Federal Software Licenses:

Better Management Needed to Achieve Significant Savings Government-Wide

GAO-14-413: Published: May 22, 2014. Publicly Released: May 22, 2014.

Additional Materials:

Contact:

Carol R. Cha
(202) 512-4456
chac@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Office of Management and Budget (OMB) and the vast majority of agencies that GAO reviewed do not have adequate policies for managing software licenses. While OMB has a policy on a broader information technology (IT) management initiative that is intended to assist agencies in gathering information on their IT investments, including software licenses, it does not guide agencies in developing comprehensive license management policies. Regarding agencies, of the 24 major federal agencies, 2 have comprehensive policies that include the establishment of clear roles and central oversight authority for managing enterprise software license agreements, among other things; 18 have them but they are not comprehensive; and 4 have not developed any. The weaknesses in agencies' policies were due, in part, to the lack of a priority for establishing software license management practices and a lack of direction from OMB. Without an OMB directive and comprehensive policies, it will be difficult for the agencies to consistently and effectively manage software licenses.

Federal agencies are not adequately managing their software licenses because they generally do not follow leading practices in this area. The table lists the leading practices and the number of agencies that have fully, partially, or not implemented them.

24 Major Agencies' Implementation of Software License Management Leading Practices

Leading practice

Fully implemented

Partially implemented

Not implemented

Centralized management

4

15

5

Established software license inventory

2

20

2

Tracking and maintain inventory

0

20

4

Analyzing software license data

0

15

9

Providing sufficient training

0

5

19

Source: GAO analysis of agency data.

The inadequate implementation of leading practices in software license management was partially due to weaknesses in agencies' policies. As a result, agencies' oversight of software license spending is limited or lacking, and they may miss out on savings. The potential savings could be significant considering that, in fiscal year 2012, one major federal agency reported saving approximately $181 million by consolidating its enterprise license agreements even though its oversight process was ad hoc.

Given that agencies lack comprehensive software license inventories that are regularly tracked and maintained, GAO cannot accurately describe the most widely used software applications across the government, including the extent to which they were over and under purchased. Further, the data provided by agencies regarding their most widely used applications had limitations. Specifically, (1) agencies with data provided them in various ways, including by license count, usage, and cost; (2) the data provided by these agencies on the most widely used applications were not always complete; and (3) not all agencies had available data on the most widely used applications. Until weaknesses in how agencies manage licenses are addressed, the most widely used applications cannot be determined and thus opportunities for savings across the federal government may be missed.

Why GAO Did This Study

The federal government plans to spend at least $82 billion on IT products and services in fiscal year 2014, such as software licenses. Federal agencies engage in thousands of licensing agreements annually. Effective management of software licenses can help avoid purchasing too many licenses that result in unused software.

GAO was asked to review federal agencies' management of software licenses. GAO (1) assessed the extent to which OMB and federal agencies have appropriate policies on software license management, (2) determined the extent to which agencies adequately manage licenses, and (3) described agencies' most widely used software and extent to which they were over or under purchased. GAO assessed policies from 24 agencies and OMB against sound licensing policy measures. GAO also analyzed and compared agencies' software inventories and management controls to leading practices, and interviewed responsible officials. To identify sound licensing policy measures and leading practices, GAO interviewed recognized private sector and government software license management experts.

What GAO Recommends

GAO recommends OMB issue a directive to help guide agencies in managing licenses and that the 24 agencies improve their policies and practices for managing licenses. OMB disagreed with the need for a directive, but GAO believes it is needed, as discussed in the report. Most agencies generally agreed with the recommendations or had no comments.

For more information, contact Carol R. Cha at (202) 512-4456 or chac@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Priority recommendation

    Comments: In June 2016, the Office of Management and Budget (OMB) issued guidance to improve federal agencies' software license management practices. The OMB guidance, among other things, comprises the seven elements that a comprehensive software licensing policy should specify, as GAO recommended in May 2014. For example, the guidance requires agencies to maintain a continual agency-wide inventory of software licenses and leverage IT to support processes for compiling and maintaining software license inventories. In addition, OMB's guidance calls for agencies to analyze inventory data to ensure compliance with software license agreements, consolidate redundant applications, and identify other cost-saving opportunities. As a result, federal agencies should have adequate policies for consistently and effectively managing software licenses and be able to take advantage of opportunities to systematically identify software license related cost savings across agencies and the federal government.

    Recommendation: The Director of the OMB should issue a directive to the agencies on developing comprehensive software licensing policies comprised of the seven elements identified in this report.

    Agency Affected: Executive Office of the President: Office of Management and Budget

  2. Status: Open

    Comments: In written comments to our report, the Department of Agriculture concurred with our recommendation. In July 2017, Agriculture reported on actions taken to address this recommendation, including the development of a draft software license management policy to address Information Technology Asset Management (ITAM) procedures and practices. We will follow-up with the department to monitor its progress in completing an agency-wide comprehensive policy for the management of software licenses.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of Agriculture

  3. Status: Closed - Implemented

    Comments: The Department of Agriculture (USDA) implemented GAO's recommendation by employing a centralized software licenses approach that is coordinated and integrated with key USDA personnel. For example, USDA established a Software Category Manager and Category Management Team responsible for the oversight of all of the software licenses enterprise agreements. In addition, USDA has established Enterprise IT Category Management guidance to support the central oversight authority within the department for managing enterprise software license agreements. By employing a centralized software license management approach, USDA should be able to more consistently and cost-effectively make agency-wide decisions on software licenses.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Agriculture

  4. Status: Open

    Comments: The Department of Agriculture agreed with our recommendation and, in July 2017 reported that it has established a comprehensive software license inventory. We will request additional information to validate the extent to which Agriculture addressed this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Agriculture

  5. Status: Open

    Comments: The Department of Agriculture agreed with our recommendation. In July 2017, Agriculture reported on actions taken to address this recommendation. For example, Agriculture reported that it uses the Bigfix network management tool to track software. We will request additional information to validate the extent to which Agriculture regularly tracks and maintains the department's inventory of software licenses; and analyzes software data to inform decision making.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Agriculture

  6. Status: Open

    Comments: The Department of Agriculture agreed with our recommendation. In July 2017, Agriculture reported on actions taken to address this recommendation. For example, agriculture reported that it continues to analyze existing contracts to show their utilization. We will request additional information to validate the extent to which Agriculture analyzes agency-wide software license data to identify opportunities to reduce costs and better inform investment decision making.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Agriculture

  7. Status: Open

    Comments: In July 2017, Agriculture reported on actions taken to address this recommendation. For example, Agriculture reported that members of its Category Management Team have worked with GSA over the past year to better understand the terms and conditions of vendors, such as Oracle and Microsoft. In addition, Agriculture reported that the members maintain a Contracting Officer's Representative certification and attend continuous training on software procurement, contracting laws regulations and negotiations. We will request additional information to validate the extent to which Agriculture provided appropriate agency personnel with sufficient software license management training.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Agriculture

  8. Status: Open

    Comments: The Department of Commerce concurred with our recommendation. In April 2017, the department reported that it has established an integrated project team (IPT) team with representation from the bureau enterprise architecture teams to develop a methodology of managing software licenses across the department. In addition, Commerce reported that the IPT is chartered to refine the department's software licenses policy over time and provide guidance in establishing an enterprise license software management practice. We will continue to monitor the department's progress in implementing a comprehensive software license management policy.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of Commerce

  9. Status: Open

    Comments: The Department of Commerce partially concurred with our recommendation. In April 2017, the department reported that it has established an integrated project team (IPT) with representation from the bureau enterprise architecture teams to develop a methodology of managing licenses across the department. In addition, the department reported that the IPT is chartered to refine the software policy over time and provide guidance in establishing an enterprise license management practice. We will continue to monitor the department's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Commerce

  10. Status: Open

    Priority recommendation

    Comments: The Department of Commerce partially concurred with our recommendation. In April 2017, Commerce reported that it has conducted an inventory of software licenses through a data call and inventory collection template. Commerce also reported that it is evaluating how to automate the inventory process by leveraging the portfolio of deployed network discovery tools for identifying installed licensed products, collating and ingesting the information into a repository for maintenance and reporting of the data. We will continue to monitor the department's progress in implementing automated discovery and inventory tools in support of its department-wide software license inventory.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Commerce

  11. Status: Open

    Comments: The Department of Commerce partially concurred with our recommendation. In April 2017, Commerce reported that it has conducted an inventory of software licenses through a data call and inventory collection template. Commerce also reported that it is evaluating how to automate the inventory process by leveraging the portfolio of deployed network discovery tools for identifying installed licensed products, collating and ingesting the information into a repository for maintenance and reporting of the data. We will continue to monitor the department's progress in implementing automated discovery and inventory tools in support of its department-wide software license inventory.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Commerce

  12. Status: Open

    Comments: The Department of Commerce partially concurred with our recommendation. In April 2017, the department reported that it has established an integrated project team (IPT) with representation from the bureau enterprise architecture teams to develop a methodology of managing licenses across the department. In addition, the department reported that the IPT is chartered to refine the software policy over time and provide guidance in establishing an enterprise license management practice. We will continue to monitor the department's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Commerce

  13. Status: Open

    Comments: The Department of Commerce partially concurred with our recommendation. In April 2017, the department reported that it has established an integrated project team (IPT) with representation from the bureau enterprise architecture teams to develop a methodology of managing licenses across the department. In addition, the department reported that the IPT is chartered to refine the software policy over time and provide guidance in establishing an enterprise license management practice. We will continue to monitor the department's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Commerce

  14. Status: Open

    Comments: In March 2016, the Department of Defense reported that it was in the process of developing policy and guidance for software license management with issuance expected by the end of fiscal year 2017. As of July 2017, the department did not provide additional information. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency Affected: Department of Defense

  15. Status: Open

    Comments: In March 2016, the Department of Defense (DOD) reported on actions to implement a more centralized software license management approach. For example, the department reported that the DOD CIO is leveraging the DOD Enterprise Software Initiative and joint enterprise license agreement efforts centrally managed by the Defense Information Systems Agency to coordinate centralized acquisitions for licenses that are commonly purchased across DOD. The DOD CIO also issued a memorandum on November 16, 2015 directing department-wide migration to the Microsoft Windows 10 Operating System by January 2017 for all Windows-based desktop and laptop computers, which will support an enterprise approach for centrally coordinating software license management. However, as of July 2017, the department did not provide additional information. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Defense

  16. Status: Open

    Comments: The Department of Defense partially concurred to develop comprehensive inventory for the management of software licenses. In March 2016, DOD reported on actions to implement a comprehensive inventory using automated tools. For example, DOD reported that it has completed a software inventory license reporting plan and continues to automate security domains for asset management and plans to implement automated support and processes for software license management processes in Fiscal Year 2020. However, as of July 2017, the department did not provide additional information. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Defense

  17. Status: Open

    Comments: The Department of Defense partially concurred with this recommendation to develop a comprehensive inventory for the management of software licenses. In March 2016, DOD reported on actions to implement this recommendation. For example, DOD reported that it has completed a software inventory license reporting plan and continues to automate security domains for asset management and plans to implement automated support and processes for software license management processes in Fiscal Year 2020. However, the department did not provide additional information as of July 2017. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Defense

  18. Status: Open

    Priority recommendation

    Comments: The Department of Defense concurred with this recommendation. DOD made progress in implementing this recommendation by analyzing Fiscal Year 2013 selected software inventory data from 31 of 32 components. However, as of October 2016, DOD had not yet fully implemented this recommendation because it had not established automated discovery and inventory tools to maintain and track a comprehensive inventory of licenses, which are needed to fully and routinely analyze agency-wide software licensing data. Further, the department did not provide additional information as of July 2017. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Defense

  19. Status: Open

    Comments: The Department of Defense concurred with this recommendation. In March 2016, DOD reported on actions to implement this recommendation. For example, DOD added a new webinar training session on software license management and developed a two-day in-person training course on "Strategic Vendor Management" that introduces participants to category management best practices for commercial software. DOD also reported that it expects to establish additional training on software license management by the end of fiscal year 2016. However, the department did not provide updated information as of July 2017. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Defense

  20. Status: Open

    Comments: The Department of Education concurred with this recommendation. In August 2016, the Department provided evidence that it has developed agency-wide policy that addresses six of the seven elements that a comprehensive software licensing policy should specify. However, as of August 2017, the department did not provide evidence that its policy specifically addresses the analysis of software license data such as usage to inform decision making. We will follow up with the agency to obtain additional information on its software licensing policy and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of Education

  21. Status: Closed - Implemented

    Comments: The Department of Education has employed a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. This centralized approach is delineated in the department's Software Asset Management and Acquisition Policy which among other things, calls for centralized record keeping and management of software license information by the Office of the Chief Information Office. As a result, the department should be able to more effectively manage its agency-wide software licenses.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Education

  22. Status: Closed - Implemented

    Comments: The Department of Education concurred with, and took actions to establish an inventory of software licenses using automated tools for its enterprise-wide licenses. In addition, Education's directive on Software Asset Management and Acquisition Policy requires the department to regularly track and maintain its comprehensive inventory of software licenses using automated tools and metrics. A comprehensive inventory should help the department ensure compliance with software license agreements, and identify cost-saving opportunities.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Education

  23. Status: Closed - Implemented

    Comments: The Department of Education concurred with, and took actions to implement this recommendation. The department's Software Asset Management and Acquisition Policy and its Software Asset Management Tool Implementation Plan include procedures for regularly tracking and maintaining an inventory using automated tools and metrics. For example, the Software Asset Management Tool Implementation Plan calls for the generation of reports showing licensing usage, cost, and under/over usage of software licensing. In addition, the department provided evidence that it has begun to regularly track software license data, such as the Federal Student Aid (FSA) Usage report, that show the number of licenses FSA has purchased and the number of licenses FSA has in use. As a result, the department can better ensure that it has the appropriate number of licenses for each item of software in use to reconcile with current use.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Education

  24. Status: Open

    Comments: The Department of Education concurred with this recommendation. In August 2016, the department reported that it regularly analyzes agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. For example, the department said that it manually analyzes software data by comparing data in the software inventory database with requests for software acquisitions. However, as of August 2017, the department did not provide documentation on its analysis of agency-wide software license data or on the extent to which this information was used to inform investment decisions to identify opportunities to reduce costs. We will follow-up with the department to obtain documentation supporting actions to fully implement this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Education

  25. Status: Open

    Comments: The Department of Education concurred with this recommendation. The department has made progress in implementing this recommendation by providing its staff with software license training, including training on its software tracking database. In addition, the department's Software Asset Management and Acquisition Policy (SAMA) require employees to take training on the SAMA policy and computer software piracy. However, as of August 2017, the department did not demonstrate that it offers training in other important areas specific to software license management, such as contract terms and conditions, laws, and regulations. We will continue to monitor the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Education

  26. Status: Open

    Comments: In the Department of Energy's written comments the agency neither agreed nor disagreed with our recommendation, but stated it has taken a number of steps to aggregate software licensing. In March 2017, Energy reported that it had developed an agency-wide comprehensive policy for the management of software licenses. In addition, the department reported that the policy encourages the consolidation of software package acquisition, volume purchasing arrangements, enterprise wide agreements and best practices in software implementation. However, the department has not yet provided documentation of its policy. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of Energy

  27. Status: Open

    Comments: In the Department of Energy's written comments the agency neither agreed nor disagreed with our recommendation, but stated it had taken a number of steps to aggregate software licensing, and at that time had no plans to centralize software licensing. In March 2017, the department reported that it's Office of the Chief Information Officer's Enterprise Wide Agreement (EWA) program host periodic conference calls with key IT representatives across the department's complex and recommend common software for consideration by the EWA program. In addition, the department reported that its Office of Management, Strategic Programs Division holds meetings throughout the department to facilitate a centralized management approach towards purchasing. However, the department has not provided evidence that it employs a centralized software management approach that is coordinated and integrated with key personnel for the majority of the agency's software licenses spending and/or enterprise-wide licenses. We will continue to monitor the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Energy

  28. Status: Open

    Comments: In the Department of Energy's written comments the agency neither agreed nor disagreed with our recommendation, but stated it had taken a number of steps to aggregate software licensing, and at that time had no plans to centralize software licensing. In March 2017, the department reported that it's Office of the Chief Information Officer's Enterprise Wide Agreement (EWA) program hosts periodic conference calls with key IT representatives across the department's complex and recommend common software for consideration by the EWA program. In addition, the department reported that its Office of Management, Strategic Programs Division holds meetings throughout the department to facilitate a centralized management approach towards purchasing. However, the department has not provided evidence that it employs a centralized software management approach that is coordinated and integrated with key personnel for the majority of the department's software licenses spending and/or enterprise-wide licenses. We will continue to monitor the department's progress in implementing this recommendation

    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Energy

  29. Status: Open

    Comments: In Energy's written comments the agency neither agreed nor disagreed with our recommendation. In March 2017, DOE reported on actions to implement this recommendation. Consistent with the Act's provisions, Energy is working with GSA on providing usage data and support needed for the establishment of government-wide software contracts. The agency noted that it continues to use Continuous Monitoring and Diagnostic tools to inventory and consolidate software usage and eliminate unnecessary maintenance support costs. We have not yet validated agency actions on this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Energy

  30. Status: Open

    Comments: In the Department of Energy's written comments the agency neither agreed nor disagreed with our recommendation, but stated it has taken a number of steps to aggregate software licensing. In March 2017, Energy stated that it is analyzing agency-wide software data through the CIO's Enterprise Wide Agreement program which hosts periodic conference calls with key IT representatives across Energy. However, Energy has not provided evidence that it is fully analyzing agency-wide software license data to inform investment decisions and identify opportunities to reduce costs. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Energy

  31. Status: Open

    Comments: In Energy's written comments the agency neither agreed nor disagreed with our recommendation. In March 2017, the department noted that training for employees is managed on an office-by-office basis as part of the Individual Development and Training Needs Assessment Process and those individuals needing such training can be self-identified or identified by their supervisor for training. We will follow up with Energy to obtain documentation on its software license management training.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Energy

  32. Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of Health and Human Services

  33. Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Health and Human Services

  34. Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Health and Human Services

  35. Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics

    Agency Affected: Department of Health and Human Services

  36. Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Health and Human Services

  37. Status: Open

    Comments: The Department of Health and Human Services (HHS) neither agreed nor disagreed with this recommendation. We have requested documentation regarding implementation of this recommendation, and as of July 2017, are awaiting a response. We will follow up with HHS to obtain supporting documentation and continue monitoring its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Health and Human Services

  38. Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the CDM implementation will facilitate normalization efforts across DHS by defining common software license and maintenance requirements. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Homeland Security

  39. Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the CDM implementation will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Homeland Security

  40. Status: Open

    Comments: In June 2017, the Department of Homeland security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Homeland Security

  41. Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that CDM tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. The CDM tool will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses, including all licenses purchased, deployed, and in use, as well as spending on subscription services. As this data is captured the DHS OCIO, OSDO will analyze the software license data to track cost, usage, benefits to establish spending data that allows to the Department to perform trend analysis. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Homeland Security

  42. Status: Closed - Implemented

    Comments: In May 2014, the Department of Homeland Security concurred with this recommendation. In August 2015, the department provided evidence that it had developed software license management training that is available for the appropriate personnel. The training addresses contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. The department stated that the target training audience is agency personnel who are involved in managing software licenses such as project managers and members of the DHS Enterprise License Agreements. As a result, DHS staff involved in managing software licenses should have the skills and knowledge to perform their roles effectively and efficiently.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Homeland Security

  43. Status: Open

    Comments: In written comments to our report, HUD agreed to take executive actions to address our recommendation and noted steps the agency plans to take. In its May 2017 update, HUD stated that the department developed a draft policy that will implement policies and responsibilities for managing software licenses and a software license consolidation plan to enable maintenance and enforcement of the software license management policy. In addition, the department reported that it appointed a software license manager who is the single point of contact for software license management. According to HUD, the targeted completion for implementing this recommendation is the first quarter of 2018. We will follow-up with the Department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency Affected: Department of Housing and Urban Development

  44. Status: Open

    Comments: In May 2017, HUD reported that its Office of the Chief information Officer (CIO) has achieved full operational capability for the agency's Federal Asset Management Enterprise System (FAMES) and began to populate the FAMES with information on the agency's software assets in January 2017. However, HUD noted that it still needs to implement and test the PRISM interface with the FAMES which the agency expects to be completed by the end of fiscal year 2017. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Housing and Urban Development

  45. Status: Open

    Comments: In written comments to our report, HUD agreed to take executive actions to address our recommendation. In its May 2017 update, HUD reported on actions taken to implement this recommendation including the development of a GAP analysis to support acquisition and deployment of an automated software license management capability. According to HUD, this capability will provide the CIO with the data necessary to identify opportunities to reduce cost, implement IT commodity-consolidated acquisitions and buy licenses in bulk. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Housing and Urban Development

  46. Status: Open

    Comments: In written comments to our report, HUD agreed to take executive actions to address our recommendation and noted steps the agency plans to take. In May 2017, HUD reported that the agency has worked with the Department of Defense (DOD) to offer DOD Enterprise Software Initiative (ESI) sponsored software license management training to staff and continues to work with peer agencies to identify opportunities to access required software management skills and other required training. HUD reported that its target completion for addressing this recommendation is the first quarter of 2018. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Housing and Urban Development

  47. Status: Open

    Comments: The Department of Interior (DOI) agreed with this recommendation. In March 2017, DOI reported that the department has drafted a comprehensive policy that is comprised of the core elements of software management. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of the Interior

  48. Status: Open

    Comments: In March 2017, DOI reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets, and that this approach includes roles and responsibilities. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of the Interior

  49. Status: Open

    Comments: In written comments to our report, the Department of Interior (DOI) concurred with our recommendation. In March 2017, DOI reported that the department was working on a comprehensive management approach for accounting for and managing IT Software Assets. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of the Interior

  50. Status: Open

    Comments: In written comments to our report, the Department of Interior concurred with our recommendation. In March 2017, DOI reported that the department was working on a comprehensive management approach for accounting for and managing IT Software Assets. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of the Interior

  51. Status: Open

    Comments: In written comments to our report, the Department of Interior concurred with our recommendation. In March 2017, DOI reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making

    Agency Affected: Department of the Interior

  52. Status: Open

    Comments: In written comments to our report, the Department of Interior partially concurred with our recommendation to provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. In March 2017, DOI reported that the department DOI does and will continue to provide software license management training to agency personnel on contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management as appropriate. We will follow-up with the department to obtain supporting documentation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of the Interior

  53. Status: Open

    Comments: In its June 2015 statement of actions to address our recommendations, the Department of Justice reported that it was pursuing a number of initiatives focused on improving Software License management. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of Justice

  54. Status: Open

    Comments: The Department reported in June 2015 that it has taken initial steps to address our recommendations. For example, it reported using technology tools to pull software data being used within the infrastructure and to identify what software is not being used. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Justice

  55. Status: Open

    Comments: The Department in June 2015 reported that it has initiated steps to establish a comprehensive inventory of software licenses by using automated tools. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Justice

  56. Status: Open

    Comments: The Department has taken initial steps to regularly track and maintain a comprehensive inventory of software licenses. For example, the Department reported in June 2015, that it is managing a comprehensive inventory for major suppliers and exploring enterprise agreements with key suppliers to ensure compliance. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Justice

  57. Status: Open

    Comments: The Department reported in June 2015 that it has taken initial steps to analyze agency-wide software license data by providing better governance of software utilization to derive cost savings and by developing Enterprise License Agreements to achieve savings from processes across the components. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Justice

  58. Status: Open

    Comments: The Department reported in June 2015 that it has taken initial steps to provide training to appropriate agency personnel. For example, in the department's Vendor Management Calls they provide training on processes and the use of tools, including contract terms, negotiations, laws and regulations, acquisition, security planning and configuration management. We contacted the department in July 2017 and are awaiting a response on the current status of efforts to implement this recommendation. We will continue to evaluate the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Justice

  59. Status: Open

    Comments: In June 2017, the Department of Labor (DOL) reported that it plans to continue researching for an automated tool to identify, track and maintain the agency's software license inventory. We will continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Labor

  60. Status: Open

    Comments: In June 2017, the Department of Labor (DOL) reported that it plans to continue researching for an automated tool to identify, track and maintain the agency's software license inventory. We will continue to monitor its progress in implementing this recommendation

    Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Labor

  61. Status: Open

    Comments: In June 2017, the Department of Labor (DOL) reported that it was planning to assemble a cross-functional team before the end of fiscal year 2017 to evaluate solutions and tools for automated software management and to identify opportunities for enterprise-wide software agreements. We will continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Labor

  62. Status: Open

    Comments: In June 2016, the Department of Labor reported that it now has one individual certified in software management and intends to provide training to additional staff over the next year. In June 2017, Labor reported on progress in implementing this recommendation. Specifically, Labor noted that it has two additional personnel with configuration management and software library certifications to help ensure effective management of software licenses. We will continue to monitor its progress in providing appropriate agency personnel with sufficient training on managing software licenses.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Labor

  63. Status: Open

    Comments: The Department of State concurred with our recommendation. In July 2017, the department reported that its existing department policy identifies a single office within the department for managing the enterprise software licensing agreements. However, the department did not provide evidence that it addressed the weaknesses identified in our report including policies establishing a comprehensive inventory, analyses of software license data, training on management of software licenses, goals and objectives, and consideration of the software license life-cycle phases. We will follow-up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of State should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of State

  64. Status: Open

    Comments: The Department of State concurred with our recommendation. In July 2017, the department reported that existing policy identifies roles and responsibilities for key stakeholders in the acquisition of software including the CIO and systems owners. However, the department did not provided evidence that it addressed the weaknesses identified in our report including employing a centralized management approach to the software licenses that had been managed on a bureau by bureau basis. We will follow-up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of State should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of State

  65. Status: Open

    Comments: The Department of State concurred with, and has taken steps to implement our recommendation. In July 2017, the department reported that it currently has insight into procurement information as well as a broad range of software inventory information available via the department's current network monitoring toolset and purchasing system. In addition, the department stated that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) initiative spearheaded by the Department of Homeland Security. According to the department, the CDM is expected to provide an improved, more consolidated, user-friendly, and actionable view into software license data on its network. We will continue to monitor the department's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of State should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of State

  66. Status: Open

    Comments: The Department of State concurred with, and has taken steps to implement our recommendation. In July 2017, the department reported that it currently has insight into procurement information as well as a broad range of software inventory information available via the department's current network monitoring toolset and purchasing system. In addition, the department stated that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) which is expected to become the department's automated tool to track its software inventory. We will continue to monitor the department's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of State should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of State

  67. Status: Open

    Comments: The Department of State concurred with, and has taken steps to implement our recommendation. In July 2017, the department reported that it currently conducts software licenses analysis on a contract-by-contract basis, with a focus on the highest-dollar contracts. In addition, the department stated that the implementation of Continuous Diagnostics and Mitigation (CDM) automated tool is expected to provide a baseline of inventory, usage, and trending data that combined with our acquisition insight will permit decision makers to identify opportunities for future centralized, enterprise agreements. We will continue to monitor the department's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of State should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of State

  68. Status: Open

    Comments: The Department of State concurred with, and has taken steps to implement our recommendation. In July 2017, the department reported that it has provided software license management training to the agency's Information Resource Management and acquisition personnel and that the agency plans to provide more relevant software license training in the future. We will follow-up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of State should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of State

  69. Status: Open

    Comments: In February 2017, DOT stated that it has developed a policy addressing components of centralized management and management of software licenses through the entire life cycle. In addition, DOT updated its policy to address regularly tracking licenses using automated tools, analyzing license data to inform investment decision making, providing license management training to personnel, and establishing goals and objectives of the program. However, while DOT's Order 1351.21 states that each Enterprise License Agreement will be accompanied by a licensed management portal to provide department-wide transparency on how many licenses are available and when licenses need to be renewed, the policy did not include details on procedures for establishing a comprehensive inventory by identifying and collecting information about software license agreements using automated discovery and inventory tools. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of Transportation

  70. Status: Closed - Implemented

    Comments: The Department of Transportation (DOT) implemented this recommendation. Specifically, DOT issued Order 1351.21 which provides procedures for employing a centralized software license management approach that is integrated with key personnel for department-wide Enterprise License Agreements (ELAs). In addition, DOT has assigned a software license manager position in accordance to the Federal Information Technology Acquisition Reform Act (FITARA) guidance, with responsibility to, among other duties, lead the agency-wide effort to centralize license management, implement strategies to reduce duplication and ensure the adoption of software management best practices. The software manager is also required to report to the agency CIO and work in collaboration with the offices of the CIO, CAO, CFO, and other organizations as appropriate. By employing a centralized software license management approach, DOT should be able to more consistently and cost-effectively make agency-wide decisions on software licenses.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Transportation

  71. Status: Open

    Comments: In February 2017, DOT reported that the Federal Information Technology Acquisition Reform Act (FITARA) guidance requires the department to maintain a continual agency-wide inventory of software licenses. However, DOT did not provide evidence that it had established a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. We will follow-up with the department to obtain evidence of the implementation of this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Transportation

  72. Status: Open

    Comments: In February 2017, the Department of Transportation (DOT) noted that it was following guidance under the Federal Information Technology Acquisition Reform Act (FITARA). However, DOT did not provide evidence that it is regularly tracing and maintaining a comprehensive inventory of software licenses. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Transportation

  73. Status: Open

    Comments: In February 2017, the Department of Transportation (DOT) noted that it was following guidance under the Federal Information Technology Acquisition Reform Act (FITARA). However, DOT did not provide evidence that it analyzes agency-wide software license data to identify opportunities to reduce cost and inform decisions. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Transportation

  74. Status: Open

    Comments: In February 2017, the Department of Transportation (DOT) reported that its Office of the Chief Information Officer (OCIO) is piloting the Staff Training Education and Professional Development Program (STEP) for all OCIO employees. The courses cover areas such as contracting and negotiations, laws and regulations and security training. However, DOT reported that the training is not specific to software licensing, although elements of software management are covered in full through the offerings within the STEP program. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Transportation

  75. Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. According to Treasury, once implemented the CDM capabilities will enhance the department's security posture and provide the department with capabilities for automatically collecting software and hardware inventories. Treasury stated that it will then work with its bureaus to develop common procedures, policies and capabilities for auditing and tracking software inventories. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation. We will follow-up with Treasury to monitor its progress in implementing this recommendation and obtain supporting documentation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of the Treasury

  76. Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. According to Treasury, once implemented the CDM capabilities will enhance the department's security posture and provide the department with capabilities for automatically collecting software and hardware inventories. Treasury stated that it will then work with its bureaus to develop common procedures, policies and capabilities for auditing and tracking software inventories. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation. We will follow-up with Treasury to monitor its progress in implementing this recommendation and obtain supporting documentation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of the Treasury

  77. Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. According to Treasury, once implemented the CDM capabilities will enhance the department's security posture and provide the department with capabilities for automatically collecting software and hardware inventories. Treasury stated that it will then work with its bureaus to develop common procedures, policies and capabilities for auditing and tracking software inventories. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation. We will follow-up with Treasury to monitor its progress in implementing this recommendation and obtain supporting documentation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of the Treasury

  78. Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. According to Treasury, once implemented the CDM capabilities will enhance the department's security posture and provide the department with capabilities for automatically collecting software and hardware inventories. Treasury stated that it will then work with its bureaus to develop common procedures, policies and capabilities for auditing and tracking software inventories. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation. We will follow-up with Treasury to monitor its progress in implementing this recommendation and obtain supporting documentation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of the Treasury

  79. Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. According to Treasury, once implemented the CDM capabilities will enhance the department's security posture and provide the department with capabilities for automatically collecting software and hardware inventories. Treasury stated that it will then work with its bureaus to develop common procedures, policies and capabilities for auditing and tracking software inventories. Treasury also stated that these tools, policies and procedures will allow the department to study usage and better inform future procurement needs to minimize cost and duplication. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation. We will follow-up with Treasury to monitor its progress in implementing this recommendation and obtain supporting documentation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of the Treasury

  80. Status: Open

    Comments: In its July 2016 statement on corrective actions to address our recommendations, Treasury reported that it continues to be dependent on the rollout of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. In March and September of 2017, we contacted the department and are awaiting a response on the status of efforts to implement this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of the Treasury

  81. Status: Closed - Implemented

    Comments: In response to our recommendations, in July 2015, the department issued comprehensive software licensing policy that addressed the weaknesses identified in our report, including guidance for using analysis to better inform investment decision making. By establishing comprehensive software licensing policy, the Department is better able to ensure that it is consistently and cost-effectively managing its software throughout the Department.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Department of Veterans Affairs

  82. Status: Closed - Implemented

    Comments: The Department of Veterans Affairs (VA) agreed with and implemented this recommendation. Specifically, in July 2015 VA issued Directive 6403, Software Asset Management, which documents the department's software license management policy and responsibilities for central management of agency-wide software licenses. VA's policy for the management of software addresses the weaknesses we identified. By implementing our recommendation, VA should be able to consistently and cost-effectively manage software throughout the department.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Veterans Affairs

  83. Status: Open

    Comments: In written comments to our report, the Department of Veterans Affairs (VA) agreed with our recommendation. In September 2017, VA provided information on actions taken to address our recommendation. However, we have not yet validated agency actions on this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Department of Veterans Affairs

  84. Status: Open

    Comments: In written comments to our report, the Department of Veteran Affairs (VA) agreed with our recommendation. In September 2017, VA provided information on actions taken to address our recommendation. However, we have not yet validated agency actions on this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Department of Veterans Affairs

  85. Status: Open

    Comments: In written comments to our report, the Department of Veterans Affairs (VA) agreed with our recommendation. In September 2017, VA provided information on actions taken to address our recommendation. However, we have not yet validated agency actions on this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Department of Veterans Affairs

  86. Status: Open

    Comments: In written comments to our report, the Department of Veterans Affairs (VA) agreed with our recommendation and reported that it made progress in providing software asset management (SAM) training to all personnel responsible for overseeing software enterprise license agreement (ELA) management. In September 2017, VA provided information on actions taken to address our recommendation. However, we have not yet validated agency actions on this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Department of Veterans Affairs

  87. Status: Open

    Comments: In June 2017, Environment Protection Agency (EPA) reported that it is currently taking steps to develop a comprehensive policy that will address a centralized management program of licenses, an analysis to inform decision making, education and training goals and overall management throughout the lifecycle. In addition, EPA stated that it is still leveraging the efforts of the Continuous Diagnostics and Mitigation project as well as its Office of Acquisition Management's consolidation of its Microsoft suite. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Environmental Protection Agency

  88. Status: Open

    Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is currently taking steps to develop a comprehensive policy that will address a centralized management program of licenses. In addition, EPA stated that it is still leveraging the efforts of the Continuous Diagnostics and Mitigation project as well as leveraging its Office of Acquisition Management's consolidation of enterprise licenses. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Environmental Protection Agency

  89. Status: Open

    Comments: In June 2017, EPA reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for a comprehensive software license inventory. EPA also reported that this comprehensive inventory will be provided via an automated dashboard. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Environmental Protection Agency

  90. Status: Open

    Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for an automated tool that will establish a comprehensive software license inventory. EPA We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Environmental Protection Agency

  91. Status: Open

    Comments: In June 2017, the Environment Protection Agency reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for a comprehensive software license inventory. that will be available by the second quarter of fiscal year 2017. EPA also stated that it has consolidated six of the agency's eight major software license contracts. In addition, EPA reported that it is currently conducting an analysis of licenses and maintenance with regards to category management to determine the current spend environment and visibility within the agency to develop strategies for addressing each platform. We will follow up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Environmental Protection Agency

  92. Status: Open

    Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is working to develop a robust training curriculum that addresses all software license requirements including but not limited to negotiations, laws and regulations, and contract terms and conditions department wide. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Environmental Protection Agency

  93. Status: Closed - Implemented

    Comments: The General Service Administration (GSA) agreed with, and has taken steps to implement this recommendation. Specifically, GSA has developed agency-wide policy for management of software licenses that addresses the weaknesses identified in our report. For example, in September 2015 GSA issued an order establishing a software license program that among other things identified clear roles, responsibilities, and central oversight authority within the administration for managing agency-wide software. In addition, the agency issued standard operating procedures for establishing a comprehensive inventory of software licenses using automated tools, regularly tracking and maintaining software licenses and analyzing software data to make cost-effective decisions. As a result, GSA will be able to more effectively manage its software licenses.

    Recommendation: To ensure the effective management of its software licenses, the Adminitrator of the General Services Administration should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency Affected: General Services Administration

  94. Status: Closed - Implemented

    Comments: GSA agreed with this recommendation. In response, GSA established a comprehensive centralized inventory that incorporates elements of automated discovery and inventory tools that provide easy search and access to software license information, such as contract terms and agreement records. A comprehensive inventory will better ensure compliance with software license agreements, and allow GSA visibility that helps to reduce redundant applications and identify other cost-saving opportunities.

    Recommendation: To ensure the effective management of its software licenses, the Adminitrator of the General Services Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: General Services Administration

  95. Status: Closed - Implemented

    Comments: GSA agreed with, and has taken steps to implement this recommendation. GSA has implemented procedures requiring that it regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics; and update the inventory on a quarterly basis. As a result, the agency can ensure that it has the appropriate number of licenses for each item of software in use to reconcile with current use.

    Recommendation: To ensure the effective management of its software licenses, the Adminitrator of the General Services Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: General Services Administration

  96. Status: Closed - Implemented

    Comments: GSA agreed with, and has implemented this recommendation. GSA has analyzed its agency wide software license data to inform investment decisions. On a quarterly basis, GSA scans its agency-wide software inventory data to identify opportunities for software license consolidation opportunities and submits reports to GSA's information management. For example, in August 2016 provided evidence that it had analyzed its inventory of software license data and identified opportunities to consolidate several of its software products and identified an opportunity to establish an enterprise licensing agreement for one of its software products resulting in cost savings or cost avoidance totaling about five million dollars over about a three year period.

    Recommendation: To ensure the effective management of its software licenses, the Adminitrator of the General Services Administration should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: General Services Administration

  97. Status: Closed - Implemented

    Comments: GSA agreed with, and has taken steps to implement the recommendation. Specifically, GSA has provided software license management training to appropriate agency personnel including training on contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Sufficient software license management training should allow GSA employees to develop the skills and knowledge to perform their roles effectively and efficiently.

    Recommendation: To ensure the effective management of its software licenses, the Adminitrator of the General Services Administration should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: General Services Administration

  98. Status: Closed - Implemented

    Comments: In response to our recommendation, in July 2017 NASA issued an Interim Directive on the management of software licenses that addresses the weaknesses identified in our report. For example, the Directive requires personnel involved in software license management to complete NASA's software management training. In addition, the Directive addresses the software license management life-cycle phases. As a result, NASA should be able to more effectively manage its agency-wide software licenses.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses identified.

    Agency Affected: National Aeronautics and Space Administration

  99. Status: Closed - Implemented

    Comments: In response to our recommendation, in July 2017 NASA issued an Interim Directive which documents the administration's software license management policy including roles and responsibilities for central management of agency-wide software licenses. In addition, in May 2017 NASA's Administrator issued a memorandum requiring NASA components to use the agency's Enterprise License Management Team (ELMT) program for managing software licenses. By employing a centralized software license management approach, NASA should be able to more consistently and cost-effectively make agency-wide decisions on software licenses.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: National Aeronautics and Space Administration

  100. Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) has taken steps to implement our recommendation. In July 2017, NASA reported that the agency currently owns an enterprise software license management tool for the Office of the Chief Engineer and that the Office of the Chief Information Office will be coordinating with stakeholders to pursue expanding the use of this system NASA-wide. NASA anticipates completing this effort by the end of the fiscal year 2017.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: National Aeronautics and Space Administration

  101. Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) has taken steps to implement our recommendation. In July 2017, NASA reported that the agency currently owns an enterprise software license management tool for the Office of the Chief Engineer and that the Office of the Chief Information Office will be coordinating with stakeholders to pursue expanding the use of this system NASA-wide. NASA anticipates completing this effort by the end of the fiscal year 2017. We will continue to monitor NASA's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: National Aeronautics and Space Administration

  102. Status: Closed - Implemented

    Priority recommendation

    Comments: NASA has agreed with and implemented this recommendation. On an annual basis, NASA analyzes its agency-wide software license data to identify opportunities for software license cost avoidance. For example, NASA increased the number of software agreements managed by its enterprise license management team (ELMT) from 24 to 42 in fiscal year 2014 and analyzed the agency's software license data, such as cost, benefits, and usage to identify opportunities to reduce costs and make better informed investments moving forward. As a result of these actions, in fiscal year 2014, NASA avoided a cumulative cost of about $19.1 million. The agency also stated that it plans to continue to incrementally increase the number of ELMT-managed agreements in the future which should provide it opportunities to realize additional cost avoidance opportunities and better insight into the consumption of software in the future.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: National Aeronautics and Space Administration

  103. Status: Closed - Implemented

    Comments: NASA agreed with, and implemented this recommendation. Specifically, NASA issued guidance in July 2017 requiring NASA personnel involved in software license management to complete the NASA Software Management training. In addition, in February 2017, NASA initiated software license management training that addressed negotiations, laws and regulations, and contract terms. Sufficient software license management training should allow NASA personnel involved with managing licenses to develop the skills and knowledge to perform their roles more effectively and efficiently.

    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: National Aeronautics and Space Administration

  104. Status: Open

    Comments: In March 2017, NSF reported on actions taken to implement this recommendation. For example, the agency reported that in July 2015 NSF issued a new acquisition policy that provides the Chief Information Officer central oversight authority for IT acquisitions including software agreements. However, the guidance does not specify policies on managing software licenses for regularly tracking and maintaining software licenses to assist the agency in implementing decisions throughout the software license management life cycle, analyzing software usage and other data to make cost-effective decisions and providing training relevant to software license management. We will continue to monitor the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: National Science Foundation

  105. Status: Open

    Comments: In March 2017, NSF reported that it continues to regularly track and maintain a comprehensive inventory of software licenses. For example, NSF reported that in 2015 the agency implemented an automated tool to capture, track and report on software licenses. In addition, NSF reported that it is implementing a Continuous Diagnostic and Mitigation (CDM) capabilities to further consolidate and centralize management of the agency's software asset inventory in an automated way. However, NSF did not provide documentation showing that it regularly tracks and maintains its inventory using automated tools and metrics. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: National Science Foundation

  106. Status: Open

    Comments: In March 2017, NSF reported on its progress in analyzing agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. However, NSF did not provide documentation demonstrating that it analyzed agency-wide software license data to inform investment decisions and identify opportunities to reduce costs. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: National Science Foundation

  107. Status: Open

    Comments: In March 2017, NFS reported that the agency is committed to providing software license training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. However, NFS did not provide documentation showing that this training include aspects of sufficient software license management training such as contract terms and conditions or negotiations. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: National Science Foundation

  108. Status: Closed - Implemented

    Priority recommendation

    Comments: The Nuclear Regulatory Commission (NRC) implemented GAO's recommendation by updating its Information Technology Asset Management (ITAM) Policy to address the weaknesses identified in our report. Specifically, in December 2016, NRC updated its ITAM policy to include guidance on providing training relevant to software license management and considering the entire software license management life-cycle phases. By establishing comprehensive software licensing policy, NRC is better able to ensure that it is consistently and cost-effectively managing its software throughout the agency.

    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Nuclear Regulatory Commission

  109. Status: Open

    Comments: The Nuclear Regulatory Commission (NRC) has taken steps to implement this recommendation. For example, in March 2017, NRC reported that the agency's Software Manager is in the process of developing the NRC Software Management Centralization Plan to meet NRC's business needs and to ensure compliance with applicable Federal mandates and guidelines, including those from the Office of Management and Budget, the Federal Information Technology Acquisition Reform Act, the Federal Information Security Management Act, and from the National Institute of Standards and Technology. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Nuclear Regulatory Commission

  110. Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) stated that a manual effort is underway to gather and verify data associated with the software on the list to complete a comprehensive inventory of software licenses. NRC also reported that it has developed requirements for an information technology asset management tool to support the establishment of a comprehensive inventory of software licenses using automated tools. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Nuclear Regulatory Commission

  111. Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) stated that a manual effort is underway to gather and verify data associated with the software on the list to complete a comprehensive inventory of software licenses. NRC also reported that it has developed requirements for an information technology asset management tool to support the establishment of a comprehensive inventory of software licenses using automated tools. Upon deployment of an automated tool, NRC reported that it will be able to regularly track and maintain a comprehensive inventory of all software licenses. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Nuclear Regulatory Commission

  112. Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) reported that the agency will analyze agency-wide software license data after it deploys an automated tool. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Nuclear Regulatory Commission

  113. Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) reported that the agency plans to provide software license management training to all key personnel. NRC also reported that its software training is currently being developed by the Office of Management and Budget, the Federal Acquisition Institute and the Defense Acquisition University. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Nuclear Regulatory Commission

  114. Status: Open

    Comments: OPM concurred with this recommendation and in September 2015, reported that it had developed a guide to capture enterprise architecture (EA) lifecycle activities including software licensing management, acquisition, and requirements during several points of the project lifecycle. We contacted the agency and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency Affected: Office of Personnel Management

  115. Status: Open

    Comments: OPM concurred with this recommendation and in September 2015 reported that it is finalizing a revised Life Cycle Management draft policy which will use stage gate reviews to evaluate the progress of projects including software licenses throughout the agency. According to OPM, once the new policy is approved, OPM subject matter experts will review project documentation during stage gates reviews to make written recommendations on whether projects should continue. OPM's Investment Review Board will then review that recommendation and other procurement documentation to make a final recommendation to the OPM Director. We contacted the agency and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Office of Personnel Management

  116. Status: Open

    Comments: OPM concurred with this recommendation and in September 2015 OPM reported that it acquired an enterprise architecture repository tool and is collecting information on its software applications. OPM also reported that it is assembling and performing quality reviews on hardware and software lists currently maintained in spreadsheets, in its EA Systems database, and Remedy database in order to consolidate the entire hardware and software asset inventory. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Office of Personnel Management

  117. Status: Open

    Comments: OPM concurred with this recommendation and in September 2015 OPM reported that it acquired an enterprise architecture repository tool and is collecting information on its software applications. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Office of Personnel Management

  118. Status: Open

    Comments: In written comments to our report, OPM concurred with our recommendations and noted actions the agency plans to take. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Office of Personnel Management

  119. Status: Open

    Comments: In written comments to our report, OPM concurred with our recommendations and noted actions the agency plans to take. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Office of Personnel Management

  120. Status: Open

    Priority recommendation

    Comments: In August 2017, the Small Business Administration (SBA) reported that it has developed and implemented enterprise policies to better manage its software. In addition, SBA reported that it is developing software asset policy and anticipates having it in place by the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: Small Business Administration

  121. Status: Open

    Comments: In August 2017, the Small Business Administration (SBA) reported that it has centralized the agency software license management through its Office of the Chief Information Officer. We will follow up with the agency to obtain documentation verifying the implementation of this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Small Business Administration

  122. Status: Open

    Comments: In August 2017, the Small Business Administration (SBA) reported that the agency has taken several key steps to establish and build a comprehensive enterprise software inventory such as the use of Microsoft enterprise inventory tools. SBA also reported that it anticipates completing a comprehensive software license inventory by the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Small Business Administration

  123. Status: Open

    Priority recommendation

    Comments: In August 2017, the Small Business Administration (SBA) reported that it has replaced multiple standalone inventory tracking tools with Microsoft System Center 2016 which provides the SBA enterprise with a single automated tool capability. SBA also reported that it anticipates completing a comprehensive software license inventory by the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Small Business Administration

  124. Status: Open

    Comments: In August 2017, the Small Business Administration (SBA) reported on actions taken to analyze agency-wide software license data. For example, SBA reported that its Office of the Chief Information Office is leading an agency-wide effort to ensure that SBA is only purchasing the number of licenses needed during the renewal of software licensing contracts. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Small Business Administration

  125. Status: Open

    Comments: In August 2017, the Small Business Administration (SBA) reported on actions taken to provide software license management training. For example, SBA reported that officials in the Office of the Chief Information Officer have held multiple sessions on Microsoft licensing practices as well as software licensing, in general. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Small Business Administration

  126. Status: Open

    Comments: The Social Security Administration agreed with this recommendation, and in response, developed an agency-wide policy for the management of software licenses that addresses six of the seven key elements that a comprehensive software license should specify, including identifying clear roles, responsibilities, and central oversight authority for agency wide software licenses; and analyzing software license usage to make cost effective decisions. However, SSA's policy did not include guidance on providing appropriate agency personnel with sufficient software management training. We will continue to work with SSA and monitor the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency Affected: Social Security Administration

  127. Status: Open

    Comments: The Social Security Administration (SSA) agreed with and has taken initial steps to implement our recommendation. In August 2017, SSA reported that it has established an informal workgroup to share software license management plans and processes. In addition, SSA's Information Technology Asset Management Policy discusses the agency's plan for a centralized software license management approach. We will continue to monitor SSA's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Social Security Administration

  128. Status: Open

    Comments: The Social Security Administration (SSA) agreed with and has taken initial steps to implement our recommendation. In August 2017, the Social Security Administration reported on actions taken to implement this recommendation such as the installation of a new version of asset directory on its mainframe. We will continue to evaluate the agency's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: Social Security Administration

  129. Status: Open

    Comments: The Social Security Administration has taken initial steps to implement our recommendation. For example, In August 2016, SSA reported that it has installed a Mainframe discovery tool and has entered all the agencys software contracts into an asset management repository. In addition, in August 2017 SSA reported that it installed a new version of an asset directory on its Mainframe. We will continue to evaluate SSA's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: Social Security Administration

  130. Status: Open

    Comments: The Social Security Administration (SSA) agreed with and has taken steps to implement our recommendation. In August 2017, SSA reported that it currently gathers data and conducts yearly exercises concerning its Microsoft software and reported on efforts to provide SSA the capability to analyze agency-wide software license data. We will continue to monitor the SSA's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should analyze agency-wide departmental software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: Social Security Administration

  131. Status: Open

    Comments: The Social Security Administration (SSA) agreed with this recommendation. In its August 2017 status update, SSA reported that it continues to work on addressing this recommendation. We will continue to monitor SSA's progress in implementing this recommendation.

    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: Social Security Administration

  132. Status: Closed - Implemented

    Comments: USAID has developed an agency-wide comprehensive policy and procedures for the management of software licenses that addresses the weaknesses we identified in our report. For example, in April 2015 USDAID issued a standard operating procedure that documents the roles and responsibilities for managing its enterprise software licenses and establishes procedures for tracking and maintaining an agency-wide software license inventory using automated tools and for analyzing software inventory data. In addition, in November 2016, USAID implemented procedures to provide appropriate agency personnel sufficient training on software license management. By establishing comprehensive software licensing policy and procedures, USAID is better positioned to ensure that it consistently and cost-effectively manages its software throughout the department.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the U.S. Agency for International Development should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency Affected: United States Agency for International Development

  133. Status: Closed - Implemented

    Comments: The US Agency for International Development (USAID) has implemented this recommendation. USAID provided evidence that it has established and maintains a comprehensive inventory of software licenses using automated tools for the majority of agency enterprise-wide software licenses. In addition, USAID established a documented process to review and update of the inventory. A comprehensive inventory will better ensure compliance with software license agreements, and allow USAID agency-wide visibility that can help consolidate redundant applications and the identification of other cost-saving opportunities.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the U.S. Agency for International Development should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency Affected: United States Agency for International Development

  134. Status: Closed - Implemented

    Comments: USAID has established a process and procedures to track and maintain a comprehensive inventory of software licenses using automated tools and metrics. For example, in April 2015 USDAID issued a standard operating procedure that documents the roles and responsibilities for tracking and updating the software inventory for new purchases, maintenance renewal and the retirement of software. In addition, in September 2016, USAID provided several documents on its software inventory tracking efforts including the agency's September 2016 updated software and hardware master inventory tracking report, demonstrating that USAID regularly tracks and maintains its inventory of software licenses using automated tools and metrics. Implementing this recommendation will help USAID ensure that its software licenses are used in compliance with licensing agreements and cost-effectively deployed.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the U.S. Agency for International Development should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency Affected: United States Agency for International Development

  135. Status: Closed - Implemented

    Comments: The US Agency for International Development (USAID) agreed with and has implemented this recommendation. USAID developed standard operating procedures for analyzing agency-wide software data and began to analyze its agency-wide software license data, such as costs and business value to identify opportunities to reduce costs through consolidation and/or elimination of software. For example, USAID held software license rightsizing discussions on the results of its analyses of fiscal year 2016 software license data to inform investment decisions. As a result of these actions, in fiscal year 2016 USAID realized cost savings of $639,561 through the reduction and elimination of selected software license contracts.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the U.S. Agency for International Development should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency Affected: United States Agency for International Development

  136. Status: Closed - Implemented

    Comments: USAID agreed with this recommendation and subsequently implemented a program to provide appropriate agency personnel training on software license management including training on contract terms and conditions, negotiations, laws and regulations, acquisitions, security planning and configuration management. In addition, in October 2016 USAID issued its Asset Management Training Plan documenting the training schedule and topics to be delivered in 2016 and 2017 to the agencys Asset Management Team and individual training sessions for new hires. For example, in November 2016, USAID provided software license training focused on both the agencys software license renewal process and new software procurement process. As a result, USAID staff involved in managing software licenses should have the skills and knowledge to better perform their roles effectively and efficiently.

    Recommendation: To ensure the effective management of software licenses, the Administrator of the U.S. Agency for International Development should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency Affected: United States Agency for International Development

 

Explore the full database of GAO's Open Recommendations »

Oct 4, 2017

Sep 18, 2017

Sep 6, 2017

Jul 13, 2017

Jun 21, 2017

Jun 13, 2017

May 18, 2017

May 15, 2017

Apr 11, 2017

Looking for more? Browse all our products here