Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Defense industry"

    6 publications with a total of 27 open recommendations
    Director: Zina D. Merritt
    Phone: (202) 512-5257

    6 open recommendations
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the Defense Contract Management Agency (DCMA) and the military departments, should assess whether risk mitigation actions have been identified in the event of a loss of each task critical assets (TCA) facility in the defense industrial base and, based on this assessment, develop risk mitigation actions with associated implementation plans and time lines, and provide this information to congressional and DOD decision makers. (Recommendation 1)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should provide congressional and DOD decision makers with information on potential effects on defense capabilities in the event of a loss of each TCA facility in the defense industrial base. (Recommendation 2)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should provide congressional and DOD decision makers with information on DOD organic facilities that have been identified as TCAs, similar to the information provided previously on commercial facilities. This information also should include (1) the potential effects on defense capabilities in the event of a loss of the facility and (2) risk mitigation actions and associated implementation plans with time lines. (Recommendation 3)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with DCMA and the military departments, should take steps to share information on risks identified through the annual Critical Asset Identification Process with relevant program managers or other designated service or program officials. At a minimum, relevant officials should receive information on the most critical facilities (such as TCAs) that produce parts supporting their programs. This information-sharing could occur through service-specific channels of communication or another method of internal communication deemed appropriate by DOD. (Recommendation 4)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the military departments, should develop a mechanism to ensure that program offices obtain information from contractors on single source of supply risks. (Recommendation 5)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary of Defense for Acquisition, Technology and Logistics, in conjunction with the military departments, should issue department-wide DMSMS policy, such as an instruction, that clearly defines requirements of DMSMS management and details responsibilities and procedures to be followed by program offices to implement the policy. (Recommendation 6)

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Zina Merritt
    Phone: (202) 512-5257

    6 open recommendations
    Recommendation: To increase department-wide supply chain efficiencies and effectiveness in support of maintenance at the Army and Marine Corps depots and Navy shipyards, the Secretary of Defense should direct the Assistant Secretary of Defense for Logistics and Materiel Readiness, in conjunction with the Director, Defense Logistics Agency, and the Secretaries of the Army and Navy and the Commandant of the Marine Corps to assess through a comprehensive business case analysis-drawing on lessons learned from previous efforts-the costs and benefits of DLA managing the retail supply, storage, and distribution functions at the Army and Marine Corps depots and Navy shipyards.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, DLA is in the process of coordinating "Memorandums of Understanding" with the Army, Marine Corps, and Naval Sea Systems Command in order to establish the parameters for the comprehensive business case analyses that will be conducted on transferring more supply, storage, and distribution functions to DLA. However, DLA and the respective entities have not completed the analyses at this point.
    Recommendation: To increase department-wide supply chain efficiencies and effectiveness in support of maintenance at the Army and Marine Corps depots and Navy shipyards, the Secretary of Defense should direct the Assistant Secretary of Defense for Logistics and Materiel Readiness, in conjunction with the Director, Defense Logistics Agency, and the Secretaries of the Army and Navy and the Commandant of the Marine Corps to use the analysis to make a decision on the degree to which DLA should manage these functions at the Army and Marine Corps depots and Navy shipyards.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, DLA is in the process of coordinating "Memorandums of Understanding" with the Army, Marine Corps, and Naval Sea Systems Command in order to establish the parameters for the comprehensive business case analyses that will be conducted on transferring more supply, storage, and distribution functions to DLA. However, DLA and the respective entities have not completed the analyses at this point.
    Recommendation: To improve the efficiency and effectiveness of supply and maintenance operations, in accordance with DOD guidance, the Secretary of Defense should direct the Assistant Secretary of Defense for Logistics and Materiel Readiness, in conjunction with the Director, Defense Logistics Agency, and the Secretaries of the Army, Navy, and Air Force and the Commandant of the Marine Corps to develop and implement metrics that measure the accuracy of planning factors, such as the schedule, bill of materials, and replacement factors, used for depot maintenance.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, DOD has begun to develop metrics that measure the accuracy of planning factors used for depot maintenance. However, these metrics are not scheduled to be implemented until October 2018. Thus, no actions have been taken to resolve any identified issues based on the results of the metrics.
    Recommendation: To improve the efficiency and effectiveness of supply and maintenance operations, in accordance with DOD guidance, the Secretary of Defense should direct the Assistant Secretary of Defense for Logistics and Materiel Readiness, in conjunction with the Director, Defense Logistics Agency, and the Secretaries of the Army, Navy, and Air Force and the Commandant of the Marine Corps to take action, as appropriate and necessary, to resolve any issues identified through measuring the accuracy of planning inputs in an effort to improve supply and depot maintenance operations.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, DOD has begun to develop metrics that measure the accuracy of planning factors used for depot maintenance. However, these metrics are not scheduled to be implemented until October 2018. Thus, no actions have been taken to resolve any identified issues based on the results of the metrics.
    Recommendation: To be able to assess the cost-effectiveness of supply and depot maintenance operations, in accordance with DOD supply chain management guidance, the Secretary of Defense should direct the Assistant Secretary of Defense for Logistics and Materiel Readiness, in conjunction with the Director, Defense Logistics Agency, the Secretaries of the Army, Navy, and the Air Force, and the Commandant of the Marine Corps to take steps to develop and implement metrics, to the extent feasible, to measure and track disruption costs created by the lack of parts at depot maintenance industrial sites by, for example, establishing a team of supply and depot maintenance experts from DLA and the services to assess potential data sources, approaches, and methods.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, DOD has begun to develop metrics that measure and track disruption costs created by the lack of parts at depot maintenance industrial sites. However, these metrics are not scheduled to be implemented until October 2018. Thus, no actions have been taken to resolve any identified issues based on the results of the metrics.
    Recommendation: To be able to assess the cost-effectiveness of supply and depot maintenance operations, in accordance with DOD supply chain management guidance, the Secretary of Defense should direct the Assistant Secretary of Defense for Logistics and Materiel Readiness, in conjunction with the Director, Defense Logistics Agency, the Secretaries of the Army, Navy, and the Air Force, and the Commandant of the Marine Corps to take action, as appropriate, to address any inefficiencies identified by the disruption cost metrics in supply and depot maintenance operations.

    Agency: Department of Defense
    Status: Open

    Comments: As of July 2017, DOD has begun to develop metrics that measure and track disruption costs created by the lack of parts at depot maintenance industrial sites. However, these metrics are not scheduled to be implemented until October 2018. Thus, no actions have been taken to resolve any identified issues based on the results of the metrics.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    3 open recommendations
    Recommendation: To provide greater compliance with the GIDEP reporting requirement among the DOD components and their defense supplier-base, the Undersecretary of Defense for Acquisition, Technology and Logistics should establish mechanisms for department-wide oversight of defense agencies' compliance with the GIDEP reporting requirement.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: In providing comments to this report DOD concurred with this recommendation but has not completed actions to implement it. DOD stated that it will issue new DOD Instruction covering the use of GIDEP, as well as a companion DOD manual, to include identification of roles and responsibilities for submission of reports and oversight of such submission. Both documents are expected to be completed by the end of the second quarter fiscal year 2018.
    Recommendation: To provide greater compliance with the GIDEP reporting requirement among the DOD components and their defense supplier-base, the Undersecretary of Defense for Acquisition, Technology and Logistics should develop a standardized process for determining the level of evidence needed to report a part as suspect counterfeit in GIDEP, such as a tiered reporting structure in GIDEP that provides an indication of where the suspect part is in the process of being assessed.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: In providing comments to this report DOD concurred with this recommendation but has not completed actions to implement it. DOD stated that it will issue new DOD Instruction covering the use of GIDEP, as well as a companion DOD manual, to include identification of roles and responsibilities for submission of reports and oversight of such submission. Both documents are expected to be completed by the end of the second quarter of fiscal year 2018.
    Recommendation: To provide greater compliance with the GIDEP reporting requirement among the DOD components and their defense supplier-base, the Undersecretary of Defense for Acquisition, Technology and Logistics should develop guidance for when access to GIDEP reports should be limited to only government users or made available to industry.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: In providing comments to this report DOD concurred with this recommendation but has not completed actions to implement it. DOD stated that it will issue new DOD Instruction covering the use of GIDEP, as well as a companion DOD manual, to include identification of roles and responsibilities for submission of reports and oversight of such submission. Both documents are expected to be completed by the end of the second quarter of fiscal year 2018.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    7 open recommendations
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretary of Homeland Security should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear sectors' cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has released updated sector-specific plans for the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear reactors sectors. The plans include a section on measuring effectiveness based on the plan development guidance. The plans provide expected metrics to track the progress of sector activities and state that the outcomes will be reported through the National Annual Reporting process as well as through the quadrennial plan update. Because the metrics are new and annual reporting has not yet occurred, DHS has not provided evidence of metrics data collected and reported to address the challenges. We will continue to follow-up to determine how performance measures have been implemented and what reporting is available based on those measures.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretary of the Treasury should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the financial services sector's cybersecurity progress.

    Agency: Department of the Treasury
    Status: Open

    Comments: The 2015 sector-specific plan for the financial services sector includes a section on measuring the effectiveness of sector activities; however, the plan does not include specific metrics. The plan refers to working groups and meetings of sector stakeholders as mechanisms to track sector progress. No specific metrics and associated reports of outcomes have been provided to address overcoming the challenges of monitoring the sector's cybersecurity progress. We will continue to monitor financial services sector activities and determine any specific metrics and related reports developed and implemented to track and report on the sector's cybersecurity progress.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Agriculture and Health and Human Services (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the food and agriculture sector's cybersecurity progress.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Departments of Agriculture and Health and Human Services released an update to the food and agriculture sector-specific plan for 2015. The plan states the sector's lack of an overarching mechanism to measure and evaluate risk mitigation activities and the challenge of obtaining performance measurement data from non-federal partners. However, the plan notes a goal of evaluating the progress of individual protective programs and strategies. No metrics or reports of outcomes have been provided to address the challenge of monitoring the sector's cybersecurity progress. We will continue to follow up to determine whether USDA and HHS have developed and implemented mechanisms to measure the outcomes of their sector cybersecurity-related activities.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Agriculture and Health and Human Services (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the food and agriculture sector's cybersecurity progress.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Departments of Agriculture and Health and Human Services released an update to the food and agriculture sector-specific plan for 2015. The plan states the sector's lack of an overarching mechanism to measure and evaluate risk mitigation activities and the challenge of obtaining performance measurement data from non-federal partners. However, the plan notes a goal of evaluating the progress of individual protective programs and strategies. No metrics or reports of outcomes have been provided to address the challenge of monitoring the sector's cybersecurity progress. We will continue to follow up to determine whether HHS has developed and implemented mechanisms to measure the outcomes of its sector cybersecurity-related activities.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Homeland Security and Transportation (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the transportation systems sector's cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The co-Sector-Specific Agencies (SSAs) for the Transportation Systems Sector, DHS (TSA and Coast Guard) and the Department of Transportation, provided an update on efforts to develop sector cybersecurity metrics. The update described measures under consideration such as tracking the number of sector stakeholders receiving cybersecurity products, monitoring the usefulness of products through satisfaction surveys, and tracking attendance at sector events and seminars encompassing cybersecurity. The co-SSAs plan to report sector cyber activities, progress, and relevant metrics annually through the Critical Infrastructure National Annual Report and through quadrennial updates to the sector-specific plan. The latest sector-specific plan was released in 2015. The proposed metrics have not been formalized in a strategy or plan. We will continue to monitor and evaluate efforts to formalize and implement the proposed metrics to determine whether they address the intent of the recommendation.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Homeland Security and Transportation (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the transportation systems sector's cybersecurity progress.

    Agency: Department of Transportation
    Status: Open

    Comments: The co-Sector-Specific Agencies (SSAs) for the Transportation Systems Sector, DHS (TSA and Coast Guard) and the Department of Transportation, provided an update on efforts to develop sector cybersecurity metrics. The update described measures under consideration such as tracking the number of sector stakeholders receiving cybersecurity products, monitoring the usefulness of products through satisfaction surveys, and tracking attendance at sector events and seminars encompassing cybersecurity. The co-SSAs plan to report sector cyber activities, progress, and relevant metrics annually through the Critical Infrastructure National Annual Report and through quadrennial updates to the sector-specific plan. The latest sector-specific plan was released in 2015. The proposed metrics have not been formalized in a strategy or plan. We will continue to monitor and evaluate efforts to formalize and implement the proposed metrics to determine whether they address the intent of the recommendation.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Administrator of the Environmental Protection Agency should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the water and wastewater systems sector's cybersecurity progress.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The 2015 water and wastewater sector-specific plan includes a segment on measuring the effectiveness of sector activities that describes the overall principles for collecting data and using the National Annual Report data calls as a tool for assessing performance and reporting on progress within the sector. However, the plan does not state specific measures and the agency acknowledged in its response to our report that it does not collect performance metrics on the effectiveness of its cybersecurity programs for the sector. According to agency officials, the development of performance metrics in collaboration with sector partners is underway. We will continue to follow up to identify any specific metrics developed and implemented and resulting outcome-based reports.
    Director: Johana Ayers
    Phone: (202) 512-5741

    4 open recommendations
    Recommendation: To help DOD ensure that it appropriately considers the manufacturing arsenals as a source of manufacture and is strategically positioned to sustain the manufacturing arsenals' critical capabilities, the Secretary of Defense should direct the Secretary of the Army to issue clear, step-by-step implementing guidance, such as an instruction or guidebook, on the process for conducting make-or-buy analyses in a consistent manner.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with our recommendation related to issuing implementing guidance on make-or-buy analyses but provided no details on how or when it would issue such guidance. As of September 2016 DOD had not taken any action and this recommendation will remain open.
    Recommendation: To help DOD ensure that it appropriately considers the manufacturing arsenals as a source of manufacture and is strategically positioned to sustain the manufacturing arsenals' critical capabilities, the Secretary of Defense should direct the Secretary of the Army to identify and document fundamental elements--such as steps, interim milestones, time frames, and resources--for implementing the Army's Organic Industrial Base Strategic Plan 2012-2022.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with our recommendation related to implementing its 2012 strategic plan but provided no details on how or when it would implement the recommendation. As of September 2016 DOD had not taken any action and this recommendation will remain open.
    Recommendation: To help DOD ensure that it appropriately considers the manufacturing arsenals as a source of manufacture and is strategically positioned to sustain the manufacturing arsenals' critical capabilities, the Secretary of Defense should direct the Office of the Deputy Assistant Secretary of Defense for Maintenance Policy and Programs--in coordination with the military services, as appropriate, to complete DOD's ongoing effort to establish a process for identifying the manufacturing arsenals' critical capabilities and a method for determining the minimum workload needed to sustain these capabilities.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with our recommendation related to developing a process to identify the arsenals? critical capabilities and a method to determine the minimum workload needed to sustain those capabilities. DOD stated that its effort to address this recommendation were on going. As of September 2016 DOD had not taken any action and this recommendation will remain open.
    Recommendation: To help DOD ensure that it appropriately considers the manufacturing arsenals as a source of manufacture and is strategically positioned to sustain the manufacturing arsenals' critical capabilities, the Secretary of Defense should direct the Office of the Deputy Assistant Secretary of Defense for Maintenance Policy and Programs--in coordination with the military services, as appropriate, to develop and issue guidance, such as a DOD instruction, to implement the process for identifying the manufacturing arsenals' critical capabilities and the method for determining the minimum workload needed to sustain these capabilities.

    Agency: Department of Defense
    Status: Open

    Comments: Although DOD did not specifically comment on our recommendation related to issuing guidance to implement a process for identifying the arsenals critical capabilities and a method for determining the minimum workload needed to sustain these capabilities, it commented that it expects to issue an instruction incorporating such a process by the end of fiscal year 2016. However, as of September 2016 DOD had not taken any action and this recommendation will remain open.
    Director: Johana R. Ayers
    Phone: (202) 512-5741

    1 open recommendations
    Recommendation: To obtain information useful to DLA's decision making regarding MRE inventory levels, the Assistant Secretary of Defense for Logistics and Materiel Readiness should direct the Director, DLA, to request that the military services, as part of existing coordination efforts, share information on potential changes to MRE consumption and disposals that could affect future demand.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics: Office of the Assistant Secretary for Logistics and Materiel Readiness
    Status: Open

    Comments: In a June 2015 report to Congress, DLA stated that the agency and the services were sharing information on MRE demand and usage patterns. DOD officials stated in August 2016 that DLA is requesting more detailed information regarding MRE consumption and disposal data from the services for fiscal year 2016. As of September 2017, DLA had not provided documentation of information-sharing incorporating consumption and disposal data. We will continue to monitor DLA's actions on this recommendation.