management shelters following a disaster and plan to refine a formal standard operating procedure for this activity. DHS also reported that it is pursuing contract and contingency surge capabilities that will allow for the rapid expansion of FEMA's registration intake capacity of up to 200,000 people per day. (FEMA surpassed 100,000 registrations per day following Hurricanes Katrina and Rita.) FEMA has also reported tripling its daily home inspection capacity through contracted firms from 7,000 to 20,000 per day. Furthermore, FEMA reported that it is working with federal, state, and local partners to provide mass evacuee support planning to assist state and local governments in planning and preparing for hosting of large displaced populations. As part of these efforts, FEMA reported that it is working to develop an evacuee registration and tracking capability, implementation plans for federal evacuation support to states, and emergency sheltering guidance and planning assistance for potential host states and communities. FEMA reported that it plans to have a Mass Evacuation Management Unit operational by January 2008 and the National Mass Evacuation Registration and Tracking System operational once requirements are fully developed. In addition, DHS reported making enhancements to its logistics capabilities. For example, DHS has developed an Internet-based system that provides FEMA with the ability to manage its inventory and track the location of trailers carrying commodities. DHS officials also reported that the department is undertaking an optimization planning initiative to, among other things, identify best locations for logistics centers, but this planning eff