Skip to main content

Information Technology Management: Coast Guard Practices Can Be Improved

GAO-01-190 Published: Dec 12, 2000. Publicly Released: Dec 12, 2000.
Jump To:
Skip to Highlights

Highlights

The Coast Guard is now striving to realize its information technology (IT) management vision of being able to "deliver the right information to the right people at the right time" in order to support its various missions. GAO reviewed the Coast Guard's policies and procedures in the areas of investment management, architecture, software acquisition and development, information security, and human capital. GAO found that although the Coast Guard had many important IT management policies in place, it did not always implement them consistently. In addition, there were weaknesses in each of the key IT management areas.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials develop written procedures to guide IT Investment Board operations.
Closed – Implemented
USCG has developed written procedures to guide IT investment board operations.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials establish an IT oversight process that compares actual cost and schedule data with original estimates for all projects to determine whether investments are proceeding as expected and to take corrective actions as appropriate.
Closed – Implemented
USCG has developed a Capital Planning and Investment Control Manual that establishes key oversight processes, including processes for comparing actual cost and schedule data to estimates.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials establish a comprehensive inventory of IT assets that includes up-to-date cost and schedule information.
Closed – Implemented
USCG established a comprehensive inventory for tracking its IT assets, called the Investment Management System. This system includes cost and schedule information for the IT assets, and project officials regularly update this information.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials establish a process for analyzing, validating, and prioritizing the costs, benefits, schedules, and risks associated with all IT investments.
Closed – Implemented
USCG has developed a Capital Planning and Investment Control (CPIC) Manual that establishes key processes for analyzing, validating, and prioritizing IT investments.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials develop and oversee a comprehensive IT investment portfolio.
Closed – Implemented
Program managers enter project data into the Investment Management System, a comprehensive portfolio of IT assets. DHS and Coast Guard officials use this system as a primary tool for overseeing IT investments and developing reports for management and OMB oversight.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials ensure that all systems investments are compliant with the IT architecture.
Closed – Implemented
USCG established an Office of Information Technology Architecture, within its CIO Office, which has responsibility for assessing system investments to ensure compliance with the IT architecture.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials ensure that legacy systems integration processes are effectively implemented across the agency.
Closed – Implemented
USCG assigned two organizations within the CIO office responsibility for overseeing legacy systems integration as part of its investment management process.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials initiate software acquisition process improvement efforts to address weaknesses in requirements development and management, and acquisition risk management.
Closed – Implemented
Since the formation of the Department of Homeland Security and the Coast Guard's transfer into the department, USCG has adopted DHS Management Directive 1400, which defines the structure, processes, and accountability for DHS investments--including guidance for acquisitions.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials initiate software development process improvement efforts to address weaknesses in project planning, project tracking and oversight, quality assurance, and configuration management.
Closed – Implemented
USCG's Operations Systems Center has established standard processes for each of the areas GAO noted. Furthermore, Coast Guard representatives regularly review these processes for comprehensiveness and effectiveness, conduct audits and reviews to ensure compliance with the processes, and report the aggregated results of the audits and reviews to Coast Guard managers.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials implement a complete, effective security awareness program.
Closed – Implemented
USCG published a new information assurance manual to provide security awareness training, and disseminated it throughout the agency.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials ensure that systems' risk assessments and accreditations are completed.
Closed – Implemented
USCG has established an organization to address FISMA security requirements, including the requirement to certify and accredit systems. The agency has made progress in performing risk assessment, certification, and accreditation of its high priority systems.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials implement appropriate corrective actions on vulnerabilities identified during facilities' physical security evaluations.
Closed – Implemented
Coast Guard officials reported that they conduct both formal and informal vulnerability assessments of facilities and address identified vulnerabilities. The agency has made access control improvements at key locations.
United States Coast Guard In order to improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials implement appropriate corrective actions on the network security weaknesses that GAO identified.
Closed – Implemented
USCG officials have implemented corrective actions on key network security weaknesses GAO identified.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials develop and implement a centralized mechanism to monitor and enforce compliance with physical security and information systems security policies.
Closed – Implemented
USCG has established a database to monitor and enforce compliance with information systems security and physical security policies.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials assess the IT civilian workforce to identify knowledge and skill requirements and any gaps.
Closed – Not Implemented
USCG has no plans to track the knowledge and skill requirements of its civilian workforce.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials maintain a complete inventory that includes specific IT knowledge and skills.
Closed – Implemented
Coast Guard officials developed a comprehensive inventory of IT competencies for its active military staff.
United States Coast Guard To improve the Coast Guard's IT management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials analyze and document the effectiveness of strategies for recruiting, training, and developing IT personnel, and use the results to continually improve human capital strategies.
Closed – Implemented
In recent years, USCG initiated a program called Future Force 21, to refine its workforce structure, career entry and progression, and workforce management. In July 2003, a program review office assessed the effectiveness of its workforce initiatives and this information was used to refine workforce strategies.

Full Report

Office of Public Affairs

Topics

Information resources managementInformation securityInformation security officersInformation technologyIT acquisitionsIT policiesSoftware verification and validationSystems designU.S. Coast GuardIT investments