Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Classified defense information"

    6 publications with a total of 17 open recommendations
    Director: Cary B. Russell
    Phone: (202) 512-5431

    4 open recommendations
    Recommendation: To help ensure that DOD effectively evaluates the safety performance of carriers entrusted to transport security-sensitive materials in the Transportation Protective Services (TPS) program, the Secretary of Defense should direct the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics, in collaboration with the U.S. Transportation Command to update TPS program guidance to clarify (1) how to address carriers with absent or dated Safety Ratings and poor Safety Measurement System scores, and (2) what specific actions should be taken when carriers do not meet program requirements.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure that DOD effectively evaluates the safety performance of carriers entrusted to transport security-sensitive materials in the Transportation Protective Services (TPS) program, the Secretary of Defense should direct the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics, in collaboration with the U.S. Transportation Command to establish and document an approach for conducting reviews of available violation data, such as analyzing violations incurred while transporting TPS shipments.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve DOD's ability to identify and effectively mitigate public safety risks of TPS carriers transporting security-sensitive materials, the Secretary of Defense should direct the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics, in collaboration with the DOD Explosives Safety Board, the U.S. Transportation Command, the Surface Deployment and Distribution Command, and the Army Headquarters Safety Office, to develop department-wide guidance requiring the evaluation of the Defense Transportation Tracking System TPS carrier incident data to identify trends and patterns that could suggest systemic weaknesses such as mechanical breakdowns or unusual delays that represent a heightened potential public safety risk and take action to address any identified weaknesses.

    Agency: Department of Defense
    Status: Open

    Comments: According to TRANSCOM officials during our visit on April 2016--they are working on implementing these actions with a goal of completing them in Fall 2017.
    Recommendation: To improve DOD's ability to identify and effectively mitigate public safety risks of TPS carriers transporting security-sensitive materials, the Secretary of Defense should direct the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics, in collaboration with the DOD Explosives Safety Board, the U.S. Transportation Command, the Surface Deployment and Distribution Command, and the Army Headquarters Safety Office, to develop department-wide guidance requiring the identification and full investigation of TPS carrier incidents, including mishaps and near misses involving security-sensitive shipments, to determine potential root causes and identify corrective actions that could mitigate the recurrence of the mishap or the potential for more significant ones.

    Agency: Department of Defense
    Status: Open

    Comments: According to TRANSCOM officials during our visit on April 2016--they are working on implementing these actions with a goal of completing them in Fall 2017.
    Director: Joseph W. Kirschbaum
    Phone: (202) 512-9971

    4 open recommendations
    Recommendation: To further enhance the department's efforts to protect its classified information and systems from insider threats, the Secretary of Defense should direct the Under Secretary of Defense for Intelligence to, in planned supplemental planning guidance to be developed, identify actions beyond the minimum standards that components should take to enhance their insider-threat programs.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To further enhance the department's efforts to protect its classified information and systems from insider threats, the Secretary of Defense should direct the Under Secretary of Defense for Intelligence to evaluate and document the extent to which current assessments provide a continuing analysis of gaps for all DOD components; report to Congress on the results of this evaluation; and direct that the overall results of these self- and independent assessments be reviewed by the Office of the Under Secretary of Defense for Intelligence.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To further enhance the department's efforts to protect its classified information and systems from insider threats, the Secretary of Defense should direct the Under Secretary of Defense for Intelligence to provide DOD components supplemental guidance that directs them to incorporate risk assessments into their insider-threat programs.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To further enhance the department's efforts to protect its classified information and systems from insider threats, the Secretary of Defense should identify an insider-threat program office to support the Under Secretary of Defense for Intelligence's responsibilities in managing and overseeing DOD and components' insider-threat programs.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    6 open recommendations
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. Relevant efforts by DHS to finalize memoranda of understanding with other agencies and by the Export Enforcement Coordination Center to share information and data across the export control enforcement community are ongoing. As of Sept 2017, DHS did not identify relevant actions to coordinate on critical technologies among other agencies.
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of Commerce
    Status: Open

    Comments: Commerce has identified various efforts to collaborate across multiple agencies within individual critical technologies programs, but has not taken steps to promote collaboration on critical technologies through a larger group discussion.
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has identified numerous activities within DOD to coordinate across the critical technologies portfolio, in particular the Arms Transfer and Technology Release Senior Steering Group. In some cases, these activities include other departments, most commonly State. However, officials have stated that they are not aware of any high-level coordination on critical technologies among the larger group of agencies. On Sept. 5, 2017, DOD provided an update on multiple DOD efforts, including CFIUS, but none are collaborating among all of the agencies cited in the recommendation.
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of Justice: Office of the Attorney General
    Status: Open

    Comments: In August 2016, the agency identified coordination actions being taken across the agencies with export control responsibilities--including through the Export Control Enforcement Center--and through the Committee on Foreign Investment in the United States. However, it is not clear how, or if, these coordination efforts are tied to the larger, government-wide portfolio of critical technologies programs. As of Sept. 2017, Justice has no additional updates.
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of the Treasury
    Status: Open

    Comments: In September 2016, a Treasury official identified coordination actions being taken across the agencies with export control responsibilities and through the Committee on Foreign Investment in the United States. However, coordination efforts are not tied to larger, government-wide collaboration on critical technologies. In March 2017, Treasury provided an update on actions taken, but did not address the recommendation for coordination among the critical technologies programs.
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of State
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken any actions necessary to implement it. In Sept. 2017, State provided updates on actions taken within the department, but none across affected agencies.
    Director: Charles Michael Johnson, Jr.
    Phone: (202) 512-7331

    1 open recommendations
    Recommendation: For elements identified in the Countering Iran in the Western Hemisphere Act of 2012 that were not fully addressed in the strategy, the Secretary of State should provide the relevant congressional committees with information that would fully address these elements. In the absence of such information, State should explain to the congressional committees why it was not included in the strategy.

    Agency: Department of State
    Status: Open

    Comments: In a letter dated December 23, 2014, the Department of State (State) noted that the elements identified in the GAO report as not being adequately addressed by State were matters where the consensus of the intelligence community was that there was not an identifiable threat to counter. GAO's report assessed that State did not address four specific elements identified in the Countering Iran in the Western Hemisphere Act of 2012. State's December 2014 letter provided explanations for these four elements, including the availability of information on existing agency websites, briefings provided to Congress, and State's lack of finding that foreign governments showed clear threats. We continue to maintain that the strategy did not include all of the elements that the law stated should be included, and State did not demonstrate that it provided relevant congressional committees with information that would fully address these elements. In December 2015, State noted that it remains in close contact with the relevant congressional committees across a range of security, economic and political with regard to the Western Hemisphere on a regular and continuing basis. State further noted that it provided an oral briefing along with its original submission of the report to Congress and answered questions posed by Congress. State officials said that they stand ready to provide further information in the appropriate setting should it be requested. However, State did not provide GAO with information about whether it had provided information to Congress specifically for the elements identified in the Countering Iran in the Western Hemisphere Act of 2012 that were not fully addressed in the strategy, nor provide additional information about whether State explained to the congressional committees why any absence of such information was not included in the strategy. Furthermore, GAO learned from the House Foreign Affairs Committee staff that State and the Office of the Director for National Intelligence provided a briefing to the committee regarding Iranian activities in Latin America on February 25, 2016. As of August 2016, GAO did not receive any documents related to the briefings because, according to State, the talking points document was considered deliberative and therefore could not be shared. According to State officials, they continue to monitor the issue and brief Congress as appropriate. As of June 2017, State noted that its position regarding this recommendation and the deliberative nature of the talking points document remains unchanged.
    Director: Powner, David A
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretary of Health and Human Services should direct appropriate officials to assess whether it would be cost effective to consolidate the remaining functions of the Medicare coverage determination systems.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We contacted the department and are awaiting a response on its efforts to implement this recommendation.
    Director: Lepore, Brian J
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To assist the military services in fulfilling their responsibilities to organize, train, and equip cyber forces, the Secretary of Defense should set a timeline and direct the Under Secretary of Defense for Policy and the Under Secretary of Defense for Personnel and Readiness, in consultation with the DOD Office of General Counsel, to develop and publish detailed policies and guidance pertaining to categories of personnel that can conduct the various forms of cyberspace operations.

    Agency: Department of Defense
    Status: Open

    Comments: As of May 2016, DOD finalized DOD Directive 8140.01 Cyber Workforce Management, which provides overarching policy guidance for the DOD cyber workforce and directs development of implementing policies. The directive however does not provide detailed guidance on personnel categories performing cyberspace operations. Additionally, DOD is in the process of finalizing DOD Instruction (DODI) 8140.aa Cyberspace Workforce Identification, Tracking, and Reporting--which is to establish DOD cyber workforce policy and procedures, assign responsibilities, and provide direction for the identification and tracking of DOD cyber workforce positions and personnel. DOD must revise the draft DoDI 8140.aa to make it compliant with federal cyber workforce identification and coding requirements within the "Federal Cybersecurity Workforce Assessment Act of 2015" (Division N, Title III, Sections 301 - 305 of PL 114-113). DOD is coordinating with the Office of Personnel Management and the National Institute of Standards and Technology to develop the federal cyber workforce coding structure all federal agencies must follow. The department projects this DODI will be published in 2017. Lastly, the department is to begin drafting DOD cyberspace workforce qualification manuals--one for each element of the cyber workforce--to replace DOD 8570.01-M Information Assurance Workforce Improvement Program and to address the full spectrum of the cyber workforce. To support this effort, DOD has identified draft criteria for establishing standards and requirements for DOD cyber workforce qualifications. The DOD Cyber Workforce Qualifications Working Group is to leverage these criteria to begin establishing qualifications. These findings will be included in the new qualification manuals, and these manuals are intended to provide the DOD cyber workforce with a skills maturity model for career progression. Until the publication of these workforce qualification manuals, DOD 8570.01-M will remain in effect to govern qualification requirements for the information assurance (cybersecurity) workforce. DOD did not project a timeframe for the new manuals' completion. Although DOD is taking steps to update and publish policies and guidance pertaining to personnel involved in cyberspace operations, this recommendation remains open pending completion of those actions.