Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Federal Agency: "Department of Homeland Security"

    158 publications with a total of 398 open recommendations including 19 priority recommendations
    Director: Carol Harris
    Phone: (202) 512-4456

    14 open recommendations
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes and implements specific time frames for determining key strategic implementation details, including how the program will transition from the current state to the final TIM state. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes a schedule that provides planned completion dates based on realistic estimates of how long it will take to deliver capabilities. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes new time frames for implementing the actions identified in the organizational change management strategy and effectively executes against these time frames. (Recommendation 3)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office defines and documents the roles and responsibilities among product owners, the solution team, and any other relevant stakeholders for prioritizing and approving Agile software development work. (Recommendation 4)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes specific prioritization levels for current and future features and user stories. (Recommendation 5)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office implements automated Agile management testing and deployment tools, as soon as possible. (Recommendation 6)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office updates the Systems Engineering Life Cycle Tailoring Plan to reflect the current governance framework and milestone review processes. (Recommendation 7)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes thresholds or targets for acceptable performance-levels. (Recommendation 8)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office begins collecting and reporting on Agile-related cost metrics. (Recommendation 9)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office ensures that program velocity is measured and reported consistently. (Recommendation 10)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office ensures that unit test coverage for software releases is measured and reported accurately. (Recommendation 11)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that appropriate DHS leadership reaches consensus on needed oversight and governance changes related to the frequency of reviewing Agile programs, and then documents and implements associated changes. (Recommendation 12)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that the Office of the Chief Technology Officer completes guidance for Agile programs to use for collecting and reporting on performance metrics. (Recommendation 13)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that DHS-level oversight bodies review key Agile performance and cost metrics for the TIM program and use them to inform management oversight decisions. (Recommendation 14)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: The Commissioner of CBP should develop and implement a policy and related guidance for documenting arrangements with landowners, as needed, on Border Patrol's maintenance of roads it uses to conduct its operations, and share these documented arrangements with its sectors. (Recommendation 1)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commissioner of CBP should clearly document the process and criteria for making decisions on funding non-owned operational requirements and communicate this process to Border Patrol sectors. (Recommendation 2)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commissioner of CBP should assess the feasibility of options for addressing the maintenance of nonfederal public roads. This should include a review of data needed to determine the extent of its reliance on non-owned roads for border security operations. (Recommendation 3)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Timothy J. DiNapoli
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To enhance management attention to closing out contracts, the Secretary of Homeland Security should develop a means, either at the agency or the component level, to track where the contracts are in the closeout process, and establish goals and performance measures for closing contracts. (Recommendation 3)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Asif A. Khan
    Phone: (202) 512-9869

    2 open recommendations
    Recommendation: The DHS Under Secretary for Management should develop and implement effective processes and improve guidance to reasonably assure that future AAs fully follow AOA process best practices and reflect the four characteristics of a reliable, high-quality AOA process. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The DHS Under Secretary for Management should improve the Risk Management Planning Handbook and other relevant guidance for managing risks associated with financial management system modernization projects to fully incorporate risk management best practices, including (1) defining thresholds to facilitate review of performance metrics to determine when risks become unacceptable; (2) identifying and analyzing risks to include periodically reconsidering risk sources, documenting risks specifically related to the lack of sufficient, reliable cost and schedule information needed to help properly manage and oversee the project, and timely disposition of IV&V contractor-identified risks; (3) developing risk mitigation plans with specific risk-handling activities, the costs and benefits of implementing them, and contingency plans for selected critical risks; and (4) implementing risk mitigation plans to include establishing periods of performance for risk-handling activities and defining time intervals for updating and certifying the accuracy and completeness of information on risks in DHS's risk register. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Grover, Jennifer A
    Phone: 202-512-7141

    1 open recommendations
    Recommendation: The Commandant of the Coast Guard should complete a comprehensive cost estimate for a limited service life extension of the Polar Star that follows cost estimating best practices before committing to this approach for bridging the potential capability gap. (Recommendation 1)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: The Administrator of TSA should explore and pursue methods to assess the deterrent effect of TSA's passenger aviation security countermeasures; such an effort should identify FAMS—a countermeasure with a focus on deterring threats—as a top priority to address. (Recommendation 1)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. When we confirm what actions TSA has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of TSA should systematically evaluate the potential cost and effectiveness tradeoffs across countermeasures, as TSA improves the reliability and extent of its information on the effectiveness of aviation security countermeasures. (Recommendation 2)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: DHS concurred with this recommendation and in its September 2017 response to our report, DHS stated that TSA will continue efforts to improve both its analysis of information related to security effectiveness and its cost information, leading to better informed cost-benefit decisions for individual countermeasures. To address the intent of our recommendation, TSA will need to evaluate the costs and effectiveness of individual aviation security countermeasures and then use this information to systematically evaluate the potential cost and effectiveness tradeoffs across countermeasures. When we confirm what actions TSA has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretaries of Agriculture, Commerce, Defense, Homeland Security, Energy, HHS, Interior, Labor, State, Transportation, Treasury, and VA; the Attorney General of the United States; the Administrators of EPA, GSA, and SBA; the Director of OPM; and the Chairman of NRC should take action to, within existing OMB reporting mechanisms, complete plans describing how the agency will achieve OMB's requirement to implement automated monitoring tools at all agency-owned data centers by the end of fiscal year 2018.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To ensure that current pilot programs related to electronic advance data provide insights that help in assessing USPS's effectiveness at providing mail targeted by CBP for inspection, the Secretary of Homeland Security should direct the Commissioner of CBP to, in conjunction with USPS, (1) establish measureable performance goals for pilot programs and (2) assess the performance of the pilots in achieving these goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide information on the costs and benefits of collecting electronic advance data for use in targeting inbound international mail for screening, the Secretary of Homeland Security should direct the Commissioner of CBP to, in conjunction with USPS, evaluate the relative costs and benefits of collecting electronic advance data for targeting mail for inspection in comparison to other methods.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To better ensure that USCIS officers effectively adjudicate applications for refugee status, the Director of USCIS should develop and implement a plan to deploy officers with national security expertise on circuit rides.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better ensure that USCIS officers effectively adjudicate applications for refugee status, the Director of USCIS should conduct regular quality assurance assessments of refugee application adjudications across USCIS's Refugee Affairs Division and International Operations Division.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: USCIS provided documentation that U.S. Citizenship and Immigration Services (USCIS) officials conducted a quality assurance assessment of refugee adjudications in July 2017 and has plans to conduct an additional quality assurance assessment in January or February 2018. To fully address this recommendation, USCIS should demonstrate a continued commitment to conducting regular quality assurance assessments of refugee application adjudications.
    Recommendation: To provide reasonable assurance that USRAP applicant fraud prevention and detection controls are adequate and effectively implemented, the Secretaries of Homeland Security and State should conduct regular joint assessments of applicant fraud risk across USRAP.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Kimberly M. Gianopoulos
    Phone: (202) 512-8612

    3 open recommendations
    Recommendation: To strengthen CBP's ability to assess and respond to compliance risks across the FTZ program, the Commissioner of CBP should centrally compile information from FTZ compliance reviews and associated enforcement actions so that standardized data are available for assessing compliance and internal control risks across the FTZ program.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and identified steps it intends to take in response to the recommendation. Specifically, CBP stated that it intends to prepare and disseminate a summary template for compiling FTZ compliance reviews and internal control risks across the FZ program. When we confirm the steps CBP has taken to address this recommendation, we will provide updated information.
    Recommendation: To strengthen CBP's ability to assess and respond to compliance risks across the FTZ program, the Commissioner of CBP should conduct a risk analysis of the FTZ program using data across FTZs, including an analysis of the likelihood and significance of compliance violations and enforcement actions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and identified steps it intends to take in response to the recommendation. Specifically, CBP stated that it will conduct a risk analysis across the FTZ program. When we confirm the steps CBP has taken to address this recommendation, we will provide updated information.
    Recommendation: To strengthen CBP's ability to assess and respond to compliance risks across the FTZ program, the Commissioner of CBP should utilize the results of the program-wide risk analysis to respond to identified risks, such as updating risk assessment tools and developing best practices for CBP's FTZ compliance review and risk categorization system.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and identified steps it intends to take in response to the recommendation. Specifically, CBP responded that it will finalize a compliance review handbook that incorporates risk assessment tools and best practices for FTZ compliance reviews and risk categorization. When we confirm the steps CBP has taken to address this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    3 open recommendations
    Recommendation: To enhance CBP's identification of high-risk cargo shipments and its enforcement of the ISF rule, the Commissioner of CBP should enforce the ISF rule requirement that carriers provide CSMs to CBP when targeters identify CSM noncompliance.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP's Office of Field Operations is developing an enforcement strategy for container status messages (CSM) that it plans to complete by August 31, 2017. Once the strategy is completed, OFO plans to provide CSM enforcement guidance to the Advance Targeting Units. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Recommendation: To enhance CBP's identification of high-risk cargo shipments and its enforcement of the ISF rule, the Commissioner of CBP should evaluate the ISF enforcement strategies used by ATUs to assess whether particular enforcement methods could be applied to ports with relatively low submission rates.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP plans to discuss enforcement strategies during monthly conference calls held by the National Targeting Center-Cargo with all Advance Targeting Units (ATU) in order to identify the factors that are impacting ports with lower Importer Security Filing (ISF) compliance rates. In addition, CBP plans to leverage the strategies employed by ATUs overseeing ports with higher ISF compliance rates in order to increase the ISF submission rates at the ports with lower compliance rates. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Recommendation: The Commissioner of CBP should identify and collect additional performance information on the impact of the ISF rule data, such as the identification of shipments containing contraband, to better evaluate the effectiveness of the ISF program.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP is developing a plan (by August 31, 2017) to assess additional performance metrics to evaluate the effectiveness of the Importer Security Filing Program. After the plan has been developed, CBP will extract the performance data for analysis and, if needed, take actions to implement changes to the Program. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Director: Chris Currie
    Phone: (404) 679-1875

    6 open recommendations
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to document policies and procedures to address potential Surge Capacity Force misconduct.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to document Reservist disciplinary options and appeals policies and procedures that are currently in practice at the agency.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to communicate the range of penalties for specific misconduct offenses to all employees and supervisors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to better identify and address trends in employee misconduct, the Secretary of Homeland Security should direct the FEMA Administrator to improve the quality and usefulness of the misconduct data it collects by implementing quality control measures, such as adding additional drop-down fields with standardized entries, adding unique case identifier fields, developing documented guidance for data entry, or considering the adoption of database software.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to better identify and address trends in employee misconduct, the Secretary of Homeland Security should direct the FEMA Administrator to, once the quality of the data is improved, conduct routine reporting on employee misconduct trends.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to ensure that all allegations of employee misconduct referred by DHS OIG are reviewed and addressed, the Secretary of Homeland Security should direct the FEMA Administrator to develop reconciliation procedures to consistently track referred cases.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Kimberly Gianopoulos
    Phone: (202) 512-8612

    2 open recommendations
    Recommendation: To strengthen CBP's trade enforcement efforts, the Commissioner of CBP should direct the Office of Trade to include performance targets, when applicable, in addition to performance measures in its Priority Trade Issue strategic and annual plans.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of September 2017, CBP indicated that CBP's Office of Trade has been performing biweekly reviews of current performance measure results and had scheduled a management planning meeting to closeout FY 2017. CBP indicated that these efforts will help establish the performance target baselines for FY 2018. CBP indicated that it plans to establish the FY 2018 priorities and Priority Trade Issue strategic and annual plans, but as of September 2017 has not provided timeframes for project completion.
    Recommendation: To strengthen CBP's trade enforcement efforts, the Commissioner of CBP should direct the Office of Trade and the Office of Field Operations to develop a long-term hiring plan that articulates how CBP will reach its staffing targets for trade positions set in the Homeland Security Act and the agency's resource optimization model.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of September 2017, CBP indicated that, in order to develop a long-term hiring plan, CBP's Office of Trade (OT), Office of Field Operations (OFO), and Human Resources Management (HRM) established a working group of key stakeholders to define the hiring challenges related to the trade positions. CBP identified the key stakeholders for the working group and was planning its first meeting for the working group. In the interim, CBP indicated that it was actively addressing trade hiring gaps through a variety of mechanisms that includes building recruiting partnerships with universities as well as closely tracking and monitoring the hiring of import specialists from initial announcement through entrance on duty.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    6 open recommendations
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to update the department's IT Acquisition Review governance process to increase the number of contracts and agreements (associated with both major and non-major investments) that are reviewed by the CIO and appropriate delegates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the specific staff or positions currently within the department's IT acquisition cadre; and (2) assessing whether these staff and positions address all of the specialized skills and knowledge needed, as outlined in OMB's Office of Federal Procurement Policy's guidance for developing an IT acquisition cadre.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the department's future IT skillset needs as a result of DHS's new delivery model, (2) conducting a skills gap analysis, and (3) resolving any skills gaps identified.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update the department's acquisition policies and guidance to be consistent in identifying that the DHS CIO is to certify investments' incremental development activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update DHS headquarters', Customs and Border Protection's, and U.S. Coast Guard's processes to track, for all contracts and agreements, the IT investment with which each is associated (as applicable).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update and implement the process DHS uses for assessing the risks of major IT investments to ensure that the CIO rating reported to the Dashboard fully reflects the CIO's assessment of each major IT investment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Director: Marie Mak
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To ensure that IGCEs contain key information consistent with good cost estimating practices, the Secretaries of Defense and Homeland Security should take steps to ensure that IGCE guidance is followed by, for example, providing training or issuing reminders to officials.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS agreed with the recommendation and stated that it will take steps to determine why guidance on independent government cost estimates is not followed. In July, DHS reported that the Office of the Chief Procurement Officer(OCPO) reached out to the nine DHS contracting activities soliciting feedback on why program officials may not be developing IGCEs in accordance with existing policies. Feedback was received in late May 2017. OCPO is currently evaluating the feedback and identifying consistent themes which will lead to the development of IGCE policy compliance measures.
    Recommendation: To ensure that IGCEs are optimized as a tool in the procurement planning process, the Secretaries of Defense, Education, Health and Human Services, Homeland Security, Housing and Urban Development, and Labor should take steps to ensure that, when appropriate, contracting staff document differences between IGCE and final contract award value in the contract file.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS agreed with the recommendation. In July 2017, DHS reported that the Office of the Chief Procurement Officer (OCPO) disseminated a new draft policy on this issue and solicited feedback from the Component's contracting activities. The Components provided feedback on the draft policy and OCPO is currently adjudicating their comments and will incorporate, as appropriate.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP to assess and document how the alternative technological solutions being considered will fully meet operational needs related to ultralight aircraft.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and stated that it plans to assess and document requirements related to ultralight aircraft threats and how technological solutions will address these requirements as part of U.S. Customs and Border Protection Air and Marine Operations air domain awareness efforts. DHS plans to complete these efforts by July 2018.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP and the Director of ICE to jointly establish and monitor performance measures and targets related to cross-border tunnels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and stated that U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement will review available information and develop performance measures and targets as deemed appropriate by February 2018.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP to establish and monitor performance targets related to ultralight aircraft.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred and stated that within U.S. Customs and Border Protection, Air and Marine Operations and the U.S. Border Patrol are developing a joint performance measure and targets for interdicting ultralight aircraft. DHS plans to complete these efforts by October 2017.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the U.S. Customs and Border Protection (CBP)-U.S. Immigration and Customs Enforcement (ICE) tunnel committee to convene and establish standard operating procedures for addressing cross-border tunnels, including procedures for sharing information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS did not concur with this recommendation. However, CBP and ICE agreed that strengthening operational procedures may be beneficial and stated that they will jointly review procedures and discuss revising and/or consolidating the procedures. We continue to believe that the recommendation is valid and will monitor DHS's efforts to address it.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commandant of the Coast Guard, Commissioner of CBP, and the Director of ICE to establish and monitor Regional Coordinating Mechanisms performance measures and targets related to panga boat and recreational vessel smuggling.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS did not concur with this recommendation. DHS stated that that it believes that by establishing common terminology to address our first recommendation, the RECOMs will have more reliable, usable analyses to inform their maritime interdiction efforts. However, DHS did not believe that performance measures and targets related to smuggling by panga boats would provide the most useful strategic assessment of operations to prevent all illicit trafficking, regardless of area of operations or mode of transportation. DHS also cited the recent creation of the DHS Office of Policy, Strategy, and Plans that is to work with U.S. Coast Guard, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, and other components and offices to better evaluate the effectiveness of all operations that work to prevent the illegal entry of goods and people into the country, as appropriate. We continue to believe that the recommendation is valid and will monitor DHS's efforts to address it.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To facilitate the removal of underutilized vehicles, the Secretary of Homeland Security should direct the Commissioner of Customs and Border Protection to develop a written plan for how CBP will use newly available usage data to improve its utilization assessment processes. Such a plan would define utilization criteria that reflect CBP's mission and describe how CBP will review and individually justify vehicles that do not meet the utilization criteria established by either DHS or CBP.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    2 open recommendations
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Director: Michele Mackin
    Phone: (202) 512-4841

    3 open recommendations
    Recommendation: To mitigate the risk of poor acquisition outcomes and strengthen the department's investment decisions, the Secretary of Homeland Security should direct the Undersecretary for Management to update the acquisition policy to require that major acquisition programs' technical requirements are well defined and key technical reviews are conducted prior to approving programs to initiate product development and establishing Acquisition Program Baselines, in accordance with acquisition best practices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it planned to initiate a study to assess how to better align its processes for technical reviews and acquisition decisions. Upon completion of the study, DHS plans to update its acquisition policies, as appropriate.
    Recommendation: To mitigate the risk of poor acquisition outcomes and strengthen the department's investment decisions, the Secretary of Homeland Security should direct the Undersecretary for Management to update the acquisition policy to specify that acquisition decision memorandums clearly document the rationale of decisions made by DHS leadership, such as, but not limited to, the reasons for allowing programs to deviate from the requirement to obtain department approval for certain documents at Acquisition Decision Events and the results of considerations or trade-offs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it had begun expanding the content included in Acquisition Decision Memorandums (ADM) to include greater detail and that future ADMs would address the status of the acquisition documentation. DHS also said it had updated the guidance for writing ADMs in a handbook for Office of Program Accountability and Risk Management staff, thus making progress toward satisfying the recommendation. However, we did not close the recommendation because the updated guidance was not incorporated into the department's official acquisition policy, which may limit DHS's ability to implement the changes consistently over time. We will continue to review ADMs to assess whether the department's actions address the intent of this recommendation.
    Recommendation: To mitigate the risk of poor acquisition outcomes and strengthen the department's investment decisions, the Secretary of Homeland Security should direct the Undersecretary for Management to update the acquisition policy to specify at what point minimum standards for KPPs should be met, and clarify the performance data that should be used to assess whether or not a performance breach has occurred.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it had updated guidance related to its performance breaches in a handbook for Office of Program Accountability and Risk Management staff, thus moving toward satisfying the intent of this recommendation. Specifically, DHS identified that programs' KPPs should be met and verified no later than initial operational test and evaluation conducted prior to Acquisition Decision Event 3, the point at which DHS leadership approves the program to transition into sustainment. If programs have not met a KPP by this point, they will be required to declare a performance breach and submit a remediation plan documenting the root cause of the breach, along with how and when the breach will be resolved. However, we did not close the recommendation because the department's official acquisition policy has yet to be updated. DHS will fully address this recommendation when it incorporates the changes into its acquisition policy to ensure that the updated guidance on performance breaches is communicated and implemented consistently throughout the department.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To improve the usefulness of airport wait time data that CBP currently reports on its public website, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to report airport wait time data for different categories of travelers.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Gambler, Rebecca S
    Phone: (202) 512-6912

    9 open recommendations
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should ensure SAVE guidance, including written materials and instructional videos, clearly and accurately reflects user agencies' responsibilities for completing each step of a SAVE check, as outlined in each agency's memorandum of agreement.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a mechanism to oversee agencies' completion of training on additional verification in accordance with SAVE MOA provisions and program policies.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should provide notifications to user agencies when a case is ready for the user agency to review.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a more effective method for ensuring that individuals are aware of how they can access and correct their immigration records, such as by updating and improving the Fact Sheet for Benefit Applicants.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a documented, risk-based approach to monitoring and compliance, including (1) a risk-based approach to selecting behaviors to monitor; (2) standards for what triggers compliance actions for the selected behaviors; and (3) a risk-based process for how USCIS will prioritize and select agencies for compliance actions.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and communicate a process for user agencies to update contact information.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should ensure that user agencies participate in compliance reviews when selected, in accordance with SAVE MOA provisions and USCIS policy.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should identify the root causes of agencies' noncompliance with SAVE MOA provisions and program policies and tailor agency recommendations to those identified causes.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a process for ensuring user agencies implement corrective actions such as through a system of escalating compliance assistance actions and follow-up.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: The Secretaries of Commerce, Homeland Security, Interior, and State should develop policies and processes to help ensure that the FAR clause 52.203-17 is inserted in new contracts and major modifications as appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, Homeland Security concurred with this recommendation. Officials have said they have taken steps to implement this recommendation with guidance and once GAO is provided with evidence of executing guidance, we will review these efforts to assess whether the recommendation was implemented.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To ensure that the Coast Guard makes effective use of its resources, specifically regarding its budget, the Secretary of DHS should direct the Commandant of the Coast Guard to update the Joint Surface Engineering Change Process Guide to require a documented cost analysis to provide decision makers adequate data to make informed decisions regarding the expected costs and when it is most cost effective to install design changes.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard concurred with our recommendation and is working to determine a consistent, repeatable cost benefit analysis methodology that will be considered with other factors such as safety, schedule impacts, operational impacts, and crew impacts and technical aspects for making design change decisions. This methodology will be incorporated into the Coast Guard's next update to its Joint Surface Engineering Change Process Guide scheduled for December 2017.
    Recommendation: To ensure that the Coast Guard makes effective use of its resources, specifically regarding its budget, the Secretary of DHS should direct the Commandant of the Coast Guard to periodically update standard support levels to account for actual expenditures so that the Coast Guard follows best practices and to provide decision makers an understanding of the actual depot-level maintenance funds required for Coast Guard assets.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard concurred with our recommendation and is working to establish of formal process to use actual depot maintenance expenditure data to inform and update a vessel's life cycle cost estimate. For vessels in sustainment, the Coast Guard is developing a plan to periodically review depot maintenance expenditures and how they should affect the depot maintenance budget. These processes are expected to be completed by October 2017.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should develop and document procedures for Predator B coordination among supported agencies in all operating locations.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should update and maintain guidance for recording Predator B mission information in its data collection system.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should provide training to users of CBP's data collection system for Predator B missions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should record air support forms for Predator B mission requests from non-CBP law enforcement agencies in its data collection system for Predator B missions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should update Border Patrol's data collection practices to include a mechanism to distinguish and track asset assists associated with TARS from tactical aerostats.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure Border Patrol has the best available information to inform future investments in TI and resource allocation decisions among TI and other assets Border Patrol deploys in the furtherance of border security operations, and to ensure that key parties within Border Patrol's Requirements Management Process are aware of their roles and responsibilities within the process, the Chief of the Border Patrol should develop metrics to assess the contributions of pedestrian and vehicle fencing to border security along the southwest border using the data Border Patrol already collects and apply this information, as appropriate, when making investment and resource allocation decisions.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open
    Priority recommendation

    Comments: DHS concurred agreed with the this recommendation and stated that it planned to develop and incorporate metrics into Border Patrol's Requirements Management Process.
    Recommendation: To ensure Border Patrol has the best available information to inform future investments in TI and resource allocation decisions among TI and other assets Border Patrol deploys in the furtherance of border security operations, and to ensure that key parties within Border Patrol's Requirements Management Process are aware of their roles and responsibilities within the process, the Chief of the Border Patrol should develop and implement written guidance to include roles and responsibilities for the steps within its requirements process for identifying, funding, and deploying tactical infrastructure assets for border security operations.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open
    Priority recommendation

    Comments: DHS concurred with the recommendation and stated that it plans to update the Requirements Management Process and, as part of that update, plans to add communication and training methods and tools to better implement the Process. DHS plans to complete these efforts by September 2019.
    Director: Joe Kirschbaum
    Phone: (202) 512-9971

    1 open recommendations
    Recommendation: As DHS, through FEMA, plans to respond to a pandemic, the Secretary of Homeland Security should direct the Administrator of FEMA to use FEMA's existing coordination mechanisms with DOD and HHS to explore opportunities to improve their preparedness and response to a pandemic if DOD's capabilities are limited.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To ensure that C-TPAT program managers are provided consistent data from the C-TPAT field offices on security validations, the Commissioner of U.S. Customs and Border Protection should develop standardized guidance for the C-TPAT field offices to use in tracking and reporting information on the number of required and completed security validations.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: On April 28, 2017, CBP officials provided documentation--a common worksheet, instructions, and related standard operating procedures for C-TPAT field offices to use in tracking and reporting information to headquarters staff on security validations required and completed. We reviewed the information and interviewed C-TPAT officials in two field offices and C-TPAT's Plans and Operations Branch, which is responsible for overseeing these efforts, about the new procedures. In early August 2017, we asked for additional evidence that C-TPAT is ensuring one standard approach across its field offices for capturing and reporting security validations required and completed. The BBP liaison informed us that C-TPAT officials are to provide the additional evidence by the end of September 2017.
    Recommendation: To ensure the availability of complete and accurate data for managing the C-TPAT program and establishing and maintaining reliable indicators on the extent to which C-TPAT members receive benefits, the Commissioner of U.S. Customs and Border Protection should determine the specific problems that have led to questionable data contained in the Dashboard and develop an action plan, with milestones and completion dates, for correcting the data so that the C-TPAT program can produce accurate and reliable data for measuring C-TPAT member benefits.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: On July 28, 2017, CBP provided us with documentation, to include: a schedule of completed and planned activities related to refining data reporting system requirements, testing of preliminary results from new data runs, developing a reporting system for tracking security examination rates, and a copy of the results of a preliminary data run identifying shipment examination rates by mode of transportation and C-TPAT member Tier level. CBP staff informed us that the steps being taken to address this recommendation are to continue through the end of the 2017. In the interim, we are reviewing the documents CBP provided to determine what, if any, additional information we may need to assess progress in addressing this recommendation.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    2 open recommendations
    Recommendation: To enhance its ability to fulfill its role as the facilitator of cross-sector collaboration and best-practices sharing, the Secretary of Homeland Security should direct the Assistant Secretary of Infrastructure Protection, Office of Infrastructure Protection, to explore with key critical infrastructure partners, whether and what opportunities exist to harmonize federally-administered screening and credentialing access control efforts across critical infrastructure sectors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure that SCO uses its time and resources to pursue the most efficient and effective screening and credentialing harmonization goals on behalf of the department, the Secretary of Homeland Security should direct the Deputy Assistant Secretary for Screening Coordination, Office of Policy, to establish goals and objectives to support its broader strategic framework for harmonization.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Kay Brown
    Phone: (202) 512-7215

    3 open recommendations
    Recommendation: To better ensure FEMA's regional activities effectively support individuals with disabilities, the Secretary of Homeland Security should direct the FEMA Administrator to take steps to establish written procedures for how regions should involve the Office of Disability Integration and Coordination in clarifying disability integration staff's roles, evaluating staff performance, and setting expectations for how staff communicate with headquarters and the regions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA agreed with this recommendation and FEMA's Office of Disability Integration and Coordination is in the process of establishing a working group that will clarify and codify the roles, responsibilities, and expectations among the various agency offices and personnel involved in carrying out the agency's disability integration mission. GAO will monitor the progress of these efforts. FEMA expects to complete these efforts by December 31, 2017. At that time, GAO will await documentation of the agency's procedures for carrying out its disability integration mission.
    Recommendation: To better position FEMA to expand access to key training on incorporating access and functional needs into emergency planning for state, local, and voluntary organization emergency management officials, the Secretary of Homeland Security should direct the FEMA Administrator to evaluate alternative cost-effective methods for delivering its course on access and functional needs, such as via virtual classes.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA agreed with this recommendation and reported that it will explore options for updating one of its existing online courses--IS-368 "Including People with Disabilities and Other with Access and Functional Needs in Disaster Operations"--to tailor the content for a broader audience, including members of the public. The agency also reported that it will evaluate the need for alternative cost-effective methods for delivering other courses on inclusive emergency management it currently offers, such as its classroom course, "Integrating Access and Functional Need into Emergency Planning." The agency anticipates completing these efforts by December 31, 2017. When these efforts are complete, GAO will await documentation that the agency has evaluated its delivery of key training on incorporating access and functional needs into emergency planning.
    Recommendation: To help ensure its key training on incorporating access and functional needs into emergency planning reaches a sufficiently wide audience, the Secretary should direct the FEMA Administrator to collect information about the potential pool of participants, set general goals for the number of state and local emergency managers that will take this course, and implement the delivery methods needed to meet these goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA agreed with this recommendation and reported that it will work with its regional staff to map potential training participants in each state and set goals for delivery of the course to state and local emergency managers. The agency also reported that it may be able to use data in the State Preparedness Report and states' self-reporting on the need for training on integrating the needs of people with access and functional needs into emergency management. GAO will monitor the progress of these efforts. The agency anticipates completing these efforts by December 31, 2017.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    9 open recommendations
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should determine the extent to which the statutorily required implementing principles apply to NCCIC's cybersecurity functions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC is currently conducting an analysis of all mission functions to include the following goals: simplify the descriptions of NCCIC's mission functions, document all NCCIC functional capabilities, document the applicability of implementing principles to NCCIC mission functions, and map as appropriate. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should develop metrics for assessing adherence to applicable principles in carrying out statutorily required functions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that they were still in the process completing mission functional analysis described in DHS's response to Recommendation 1, which would serve as the basis of developing metrics. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should establish methods for monitoring the implementation of cybersecurity functions against the principles on an ongoing basis.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC is updating existing policies and procedures for program management reviews (PMR) to include the metrics developed in recommendation two. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should integrate information related to security incidents to provide management with more complete information about NCCIC operations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the NCCIC updated guidelines for incident reporting would be completed in May 2017. In addition, according to DHS, incident management system requirements were updated to support the new guidelines and are scheduled to be implemented in June 2017. DHS stated that these steps will enable the successful implementation of the new National Cyber Incident Scoring Schema (NCISS), which the NCCIC Watch Operations uses to help facilitate the timely, actionable, and relevant dissemination of information to leadership. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. As of August 2017, DHS has not provided evidence that the new guidelines have been implemented. However, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should determine the necessity of reducing, consolidating, or modifying the points of entry used to communicate with NCCIC to better ensure that all incident tickets are logged appropriately.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC had completed initial mapping of information flows, as well as the roles and responsibilities for the incident management function. A plan to integrate or consolidate disparate incident reporting systems is scheduled to be completed in December 2017. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should develop and implement procedures to perform regular reviews of customer information to ensure that it is current and reliable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NPPD is gathering the requirements for a customer relationship management (CRM) tool that will support regular reviews and updates to customer information. Additionally, DHS stated that NCCIC will establish and implement a standing operating procedure for capturing and regularly updating prioritized customer information including contact information in the event of an incident. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should take steps to ensure the full representation of the owners and operators of the nation's most critical cyber-dependent infrastructure assets.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the Office of Cybersecurity and Communications is establishing integrated customer engagement activities that support cyber risk mitigation and incident response planning. In addition, NCCIC will develop standing operating procedures that leverage existing information sharing programs, activities and relationships to tailor engagements that support owners and operators of the most critical cyber-dependent infrastructure assets including designated lifeline sectors. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should establish plans and time frames for consolidating or integrating the legacy networks used by NCCIC analysts to reduce the need for manual data entry.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the Assistant Secretary of Office of Cybersecurity and Communications (CS&C) had consolidated the Enterprise Architecture role within the Office of the Chief Technology Officer (CTO). Working across CS&C, the CTO will establish a technology roadmap, to include consolidation of networks. In addition, NCCIC is working to determine the potential impact of network consolidation on mission functions, including mapping current data sources. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should identify alternative methods to collaborate with international partners, while ensuring the security requirements of high-impact systems.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the potential reduction in sharing cybersecurity products that may result from migrating the NCCIC Portal to HSIN should be minimal. Contingency information sharing plans will be developed to mitigate potential issues through alternate information sharing practices, particularly involving an actual incident during migration transition. Foreign partnerships will continued to be maintained by exercises, analytic exchanges with our closest partners, and continued participation in multilateral and bilateral engagements. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    2 open recommendations
    Recommendation: The Commandant of the Coast Guard should update Commandant Instruction M6000.1F, Coast Guard Medical Manual, to classify gambling disorder as an addiction and not as an impulse control issue.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commandant of the Coast Guard should update Commandant Instruction M1000.10, Coast Guard Drug and Alcohol Abuse Program, to explicitly include gambling disorder.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To better ensure the effectiveness of CBP's predeparture programs, the Commissioner of U.S. Customs and Border Protection should develop and implement a system of performance measures and baselines to evaluate the effectiveness of CBP's predeparture programs and assess whether the programs are achieving their stated goals.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: U.S. Customs and Border Protection's (CBP) Office of Field Operations (OFO) reported that it established a working group comprised of designated program officials from CBP's Admissibility and Passenger Programs; National Targeting Center; Planning, Program Analysis, and Evaluation; and, Preclearance offices to develop and implement a system of performance measures and baselines to evaluate the effectiveness of CBP's predeparture programs. As of July 2017, CBP reported that the working group had developed three performance measures for its predeparture programs. According to OFO officials, fiscal year 2018 will be the first complete year that each of these measures is calculated using a standardized and repeatable methodology and will thus be used as a baseline year. The baselines developed during fiscal year 2018 will then be used in future assessments of program effectiveness. To fully address this recommendation to develop and implement performance measures and baselines for evaluating its predeparture programs, GAO will review documentation from CBP, when available, on the fiscal year 2018 baselines and CBP's planned evaluation of fiscal year 2019 data against those baselines.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    6 open recommendations
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should strengthen the methodology for calculating recidivism such as by using an alien's apprehension history beyond one fiscal year and excluding aliens for whom there is no record of removal and who may remain in the United States.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should collect information on reasons agents do not apply the CDS guides' Most Effective and Efficient consequences to assess the extent that agents' application of these consequences can be increased and modify development of CDS guides, as appropriate.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should revise CDS guidance to ensure consistent and accurate methodologies for estimating Border Patrol costs across consequences and to factor in, where appropriate and available, the relative costs of any federal partner resources necessary to implement each consequence.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should ensure that sector management is monitoring progress in meeting their performance targets and communicating performance results to Border Patrol headquarters management.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should provide consistent guidance for alien classification and take steps to ensure CDS Project Management Office and sector management conduct data integrity activities necessary to strengthen control over the classification of aliens.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Assistant Secretary of Immigration and Customs Enforcement and Commissioner of Customs and Border Protection to collaborate on sharing immigration enforcement and removal data to help Border Patrol account for the removal status of apprehended aliens in its recidivism rate measure.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Tim Persons
    Phone: (202) 512-6412

    1 open recommendations
    Recommendation: The Secretary of Homeland Security--in consultation with the Federal Bureau of Investigation--should conduct a formal bioforensics capability gap analysis to identify scientific and technical gaps and needs in bioforensics capabilities to help guide current and future bioforensics investments and update its analysis periodically.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Heather Krause
    Phone: (202) 512-6806

    2 open recommendations
    Recommendation: To help ensure that FLETC builds and maintains capacity to achieve its mission with existing levels of resources over the longer-term, the Secretary of Homeland Security should direct the Director of FLETC to complete a revised strategic plan that encompasses the agency's long-term goals and objectives to address emerging challenges.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure that FLETC builds and maintains capacity to achieve its mission with existing levels of resources over the longer-term, as part of its strategic planning process, the Secretary of Homeland Security should direct the Director of FLETC to finalize the plan, including the steps and time frames, needed to further implement its Online Campus initiative.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Alicia Puente Cackley
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To improve the transparency and accountability over the compensation paid to WYO companies and set appropriate compensation rates, the FEMA administrator should take into account WYO company characteristics that may impact companies' expenses and profits when developing the new compensation methodology and rates.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Homeland Security should direct the department's CIO to identify one high-cost function it could collect detailed cost, technical, and business information for and modify existing processes to collect and review this information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In its comments on a draft of our report, the department concurred with our recommendation. Subsequent to the department informing us that it has taken action to implement the recommendation, we will follow up.
    Director: Currie, Christopher P
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To better assess the impact of the fire grants program, the Secretary of Homeland Security should direct the FEMA Administrator to establish measurable performance targets linked to AFG and SAFER program goals, such as the desired percentage of awardees who used grants to achieve compliance with equipment standards.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to officials, FEMA's Grant Programs Directorate is reviewing the current set of program metrics to determine the feasibility of establishing performance targets. FEMA plans to include approved targets in its annual report to Congress that will be issued for fiscal year 2016; the report was undergoing internal review for approval and release as of November 2016. Pending issuance of the report with measurable performance targets linked to AFG and SAFER program goals, this recommendation will remain open.
    Recommendation: To enhance FEMA's efforts to assess and integrate the fire grant programs' contributions to national preparedness, the Secretary of Homeland Security should direct the FEMA Administrator to use the National Preparedness Goal's definition of critical infrastructure as the basis of collecting information from applicants and using the National Critical Infrastructure Prioritization Program list to measure fire grant programs' performance in addressing national priorities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to officials, FEMA's Grant Programs Directorate plans to incorporate the National Preparedness Goal definition of national critical infrastructure into fire grant performance measures in FEMA's fiscal year 2017 Annual Report to Congress. Specifically, they said FEMA plans to conduct an assessment of data from AFG program application and awards in order to verify recipients are reporting infrastructure that aligns with the National Preparedness Goal definition of critical infrastructure. In addition, FEMA plans to meet as needed with the National Programs and Protection Directorate's Office of Critical Infrastructure Analysis to determine how the Critical Infrastructure Prioritization Program list can be used in the application process. Pending completion of these efforts, this recommendation will remain open.
    Recommendation: To enhance FEMA's efforts to incorporate new National Fire Operations Reporting System (NFORS) and Fire Community Assessment Response Evaluation System (FireCARES) data elements into fire grants program management activities, the Secretary of Homeland Security should direct the FEMA Administrator to develop a project management plan for identifying relevant data elements in the new NFORS and FireCARES systems and determining how they can be used to improve fire grant applications and awards processes and the performance assessment system.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to officials, FEMA's Grant Programs Directorate intends to develop a plan to assess the data collected to determine feasibility for integration of NFORS and FireCARES data into the AFG programs. The plan will incorporate ways to improve the applications, awards processes, and tracking of performance. This plan should be completed by March 2017, and FEMA will continue to collaborate with stakeholders for the improvement of the AFG application, awards processes, and performance management. According to FEMA, the estimated completion of this effort is September 2017.
    Director: Jenny Grover
    Phone: (202) 512-7141

    5 open recommendations
    Recommendation: To ensure effective evaluation of air marshal training, the TSA Administrator should direct OTD to implement a mechanism for regularly collecting and incorporating incumbent air marshals' feedback on the training they receive from field office programs.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure effective evaluation of air marshal training, the TSA Administrator should direct OTD to take additional steps to improve the response rates of the training surveys it conducts.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to specify in policy who at the headquarters level has oversight responsibility for ensuring that field office Supervisory Air Marshals-in-Charge or their designees meet their responsibilities for ensuring that training completion records are entered in a timely manner.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to specify in policy who at the headquarters level is responsible for ensuring that headquarters personnel enter approved air marshals' training exemptions into the Federal Air Marshal Information System, and define the timeframe for doing so.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to develop and implement standardized methods, such as examinations and checklists, for determining whether incumbent air marshals continue to be mission ready in key skills.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Seto Bagdoyan
    Phone: (202) 512-6722

    1 open recommendations
    Recommendation: To strengthen USCIS's EB-5 Program fraud risk management, the Director of USCIS should develop a fraud risk profile that aligns with leading practices identified in GAO's Fraud Risk Framework.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In November 2016, Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS)stated that the program would implement GAO's recommendation to develop a fraud risk profile and anticipated completion by September 30, 2017. In April 2017, USCIS provided an update including supporting documentation which reported that USCIS had contracted with an outside consultant to, among other things, develop a fraud risk profile that aligns with leading practices identified in GAO's Fraud Risk Framework. According to its response, USCIS expected to complete development of the profile by September 30, 2017.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) concurred with our recommendation and stated that the Enterprise Business Management Office within the Office of the Chief Information Officer will validate each investment reported on the Dashboard and work with program officials to ensure they appropriately update the data for the IT Dashboard. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: If DHS's proposed CBRNE program consolidation is approved by Congress, the Secretary of Homeland Security should direct the Assistant Secretary for the Office of Policy to use, where appropriate, the key mergers and organizational transformation practices identified in our previous work to help ensure that a CBRNE consolidated office benefits from lessons learned from other organizational transformations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We found that key mergers and organizational transformation practices identified in previous GAO work could benefit the Department of Homeland Security (DHS) if Congress approves the proposed CBRNE consolidation. As a result, we recommended that should Congress approve DHS's CBRNE consolidation plan, the department use key mergers and organizational transformation practices identified in previous GAO work. In November 2016, DHS stated that while Congress had yet to authorize DHS's CBRNE reorganization proposal, DHS remained committed to evaluating GAO's identified practices when developing an implementation plan. We will update the status of this recommendation as additional information is made available.
    Director: Fennell, Anne-marie Lasowski
    Phone: (202) 512-3841

    1 open recommendations
    Recommendation: To help ensure that the Corps and FEMA carry out the national leveesafety- related activities required in the Water Resources Reform and Development Act of 2014, the Secretary of Defense should direct the Secretary of the Army to direct the Chief of Engineers and Commanding General of the U.S. Army Corps of Engineers and that the Secretary of Homeland Security direct the FEMA Administrator to develop a plan, with milestones, for implementing these activities, using existing resources or requesting additional resources as needed. This plan could be posted on the Corps' website and monitored for progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of December 2016, GAO is awaiting action by the agency to implement this recommendation.
    Director: Andrew Von Ah
    Phone: (213) 830-1011

    4 open recommendations
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to document the processes and analyses for assessing and, as appropriate, for managing the difference between program costs and collections and document resulting decisions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS's Fee Governance Council, led by the Deputy CFO plans to draft and publish a revised section of the Financial Management Policy Manual devoted to documenting the processes and analyses for assessing and managing the difference between program costs and collections and document resulting decisions. The Council is currently working to establish interim milestones associated with this objective.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to establish processes for managing unobligated carryover balances, to include targets for minimum and maximum balances for programs that lack such processes and targets.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Fee Governance Council will draft and publish a revised section of the Financial Management Policy Manual devoted to managing unobligated carryover balances. The Council is currently working to develop specific milestones associated with this objective.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to conduct reviews to identify any management and operational deficiencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The DHS Fee Governance Council plans to publish a revised section of the Financial Management Policy Manual devoted to how components conduct studies of fee programs to identify any management or operational deficiencies. The Council is currently working to establish specific milestones associated with this objective.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to take action to track and report on management and operational deficiencies--including reasons supporting any decisions to not pursue recommended actions--identified in fee reviews or through other means.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The DHS Fee Governance Council will publish a revised section of the Financial Management Policy Manual devoted to how regular biennial reviews are conducted at DHS and how any findings and recommendations on management and operational deficiencies identified in these fee studies are tracked and reported.
    Director: Alicia Puente Cackley
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To address a potential challenge for consumers who wish to opt for private flood insurance and who must have insurance under the mandatory purchase requirement, the FEMA Administrator should consider reinstating the cancellation reason code allowing policyholders to cancel their NFIP policy and be eligible for premium refunds, on a prorated basis, if they obtain a non-NFIP policy after their NFIP policy became effective. If changes are needed to NFIP's standard flood insurance policy to allow such refunds, FEMA should take the necessary steps to amend its standard flood insurance policy.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should clearly document the ECPC's strategic goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should establish a mechanism to track progress by the ECPC's member agencies in implementing the ECPC's recommendations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should clearly define the roles and responsibilities of the ECPC's member agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Kimberly M. Gianopoulos
    Phone: (202) 512-8612

    3 open recommendations
    Recommendation: To better manage the AD/CV duty liquidation process, CBP should issue guidance directing the Antidumping and Countervailing Duty Centralization Team to (a) collect and analyze data on a regular basis to identify and address the causes of liquidations that occur contrary to the process or outside the 6-month time frame mandated by statute, (b) track progress on reducing such liquidations, and (c) report on any effects these liquidations may have on revenue.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and said it would take steps to implement it. CBP has issued guidance requiring the collection, analysis, and reporting of AD/CV data to identify and address the causes of liquidations that occur contrary to the process or outside the 6-month time frame mandated by statute, as GAO recommended in July 2016. CBP is analyzing the results of its fiscal year 2017 self-inspection program to assess its progress on reducing such liquidations and report on the revenue effect. CBP expects to complete its analysis by Fall 2017. Systematically collecting and analyzing liquidation data on a regular basis to identify and address the causes of untimely liquidations and tracking and reporting on progress toward reducing such liquidations could help CBP reduce revenue loss.
    Recommendation: To improve risk management in the collection of AD/CV duties and to identify new or changing risks, CBP should regularly conduct a comprehensive risk analysis that assesses both the likelihood and the significance of risk factors related to AD/CV duty collection. For example, CBP could construct statistical models that explore the associations between potential risk factors and both the probability of nonpayment and the size of nonpayment when it occurs.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and said it would take steps to implement it. As of September 2017, CBP had not regularly conducted a risk analysis that assesses both the likelihood and significance of risk factors related to AD/CV duty collection, as GAO recommended in July 2016. However, CBP was in the process of developing a model to enable it to conduct such a risk analysis on a regular basis. CBP expects to test the model by Fall 2017; however, CBP officials said that full implementation of the model will not take place until the end of fiscal year 2018 due to the complexity of the project. CBP officials noted that they are working to hire additional staff to dedicate to model development; acquire a dedicated server for processing data to regularly update the models; and identify other CBP programs that would benefit from risk models similar to the ones they are developing for AD/CV duties. Regularly conducting a comprehensive risk analysis of factors related to AD/CV duty non-collection could enhance CBP's capacity to collect additional revenue. For example, it could result in the identification of new factors generating a requirement for an importer to provide additional security in the form of bonds as part of an enhanced bonding requirement.
    Recommendation: To improve risk management in the collection of AD/CV duties, CBP should, consistent with U.S. law and international obligations, take steps to use its data and risk assessment strategically to mitigate AD/CV duty nonpayment, such as by using predictive risk analysis to identify entries that pose heightened risk and taking appropriate action to mitigate the risk.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and said it would take steps to implement it. As of September 2017, CBP was in the process of developing a risk analysis model to use in mitigating AD/CV duty nonpayment, as GAO recommended in July 2016. The model will use predictive risk analysis to identify entries that pose a heightened risk of nonpayment. CBP has contacted the Customs Surety Association and the Commercial Customs Operations Advisory Committee to discuss bonding options to help mitigate the risk of nonpayment. Developing a risk analysis model to use in mitigating AD/CV duty nonpayment could enhance CBP's capacity to collect additional revenue. For example, it could be used to identify entries from importers requiring additional security in the form of bonds as part of an enhanced bonding requirement.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To help ensure that whistleblower retaliation reports are addressed efficiently and effectively, the Secretary of Homeland Security should direct the Under Secretary of DHS's National Protection and Programs Directorate's (NPPD), the Assistant Secretary for Infrastructure Protection, and the Director of the Infrastructure Security Compliance Division (ISCD) to develop a documented process and procedures to address and investigate whistleblower retaliation reports that could include existing practices, such as the Department of Labor's Occupational Safety and Health Administration's recommended practices, in developing the process and procedures.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, in September 2016 they initiated development of a standard operating procedure for addressing and investigating whistleblower retaliation complaints. ISCD expects to complete a final version of the standard operating procedure by June 2017. According to ISCD officials, the procedure will consider OSHA's guidance, once available, when developing this set of procedures. We will update the status of this recommendation after additional information is received from DHS.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    9 open recommendations
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of the Department of Homeland Security (DHS) should direct the Director of USCIS to direct the USCIS Chief Information Officer (CIO), in coordination with the DHS CIO and the Chief of the Office of Transformation Coordination (OTC), to review and update, as needed, existing policies and guidance and consider additional controls to complete planning for software releases prior to initiating development and ensure software meets business expectations prior to deployment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, the U.S. Citizenship and Immigration Services (USCIS) within the Department of Homeland Security (DHS) had taken steps to address this recommendation. In particular, in June 2017, USCIS provided an updated policy, dated April 2017, governing planning and deploying software releases. USCIS also demonstrated partial compliance with that policy. For example, it provided some release planning review documentation for recent releases that are required by the updated policy, including readiness review memos for releases 7.2 and 8.1. However, USCIS did not demonstrate that the program responsible for developing the USCIS Electronic Immigration System (USCIS ELIS) was consistently following its updated policy. For example, USCIS did not demonstrate that the program was completing all planning activities prior to initiating development, as called for in its updated policy. Moreover, the agency did not demonstrate compliance with its previous policy for all software releases planned and deployed since our July 2016 report. We will continue to work with USCIS to monitor actions the agency is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to consistently implement the principles of the framework adopted for Agile software development.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software releases, dated April 2017, along with release planning artifacts specific to USCIS ELIS. The updated policy included an appendix devoted to generally accepted agency practices and applying Agile principles in the agency. However, USCIS had not clearly indicated if USCIS ELIS was to implement the practices described in the policy. For example, the updated policy did not require program compliance with the generally accepted agency practices. Moreover, supporting artifacts from the release planning process did not always define a commitment to a particular development methodology or set of development practices. For example, the team process agreements, which describe how members of individual teams will work with each other, did not indicate if developers were to adhere to the practices described in updated USCIS policy. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to define and consistently execute appropriate roles and responsibilities for individuals responsible for development activities consistent with its selected development framework.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in June 2017, USCIS provided updated policy, dated April 2017, governing the development of software releases and release planning artifacts. The updated policy and release documentation defined some roles and responsibilities that were previously only described by USCIS in its informal November 2014 management model, such as the authority and responsibility of a product owner. However, program documentation and policy did not define all of the roles and responsibilities. For example, program documentation and policy did not define the roles and responsibilities of a facilitator, or Scrum Master, which is a position identified in leading practices for software development using Scrum, the development methodology previously identified by the program. In addition, USCIS did not demonstrate that it had defined and committed to an updated development methodology for software releases. Such a defined methodology will impact expectations for the roles and responsibilities in software development. Without such a defined methodology or approach to Agile software development, it is not clear if roles and responsibilities defined by previously documented approach to Agile software development are still applicable for the current development approach. Moreover, documentation associated with program releases and updated policy did not define all of the roles and responsibilities for positions described by USCIS in its May 2017 written response to GAO. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to identify all system users and involve them in release planning activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, DHS and USCIS had not provided information demonstrating that the department has addressed this recommendation. In October 2016, DHS provided a written response stating that the USCIS Office of Information Technology and Office of Transformation Coordination were working closely with the various USCIS directorates to obtain and integrate feedback through regular review sessions with the end users and through additional end user testing. However, as of July 2017, DHS and USCIS have not provided new information about the status of this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to write user stories that identify user roles, include estimates of complexity, take no longer than one sprint to complete, and describe business value.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had provided GAO with documentation intended to demonstrate that the agency had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software releases along with release planning artifacts specific to USCIS ELIS and an Independent Verification and Validation assessment. The agency also provided a series of backlogs that captured user stories for some software releases. In addition, the Independent Verification and Validation assessment indicated that the program was tracking user story quality as part of assessing whether value was continuously discovered and aligned to the mission. However, the assessment report provided to GAO indicated a negative trend for this outcome. Moreover, USCIS policy no longer set expectations regarding user story development. In addition, supporting artifacts from the release planning process did not always define a commitment to a particular development methodology, which is turn impacts the expectations for writing user stories. Finally, backlogs provided by USCIS did not cover all releases in development since our July 2016 report and did not include enough detail to assess all aspects of the user story process (e.g., story size and user involvement). We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to establish outcomes for Agile software development.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in April 2017, USCIS issued updated policy governing software development at the agency. The updated policy included an appendix devoted to generally accepted agency practices and applying Agile principles in the agency. This appendix also included a set of ten outcomes associated with using Agile practices at USCIS. For example, outcomes included that value is continuously discovered and aligned to the mission. However, the updated policy did not require program compliance with the practices and principles described in the appendix. Moreover, the agency did not demonstrate that USCIS ELIS had committed to achieving a specific set of outcomes for Agile software development, such as the outcomes described in the USCIS policy. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to monitor program performance and report to appropriate entities through the collection of reliable metrics.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software that called for teams to prepare an Operations Monitoring Plan or dashboard showing the practices, tools, and measures that will monitor applications in production. The agency also provided a series of documents from internal systems and processes intended to monitor performance, such as a product dashboard for analyzing code quality (i.e., SonarQube) and a report from its Independent Verification and Validation team. However, the program was undergoing a re-baseline and had yet to document updated cost, schedule, and performance expectations against which to monitor. Moreover, the agency did not demonstrate that other metrics, such as customer satisfaction and team velocity, were being reliably collected. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To help manage the USCIS ELIS system, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update existing policies and guidance and consider additional controls to conduct unit and integration, and functional acceptance tests, and code inspection consistent with stated program goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided artifacts from internal systems in place to monitor software development performance. These metrics monitored aspects of testing, such as code quality and code coverage. However, the program did not provide an updated Test and Evaluation Master Plan, which is a document it will produce as part of its ongoing effort to re-baseline. A Test and Evaluation Master Plan sets the testing expectations for the program as agreed upon with its stakeholders in DHS and USCIS. The updated plan will provide a basis for further evaluation of the steps DHS and USCIS have taken to address this recommendation. Moreover, the agency did not demonstrate that functional acceptance tests were being conducted in accordance with stated program goals. For example, the agency did not provide acceptance criteria or the associated tests demonstrating that user stories passed the defined acceptance criteria. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To help manage the USCIS ELIS system, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update existing policies and guidance and consider additional controls to develop complete test plans and cases for interoperability and end user testing, as defined in the USCIS Transformation Program Test and Evaluation Master Plan, and document the results.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, DHS and USCIS had not provided information demonstrating that they had addressed this recommendation. In October 2016, DHS provided a written response indicating that an internal process for revisiting the USCIS ELIS Test and Evaluation Master Plan had been initiated, with participation from all relevant stakeholder groups. A Test and Evaluation Master Plan sets the testing expectations for the program as agreed upon with its stakeholders in DHS and USCIS. The updated plan will provide a basis for further evaluation of the steps DHS and USCIS have taken to address this recommendation. The letter also stated that USCIS had begun to work on a policy for new interoperability test procedures. Moreover, the letter added that end user testing is a continuing activity, including providing feedback of observed issues into the development queue, with the slow launch of the naturalization capabilities in USCIS ELIS being a model. However, as of July 2017, DHS and USCIS had not provided new information about the status of this recommendation. We will continue to work with DHS and USCIS to obtain additional documentation about actions they are taking to address this recommendation.
    Director: Farrell, Brenda S
    Phone: (202) 512-3604

    2 open recommendations
    Recommendation: To help ensure that the Gold Star Advocate Program achieves its mission and objectives and to enhance outreach for the program, the Commandant of the Coast Guard should develop interim policies to govern the program, to include identification of roles, responsibilities, and procedures.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard Personnel Service Center is planning to publish a policy memorandum on the Personnel Service Center Casualty Matters website announcing the establishment of the Gold Star Advocate Program and outlining the policies, procedures, and responsibilities of the Gold Star Advocate Program.
    Recommendation: To help ensure that the Gold Star Advocate Program achieves its mission and objectives and to enhance outreach for the program, the Commandant of the Coast Guard should determine outreach goals and metrics by which to measure progress in attaining those goals.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard is planning to establish goals and metrics for the Coast Guard's Gold Star Advocate Program to include: identifying resources to support the program, creating a Gold Star Advocate Program website, updating the Coast Guard's "A Survivor's Guide to Benefits" and link it to the Gold Star Advocate Program website. The Coast Guard also plans to begin capturing addresses and other contact information for survivors of each active duty servicemember death and perform a one-time mass mailing to survivors to inform them of the program. They also plan to develop measures for outreach effectiveness and to partner with the Department of Defense to identify other ways to ensure that all survivors are contacted.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To better position the Coast Guard to effectively plan its Arctic operations, the Commandant of the Coast Guard should develop measures, as appropriate, for gauging how the agency's actions have helped to mitigate the Arctic capability gaps.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2016, we reviewed and reported on the U.S. Coast Guard's efforts in the Arctic. We found that the Coast Guard had taken actions to implement its Arctic strategy and conduct Arctic operations, which may help the Coast Guard to better understand and mitigate identified Arctic capability gaps. Further, we found that the Coast Guard was tracking, or had plans to track, its various activities in the Arctic, but that it had not developed measures to systematically assess how its actions have helped to mitigate Arctic capability gaps. We recommended that the Coast Guard develop measures, as appropriate, for gauging how the agency's actions have helped to mitigate the Arctic capability gaps. In response to our recommendation, in August 2016, the Coast Guard reported that specific measures for some activities would be developed and included as part of the Coast Guard's update to its implementation plan for its Arctic strategy. In March 2017, the Coast Guard reported that it completed an annual review of its implementation plan in January 2017. However, officials stated that technology updates and modifications to its tracking tool are required to better represent the completion percentage. To fully address this recommendation, the Coast Guard will need to finalize the development of its measures to gauge how its actions have helped to mitigate Arctic capability gaps.
    Recommendation: To better position the Coast Guard to effectively plan its Arctic operations, the Commandant of the Coast Guard should design and implement a process to systematically assess the extent to which actions taken agency-wide have helped mitigate the Arctic capability gaps for which it has responsibility.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2016, we reviewed and reported on the U.S. Coast Guard's efforts in the Arctic. We found that the Coast Guard had taken actions to implement its Arctic strategy and conduct Arctic operations, which may help the Coast Guard to better understand and mitigate identified Arctic capability gaps. Further, we found that the Coast Guard was tracking, or had plans to track, its various activities in the Arctic, but that it had not systematically assessed how its actions have helped to mitigate Arctic capability gaps. We recommended that the Coast Guard design and implement a process to systematically assess the extent to which actions taken agency-wide have helped mitigate the Arctic capability gaps for which it has responsibility, so that it will better understand the status of these gaps and be better positioned to effectively plan its Arctic operations. In August 2016, the Coast Guard reported that through its annual review of its implementation plan for its Arctic Strategy, that it will systematically assess how its actions have mitigated capability gaps for which it is the lead agency under the Implementation Framework for the National Strategy for the Arctic Region. In March 2017, the Coast Guard reported that it completed an annual review of its implementation plan in January 2017 which resulted in the consolidation, removal, and addition of Arctic initiatives. Further, officials stated that the Coast Guard will continue to work with the Arctic Executive Steering Committee to provide information for the tracking and measurement of national capabilities, needs and gaps, and impacts in the Arctic Region. To fully address this recommendation, the Coast Guard will need to assess how its actions have helped to mitigate Arctic capability gaps, and provide documentation that identifies the progress it has made in helping to mitigate Arctic capability gaps.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that the Office of the CIO Enterprise Business Management Office is updating its program assessment guideline. The updated guideline will include risk-based scores as the basis for its investment ratings. The Department expects to release this new guideline by the end of December 2016. We will continue to monitor the implementation of this recommendation.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    6 open recommendations
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should update the Risk Assessment of Airport Security to reflect changes to its risk environment, such as those updates reflected in Transportation Sector Security Risk Assessment (TSSRA) and JVA findings, and share results of this risk assessment with stakeholders on an ongoing basis.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should establish and implement a process for determining when additional risk assessment updates are needed.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should develop and implement a method for conducting a system-wide assessment of airport vulnerability that will provide a more comprehensive understanding of airport perimeter and access control security vulnerabilities.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should use security event data for specific analysis of system-wide trends related to perimeter and access control security to better inform risk management decisions.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should update the 2012 Strategy for airport security to reflect changes in risk assessments, agency operations, and the status of goals and objectives. Specifically, this update should reflect: (1) information from the Risk Assessment of Airport Security, as well as information contained in the most recent TSSRA and JVAs; (2) new airport security-related activities; (3) the status of TSA efforts to address goals and objectives; and (4) finalized outcome-based performance measures and performance levels--or targets--for each relevant activity and strategic goal.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should establish and implement a process for determining when additional updates to the Strategy are needed.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To better ensure that FAMS uses its resources to cover the highest-risk flights, in addition to considering risk when determining how to divide FAMS's international flight coverage resources among international destinations, the Director of FAMS should incorporate risk into FAMS's method for initially setting its annual target numbers of average daily international and domestic flights to cover.

    Agency: Department of Homeland Security: Transportation Security Administration: Office of Law Enforcement - Federal Air Marshal Service
    Status: Open

    Comments: In May 2016, we found that FAMS officials considered risk when selecting specific domestic and international flights to cover, but they did not consider risk when deciding how to initially divide their annual resources between domestic and international flights. Rather, each year FAMS considered two variables--travel budget and number of air marshals--to identify the most efficient way to divide the agency's resources between domestic and international flights. As a result, we recommended that FAMS incorporate risk into FAMS's method for initially setting its annual target numbers of average daily international and domestic flights to cover. In March 2017, TSA officials reported that FAMS was continuing to identify ways to refine the methodology FAMS uses to allocate resources between international and domestic flights. Specifically, TSA officials noted that FAMS was considering ways to incorporate information on the travel patterns of known or suspected terrorists, trends in TSA PreCheck passenger data, airport screening capabilities, and other factors. FAMS officials also reported that, as part of this effort, they were reviewing their International Concept of Operations. It is unclear how these steps will address the recommendation. To fully address this recommendation, FAMS should incorporate risk into its method for initially setting its annual target numbers of average daily international and domestic flights to cover.
    Recommendation: To better ensure that FAMS uses its resources to cover the highest-risk flights, the Director of FAMS should conduct and document a risk assessment--systematically collecting information on and assigning value to current risks--to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas.

    Agency: Department of Homeland Security: Transportation Security Administration: Office of Law Enforcement - Federal Air Marshal Service
    Status: Open

    Comments: In May 2016, we reported that FAMS's choice of domestic geographic focus areas and resource allocation levels were based on professional judgment, not risk assessment. With regard to the geographic focus areas, for example, FAMS officials explained that they did not conduct a risk assessment to inform this decision, but rather selected these areas in consultation with 30 subject matter experts from various offices within TSA based on their intuitive, qualitative perceptions of threats, vulnerabilities, potential impacts, history, and the demographics of the areas. Without fully incorporating risk when determining such priorities, FAMS cannot reasonably ensure it is targeting its resources to the highest-risk flights. As a result, we recommended that FAMS conduct and document a risk assessment--systematically collecting information on and assigning value to current risks--to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas. In March 2017, TSA officials explained that they were continuing to develop their "risk-by-flight" initiative--a long-term effort to develop a method of assigning each domestic flight a relative risk score to assist in identifying high-risk flights. At the time of our report in 2016, FAMS officials estimated that the risk-by-flight tool would probably be ready for use within 7 to 10 years. In March 2017, TSA officials stated that they had developed a prototype Risk-Based Resource Deployment Decision Aid, which they refer to as R2D2. TSA officials further reported that the DHS Science and Technology Directorate had contracted for the development of a risk engine--based on the R2D2 data--to assign risk values to all U.S.-carrier domestic and international flights. TSA officials reported that this contract runs through early 2018. To fully address this recommendation, FAMS should conduct and document a risk assessment to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To enhance the monitoring of holding facilities, the Secretary of Homeland Security should direct Border Patrol and ICE to develop and implement a process to assess their time in custody data for all individuals in holding facilities, including: (1) identifying and addressing potential data quality issues; and (2) identifying cases where time in custody exceeded guidelines and assessing the factors impacting time in custody.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To strengthen the transparency of the complaints process, the Secretary of Homeland Security should direct CBP and ICE to develop and issue guidance on how and which complaint mechanisms should be communicated to individuals in custody at holding facilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate the tracking of holding facility complaints, the Secretary of Homeland Security should include a classification code in all complaint tracking systems related to DHS holding facilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide useful information for compliance monitoring, the Secretary of Homeland Security should direct CBP and ICE to develop and implement a process for analyzing trends related to holding facility complaints across their respective component.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michelle Sager
    Phone: (202) 512-6806

    4 open recommendations
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to conduct a systematic analysis of the information generated from FEMA's readiness assessments to determine the extent of regional office efforts to help states implement the NDRF, including conducting education and outreach.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, its Office of Readiness Assessment (ORA) launched the 2016 bi-annual FEMA Readiness Assessment Program in April 2016, which includes NDRF related assessment discussions in five FEMA regions. We met with officials in April 2017, who told us that ORA plans to incorporate into this year's assessments, a retrospective review of NDRF findings and progress made in implementing the NDRF since 2013. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to develop best practices and lessons learned with regard to conducting NDRF education and outreach to states based on the analysis of readiness assessments and create a mechanism to disseminate and share those best practices and lessons learned to FEMA regional offices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, its Recovery Support Function Leadership Group initiated an information management workgroup, which shares best practices information as one of its objectives. The workgroup has piloted the use of an existing interagency portal as a potential platform for improved information sharing. We met with officials in April 2017, who told us that FEMA will incorporate its 2016 readiness review findings and best practices from regional Federal Disaster Recovery Coordinators for stakeholder outreach and education into the final platform build-out. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to clarify with regional offices and Federal Disaster Recovery Coordinators (FDRCs) the role of the regional implementation plans in FDRC performance plans and how they will be used to assess NDRF regional implementation efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, to achieve greater integration of FEMA's field leadership components, FEMA's Field Operations Directorate (FOD) convened a Field Leadership Working Group of senior subject matter experts to conduct a mission analysis of FEMA's Field Leadership function (which includes Federal Disaster Recovery Coordinators as well as Federal Coordinating Officers and Incident Management Assistance Teams team leads). According to FEMA, one of the assigned tasks of the group involves developing performance metrics to define a steady state and operational performance framework for field leaders, to include Federal Disaster Recovery Coordinators. According to FEMA, the Working Group is currently underway and is preparing a Field Leader Manual for review by FOD leadership. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to align the annual FDRC performance expectations with clearly defined organizational goals and priorities, consistent with key management practices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, the Field Leadership Working Group will implement the elements of this recommendation alongside efforts to clarify the role of the regional National Disaster Recovery Framework implementation plans. FEMA also provided documentation to GAO noting that the Working Group is progressing in its work on its Field Leadership Professional Development Plan. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The agency agreed with the recommendation and in July 2017 stated that the department has drafted a Legacy Systems Modernization Framework. DHS is waiting for OMB?s draft guidance to be issued to ensure compliance. As a result, they now estimate this will be completed by December 2017. We will continue to monitor the implementation of this recommendation.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    3 open recommendations
    Recommendation: To improve transparency in allocating its limited resources, and to help ensure that its resource allocation decisions are the most effective ones for fulfilling its missions given existing risks, the Commandant of the Coast Guard should document how the risk assessments conducted were used to inform and support its annual asset allocation decisions.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: On December 14, 2016, the Coast Guard noted that the FY 2017 Strategic Planning Direction (SPD) was issued on October 1, 2016, which addresses GAO's recommendation and requested closure of this recommendation. In reviewing the FY 2017 SPD, however, it was not clear how risk assessments were conducted or the impact, if any, that risk factors had on asset allocations. GAO requested details on these issues on 12-17-2016 and as of 1-25-2017 GAO had not received any additional information, so this recommendation remains open.
    Recommendation: To ensure that high priority mission activities are fully supported with the appropriate number of staff possessing the requisite mix of skills and abilities, the Commandant of the Coast Guard should develop a systematic process that prioritizes manpower requirements analyses for units that are the most critical for achieving mission needs.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: On December 14, 2016, the Coast Guard noted the following: CG-1B submitted two FY 2019 Resource Proposals to staff and equip the Manpower Requirements Determination Division to conduct the analysis as described in the recommendation. Estimated completion: TBD. On March 24, 2017, the Coast Guard noted that it continues to prioritize and analyze manpower requirements and is tracking an initiative to catalogue and validate all DHS manpower modeling/analysis programs, but noted that the estimated completion for the recommendation remains as TBD.
    Recommendation: To improve the strategic allocation of assets, the Commandant of the Coast Guard should incorporate field unit input, such as information on assets' actual performance from Operational Performance Assessment Reports and Planning Assessments, to inform more realistic asset allocation decisions--in addition to asset performance capacities currently used--in the annual Strategic Planning Directions to more effectively communicate strategic intent to field units.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: On December 14, 2016, the Coast Guard noted that the Atlantic Area and Pacific Area Commands' Operational Planning Directions (OPDs) were approved and provided to their field units in July 2016 and August 2016, respectively, and that the OPDs took into account the actual performance of the assets in the allocation of asset hours to field units in line with GAO's recommendation. The Coast Guard requested closure of this recommendation. However, in reviewing the provided planning documents, it was not clear how asset allocations were changed to reflect actual asset performance by the field units, so GAO asked for further details on 12-17-2016. As of 1-25-2017, GAO had not received any updated information, so this recommendation remains open.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The department concurred with this recommendation and updated its purchase card manual November 2016 to encourage components to perform additional spend analysis for the identification of strategic sourcing opportunities, but it is unclear how results of analysis will be communicated for broader application across the agency. The department is also working with industry partners to increase the level of shared data for purchase card transactions and will develop a plan to communicate these data across the agency to support information sharing and increases strategic sourcing opportunities.
    Director: Michael J. Courts
    Phone: (202) 512-8980

    2 open recommendations
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should specify time frames for working with VWP countries to institute the additional VWP security requirements, including the requirement that the countries fully implement agreements to share information about known or suspected terrorists through the countries' Homeland Security Presidential Directive 6 arrangements and Preventing and Combating Serious Crime agreements with the United States.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS reported that nearly all VWP countries have begun sharing information on known or suspected terrorists through Homeland Security Presidential Directive 6 arrangements and that DHS also made progress in fully implementing Preventing and Combating Serious Crime agreements. According to DHS, all VWP countries were informed of the new VWP requirements in July 2016. In its initial response, DHS stated that it planned to conduct a comprehensive assessment of VWP countries' compliance with the new VWP requirements and establish a time frame for each VWP country to reach full compliance as part of each country's next formal review. However, as of April 2017, DHS needs to provide documentation to GAO to support all of these actions. GAO will continue to monitor DHS efforts to fully address this recommendation.
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should take steps to improve DHS's timeliness in reporting to Congress, within the statutory time frame, the department's determination of whether each VWP country should continue participating in the program and any effects of the country's participation on U.S. law enforcement and security interests.

    Agency: Department of Homeland Security
    Status: Open

    Comments: Since 2016, DHS has issued several reports on VWP countries to Congress that have addressed several of the overdue reports identified in 2016, but some gaps remain. As of April 2017, DHS reported plans to deliver additional reports in 2017 to address these gaps. In its initial response, DHS reported that the department had taken steps to ensure timely reporting to Congress and committed to providing Congress with advance notification of any delays in delivering future reports. To fully address this recommendation, DHS needs to issue reports to Congress on VWP countries that have not been covered within the last two years. GAO will continue to monitor DHS efforts.
    Director: Andrew Von Ah
    Phone: (213) 830-1011

    4 open recommendations
    Recommendation: To ensure the quality of the risk assessments used to inform its future QHSR processes, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to ensure future QHSR risk assessment methodologies reflect key elements of successful risk assessment methodologies, such as being: (1) Documented, which includes documenting how risk information was integrated to arrive at the assessment results, (2) Reproducible, which includes producing comparable, repeatable results, and (3) Defensible, which includes communicating any implications of uncertainty to users of the risk results.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis and Risks completed initial meetings in April 2016 with government and non-government subject matter experts to refine risk analyses for the upcoming 2018 QHSR. Representatives from the department's component and headquarters staff are to take part in the Department's Risk Modeling and Analysis Steering Committee by reviewing, documenting and approving proposed new methodologies planned to help identify and prioritize threats and hazards. This effort is intended to lead to a documented, reproducible, and defensible assessment, according to the DHS officials. This recommendation will remain open until we verify that the risk analysis contains these elements.
    Recommendation: To enable the use of risk information in supporting resource allocation decisions, guiding investments, and highlighting the measures that offer the greatest return on investment, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to refine its risk assessment methodology so that in future QHSRs it can compare and prioritize homeland security risks and risk mitigation strategies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk, with support from the RAND Corporation, has proposed a methodology to assess threats, hazards, and vulnerabilities impacting U.S. homeland security. In addition, the department's Risk Modeling and Analysis Executive Steering Committee is to review and approve the proposed methodology. The methodology is intended to enable the Department of Homeland Security to compare and prioritize homeland security risks and risk mitigation strategies, according to DHS officials. The recommendation will remain open until we verify that the methodology allows such comparisons.
    Recommendation: To ensure proper management of the QHSR stakeholder consultation process, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to identify and implement stakeholder meeting processes to ensure that communication is interactive when project planning for the next QHSR.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk finalized a draft stakeholder outreach plan to include use of the Office of Management and Budget's Max electronic collaboration website to engage with federal, state, and local stakeholders. The OMB-MAX website is available to government and non-government offices and allows the posting of documents, articles, and links, as well as facilitating collaborative editing of documents and participant interaction threads, according to DHS officials. In addition, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk is exploring the use of different tools to facilitate more interactive stakeholder engagement. For example, DHS's Office of Partnerships and Engagement is to facilitate additional engagement with external subject matter experts, arrange interagency coordination, and organize review and approval with parties of the homeland security enterprise in order to coordinate and approve the development of the 2018 QHSR. This recommendation will remain open until we verify that interactive communication approaches are implemented.
    Recommendation: To ensure proper management of the internal QHSR stakeholder consultation process, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to clarify component detailee roles and responsibilities when project planning for the next QHSR.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk (SPAR) drafted a memorandum for the Deputy Secretary to solicit Component subject matter experts. The memorandum specifies component detailee roles and responsibilities, to include serving in an advisory, consultation, and coordination role, according to DHS officials. SPAR is to lead an integrated group of analysts and strategic planners that are to be supported and augmented by the subject matter experts. The experts and detailees are to serve as members of study teams analyzing key threats, trends, and strategy and policy alternatives associated with issues and challenges relating to DHS's mission and objectives. A second memorandum requesting additional detailee support is to be issued in November 2016, prior to the formal review phase of the new QHSR which is to begin in January 2017. This recommendation will remain open until we verify that clarified detailee roles and responsibilities are finalized and implemented.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To help ensure continued progress in the implementation of effective cloud computing SLAs, the Secretaries of Health and Human Services, Homeland Security, Treasury, and Veterans Affairs should direct appropriate officials to develop SLA guidance and ensure key practices are fully incorporated as the contract and associated SLAs expire.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We are following up with DHS on the finalization of its service level agreement (SLA) guidance.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    5 open recommendations
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to define the scope, implementation strategy, and schedule of the agency's overall modernization approach, with related goals and measures for effectively overseeing the effort. At a minimum, the agency should update its IT strategic plan and complete its modernization plan.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with this recommendation, and reported on actions taken to update its IT Modernization Plan such as conducting cross-functional work sessions to establish an actionable implementation roadmap in line with agency priorities. However, as of April 2017, we have not yet obtained evidence that FEMA has fully updated its IT strategic plan and completed its modernization plan to address the weaknesses identified in our report. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to establish time frames for current and future IT workforce planning during its modernization efforts and ensure all regions and offices are included in these initiatives.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department stated that FEMA completed the assessment of skills gap and identified and prioritized the skills required to staff and sustain the core competencies required to successfully implement FEMA's IT modernization efforts. However, we have not yet validated the agency actions to establish time frames for current and future IT workforce planning during its modernization efforts. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement complete program plans that define overall budget and schedule, key deliverables and milestones, assumptions and constraints, description and assignment of roles and responsibilities, staffing and training plans, and an approach for maintaining these plans.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with our recommendation and in response updated its program management plans that support the program offices of the Disaster Assistance Improvement Plan, Emergency Management Mission Integrated Environment, and Integrated Public Alert and Warning System. The program plans addressed some of the weaknesses we identified in our report. For example, the program management plans identified and described the overall program management processes and methods to be used during all phases of projects and defined key deliverables and milestones, roles and responsibilities, staffing and training and an approach for maintaining the plans. However, the plans did not clearly define the knowledge and skills needed to carry out the program or provide sufficient details on the budget and scheduling for the programs under review. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement a system integration plan that include all systems to be integrated with the system, roles and responsibilities for all relevant participants, the sequence and schedule for every integration step, and how integration problems are to be documented and resolved.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department reported that the system owner for DAIP, EMMIE, and IPAWS programs have updated their respective system integration plans to address the risks identified within the recommendation. In addition, the agency provided documentation such as the IPAWS Integrated Logistics Support Plan, as well as the quality control plan, and test execution plans for both the DAIP and EMMIE programs. However, we have not yet completed our analysis and validated the agency actions on this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As part of the effort of improving IT management at the three programs, the FEMA Administrator should direct the CIO to ensure that FEMA policy for managing IT programs includes guidance for implementing the key management practices.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with the recommendation. In its November 2016 update, FEMA reported that the System Owner for DAIP, EMMIE, and IPAWS have updated their respective IT management program and plans and coordinated with the FEMA CIO to address the risks identified within the recommendation. However, we have not yet validated the agency actions on this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To enhance DHS leadership's ongoing efforts to improve the affordability of the department's major acquisition portfolio, and to ensure adequate communication with Congress, the Secretary of the Department of Homeland Security should ensure that the fiscal year 2017 Future Years Homeland Security Program report, which DHS must submit to Congress at or about the same time as the President's fiscal year 2018 budget request, reflects the results of any tradeoffs stemming from the acquisition affordability reviews recommended above.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the fiscal year 2017 Future Years Homeland Security Program (FYHSP) report would reflect decisions made in response to our second recommendation. DHS expected to release the FYHSP report shortly after the President's fiscal year 2018 budget request in May 2017. However, the transition to a new administration delayed the release of the FYHSP report. Once available, GAO will evaluate the FYHSP report to determine whether DHS has met the intent of this recommendation.
    Recommendation: To enhance DHS leadership's ongoing efforts to improve the affordability of the department's major acquisition portfolio, and to help ensure programs secure stable funding that matches resources to requirements, the Secretary of the Department of Homeland Security should require components to establish formal, repeatable processes for addressing major acquisition affordability issues, similar to the process the Transportation Security Administration has established.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that DHS headquarters would ensure all components are updating their cost estimates each year to inform the annual resource allocation process by March 31, 2017. However, DHS did not establish a requirement that components do so through formal, repeatable processes for addressing major acquisition affordability issues, similar to the process the Transportation Security Administration has established. As of August 2017, seven of DHS's components were in the process of establishing formal, repeatable processes for addressing affordability issues, but had not completed these efforts. GAO will continue to review the components' progress to determine whether the components' actions meet the intent of this recommendation.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To help FPS enhance its strategic human capital planning efforts, the Secretary of Homeland Security should direct the Under Secretary of NPPD to work with the Director of FPS to identify time frames for developing human capital performance measures with targets that are explicitly aligned to FPS's stated human capital goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS stated that NPPD is working with FPS to develop a recruitment and retention strategy that will include performance measures. This strategy will be complete by December 31, 2016. However, NPPD and FPS have not yet identified timeframes for developing performance measures for other human capital areas identified in FPS's human capital plan, such as leadership and knowledge management and building a results-oriented performance culture. Furthermore, because the recruitment and retention strategy is still under development, it is unclear whether the performance measures will have targets that are explicitly aligned to FPS's stated human capital goals. FPS plans to finalize all actions associated with this recommendation by March 2017.
    Recommendation: To help FPS enhance its strategic human capital planning efforts, the Secretary of Homeland Security should direct the Under Secretary of NPPD to work with the Director of FPS to establish a plan and time frames for updating FPS's staffing model regularly and for unexpected changes in operating conditions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS stated that it has conducted a review and gap analysis of its existing staffing model to identify additional features it needs to incorporate into the model. FPS also began to develop a data collection plan that will, among other things, identify data needed and how FPS will validate the data. The results of the gap analysis and data collection plan will be used to establish a plan, with timeframes, for updating the staffing model regularly and when unexpected changes in operating conditions occur. FPS plans to finalize all actions associated with this recommendation by March 2017.
    Recommendation: To help FPS enhance its strategic human capital planning efforts, the Secretary of Homeland Security should direct the Under Secretary of NPPD to work with the Director of FPS to develop and document guidance on the process FPS will use to ensure the quality of its staffing model data, such as guidance on how to collect data, validate assumptions, and perform sensitivity analyses to assess the assumptions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS is in the process of developing documentation that will govern the process it will use to collect data and ensure data quality. FPS plans to finalize all actions associated with this recommendation by March 2017.
    Director: Chris Currie
    Phone: (404) 679-1875

    3 open recommendations
    Recommendation: To enhance accountability for key risk-management activities and facilitate coordination with federal and industry stakeholders regarding electromagnetic risks, the Secretary of Homeland Security should designate roles and responsibilities within the department for addressing electromagnetic risks and communicate these to federal and industry partners.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a June 2016 update to our proposed recommendation, DHS reported that the Cyber, Infrastructure and Resilience (CIR) Policy Office within the DHS Office of Policy is working with DHS components to identify and articulate the roles of the National Protection and Programs Directorate, Federal Emergency Management Agency, Science and Technology Directorate, and others regarding to address electromagnetic risks. As part of this effort, CIR is to coordinate the development of a joint roles and responsibilities document to be communicated through existing partnership structures with internal and external entities.
    Recommendation: To more fully leverage critical infrastructure expertise and address responsibilities to identify critical electrical infrastructure assets as called for in the National Infrastructure Protection Plan, the Secretary of Homeland Security and the Secretary of Energy direct responsible officials to review FERC's electrical infrastructure analysis and collaborate to determine whether further assessment is needed to adequately identify critical electric infrastructure assets, potentially to include additional elements of criticality that might be considered.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a June 2016 update to our proposed recommendation, DHS reported that the National Protection and Programs Directorate (NPPD) will increase collaborative outreach activities with FERC staff that will include a review of identified critical substations developed by FERC. The intended outcome of this review is to inform DHS activities regarding identification and prioritization of critical infrastructure assets for use during steady state and response activities. NPPD is also to inform FERC of its criticality modeling capabilities through the National Infrastructure Simulation and Analysis Center (NISAC) to enhance engagement with FERC's electric power subject matter expertise and inform future capability developments regarding response to and recovery from events such as electromagnetic pulse.
    Recommendation: To enhance federal efforts to assess electromagnetic risks and help determine protection priorities, the Secretary of Homeland Security should direct the Under Secretary for National Protection and Programs Directorate and the Assistant Secretary for the IP to work with other federal and industry partners to collect and analyze key inputs on threat, vulnerability, and consequence related to electromagnetic risks--potentially to include collecting additional information from DOD sources and leveraging existing assessment programs such as the Infrastructure Survey Tool, Regional Resiliency Assessment Program, and DCIP.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a June 2016 update, DHS reported that the department had completed the planned refresh of the Strategic National Risk Assessment, which was intended to incorporate potential impacts to the power system from electromagnetic events. In addition, DHS reported that the Electricity Sub-sector Coordinating Council created an Electromagnetic pulse (EMP) task force, which met in April 2016 and is currently working to develop a joint industry and government approach to address EMP. It was further noted that DHS and DOE initiated a joint study on the effects of EMP on the electric power sector - led by Los Alamos National Laboratory and the National Infrastructure Simulation and Analysis Center (NISAC) - to analyze the hazard environments, impacts, and consequences of EMP and GMD on U.S. electric power infrastructure. In addition, DHS noted their support of a new effort by the Electric Power Research Institute and 39 industry partners to further study EMP vulnerabilities.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To further build on the efforts to improve emergency communications interoperability in the NCR, as part of its efforts to restructure the JFC, the Federal Emergency Management Agency Administrator should direct the Director of ONCRC to clearly articulate in a written agreement the roles and responsibilities of the participating agencies and specify how these agencies are to work together across agency boundaries.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with our recommendation, and has taken initial steps to implement it. In April 2016, the department stated in correspondence to GAO that its Office of the Chief Information Officer (OCIO) developed a scorecard to track progress for each of the data center optimization areas. According the department's scorecard, the department reported meeting 3 of 10 optimization targets, but did not meet the remaining 7 targets. DHS's OCIO noted that they would update this scorecard quarterly in alignment with Federal Data Center Consolidation Initiative data collection. DHS's OCIO expected to complete implementation of this recommendation by November 30, 2016. However, as of July 2017, DHS reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not yet meet any of the five data center optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To enhance Department of Homeland Security's (DHS) U.S. Immigration and Customs Enforcement's (ICE) ability to make more effective business decisions across immigration detention facilities with respect to the provision of medical care, the Secretary of Homeland Security should direct ICE to track inspection results and conduct analyses of oversight data over time, by standards, and by facility type.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, ICE has not provided a status update regarding the implementation of this recommendation. We will provide updated information after confirming any agency actions.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    11 open recommendations
    Recommendation: To ensure that the HRIT investment receives necessary oversight and attention, the Secretary of Homeland Security should direct the Under Secretary of Management to ensure that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT, including approving key program management documents, such as HRIT's operational plan, schedule, and planned cost estimate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS provided documentation demonstrating that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT in response to our recommendation. DHS also provided documentation demonstrating that the Executive Steering Committee approved HRIT's operational plan for fiscal years 2016-2018. However, DHS still needs to demonstrate that the HRIT ESC has approved the schedule and cost estimate for HRIT.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to update and maintain a schedule estimate for when DHS plans to implement each of the strategic improvement opportunities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to HRIT officials, in response to our recommendation, DHS has developed an implementation plan, including a schedule estimate, for addressing HRIT's strategic improvement opportunities. We will continue to follow-up with them for documentation of this implementation plan.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to develop a complete life-cycle cost estimate for the implementation of HRIT.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS prepared an independent cost estimate for the HRIT investment. When developing this estimate, the cost estimators made many assumptions about HRIT's strategic improvement opportunities that had not yet been defined, such as the scope and the preliminary acquisition strategies for each. We will continue to follow-up with DHS for supporting documentation for this estimate in order to better understand it.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to document and track all costs, including components' costs, associated with HRIT.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with the recommendation and is working to implement it. While DHS provided certain cost tracking information for HRIT, this information was incomplete and did not demonstrate ongoing tracking of all costs. We will continue to follow-up with DHS to obtain additional documentation.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to update and maintain the department's human resources system inventory.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS provided its updated human resources systems inventory that it developed in response to our recommendation. According to officials, the list is reviewed and updated on an annual basis or as-needed when a system is deployed or retired. We will continue to monitor this recommendation to ensure that DHS is maintaining this inventory.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to establish a time frame for deciding whether PALMS will be fully deployed at the Federal Emergency Management Agency (FEMA) and the U.S. Coast Guard (USCG), and determine an alternative approach if the learning and/or performance management capabilities of PALMS are deemed not feasible for the U.S. Immigration and Customs Enforcement, FEMA, the Transportation Security Administration, or USCG.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials stated that PALMS will not be fully deployed at FEMA, USCG, ICE, or TSA. The officials stated that future Human Resources Information Technology (HRIT) programs will include enhancing learning management and performance management capabilities. Officials stated that the details related to these efforts are to be discussed in the HRIT strategic improvement opportunity implementation plan. We will continue to follow-up with DHS for documentation of this plan.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to develop a comprehensive life-cycle cost estimate, including all government and contractor costs, for the PALMS program.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials stated that the PALMS program will move into an operations and maintenance phase once the PALMS learning management capabilities are deployed to U.S. Secret Service. As such, DHS does not plan to develop an updated life-cycle cost estimate (LCCE) for PALMS. We will continue to follow-up with DHS for documentation of PALMS's actual costs, including government costs.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to develop and maintain a single comprehensive schedule that includes all government and contractor activities, and includes all planned deployment milestones related to performance management.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, the PALMS program office updated its integrated master schedule. However, this schedule has not been appropriately maintained. We will continue to follow-up with DHS officials on this recommendation.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to track and monitor all costs associated with the PALMS program.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with the recommendation and is working to implement it. DHS provided certain cost tracking information for PALMS, but this information did not include government costs or certain past PALMS costs, such as 2017 costs for the Federal Law Enforcement Training Centers' ongoing use of PALMS. We will continue to follow-up with DHS officials on this recommendation.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to document PALMS's progress and milestone reviews, including all issues and corrective actions discussed.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS is documenting certain PALMS progress reviews. We have requested documentation related to U.S. Secret Service's deployment of PALMS, to determine whether the Service conducted and documented a milestone review prior to deploying the system.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to establish a comprehensive risk log that maintains an aggregation of all up-to-date risks (including both government- and vendor-identified)and associated mitigation plans. Additionally, within the comprehensive risk log, the PALMS program office should (1) identify and document planned completion dates for each risk mitigation step (where appropriate), and (2) prioritize the risks by determining each risk's relative priority and overall risk level.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS updated its PALMS risk register. However, this register was not comprehensive. We will continue to follow-up with DHS officials on this recommendation.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    5 open recommendations
    Recommendation: To enhance and to promote more consistent oversight of the Coast Guard's efforts to address the incidence of hazing, the Commandant of the Coast Guard should regularly monitor hazing policy implementation.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including the scope of the data to be collected and maintained on reported incidents of hazing.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including a standard list of data elements to be collected on reported hazing incidents.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including definitions of the data elements to be collected to help ensure that incidents are tracked consistently within the Coast Guard.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater visibility over the extent of hazing in the Coast Guard to better inform actions to address hazing, the Commandant of the Coast Guard should evaluate the prevalence of hazing in the Coast Guard.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To enable FEMA to and more effectively respond to disasters, the Secretary of Homeland Security should direct the FEMA Administrator to develop a workforce strategy to manage and improve retention that includes a process for systematically gathering attrition data and a plan to retain IMAT Cadre-of On-Call Response Employees.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, FEMA provided an update on the status of actions taken in response to our report. In the update, FEMA officials said they had issued a new FEMA Human Capital Strategic Plan for fiscal years 2016-2020 that includes an objective to build a scalable and skilled workforce with associated measures including a decrease in attrition rate for permanent full time employees, and an increase in disaster workforce through improvements in the recruitment and retention of incident management employees. FEMA also stated that pay issues and work-life balance have been identified as contributing to retention on National Type I and Regional Type II IMATs. FEMA is actively addressing the pay issues. FEMA provided a brief summary of the actions being taken--which includes development of a policy that provides information on establishing base pay under the new pay system, movement within the pay bands, and merit-based increases is in development. Until completion of the action items, this recommendation will remain open. FEMA officials plan to provide a status update in October 2017.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    2 open recommendations
    Recommendation: To promote more effective grant management coordination, the Secretary of Homeland Security should direct the FEMA Administrator to develop a plan with time frames, goals, metrics and milestones detailing how Grant Programs Directorate intends to resolve longstanding challenges associated with its existing hybrid grants management model, which divides responsibilities between regional and headquarters staff.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of March 2017, FEMA did not believe a plan was warranted to address long-standing coordination issues associated with its existing hybrid grants management model, as recommended in GAO's February 2016 report. According to the Department of Homeland Security, FEMA believes strongly in the importance of close and collaborative relationships between headquarters and regional grants staff. Further, FEMA stated the Grant Programs Directorate at headquarters already has in place numerous steps to ensure coordination and collaboration with regional grants staff. However, these steps by FEMA were already in place when GAO conducted its review in 2015 and early 2016, yet GAO identified continuing challenges related to coordination between headquarters and regions in conducting monitoring visits and providing consistent guidance to state grantees. As a result, GAO continues to believe that without a plan with time frames, goals, metrics, and milestones detailing how officials intend to resolve long-standing challenges associated with FEMA's existing hybrid grants management model, these challenges will continue to hamper the effectiveness of interactions between FEMA and state and local stakeholders in implementing the grant programs.
    Recommendation: To enable more sophisticated and comprehensive awareness of states' NIMS implementation, the Secretary of Homeland Security should direct the FEMA Administrator to develop policies and procedures for regional staff to review after-action reports from preparedness exercises within their region, and headquarters staff to review these evaluations in order to have a better understanding of NIMS implementation.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In March 2017, FEMA officials provided an update on the status of actions taken in response to our report. In the update, FEMA officials said the National Integration Center (NIC) is holding consultative sessions with state and local emergency managers to ensure the revised National Incident Management System (NIMS) doctrine and implementation objectives is operationally sound from the perspective of FEMA's stakeholders. They expect to complete this effort by September 30, 2017. Pending completion of this effort, the recommendation will remain open.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    9 open recommendations
    Recommendation: The Secretary of Homeland Security should direct Network Security Deployment (NSD) to determine the feasibility of enhancing NCPS's current intrusion detection approach to include functionality that would detect deviations from normal network behavior baselines.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 Update: In Feb. 2017, DHS officials stated that they have continued pilot activities that will enable DHS to identify suspicious network activity based on anomalous behavior and reputation and have collected lessons learned that are being tracked by the NCPS Program Management Office. Officials added that DHS had identified a contractor to support the transition of the pilot, including drafting an implementation plan; however, it had yet to award a contract due to lack of resources. As such, the agency did not have an estimated date on the completion of a draft plan for how the transition would be implemented. We requested that DHS provide a copy of the draft implementation plan for our review, when it became available. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct NSD to determine the feasibility of developing enhancements to current intrusion detection capabilities to facilitate the scanning of traffic not currently scanned by NCPS.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the NCPS Program Management Office is working with participating Internet Service Providers (ISP) to develop plans to support IPv6 for Traffic Aggregation, DNS redirection, and SMTP quarantining capabilities. Officials stated that an implementation plan that would include all ISP schedules for all planned intrusion prevention services would be available in the third quarter of fiscal year 2017. Additionally, regarding encrypted traffic, officials stated that it is conducting an analysis of Security on Encrypted Traffic (SonET) to better understand options for addressing the challenges, viability of options, and how the issue is being addressed at a broader industry level. The study is scheduled to continue through the fourth quarter of fiscal year 2017. We asked DHS to provide the ISP implementation plans (when finalized) and any findings from the ongoing SCADA and Encrypted traffic studies. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct United States Computer Emergency Readiness Team (US-CERT) to update the tool it uses to manage and deploy intrusion detection signatures to include the ability to more clearly link signatures to publicly available, open-source data repositories.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS stated that the NCPS PMO is working with participating Internet Service Providers (ISP) to develop plans to support IPv6 for Traffic Aggregation, DNS redirection, and SMTP quarantining capabilities. Officials stated that an implementation plan that would include all ISP schedules for all planned intrusion prevention services would be available in the third quarter of fiscal year 17. Additionally, officials stated that NSD is conducting an analysis on Security on Encrypted Traffic (SonET) to better understand options for addressing the challenges, viability of options, how the issue is being addressed at a broader industry level. The study will continue through the fourth quarter of fiscal year 2017. We asked DHS to provide the ISP implementation plans (when finalized) and any output/results (findings) from the ongoing studies DHS has related to SCADA and Encrypted traffic. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to consider the viability of using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, as an input into the development and management of intrusion detection signatures.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that enhancements were made so that Continuous Diagnostics and Mitigation program (CDM) data can be viewed with the Cyber Indicators Analysis Program (CIAP). Officials stated that the CDM data now may be combined with known vulnerability findings from NCATS and known threats collected from the CIAP system to further prioritize signature development as necessary. We have requested a meeting with DHS to observe the described enhancements. We believe that we will be able to close this recommendation, once we observe the claimed enhancements.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to develop a timetable for finalizing the incident notification process, to ensure that customer agencies are being sent notifications of potential incidents, which clearly solicit feedback on the usefulness and timeliness of the notification.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 Update: In Feb. 2017, DHS stated that US-CERT is in the process of developing a targeted survey of EINSTEIN customers (based off of a prior survey). Additionally, US-CERT has updated the Incident Reporting Guidelines to address previously mentioned process concerns. We have requested a copy of these guidelines and will review the modifications made within. Additionally, DHS stated that modifications to the Remedy ticketing system are underway that would allow for the inclusion of user feedback. These changes are anticipated to be implemented by October 2017. We likely would not be able to close this recommendation until we could review the results of the modifications.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop metrics that clearly measure the effectiveness of NCPS's efforts, including the quality, efficiency, and accuracy of supporting actions related to detecting and preventing intrusions, providing analytic services, and sharing cyber-related information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the Office of Cyber Security and Communications (CS&C) had developed, refined, and were baselining a first set of measures that relate to the Einstein 3A program. Further, they are considering adding one of these measures as an addition to the measures tracked in support of the yearly Government Performance and Results Act (GPRA) required reporting in FY 2018. Additionally, DHS officials stated they are developing information sharing related measures, including exploring how its public and private sector recipients of information measure the value cyber threat indicators and defensive measures. In March 2017, we requested a copy of the developed measures, when they became available. This recommendation will remain open until we are able to review the developed metrics and the subsequent data they are to measure.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop clearly defined requirements for detecting threats on agency internal networks and at cloud service providers to help better ensure effective support of information security activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS provided memos that gave an overview of the planned enhancements to the Continuous Diagnostics and Mitigation (CDM) program that included references to cloud providers. However, DHS did not provide any specific requirements for us to review. We have requested a follow-up meeting to review the specific requirements developed in support of the planned enhancements described in the provided memos. We will not be able to close this recommendation until we can review the developed requirements and determine that cloud providers are appropriately covered.
    Recommendation: The Secretary of Homeland Security should direct NSD to develop processes and procedures for using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, to help ensure DHS is using a risk-based approach for the selection/development of future NCPS intrusion prevention capabilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS stated that the NCPS Program Management Office has made enhancements to the Continuous Diagnostics and Mitigation (CDM) dashboard, but had yet to fully develop the CDM/NCPS data correlation. In March 2017, we asked for update on the status of data correlation, once available. In order to close this recommendation, we would need to review this model and determine how, if at all, the vulnerability information was used as part of a risk-based approach to intrusion prevention.
    Recommendation: The Secretary of Homeland Security should direct NSD to work with their customer agencies and the Internet service providers to document secure routing requirements in order to better ensure the complete, safe, and effective routing of information to NCPS sensors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the agency worked with the Office of Management and Budget to develop a draft Trusted Internet Connections Reference Architecture. This architecture is to serve as the new guidance for agencies on perimeter security capabilities as well as alternative routing strategies. In March 2017, we requested a copy of the guidance to review the alternative routing guidance. This recommendation will remain open until we have been able to review the information above.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To address different interpretations of cutter boat requirements, the Commandant of the Coast Guard should direct the NSC program office to clarify the NSC's key performance parameters for the cutter boat operations (specifically the launch and recovery of cutter boats).

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard is in the process of updating the operator's handbook for the Long Range Interceptor II cutter boat to clarify that it is capable of operating through sea state 5, which will meet the National Security Cutter's key performance parameter related to cutter boat operations. According to Coast Guard officials, the updated operator's handbook should be signed and approved between August and November 2017.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    1 open recommendations
    Recommendation: To better facilitate adoption of the NIST Framework for Improving Critical Infrastructure Cybersecurity, the Secretary of Homeland Security should direct officials responsible for the Critical Infrastructure Cyber Community Voluntary Program to develop metrics for measuring the effectiveness of efforts to promote and support the framework.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In December 2016, DHS officials stated that they will continue to work with sector-specific agency partners and NIST to determine how to develop measurement activities and collect information on C3VP outreach and its effectiveness in promoting and supporting the Cybersecurity Framework. We will continue to monitor their efforts and verify whether implementation of metrics has occurred.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help ensure that actions taken to improve the test and evaluation process address identified challenges, the Administrator of TSA should finalize all aspects of the third party testing strategy before implementing further third party testing requirements for vendors to enter testing.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In its response to this recommendation, the Department of Homeland Security concurred and identified initial planned actions to implement the finalize third party strategy. Subsequently, in the Spring of 2016, the TSA Office of Security Capabilities finalized its third party tester application and approval process; established quality conformance standards for potential third party testers; and gathered and considered industry feedback on potential third party test strategy consequences among other actions. Collectively, TSA established and published program requirements and procedures for the third party test strategy. In late 2016, TSA formally delayed its planned implementation of the third-party testing program by a calendar year to now be completed by December 31, 2017. TSA cited a need to conduct additional assessments, coordination challenges, and larger TSA security equipment related initiatives as the reasons for the delay. As part of its regular recommendation status reporting to GAO, TSA in the Spring 2017, noted that it is on track to meet the intent of the recommendation by the later revised date. TSA noted it had recently updated its qualification process by which qualified product lists will be populated and has already incorporated various aspects of third party testing for legacy security equipment qualification.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    4 open recommendations
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on a joint strategy and finalizing it in order to define and articulate a common understanding of expected outcomes and align the two agencies' activities and core processes to achieve their related missions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for completing a joint strategy for federal security once its memorandum of agreement with the General Services Administration is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on the two agencies' respective roles and responsibilities for federal facility security, and update and finalize the two agencies' MOA accordingly.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it is working internally to prepare the memorandum of agreement for review and signature by the FPS Director, pending no additional changes are required to the document.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop a process to ensure that compatible policies and procedures, including those for information sharing, are communicated at the regional level so that regional officials at both agencies have common information on how to operationalize the two agencies' collaborative efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for the issuance of a joint field guidance for working with the General Services Administration (GSA) once its memorandum of agreement with GSA is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop mechanisms to monitor, evaluate, and report on their collaborative efforts to protect federal facilities in order to identify possible areas for improvement and to reinforce accountability.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for the appointment of an FPS-GSA Liaison once its memorandum of agreement with GSA is updated and signed.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    including 3 priority recommendations
    Recommendation: To provide reasonable assurance that USCIS's fraud prevention controls are adequate and effectively implemented, and ensure that asylum officers and FDNS immigration officers have the capacity to detect and prevent fraud, the Secretary of Homeland Security should direct USCIS to conduct regular fraud risk assessments across the affirmative asylum application process.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: In October 2016, DHS indicated that USCIS had established a working group and collected fraud trend information from all eight asylum offices that will be used to inform the development of a risk assessment framework. As of January 2017, USCIS reported that the Asylum Division is continuing to develop the risk assessment framework and is working on an initial draft. According to USCIS, the Asylum Division, in cooperation with other relevant internal stakeholders such as USCIS's Fraud Detection and National Security Directorate, plans to develop an assessment tool and implementation plan for completing regular fraud risk assessments of the affirmative asylum process, with the first assessment to be completed no later than the end of fiscal year 2017. Regularly assessing fraud risks across the affirmative asylum process would provide USCIS more complete information on risks that may affect the integrity of the process and therefore help USCIS target its fraud prevention efforts to those areas that are of highest risk.
    Recommendation: To provide reasonable assurance that USCIS's fraud prevention controls are adequate and effectively implemented, and ensure that asylum officers and FDNS immigration officers have the capacity to detect and prevent fraud, the Secretary of Homeland Security should direct USCIS to develop and implement a mechanism to collect reliable data, such as the number of referrals to FDNS from asylum officers, about FDNS's efforts to combat asylum fraud.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In January 2016, USCIS reported that FDNS is making improvements in its database for maintaining data and information on all FDNS activities, including activities associated with asylum fraud investigations. USCIS reported that FDNS planned to update database system guides and associated training materials, and conduct training for all users by September 2016. As of October 20, 2016, USCIS had not provided GAO with additional updates to the status of this recommendation. Developing and implementing a mechanism to collect reliable data, such as the number of referrals to FDNS from asylum officers, should help FDNS's efforts to combat asylum fraud.
    Recommendation: To provide reasonable assurance that USCIS's fraud prevention controls are adequate and effectively implemented, and ensure that asylum officers and FDNS immigration officers have the capacity to detect and prevent fraud, the Secretary of Homeland Security should direct USCIS to identify and implement tools that asylum officers and FDNS immigration officers can use to detect potential fraud patterns across affirmative asylum applications.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: In February 2016, DHS indicated that USCIS had allotted fiscal year 2016 funds in support of initial acquisition activities for tools to detect potential fraud patterns across affirmative asylum applications. USCIS reported that FDNS and DHS's Homeland Security Advanced Research Projects Agency are conducting an Analysis of Alternatives (AoA) to evaluate and compare operational effectiveness, suitability, costs, and risks associated with alternative solutions. In October 2016, DHS officials indicated that FDNS and DHS's Homeland Security Advanced Research Projects Agency have completed an AoA and presented the results to FDNS leadership. According to USCIS, FDNS identified a hardware solution and began acquisition planning for this hardware in September 2016. As of October 2016, RAIO FDNS is working with USCIS's Office of Information Technology and other DHS components, including the DHS Science and Technology Directorate, to study options. Based upon this additional work, and dependent on securing necessary funding, USCIS reported that it expects to complete the analysis of additional tools by September 30, 2017. Identifying and implementing new tools to detect fraud patterns would help USCIS ensure that asylum officers and FDNS immigration officers have the capacity to detect and prevent asylum fraud.
    Recommendation: To provide reasonable assurance that USCIS's fraud prevention controls are adequate and effectively implemented, and ensure that asylum officers and FDNS immigration officers have the capacity to detect and prevent fraud, the Secretary of Homeland Security should direct USCIS to require FDNS immigration officers to prescreen all asylum applications for indicators of fraud to the extent that it is cost-effective and feasible.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: We reported that some asylum offices have strengthened their capability to detect and prevent fraud by using immigration officers from USCIS's Fraud Detection and National Security Directorate (FDNS) to prescreen affirmative asylum applications; however, the use of this practice varied across asylum offices. In October 2016, DHS stated that FDNS had completed an initial review of all locally-developed prescreening policies and was working to analyze them comprehensively. Since completing this analysis, USCIS has been drafting a memorandum and companion guidance to be provided to the asylum offices, which USCIS officials stated will establish the framework for a national prescreening program. As of March 2017, USCIS reported that it expects to complete the guidance by September 30, 2017. Greater use of prescreening could allow FDNS to identify fraud trends and detect patterns that may not be evident in a small sample of asylum applications.
    Recommendation: To provide reasonable assurance that USCIS's fraud prevention controls are adequate and effectively implemented, and ensure that asylum officers and FDNS immigration officers have the capacity to detect and prevent fraud, the Secretary of Homeland Security should direct USCIS to include a review of potential fraud indicators in future random quality assurance reviews of asylum applications.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In December 2015, GAO reported that U.S. Citizenship and Immigration Services (USCIS) had implemented some quality assurance procedures for asylum decisions that are designed to ensure asylum officers' decisions are legally sufficient. However, GAO found that USCIS's random quality assurance reviews of asylum cases did not include an examination of potential indicators of fraud in the case file. Thus, GAO recommended that USCIS include a review of potential fraud indicators in future random quality assurance reviews of asylum applications. As of January 2016, USCIS's Asylum Division had revised its quality assurance checklist to include a fraud-specific section that will help the reviewers evaluate whether any fraud indicators were properly identified, analyzed, and processed by asylum officers. According to Asylum Division officials, the revised checklist will be used for all general random quality assurance reviews of asylum cases, and officials stated that the next such random review is scheduled for fiscal year 2017. To fully address this recommendation, upon completion of the fiscal year 2017 review, USCIS plans to provide GAO with documentation that the revised checklist was used.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    2 open recommendations
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretary of Homeland Security should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear sectors' cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has released updated sector-specific plans for the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear reactors sectors. The plans include a section on measuring effectiveness based on the plan development guidance. The plans provide expected metrics to track the progress of sector activities and state that the outcomes will be reported through the National Annual Reporting process as well as through the quadrennial plan update. Because the metrics are new and annual reporting has not yet occurred, DHS has not provided evidence of metrics data collected and reported to address the challenges. We will continue to follow-up to determine how performance measures have been implemented and what reporting is available based on those measures.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Homeland Security and Transportation (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the transportation systems sector's cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The co-Sector-Specific Agencies (SSAs) for the Transportation Systems Sector, DHS (TSA and Coast Guard) and the Department of Transportation, provided an update on efforts to develop sector cybersecurity metrics. The update described measures under consideration such as tracking the number of sector stakeholders receiving cybersecurity products, monitoring the usefulness of products through satisfaction surveys, and tracking attendance at sector events and seminars encompassing cybersecurity. The co-SSAs plan to report sector cyber activities, progress, and relevant metrics annually through the Critical Infrastructure National Annual Report and through quadrennial updates to the sector-specific plan. The latest sector-specific plan was released in 2015. The proposed metrics have not been formalized in a strategy or plan. We will continue to monitor and evaluate efforts to formalize and implement the proposed metrics to determine whether they address the intent of the recommendation.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    2 open recommendations
    Recommendation: To improve the Coast Guard's management of initiatives to increase the recruitment and accessions of women into the officer corps, the Commandant of the Coast Guard should develop an oversight framework that includes or incorporates (consistent with applicable law): (1) Service-wide program goals for initiatives directed at female officers' recruitment, such as goals related to the composition of the applicant pool; (2) Performance measures linked to program goals; and (3) Resource allocations linked to program goals.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Recommendation: To improve the Coast Guard's management of initiatives to increase the recruitment and accessions of women into the officer corps, the Commandant of the Coast Guard should conduct evaluations for key recruitment initiatives to help ensure these initiatives are achieving their intended purpose.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Director: Timothy M. Persons
    Phone: (202) 512-6412

    2 open recommendations
    Recommendation: To help ensure that biosurveillance-related funding is directed to programs that can demonstrate their intended capabilities, and to help ensure sufficient information is known about the current Gen-2 system to make informed cost-benefit decisions about possible upgrades and enhancements to the system, the Secretary of Homeland Security should direct the Assistant Secretary for Health Affairs and other relevant officials within the Department to not pursue upgrades or enhancements to the current BioWatch system until the Office of Health Affairs (OHA): (1) establishes technical performance requirements, including limits of detection, necessary for a biodetection system to meet a clearly defined operational objective for the BioWatch program by detecting attacks of defined types and sizes with specified probabilities; (2) assesses the Gen-2 system against these performance requirements to reliably establish its capabilities; and (3) produces a full accounting of statistical and other uncertainties and limitations in what is known about the system's capability to meet its operational objectives.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help reduce the risk of acquiring immature detection technologies, the Secretary of Homeland Security should direct the Assistant Secretary for Health Affairs, in coordination with the Under Secretary for Science and Technology, to use the best practices outlined in this report to inform test and evaluation actions for any future upgrades or changes to technology for BioWatch.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michele Mackin
    Phone: (202) 512-4841

    3 open recommendations
    Recommendation: To improve coordination and communication between FEMA OCPO and region mission support officials region mission support officials, the FEMA Administrator should establish a plan to ensure that the agreement is reviewed on an annual basis as intended.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In commenting on this report, DHS concurred with this recommendation. According to FEMA officials, the Office of Procurement Operations has since formed a team that will address this recommendation. We will provide updated information as it becomes available.
    Recommendation: To improve coordination and communication between FEMA Office of the Chief Procurement Officer (OCPO) and region mission support officials region mission support officials, the FEMA Administrator should direct OCPO and the regional administrators to revisit the 2011 service level agreement to: add details about the extent of operational control headquarters and regional supervisors should exercise to minimize potential competing interests experienced by regional contracting officers; further detail headquarters and regional supervisors' roles and responsibilities for managing regional contracting officers to improve coordination and communication; and ensure that the agreement reflects any new requirements, including recent changes in training that may require travel funds.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In commenting on this report, DHS concurred with this recommendation. According to FEMA officials, the Office of Procurement Operations has since formed a team that will address this recommendation. We will provide updated information as it becomes available.
    Recommendation: To address PKEMRA, the Secretary of Homeland Security should take action to address the requirements of Section 692 to implement subcontractor limitations or request that Congress amend the law to delete Section 692.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In 2016, DHS took steps to ask Congress to repeal PKEMRA Section 692, which prohibits the use of subcontracts for more than 65 percent of the cost of cost-reimbursement type contracts that exceed the simplified acquisition threshold. DHS submitted a legislative change proposal to the Office of Management and Budget (OMB), who approves such proposals before they are submitted to Congress. OMB approved the proposed change for PKEMRA Section 692 in April 2016. We will provide additional updates as information becomes available.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To help ensure that agencies' policies and oversight are fully consistent with The Attorney General's Guidelines Regarding the Use of Confidential Informants, the Assistant Secretary of ICE and the Commandant of USCG should update their respective agencies' informant policies and corresponding monitoring processes to explicitly address the Guidelines' provisions on oversight of informants' illegal activities.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: In December 2016, ICE issued a memo regarding changes to its policies for the registration and suitability of confidential informants. The memo included updated forms to oversee those aspects of confidential informant oversight. In April 2017, ICE officials informed GAO that a working group is in the process of updating the Informants Handbook and the Undercover Operations Handbook. ICE expects to finalize drafts of the handbooks in September 2017 and implement them by December 2017. When the updated handbooks are available for GAO's review, we will assess the extent to which they address our recommendation.
    Director: David Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To improve the department's IT savings reinvestment plans, the Secretary of Homeland Security should direct the CIO to ensure that the department's integrated data collection submission to OMB includes, for all reported initiatives, complete plans to reinvest any resulting cost savings and avoidances from OMB-directed IT reform-related efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security agreed with our recommendation, but has not yet taken steps to implement it. Specifically, as of May 2017, the department's integrated data collection submission to the Office of Management and Budget had not been updated to include reinvestment plans for all reported cost savings and avoidance initiatives. For example, the department did not include reinvestment plans for two cost avoidances strategies related to the Office of Management and Budget's PortfolioStat initiative that have resulted approximately $96 million in cost avoidances. We will continue to evaluate the department's progress in implementing this recommendation.
    Director: Gambler, Rebecca S
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should plan and conduct regular future fraud risk assessments of the EB-5 Program.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: The Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS) is responsible for administering the Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program). In 2015, we reviewed the EB-5 program to determine if USCIS assesses fraud and other related risks facing the program. We found that USCIS had collaborated with its interagency partners to assess fraud and national security risks in the program in fiscal years 2012 and 2015 but that these assessments were onetime efforts that did not have documented plans to conduct regular future risk assessments, in accordance with fraud prevention practices, which could help inform efforts to identify and address evolving program risks. To strengthen the program's fraud prevention, detection, and mitigation capabilities, we recommended that USCIS plan and conduct regular future fraud risk assessments. USCIS concurred with the recommendation, stating that it will continue to conduct at least one fraud, national security, or intelligence assessment on an aspect of the program annually. In September 2015, USCIS stated that the Fraud Detection and National Security Directorate unit of its Immigrant Investor Program (IPO) will conduct its next fraud, national security, and intelligence assessment in FY 2016 and one assessment annually thereafter. In an August 2016 update, USCIS stated that it had conducted a national security assessment, the draft of which was under review by management, to be finalized by September 30, 2016. We will continue to monitor USCIS's efforts to ensure that the agency finalizes this assessment and documents plans to conduct future fraud assessments on a regular basis.
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should develop a strategy to expand information collection, including considering the increased use of interviews at the I-829 phase as well as requiring the additional reporting of information in applicant and petitioner forms.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In 2015, we evaluated the Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS) Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program) to determine the extent to which the agency had addressed any identified fraud risks in the program. We found that USCIS had identified unique fraud risks in the program and had taken certain steps to address and enhance its fraud risk management efforts, including establishing a dedicated entity to oversee these efforts. However, we found that USCIS's information systems and processes limited its ability to collect and use data on EB-5 Program participants to comprehensively address fraud risks in the program. To strengthen the program's fraud mitigation capabilities, we recommended that USCIS develop a strategy to expand information collection, including considering the increased use of interviews at the application for permanent residency (form I-829) phase as well as requiring the additional reporting of information in applicant and petitioner forms. USCIS concurred with the recommendation, stating that IPO will develop a strategy to enhance and expand information collection, including publishing revised EB-5 application and petition forms, and considering the use of interviews. In a September 2015 update to this recommendation, USCIS stated that it had begun internal discussions for developing a comprehensive strategy to incorporate interviews into various stages of the EB-5 process, including the I-829 phase. In addition, USCIS was implementing a comprehensive approach for revising all EB-5 specific forms (I-526, I-924, and I-924A) to improve program integrity and data collection. USCIS expects the revised forms to be available after December 31, 2015. In an August 2016 update, USCIS stated that it has revised Forms I-924, I-924A, and I-526, and anticipated revising Forms I-924 and I-924A by November 2016 and Form I-829 by March 2017. USCIS also stated that IPO had initiated a new process to allow interview of Form I-829 petitioners by video conference, and planned to develop a comprehensive interview strategy based on the results of initial and future interviews as well as other relevant information. We will continue to monitor USCIS's efforts to develop and implement this more comprehensive EB-5 data collection strategy.
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should track and report data that immigrant investors report, and the agency verifies on its program forms for total investments and jobs created through the EB-5 Program.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In 2015, we evaluated the Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS)'s capacity to verify job creation and to use a valid and reliable methodology to report the economic benefits of its Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program). We found that over time USCIS had increased its capacity to verify job creation by increasing the size and expertise of its workforce and by providing clarifying guidance and training, among other actions. However, we found that USCIS's methodology for reporting program outcomes and overall economic benefits of the EB-5 Program was not valid and reliable because it may understate or overstate program benefits in certain instances as it was based on the minimum program requirements of 10 jobs and a $500,000 investment per investor, instead of the number of jobs and investment amounts collected by USCIS on individual EB-5 Program forms. To more accurately and comprehensively assess and report the overall economic benefits of the program, we recommended that USCIS track and report data that immigrant investors report, and the agency verifies on its program forms for total investments and jobs created. USCIS concurred with this recommendation, stating that IPO will develop a plan to collect and aggregate additional data regarding EB-5 investment amounts and job creation, including revising USCIS data systems and processes, as appropriate. In a September 2015 update, USCIS further stated that IPO officials had already met with officials from the USCIS Office of information Technology (OIT) on August 25, 2015, to discuss EB-5 data requirements, and that IPO is reviewing the fields in the Intranet Computer Linked Application Information Management System (iCLAIMS) database used for maintaining EB-5 and other immigration program data, to define data entry requirements. Once that is completed, USCIS stated that IPO will work with OIT to discuss any system changes needed to reliably aggregate data regarding EB-5 program investment amounts and job creation. In an August 2016 update, USCIS stated that through regular meetings with OIT, IPO has identified the assets needed to develop a case management system to meet the complex data needs of the EB-5 program. This system, which will be compatible with USCIS's electronic immigration system, is tentatively projected to be completed in FY 2017. We will continue to monitor USCIS's efforts to develop a system that will enable it to accurately and comprehensively assess and report the overall economic benefits of the program.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To increase states' abilities to improve disaster resilience and mitigate future damage when using federal funding in the wake of disasters, the FEMA Administrator should, consistent with the goals of the NDRF to integrate hazard mitigation and risk reduction opportunities into all major decisions and reinvestments during the recovery process, assess the challenges state and local officials reported, including the extent to which the challenges can be addressed and implement corrective actions, as needed.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open
    Priority recommendation

    Comments: In April 2017, FEMA officials provided a corrective action plan that included interim actions and milestones leading to the establishment of procedures and training to assist in implementing policy changes through the end of calendar year 2016. In September 2016, FEMA issued new policies to establish minimum standards for Public Assistance projects that are intended to promote resilience and achieve risk reduction. The April 2017 update indicates that FEMA plans to complete actions to implement this recommendation by May 2017. GAO will assess the actions taken when they are complete.
    Director: Kimberly Gianopoulos
    Phone: (202)512-8612

    1 open recommendations
    Recommendation: To strengthen agency performance measurement related to deterring child smuggling, the Secretary of Homeland Security should instruct DHS's U.S. Immigration and Customs Enforcement to establish annual performance targets associated with the performance measures it has established for its Transnational Criminal Investigative Units.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In its comments on the report in July 2015, the Department of Homeland Security stated that it concurred with this recommendation, and that it would work with host nation partners to establish goals to measure these units' investigative activities and capacity development. In September 2015, DHS noted that it planned to use law enforcement data to measure TCIU success rates and inform efforts going forward. GAO has followed up with DHS--most recently in June 2017--on the status of its efforts to establish performance targets, but has not yet received a response.
    Director: Chris Currie
    Phone: (404) 679-1875

    2 open recommendations
    Recommendation: To ensure the accuracy of the data submitted by chemical facilities, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for the Office of Infrastructure Protection, and the Director of ISCD, in the interim, to identify potentially miscategorized facilities with the potential to cause the greatest harm and verify the Distance of Concern these facilities report is accurate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, as of November 2016 ISCD completed its assessment of all Top-Screens which reported threshold quantities of release-toxic chemicals of interest and identified 158 facilities with the potential to cause the greatest harm. ISCD contacted all 158 facilities and received revised Top-Screens from 101, according to ISCD officials. ISCD halted pursuit of revised Top-Screens from the remaining facilities during summer 2016 in anticipation of the pending release of CSAT 2.0, the Top-Screen application, which both eliminates the Distance of Concern question and will result in all remaining facilities being required to submit a new Top-Screen upon the activation of CSAT 2.0. CSAT 2.0 was activated October 1, 2016, and DHS sent a letter to each of the remaining facilities informing them of their obligation to submit a new top-screen, according to ISCD officials. ISCD is continuing to monitor the resolution of the remaining cases and expects to have assessed updated Top-Screens for all of them within the first or second quarter of 2017. We will update the status of this recommendation after additional information is received from DHS.
    Recommendation: In addition, to better manage compliance among high-risk chemical facilities and demonstrate program results, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for the Office of Infrastructure Protection, and the Director of ISCD to develop documented processes and procedures to track noncompliant facilities and ensure they implement planned measures as outlined in their approved site security plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, ISCD is nearing finalization of the updated CFATS Inspection Standard Operating Procedure (SOP) and has made progress on the new CFATS Enforcement SOP. Once completed, expected in mid-2017, these two documents collectively will formally document the processes and procedures currently being used to track noncompliant facilities and ensure they implement planned measures as outlined in their approved site security plans, according to ISCD officials. We will update the status of this recommendation after additional information is received from DHS.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    8 open recommendations
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to develop and implement TVPRA training for OFO officers at airports who have substantive contact with UAC.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Office of Field Operations (OFO) within U.S. Customs and Border Protection (CBP), in collaboration with U.S. Immigration and Customs Enforcement, conducted a "Train-the-Trainer" conference in August 2015 that focused on juvenile and unaccompanied alien children (UAC). The conference, among other things, addressed screening requirements for UAC consistent with Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA). CBP officers who received this additional training were then responsible for training other officers who process UAC at the ports of entry. According to CBP, while the conference was comprehensive, it did not fully encompass CBP's needs. In June 2016, CBP reported that OFO, Office of Chief Counsel, and a headquarters-level working group on UAC issues are finalizing a revised Form CBP-93 and with that are developing a detailed, relevant Train-the-Trainer course for officers responsible for TVPRA at all CBP ports of entry. In December 2016, CBP notified GAO that OFO, in coordination with CBP's Office of Training and Development, was concluding the design and embarking on the development phase of a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." This course will be an annual requirement for all OFO officers. In April 2017, CBP reported that OFO was no longer pursuing a separate Train-the-Trainer course for CBP officers at air ports of entry. However, CBP continues to develop a new UAC training course. The new course is a collaborative effort between OFO and USBP, in consultation with CBP's Office of Chief Counsel, and in partnership with CBP's Office of Training and Development (OTD) to develop, deconflict, and revise training consistent with requirements under TVPRA, specifically outlining rules to identify and screen UAC, among other things. As of September 2017, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP needs to ensure that OFO officers at airports who have substantive contact with UAC complete this training.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to revise the Form 93 to include indicators or questions that agents and officers should ask UAC to better assess (1) a child's ability to make an independent decision to withdraw his or her application for admission to the United States and (2) credible evidence of the child's risk of being trafficked if returned to his or her country of nationality or last habitual residence.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2015, CBP officials stated that CBP formed a working group in headquarters with representatives from the department's Office of Policy and Office for Civil Rights and Civil Liberties to examine the screening process for UAC. In addition, CBP officials noted that CBP is in the process of convening a similar group in the field. According to CBP officials, the working group meets weekly and is coordinating with nongovernmental organizations and the United Nations High Commissioner for Refugees, among others. As of June 30, 2016, CBP reported that CBP's Office of Field Operations (OFO) and U.S. Border Patrol (BP) have finalized and routed the Form CBP-93 to the OFO Executive Assistant Commissioner and United States Border Patrol Chief for final approval. As of June 2017, the revised CBP Form 93 is still under review and CBP officials estimate that the review process will be completed by December 31, 2017. To fully address this recommendation, CBP should revise the Form 93 to include indicators or questions that CBP officers and Border Patrol agents should ask UAC relative to their ability to make an independent decision and regarding the potential risk of the UAC being trafficked if returned to their country of nationality or last habitual residence.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to provide guidance to Border Patrol agents and OFO officers that clarifies how they are to implement the TVPRA requirement to transfer to HHS all Mexican UAC who have fear of returning to Mexico owing to a credible fear of persecution.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In commenting on a draft of our report, DHS indicated that CBP's U.S. Border Patrol (USBP) and Office of Field Operations (OFO) would issue further guidance to agents and officers emphasizing TVPRA transfer procedures for UAC who are nationals or habitual residents of Canada or Mexico and who are victims of a severe form of trafficking in persons. In September 2015, CBP reported that USBP and OFO estimated implementing this additional guidance by the end of calendar year 2015. In January 2016, CBP reported to GAO that, since June 2015, a headquarters level working group had been reviewing CBP's screening process for UAC. According to CBP officials, the activities of this working group will influence the guidance that will be deployed to Border Patrol agents and OFO officers and that USBP and OFO will be working together to develop additional guidance to the field by September 2016. In December 2016, CBP notified GAO that Border Patrol and OFO have partnered with CBP's Office of Training and Development, as well as the Office of Chief Counsel, to develop a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." According to CBP, this course will be an annual requirement for all CBP agents and officers. As of September 2017, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP should ensure that this distance learning training module on how to implement the Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA) criteria is developed and implemented, as required by CBP policy, to all Border Patrol agents and OFO officers.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to develop and implement guidance on how Border Patrol agents and OFO officers are to implement the TVPRA requirement to transfer to HHS all Canadian and Mexican UAC who are victims of a severe form of trafficking in persons.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In commenting on a draft of our report, DHS indicated that CBP's U.S. Border Patrol (USBP) and Office of Field Operations (OFO) would issue further guidance to agents and officers emphasizing TVPRA transfer procedures for UAC who are nationals or habitual residents of Canada or Mexico and who are victims of a severe form of trafficking in persons. In September 2015, CBP reported that USBP and OFO estimated implementing this additional guidance by the end of calendar year 2015. In January 2016, CBP reported to GAO that, since June 2015, a headquarters level working group has been reviewing CBP's screening process for UAC. According to CBP officials, the activities of this working group will influence the guidance that will be deployed to Border Patrol agents and OFO officers and that USBP and OFO will be working together to develop additional guidance to the field by September 2016. In December 2016, CBP notified GAO that Border Patrol and OFO have partnered with CBP's Office of Training and Development as well as the Office of Chief Counsel to develop a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." According to CBP, this course will be an annual requirement for all CBP agents and officers. As of September 2017, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP should ensure that this distance learning training module on how to implement the Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA) criteria is developed and implemented, as required by CBP policy, to all Border Patrol agents and OFO officers.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to ensure that Border Patrol agents document the basis for their decisions when assessing screening criteria related to (1) an unaccompanied alien child's ability to make an independent decision to withdraw his or her application for admission to the United States, and (2) whether UAC are victims of a severe form of trafficking in persons.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of December 2015, CBP officials reported that an internal working group charged with assessing UAC screening procedures was considering issues related to independent decision-making and appropriate documentation as it develops a revised screening tool. As of June 30, 2016, CBP reported that CBP's Office of Field Operations (OFO) and U.S. Border Patrol (BP) had finalized and routed a revised CBP Form 93 to the OFO Executive Assistant Commissioner and United States Border Patrol Chief for final approval. As of August 31, 2016, the revised CBP Form 93 was still under review and CBP officials estimated that the review process would be completed by December 31, 2016. In January 2017, CBP notified GAO that the expected completion date for the revised form is April 2017, and that direction to Border Patrol agents on the new form would be delivered by June 2017. In June 2017, CBP told GAO that Border Patrol and other CBP partners were continuing to determine which changes are necessary to the CBP Form 93 and estimated that these efforts would not be completed until December 31, 2017. As of September 2017, CBP reported that these efforts would not be completed until June 2018. To fully address this recommendation, CBP should ensure that Border Patrol agents document the basis for their decisions when assessing screening criteria related to (1) an unaccompanied alien child's ability to make an independent decision to withdraw his or her application for admission to the United States, and (2) whether UAC are victims of a severe form of trafficking in persons.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to determine which agents and officers who have substantive contact with UAC, complete the annual UAC training, and ensure that they do so, as required.

    Agency: Department of Homeland Security
    Status: Open

    Comments: On July 1, 2015, the Assistant Commissioner for Field Operations (OFO) disseminated a memorandum to all OFO Field Office Directors regarding the mandatory annual UAC training requirement. The Assistant Commissioner directed all Field Offices to ensure that officers completed the required training by December 31, 2015 (the memo also specified which officers are required to complete the training). On July 31, 2015, the Chief of the U.S. Border Patrol disseminated a memorandum to all Chief Patrol Agents and Directorate Chiefs for dissemination to all uniformed personnel, including supervisors, regarding the mandatory annual UAC training requirement. CBP documentation indicates that CBP implemented a new learning management system mandated by DHS on July 13, 2015, through which online training courses are offered to all CBP employees. Further, in 2016 DHS added a feature to this system that provided the capability to produce reports on courses completed by CBP employees. In April 2017, CBP provided 2016 data on the OFO officers and Border Patrol agents that had completed the required UAC training course. According to the data, 23 percent of OFO officers and 7 percent of Border Patrol agents required to complete the training had not done so. CBP officials stated that they plan to take steps to increase the percent of agents and officers who complete the required training in 2017 and will provide new data to GAO in early 2018. To fully address this recommendation, Border Patrol and OFO should ensure that all required personnel have completed the annual training, as required.
    Recommendation: To help ensure that DHS has complete and reliable data needed to ensure compliance with the UAC time-in-custody requirement under TVPRA and for required reports on UAC time in custody under the Flores Agreement, the Secretary of Homeland Security should require ICE officers to record accurate and reliable data in their automated system when UAC leave ICE custody in order to track the length of time UAC are in ICE custody.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a July 23, 2015 memo, ICE's Assistant Director for Custody Management, with concurrence from the Acting Assistant Director for Field Operations, provided instructions to all ICE Field Office Directors, Deputy Field Office Directors, and Field Office Juvenile Coordinators (FOJCs) with instructions for processing juveniles, including unaccompanied alien children (UAC). The memo stated that FOJCs or assigned officers must immediately book UAC into ICE's automated system upon the UAC's transfer into ICE's custody (including ICE transportation contractors). The instructions state that no more than 4 hours may elapse without recording the UAC's time in ICE custody. Further, the instructions stated that when ICE transfers UAC to a new location, that FOJCs, or other assigned officers, must also ensure that ICE's automated system is updated to reflect the exact location of the transfer. According to ICE, these instructions are to be included in a juvenile processing handbook that will provide detailed instructions for officers in processing and managing juvenile cases. ICE expects to complete this handbook by June 30, 2016. As of October 2016, the handbook was still being cleared within ICE. To fully implement our recommendation, ICE should require that officers record accurate and reliable data (date and time) in their automated system when UAC leave ICE custody.
    Recommendation: To increase the efficiency and improve the accuracy of the interagency UAC referral and placement process, the Secretaries of Homeland Security and Health and Human Services should jointly develop and implement a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2015, DHS stated that the department was collaborating with HHS on finalizing a Memorandum of Agreement (MOA) regarding UAC procedures. According to DHS, the MOA is meant to provide a framework for interagency coordination on the responsibilities of the parties in coordinating and establishing procedures, shared goals, and interagency cooperation with respect to UAC. In February 2016, DHS and HHS finalized the MOA. The MOA states that DHS and HHS agree to establish a Joint Concept of Operations (JCO) that should be completed no later than one year following the signing of the MOA. According to the MOA, the JCO should include, among other things, standard protocols for consistent interagency cooperation on the care, processing, and transport of UAC during both steady state operations, as well as in the event the number of UAC exceeds the standard capabilities of the departments to process, transport, and/or shelter with existing resources. As of February 2017, HHS told GAO that HHS and DHS are still in the process of drafting the JCO. To fully address the recommendation, DHS and HHS will need to ensure that the JCO, once finalized and implemented, includes a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    3 open recommendations
    Recommendation: To help the department effectively manage spending on mobile devices and services, the Secretary of Homeland Security should ensure an inventory of mobile devices and services is established department-wide (i.e., all components' devices and associated services are accounted for).

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security has taken steps to implement this recommendation. Specifically, it developed inventories for the two components we reviewed. The department also reported that it had identified all components' devices. However, as of August 2017, it had not provided evidence that all the components had an inventory of unique devices and associated services. We will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To help the department effectively manage spending on mobile devices and services, the Secretary of Homeland Security should ensure a reliable department-wide inventory of mobile service contracts is developed and maintained.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security has taken steps to implement the recommendation, but more needs to be done. Specifically, in May 2017, the department developed an enterprise-wide inventory of mobile service contracts; however, the department has not demonstrated that it has maintained the inventory quarterly. We will continue to monitor the department's efforts to fully implement the recommendation.
    Recommendation: To help the department effectively manage spending on mobile devices and services, the Secretary of Homeland Security should ensure procedures to monitor and control spending are established department-wide. Specifically, ensure that (1) procedures include assessing devices for zero, under, and over usage; (2) personnel with authority and responsibility for performing the procedures are identified; and (3) the specific steps to be taken to perform the process are documented.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security has not implemented the recommendation. In August 2017, a Program Management Specialist in the Office of the Chief Information Office described steps the department was taking as it considers a follow-on to its department-wide blanket purchase agreement for wireless expense management services. We will continue to monitor the department's efforts to implement the recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    3 open recommendations
    Recommendation: To improve Transformation Program governance, the Secretary of DHS should direct the Under Secretary for Management to ensure that the Acquisition Review Board is effectively monitoring the Transformation Program's performance and progress toward a predefined cost and schedule; ensuring that corrective actions are tracked until the desired outcomes are achieved; and relying on complete and accurate program data to review the performance of the Transformation Program against stated expectations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of August 2017, the Department of Homeland Security (DHS) had demonstrated that it had taken steps to address this recommendation, but additional steps were needed. Since we issued this recommendation in May 2015, the Office of Program Accountability and Risk Management (PARM), which serves as the Acquisition Review Board (ARB) executive secretariat and is to oversee DHS's acquisition portfolio, in coordination with the Office of the Chief Information Officer, has actively increased program oversight. For example, beginning in May 2015, the U.S. Citizenship and Immigration Services (USCIS) demonstrated that it submitted data supporting cost, schedule, and technical performance metrics to DHS on a monthly basis. The ARB has also held a number of meetings to discuss the Transformation Program and issued associated Acquisition Decision Memoranda with related action items. In addition, in February 2016, PARM demonstrated that DHS developed a procedure to help ensure acquisition decision memorandum actions, including corrective actions, are tracked until the desired outcomes are achieved. However, as of August 2017, the USCIS Transformation Program was in breach of its previously approved schedule expectations and was taking a strategic pause in developing new software while working to re-baseline cost and schedule expectations. During this strategic pause, the program is working to complete various action items assigned by the Acquisition Review Board, including completing an updated Release Roadmap and submitting it to PARM no later than December 29, 2017; updated Lifecycle Cost Estimate and providing it to the Cost Analysis Division no later than December 29, 2017; updated Test and Evaluation Master Plan and submitting it to the Office of Test and Evaluation no later than January 31, 2018; and an updated Acquisition Program Baseline and providing it to PARM no later than December 29, 2017. We will continue to monitor DHS?s efforts to re-baseline the USCIS Transformation Program and the Acquisition Review Board's efforts to monitor the Transformation Program's performance and progress toward a predefined cost and schedule; ensure that corrective actions are tracked until the desired outcomes are achieved; and rely on complete and accurate program data to review the performance of the Transformation Program against stated expectations until and after a new baseline is established.
    Recommendation: To improve Transformation Program governance, the Secretary of DHS should direct the DHS Under Secretary for Management, in coordination with the Director of US Citizenship and Immigration Services, to ensure that the Executive Steering Committee is effectively monitoring the Transformation Program's performance and progress toward a predefined cost and schedule and relying on complete and accurate program data to review the performance of the Transformation Program against stated expectations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of August 2017, the Department of Homeland Security (DHS) had demonstrated that it had taken steps to address this recommendation, but additional steps were needed. More specifically, as of July 2016, the U.S. Citizenship and Immigration Services (USCIS) Transformation program office provided evidence that the Executive Steering Committee (ESC) continued to discuss cost, schedule, and operational performance metrics as part of the program's ESC meetings. However, as of August 2017, the USCIS Transformation Program was in breach of its previously approved schedule expectations and was taking a strategic pause in developing new software while working to re-baseline its cost and schedule expectations. During this strategic pause, the program is working to complete various action items assigned by the Acquisition Review Board, including completing an updated Release Roadmap and submitting it to the Office of Program Accountability and Risk Management (PARM) no later than December 29, 2017; updated Lifecycle Cost Estimate and providing it to the Cost Analysis Division no later than December 29, 2017; updated Test and Evaluation Master Plan and submitting it to the Office of Test and Evaluation no later than January 31, 2018; and an updated Acquisition Program Baseline and providing it to PARM no later than December 29, 2017. In addition, according to the program?s August 2017 Acquisition Decision Memorandum, the ESC has been transformed into a component-only body with no headquarters involvement, and the program was to establish a Program Management Integrated Product Team, which was to meet bi-weekly beginning in September 2017. We will continue to monitor DHS's efforts to re-baseline the USCIS Transformation Program, the impact of changes to the ESC, and the ESC?s efforts to effectively monitor the Transformation Program's performance and progress toward a predefined cost and schedule and rely on complete and accurate program data to review the performance of the Transformation Program against stated expectations until and after a new program baseline is established.
    Recommendation: To help ensure that assessments prepared by the Office of the Chief Information Officer in support of the department's updates to the federal IT Dashboard more fully reflect the current status of the Transformation Program, the Secretary of DHS should direct the department's Chief Information Officer to use accurate and reliable information, such as operational assessments of the new architecture and cost and schedule parameters approved by the Under Secretary of Management.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, the Department of Homeland Security (DHS) had demonstrated that it had taken steps to address this recommendation, but additional steps were needed. In particular, in February 2016, the DHS Office of the Chief Information Officer (OCIO), in coordination with the Office of Program Accountability and Risk Management (PARM), had consolidated the department's Investment Management System and Next Generation Periodic Reporting System tools into a single enterprise information management and repository system named Investment Evaluation, Submission, and Tracking (INVEST). According to the department, this effort should improve the reliability of the metrics used by OCIO's Enterprise Business Management Office (EBMO), as well as the other line of business and component program offices, and ensure data integrity. The data reported in INVEST include cost, schedule, and operational performance metrics that are to align with the OMB's Information Technology (IT) Dashboard reporting requirements. In addition, as of September 2017, the program was listed as a high-risk program on the federal IT dashboard, in contrast to its April 2015 rating of medium risk. However, as of August 2017, the program was in breach of its previously approved schedule expectations and was taking a strategic pause in developing new software while working to re-baseline its cost and schedule expectations. We will continue to monitor DHS?s efforts to re-baseline the USCIS Transformation Program and the Office of the Chief Information Officer's efforts to use accurate and reliable information to update the federal IT dashboard until and after a new program baseline is established.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To improve DHS's management of major acquisition programs, the Secretary of Homeland Security should ensure future baselines for all of TSA's major acquisition programs capture the overall historical record of change.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the Transportation Security Administration (TSA) will begin to incorporate an addendum to future Acquisition Program Baselines (APB) that will provide a single source to show the changes to cost, schedule, and performance metrics, beginning with the initial program baseline and showing traceability of all interim approved versions to the current APB. DHS estimated it would complete this effort April 30, 2016. As of August 2017, DHS leadership had approved updated versions of the two APBs that were the basis for this recommendation. Both included addendums with metrics from prior APBs, but raised questions about traceability to the current cost, schedule, and performance metrics. GAO will assess the updated APBs as a part of its annual review of select DHS major acquisition programs to determine whether the department has addressed the recommendation.
    Recommendation: To more accurately communicate DHS's funding plans for USCG's major acquisition programs, the Secretary of Homeland Security should ensure the funding plans presented to Congress in fiscal year 2015 are comprehensive and clearly account for all operations and maintenance funding DHS plans to allocate to each of the USCG's major acquisition programs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the U.S. Coast Guard and the DHS Chief Financial Officer will develop a plan to address this recommendation by September 30, 2015, then work together to fully implement the plan. DHS estimated it would complete this effort March 31, 2016. However, the USCG encountered technical challenges during this process and was unable to implement the plan by that time. The U.S. Coast Guard has revised the estimated completion date, and now anticipates it will be able to address this recommendation in fiscal year 2020.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of the Department of Homeland Security should direct FPS to develop and implement a strategy for using covert-testing data and data on prohibited items to improve FPS's security-screening efforts. The strategy should, at a minimum, aim to ensure that: (1) covert-testing data are used to systematically monitor, review, and improve performance nationwide; (2) covert-testing data are used to determine which testing scenarios will be implemented or reinstated; and (3) data on prohibited items are analyzed to determine the reasons for wide variations in the number of reported prohibited-items detected across buildings and to assist with managing the screening process and informing policy.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, implementation of this recommendation was in process, according to the Federal Protective Service (FPS). FPS provided no additional information, but plans to update GAO in the coming weeks on the status of this and other open recommendations.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    6 open recommendations
    Recommendation: To ensure that CBP's land mobile radio systems are functioning as intended in each location and are meeting user needs, the CBP Commissioner should develop a plan to monitor the performance of its deployed radio systems.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure the ICE TACCOM program is effectively managed, the Assistant Secretary of ICE should develop a program plan to ensure that the agency establishes the appropriate documentation of resource needs, program goals, and measures to monitor the performance of its deployed radio systems.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve CBP training efforts, CBP Commissioner should develop and implement a plan to address any skills gaps for CBP agents and officers related to understanding the new digital radio systems and interagency radio use protocols.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve CBP training efforts, CBP Commissioner should develop a mechanism to verify that all Border Patrol and OFO radio users receive radio training.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve ICE training efforts, the Assistant Secretary of ICE should develop and implement a plan to address any skills gaps for ICE agents related to understanding the new digital radio systems and interagency radio use protocols.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve ICE training efforts, the Assistant Secretary of ICE should develop a mechanism to verify that all ICE radio users receive radio training.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: In order to help ensure consistent, effective oversight of DHS's acquisition programs, and to make the CASR more useful, starting with the report reflecting fiscal year 2015 program data, the Secretary of DHS should adjust the CASR to do the following: (1) report an individual rating for each program's cost, schedule, and technical risks; (2) report a best estimate of procurement quantities or indicate why this is not applicable, as appropriate; (3) report all programs' significant changes in acquisition cost, quantity, or schedule from the previous CASR report by determining a means to account for programs that lack acquisition program baselines; (4) report major program events that are included in acquisition program baselines, such as scheduled acquisition decision events; and (5) report the level at which the program's life-cycle cost estimate was approved.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation, and took some actions to address it. The Office of Program Accountability and Risk Management (PARM) updated its template for the Comprehensive Acquisition Status Report (CASR) to reflect the following changes: individual ratings for each program's cost, schedule, and technical risks; significant changes in programs' acquisition cost, quantity, or schedule; and major events included in the acquisition program baselines. In addition, PARM intended to revise the reporting information for the level at which a program's life-cycle cost estimate was approved and its estimate of procurement quantities. However, the 2017 Consolidated Appropriations Act discontinued the requirement to submit the CASR with future budget requests and DHS did not submit one for 2017. Recently introduced legislation would reestablish the CASR requirement and we will revisit this recommendation pending the outcome of that legislation.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    7 open recommendations
    including 4 priority recommendations
    Recommendation: To ensure that the NSCs can be operated and maintained in the most demanding environments based on mission and maintenance requirements prior to implementation of the CRC, the Coast Guard should, as expeditiously as possible under its capacity limits and fiscal constraints, fulfill the staffing requirements recommended in the 2011 manpower requirements analysis, including ensuring that while implementing the interim 210 Plan, the NSCs operate with sufficient numbers of crew members who possess the recommended mix of skills and abilities.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In August 2015, the Coast Guard stated that funding to fulfill the staffing requirements recommended in the 2011 manpower requirements analysis for the National Security Cutter is under review and is expected to be determined by February 2016. On January 24, 2017, the Coast Guard noted that it expects the crew increase to be reflected in the FY 2017 Appropriation.
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including determining the appropriate number of NSC crew and shoreside-based support personnel with the right mix of skills and abilities and having them in place when the Coast Guard tests the CRC.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In July 2015, the Coast Guard provided documentation of a manpower requirements analysis and manpower requirements determination, which specify the number of shoreside-based support personnel, such as engineering and maintenance, that are needed to support 4 National Security Cutters (NSC) based in Alameda, CA (i.e., three of the four NSCs using the crew rotational concept). In March 2016, the Coast Guard stated that it would request resources, as appropriate, to ensure that these personnel are in place prior to testing and expects to close this recommendation by November 2017. On January 24, 2017, the Coast Guard noted that it is continuing to develop the final test plan.
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including addressing the misalignment of the crewing concept to be used in the planned CRC test, as compared to the NSC homeporting plan, so that the CRC test is conducted in an operationally realistic environment and that the test results can be used to determine the optimal schedules for rotating crews and performing maintenance.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that it continues to analyze and develop various testing plans to reach 225 DAFHP onboard NSCs. The test will be performed by Coast Guard Pacific Area during normal operations over an extended period to ensure it is operationally realistic; lessons learned will be used to inform future crewing models. The Coast Guard will submit a final test plan to Congress prior to the deadline set forth by the 2012 Coast Guard Authorization Bill (end of 2017).
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including addressing the potential impacts of wide variations between alternative CRC deployment schedules.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that it continues to analyze and develop various testing plans to reach 225 DAFHP onboard NSCs. The test will be performed by Coast Guard Pacific Area during normal operations over an extended period to ensure it is operationally realistic; lessons learned will be used to inform future crewing models. The Coast Guard will submit a final test plan to Congress prior to the deadline (end of 2017) set forth by the 2012 Coast Guard Authorization Bill.
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including expanding the Coast Guard's training infrastructure capacity to provide crew members with the necessary training for off-cycle rotating NSC crew members under the CRC.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that it continues to analyze and develop various testing plans to reach 225 DAFHP onboard NSCs. The test will be performed by Coast Guard Pacific Area during normal operations over an extended period to ensure it is operationally realistic; lessons learned will be used to inform future crewing models. The Coast Guard will submit a final test plan to Congress prior to the deadline set forth by the 2012 Coast Guard Authorization Bill (the end of 2017).
    Recommendation: To ensure that the Coast Guard is making progress in a timely manner to address and effectively mitigate the risk factors identified above, the Coast Guard should develop interim milestones for the various actions to be taken on each of the risk factors as the Coast Guard completes the CRC Plan.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that the analysis is ongoing, and will be addressed in the test plan submitted to Congress in accordance with the 2012 Coast Guard Authorization Bill (end of 2017).
    Recommendation: Finally, to ensure that the Coast Guard is making progress in developing alternative measures that provide more accurate indicators of operational performance in a timely manner, the Coast Guard should establish time frames and interim milestones for developing and implementing these alternative measures for use prior to CRC testing. These measures could then be used for both the NSCs, as well as for other cutters, such as the Offshore Patrol Cutter, that currently use or plan to use the traditional DAFHP performance measure.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In August 2015, the Coast Guard stated that its analysis of alternative measures for use prior to testing the NSCs to use the crew rotational concept was ongoing and did not provide a date for completion. On January 24, 2017, the Coast Guard noted that, in the process of analyzing an alternative to DAFHP, it found that while its enterprise data management system collects the necessary data; the system didn't have an efficient way of aggregating the data for analysis. The first step to develop an appropriate enterprise measure is to improve the data management system through a software change. Once the change is complete, the system will be evaluated and tested to ensure that an aggregated report of discrete Coast Guard Cutter activity is accurate and reliable. The change will include the functionality to separate underway from in-port activity. After examining the results from the software change, the Coast Guard will evaluate an alternative to DAFHP. However, all analyses to date indicate DAFHP remains an important measure for personnel operations tempo and cutter scheduling and will not be eliminated as an available measure. The Coast Guard updated the estimated completion date for this recommendation to July 2018.
    Director: Andrew Sherrill
    Phone: (202) 512-7215

    2 open recommendations
    Recommendation: To better report the occupations filled by H-2B workers who have been approved by DHS, the Director of U.S. Citizenship and Immigration Services should implement during its transformation process to an electronic petition form, an occupation classification system that conforms to a national standard.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In September 2016, USCIS indicated that it was revising its Transformation Roadmap (schedule). The conversion to electronic nonimmigrant petitions is expected to be completed during the second quarter of fiscal year 2018. USCIS also noted that it is exploring the adoption of a single set of occupation codes across multiple form types, but has not yet made a final decision whether to implement this. USCIS estimates this recommendation will be completed by March 31, 2018.
    Recommendation: To help potential H-2A and H-2B workers and their advocates better assess employment offers and reduce their vulnerability to abuse, the Director of U.S. Citizenship and Immigration Services should, during its transformation to an electronic petition form, ensure that petition job information is collected in an electronic manner and made available to the public as soon as possible following a final adjudication decision. Such job information should include number of positions, wage, and any staffing, placement or recruitment agency the employer plans to use.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In September 2016, USCIS indicated that it was revising its Transformation Roadmap (schedule). The conversion to electronic nonimmigrant petitions is expected to be completed during the second quarter of fiscal year 2018. Therefore, USCIS estimates this recommendation will be completed by March 31, 2018.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. Relevant efforts by DHS to finalize memoranda of understanding with other agencies and by the Export Enforcement Coordination Center to share information and data across the export control enforcement community are ongoing. As of Sept 2017, DHS did not identify relevant actions to coordinate on critical technologies among other agencies.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To better position DHS to monitor components' progress remediating AUO deficiencies, the Secretary of DHS should develop and execute a department-wide oversight mechanism to ensure components implement AUO appropriately on a sustained basis, and in accordance with law and regulation.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2015, the Department of Homeland Security (DHS) took actions toward addressing our recommendation by developing a department-wide oversight mechanism described in a directive and instruction on administratively uncontrollable overtime (AUO). DHS's AUO directive defines responsibility for Office of the Chief Human Capital Officer (OCHCO) that includes establishing AUO policy and guidance, providing program oversight and evaluating component AUO compliance, and administering an AUO training program, among other things. The directive also requires component heads to develop component-specific AUO policies that must be reviewed by DHS OCHCO for concurrence and also submit to OCHCO the results of an independent, third-party audit of compliance with applicable AUO law and policy no later than 18 months after the date of the directive (i.e., by December 2016) and annually thereafter . In March 2016, Immigration and Customs Enforcement (ICE) completed its annual financial audit, conducted by a separate office within DHS, which now incorporates audit of ICE's use of AUO. As of May 2017, the other DHS components that continue to use AUO--U.S. Secret Service and U.S. Customs and Border Protection--have not yet submitted results of third-party audits of AUO to OCHCO. To ensure that the AUO directive has been fully and appropriately executed across the department, the recommendation will remain open until USSS and CBP have submitted their first independent, third-party audit to OCHCO. At that point we will we review the remaining audits to determine if the recommendation has been addressed, and can therefore be closed.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of Homeland Security, in consultation with GSA, should develop and implement a strategy to address cyber risk to building and access control systems that, among other things: (1) defines the problem; (2) identifies roles and responsibilities; (3) analyzes the resources needed; and (4) identifies a methodology for assessing this cyber risk.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the Department has taken in response to this recommendation, we will provide updated information.
    Director: Seto J. Bagdoyan
    Phone: (202) 512-6722

    2 open recommendations
    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should assess the cost and feasibility of addressing limitations in FEMA's control for identifying duplicate information in applications in high-risk data fields--such as SSN, bank-account information, address, and phone number--that may currently allow individuals or households to improperly receive multiple payments, and if determined to be costbeneficial take steps to address the system design limitation.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In April 2017, FEMA reported that the agency had reviewed its software system's controls for identifying duplicate SSNs, bank account, address, and phone information. FEMA reported that it would be cost effective and feasible to improve its software system's controls for identifying duplicate address information, and the agency expects to deploy these system changes in the summer of 2017. FEMA also reported that, based on its review of the cases GAO referred to FEMA, errors in SSN and bank account information were related to human casework processing rather than software system limitations. Consequently, FEMA reported that it was reviewing and updating its casework training, guidance, and quality control documentation. We will continue to monitor FEMA's efforts to implement this recommendation.
    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should collaborate with SSA to assess the cost and feasibility of checking recipient SSNs against the Enumeration Verification System and the full death file to more accurately identify recipients who used Social Security numbers (SSNs) that were ineligible or belonged to likely deceased individuals, document the results of this assessment, and if determined to be cost-beneficial take steps to implement a partnership to use SSA data.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In April 2017, FEMA reported that the agency completed a cost estimate for system changes needed to include a direct data exchange with SSA. FEMA further reported that the agency was continuing to explore alternative means of conducting a direct data exchange that would help FEMA verify if an SSN belongs to a deceased person. We will continue to monitor FEMA's progress in implementing this recommendation.
    Director: Grover, Jennifer A
    Phone: (202)512-7141

    1 open recommendations
    Recommendation: To ensure that TSA's planned testing yields reliable results, the TSA Administrator should take steps to ensure that TSA's planned effectiveness testing of the Managed Inclusion process adheres to established evaluation design practices.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: TSA continues to make progress on implementing this recommendation. In March 2017, TSA reported that an evaluation of the security effectiveness of the managed inclusion process is to be completed over the next few weeks. Once documentation for the evaluation is available, TSA will provide it for review and analysis.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To ensure data required by IMBRA are collected, maintained, and reliable, the Director of USCIS should ensure that IMBRA-required data elements will be collected in an automated manner with the release of the electronic I-129F petition.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In January 2015, USCIS reported that it expected to start development for the electronic I-129F petition in March 2016. As of March 2016, USCIS officials confirmed that the electronic I-129F petition is tied to the Family-Based Adjustment of Status (AOS) product line for USCIS ELIS. USCIS officials stated that, as of March 2016, the requirements-gathering phase for this product line is underway and, as of June 2016, USCIS began the requirements-gathering phase. In October 2016, the Office of Transformation Coordination reported that there have been some delays in the product line that includes the I-129F petition and the tentative expected completion date is the second quarter of fiscal year 2018. To fully implement this recommendation, USCIS should ensure that IMBRA-required data elements are collected in an automated manner with the release of the electronic I-129F petition.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To enhance the Secretary of Homeland Security's ability to assess national preparedness and provide management oversight of federal interagency efforts to close previously identified capability gaps, the Secretary of Homeland Security should direct the Administrator of FEMA--in coordination and collaboration with the National Security Council Staff and other federal departments and agencies--to collect information on and regularly report to the Secretary the status of federal interagency implementation of corrective actions identified (1) through prior national-level exercises and (2) following real-world incidents, specifically major disasters.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In November 2016, FEMA officials reported that the agency had developed an approach for collecting and reporting on the status of federal interagency corrective actions from Level I disasters to add to the current practice of reporting on national level exercises. According to officials, the proposed approach was under review and the agency plans to coordinate with the other federal departments and agencies before submitting their proposal to DHS for final approval. In August 2017, FEMA's National Preparedness Directorate reported an expected completion date of December 29, 2017. Pending completion of this effort, this recommendation remains open.
    Director: Melvin, Valerie C
    Phone: (202) 512-6304

    3 open recommendations
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to improve reporting of FOIA costs by including salaries, employee benefits, non-personnel direct costs, indirect costs, and costs for other offices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In responding to our recommendation, DHS said it has developed a spreadsheet that is to be used by its components to track FOIA costs. However, as of September 2017, DHS has not yet provided information containing such details as when its components will be required to use the spreadsheet and if the spreadsheet is to track all the categories of costs discussed in our report. We plan to update the status of this recommendation when DHS provides documentation that further explains, and confirms the department's use of, the spreadsheet.
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to direct USCIS and Coast Guard to fully implement the recommended FOIA processing system capabilities and the section 508 requirement.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS issued a memo to all of the department's FOIA officers in March 2015 which focused on ensuring that each component's FOIA processing systems are 508 compliant. However, as of September 2017, DHS has not yet provided us with evidence that the U.S. Citizenship and Immigration Services and the Coast Guard have implemented system capabilities that are 508 compliant. When DHS provides information concerning its actions taken to make the systems compliant, we will update the status of the recommendation.
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to determine the viability of re-establishing the service-level agreement between the U.S. Citizenship and Immigration Services (USCIS) and U.S. Immigration and Customs Enforcement to eliminate duplication in the processing of immigration files. If the benefits of doing so would exceed the costs, re-establish the agreement.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has stated that it is taking steps to determine if the U.S. Immigration and Customs Enforcement and the U.S. Citizenship and Immigration Services will re-establish the service-level agreement to process FOIA requests related to immigration files. In addition, the department has stated that duplication no longer exists in the processing of these type of requests. However, DHS has not yet provided evidence, such as a cost-benefit analysis, that could demonstrate the steps it is taking regarding the service-level agreement. Further, GAO has not yet received evidence from the department to support its assertion that duplication no longer exists in the processing of immigration files. We will update the status of this recommendation when DHS provides documentation.
    Director: Gomez, Jose A
    Phone: (202) 512-3841

    1 open recommendations
    Recommendation: To promote forward-looking construction and rebuilding efforts while FEMA phases out most subsidies, the Secretary of the Department of Homeland Security should direct FEMA to consider amending NFIP minimum standards for floodplain management to incorporate, as appropriate, forward-looking standards, similar to the minimum standard adopted by the Hurricane Sandy Rebuilding Task Force.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In March 2017, the Department of Homeland Security reaffirmed that they agreed with the recommendation, and would begin implementing it after implementing the statutory mandates in the Biggert-Waters Flood Insurance Reform Act of 2012. The Department estimated that it would begin implementing our recommendation in 2018 and complete its implementation by 2020.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: Recognizing that moving toward a more customer-oriented culture within federal agencies is likely to be a continuous effort, the Commissioner of U.S. Customs and Border Protection should, to improve CBP's customer service standards: (1) ensure standards include performance targets or goals, (2) ensure standards include performance measures.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In January 2017, CBP sent an email stating that the agency has done all it can to fully implement the recommendation at this time. Because CBP does not have performance goals or targets for customer service standards this recommendation remains open. In April 2016, CBP provided us with customer service survey questions they use to collect data. Based on our review of that information, we were unable to confirm CBP had established performance targets and goals for the data being collected. As we stated in the report, performance goals should be in a quantifiable and measurable form to define the level of performance to be achieved for program activities each year. Although CBP is collecting new customer service data based on survey responses, without predetermined performance targets that align with a customer service standard it is not clear what or if internal targets or customer needs are being met. In June 2017, we emailed CBP for an update on the status of this recommendation. Once a response is received we will update this recommendation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should assess the extent to which ICE has appropriate internal controls for tracking and managing detention facility costs and develop additional controls as necessary.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of December 2016, no additional information had been provided on the status of ICE efforts to address this recommendation. In February 2015, the Department of Homeland Security (DHS) reported that Immigration and Customs Enforcement (ICE) had created a spend plan tool to help track costs for each detention facility. In addition, DHS reported that ICE headquarters and field offices were coordinating to determine the resources needed to track and manage detention facilities costs. To fully address this recommendation, ICE should assess the extent to which the spend plan tool is an appropriate internal control for tracking and managing detention facilities costs and whether additional controls are necessary.
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should document the reasons facilities cannot be transitioned to the most recent standards.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: The Department of Homeland Security (DHS) did not concur with this recommendation. As of December 2016, no additional information had been provided on the status of Immigration and Customs Enforcement (ICE) efforts to address this recommendation. To fully address this recommendation, ICE should document the reasons detention facilities cannot be transition to the most recent national detention standards.
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should take additional steps to help ensure that personnel responsible for reviewing and paying facility detention invoices follow internal control procedures to ensure proper payments.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of December 2016, no additional information had been provided on the status of ICE efforts to address this recommendation. In October 2014, the Department of Homeland Security (DHS) reported that Immigration and Customs Enforcement (ICE) had issued a new "Receipt & Acceptance" policy applicable to all program offices and would assess if additional internal controls are required and implement any needed ones, as appropriate. In February 2015, DHS reported that ICE had not finalized an impact assessment of the new policy for fiscal year 2014 to determine if additional controls would be required. To fully address this recommendation, ICE should complete an impact assessment of the new policy to determine if additional controls are needed to ensure proper payment of facility detention invoices.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    3 open recommendations
    including 3 priority recommendations
    Recommendation: The Secretary of Homeland Security should designate the headquarters consolidation program a major acquisition, consistent with DHS acquisition policy, and apply DHS acquisition policy requirements.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: In alignment with GAO's recommendation, on September 16, 2014, DHS issued an Acquisition Decision Memorandum designating the DHS-funded portions of the headquarters consolidation program as a Major Acquisition Program to be overseen by the departmental Acquisition Review Board (ARB). DHS made further progress implementing this recommendation by conducting and documenting an ARB of the program on November 15, 2016. The ARB process provided DHS greater oversight of headquarters consolidation, and provided a forum for officials to consider a wide range of issues affecting consolidation efforts, such as funding and project scope. However, DHS and General Services Administration (GSA) were required to revise their cost and schedule estimates subsequent to the ARB's review. In addition, as of March 2017, DHS, in coordination with GSA, had not submitted the report to Congress on DHS Headquarters Consolidation mandated by Pub. L. No. 114-150. GAO will reassess the status of this recommendation after cost and schedule estimates are finalized and DHS and GSA submit the required report to Congress, i.e., when there is more certainty about the future direction of the project overall and DHS's funded portion in particular.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to conduct the following assessments and use the results to inform updated DHS headquarters consolidation plans: (1) a comprehensive needs assessment and gap analysis of current and needed capabilities that take into consideration changing conditions, and (2) an alternatives analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the project and prioritizes options to account for funding instability.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes a comprehensive assessment of property and facilities utilized by DHS in the National Capital Region, and an analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the consolidation project. DHS and GSA have made significant progress in developing a revised plan for headquarters consolidation since 2014, including the completion of a business case analysis to support the new plan. GAO will review the latest information on DHS headquarters consolidation efforts when it is provided to Congress, and will assess the materials in the context of this recommendation at that time. Continued DHS and GSA attention to following leading capital planning practices is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, after revising the DHS headquarters consolidation plans, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to develop revised cost and schedule estimates for the remaining portions of the consolidation project that conform to GSA guidance and leading practices for cost and schedule estimation, including an independent evaluation of the estimates.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes updated cost and schedule estimates for the consolidation project that are consistent with GAO's recommendations in GAO-14-648. Furthermore, the act requires the Comptroller General to evaluate the cost and schedule estimates not later than 90 days after their submittal to Congress. GSA is leading efforts to revise project cost and schedule estimates, and according to GSA officials, the revised figures will take into account GAO's leading estimation practices. GAO will review the latest DHS headquarters consolidation cost and schedule estimates when they are provided to Congress, and will assess the materials in the context of this recommendation at that time. Continued DHS and GSA attention to following leading cost and schedule estimation practices is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Director: Stephen Caldwell
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: Within DHS, to promote efficiency and harmonize the various assessments to advance security and resilience across the spectrum of CI in a manner consistent with the Homeland Security Act of 2002, PPD-21, and the NIPP, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate work with other DHS offices and components to develop and implement ways that DHS can facilitate data sharing and coordination of vulnerability assessments to minimize the risk of potential duplication or gaps in coverage.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has taken action in response to GAO's September 2014 recommendation to develop a department-wide process to facilitate data sharing and coordination among the various DHS components that conduct or require vulnerability assessments, but has not fully implemented the recommendation. DHS first reported to GAO in August 2015 that its Office of Infrastructure Protection (IP) and the Sector Outreach and Programs Division Innovation Center had formed a vulnerability assessment working group comprised of a variety of federal stakeholders, both within and outside DHS, to enhance overall integration and coordination of vulnerability assessment efforts. In December 2015, DHS stated that IP was conducting pilot projects to expand access to its IPGateway portal--IP's system that houses infrastructure data and identifies facilities that have been assessed by IP. In a July 2016 update, DHS reported that IP had reached agreement with DHS components to expand access to its IP Gateway portal to those partners as a means to share IP's vulnerability assessment information and help coordinate assessment visits and related activities. DHS also noted in its update that IP had begun providing access to IP Gateway to components within DHS but did not provide a date as to when that step would be complete. These are positive steps toward implementing a systematic and integrated approach for facilitating data sharing and coordination of vulnerability assessments throughout the department. However, developing a department-wide process to facilitate data sharing and coordination among the DHS offices and components that conduct or require vulnerability assessments would better enable DHS to minimize the risk of potential duplication and gaps by its offices and components in the vulnerability assessments they conduct. Because DHS is still in the process of completing these steps, the recommendation has not yet been fully implemented.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to identify key CI security-related assessment tools and methods used or offered by SSAs and other federal agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to analyze the key CI security-related assessment tools and methods offered by sector-specific agencies (SSA) and other federal agencies to determine the areas they capture.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to develop and provide guidance for what areas should be included in vulnerability assessments of CI that can be used by DHS, SSAs, and other CI partners in an integrated and coordinated manner, among and across sectors, where appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To ensure effective evaluation of federal training programs and enhance DHS's stewardship of resources for federal training programs, the Secretary of Homeland Security should direct DHS components to ensure that their documented training evaluation processes fully address attributes for effective training evaluation processes as they are drafted, updated, or revised.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2014, we reported on the Department of Homeland Security's (DHS) training efforts, including the extent to which DHS has a documented process to evaluate training and development programs. We found that all five DHS components in GAO's review--U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, the U.S. Coast Guard, the Transportation Security Administration, and the Federal Law Enforcement Training Center--have a documented process to evaluate their training programs. Their documented processes fully included three of six attributes of effective training evaluation processes identifying goals, programs to evaluate, and how results are to be used. However, the documented processes did not consistently include the other three attributes: methodology, timeframes, and roles and responsibilities. We concluded that by updating documentation to address these attributes, DHS components would have more complete information to guide its efforts in conducting effective evaluations. We therefore recommended that DHS direct its components to ensure that their documented training evaluation processes fully address attributes for effective training evaluation processes as they are drafted, updated, or revised. In September 2016, DHS officials reported that a DHS-wide self-audit of training evaluation processes was completed on March 31, 2016 and found that DHS has current documentation addressing effective learning evaluation programs and that there are commonalities in evaluation procedures across the components. As a part of the self-audit, components provided policy and procedures documents related to their training evaluation processes and found that they adhere to sound instructional systems design models. However, the self-audit focused on identifying the specific training evaluation practices for a sample of courses at each component and not whether the component-level guidance included the attributes for effective training evaluation processes we identified in our report. Further, although DHS updated its department-wide guidance on training evaluation in April 2016 to incorporate the attributes for effective training evaluation processes and some components have followed suit, other components have not. For example, we found that some components, such as Customs and Border Protection and the U.S. Coast Guard, had updated their training evaluation guidance to include the attributes we identified in our report. Others, such as U.S. Immigration and Customs Enforcement were in the process of updating their guidance. However, as of April 2017, the guidance from the Transportation Security Administration remained in draft and the guidance from the Federal Law Enforcement Training Center had not been updated since our review. Therefore, this recommendation remains open pending action on the above noted items.
    Recommendation: To ensure effective evaluation of federal training programs and enhance DHS's stewardship of resources for federal training programs, the Secretary of Homeland Security should identify existing challenges that prevent DHS from accurately capturing training costs department-wide and, to the extent that the benefits of addressing those challenges exceed the costs, implement corrective measures to overcome these challenges..

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2014, we reported on the Department of Homeland Security's (DHS) training efforts, including the extent to which DHS has a documented process to reliably capture costs. We found that DHS identified efficiencies and cost savings for delivering a number of training programs. However, different methods are used for capturing training costs across the department, which poses challenges for reliably capturing these costs across DHS. Components capture training costs differently, contributing to inconsistencies in training costs captured across DHS. Variation in methods used to collect data can affect the reliability and quality of DHS-wide training program costs. However, DHS has not identified all challenges that contribute to these inconsistencies. We concluded that DHS could improve its awareness about the costs of training programs DHS-wide and thereby enhance its resource stewardship by identifying existing challenges that prevent DHS from accurately capturing training costs and implementing corrective measures. We therefore recommended that DHS identify existing challenges that prevent DHS from accurately capturing training costs department-wide and, to the extent that the benefits of addressing those challenges exceed the costs, implement corrective measures to overcome these challenges. As of September 2016, DHS reported that its Office of the Chief Human Capital Officer and Office of the Chief Financial Officer worked together to research the issue and determine the best course of action to standardize training cost reporting. However, this did not require a formal root cause analysis. In order to identify a way for the components to capture training costs in a standardized manner, DHS formed a Tiger Team that included officials from each component which identified 12 common functional areas for training to capture training costs. Components were directed to prepare implementation plans outlining how they will begin capturing cost data within the identified functional training areas and, according to DHS, began capturing the data on September 29, 2016. In January 2017, the DHS Chief Financial Officer provided guidance to the components as to how they are to report their training costs to DHS on a quarterly basis. Components provided their first quarterly submission to DHS in January 2017. These steps are in line with the intent of our recommendation. This recommendation will remain open as we monitor its continued implementation over the next two quarters.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    1 open recommendations
    Recommendation: To assess the progress of the Secure Flight program toward achieving its goals, the Transportation Security Administration's Administrator should develop additional measures to address key performance aspects related to each program goal, and ensure these measures clearly identify the activities necessary to achieve progress toward the goal.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions that DHS TSA has taken in response to this recommendation, we will provide updated information. Status last confirmed on 10/26/15.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    2 open recommendations
    Recommendation: To help ensure that all employees are treated fairly and receive the protections established in the executive order, the Secretary of Homeland Security should direct the Commandant, U.S. Coast Guard, to revise the Coast Guard instruction for military personnel to specify that military personnel may be represented by counsel or other representatives at their own expense.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of summer 2016, in response to our recommendation, the Commandant of the Coast Guard issued a policy message stating that individuals may have counsel or other representative present at the service member's own expense. According to a Coast Guard official, this message serves as interim guidance until the personnel security manual can be finalized. This official estimated that the manual will be updated in the latter part of fiscal year 2016. This recommendation will remain open until the Coast Guard finalizes the update to its manual in accordance with our recommendation.
    Recommendation: To facilitate coordination between personnel security and human capital offices regarding how a security clearance revocation should affect an employee's employment status, and to help ensure that individuals are treated in a fair and consistent manner, the Secretary of Homeland Security should direct the Under Secretary for Management to review and revise policy regarding coordination between the personnel security and human capital offices to clarify what information can and should be communicated between human capital and personnel security officials at specified decision points in the revocation process, and when that information should be communicated.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Daniel Garcia-Diaz
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: As FEMA determines the scope of its efforts to revise its existing guidance, the Secretary of the Department of Homeland Security (DHS) should direct the Administrator of FEMA to update existing guidance to include additional information on and options for mitigating the risk of flood damage to agricultural structures to reflect recent farming developments and structural needs in vast and deep floodplains.

    Agency: Department of Homeland Security
    Status: Open

    Comments: To obtain information for updating existing guidance, FEMA engaged a contractor in April 2016 to conduct Phase 1 of a study evaluating recent farming developments. The June 2016 report from the contractor provided FEMA with information on the types of flood damage agricultural buildings and contents can sustain, required mitigation measures under NFIP, and insurance that is currently available to farmers. Phase 2 of the study is underway. This phase will identify the number and types of agricultural structures and the legislation, regulations, and various agency programs affecting the management of these structures; analyze the feasibility of mitigation options for these structures across different types of floodplains; and explore rating guidelines and potential mitigation techniques that could result in reduced risk or rates for agricultural structures. FEMA expects to receive a draft of the Phase 2 study from the contractor in July 2017. GAO will continue to monitor FEMA's progress.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    5 open recommendations
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to work with federal and nonfederal partners to ensure that the maritime risk assessment includes cyber-related threats, vulnerabilities, and potential consequences.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, USCG stated that the National Maritime Strategic Risk Assessment (NMSRA) was still being finalized. The agency stated that they expected this to be completed by July 2017. Once completed, we will analyze the results of the NMSRA in order to validate the extent to which its contents implement our recommendation.
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to use the results of the risk assessment to inform how guidance for area maritime security plans, facility security plans, and other securityrelated planning should address cyber-related risk for the maritime sector.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, USCG stated that it had developed a draft Navigation and Vessel Inspection Circular (NVIC) to provide guidance on assessment methods that assist vessel and facility owners and operators identify and address cybersecurity vulnerabilities. USCG stated that the draft NVIC would be published in the Federal Register for 60 days, to enable maritime stakeholders to review and provide comment. Once USCG provides us a final copy of the NVIC, we will analyze it to determine if it provides guidance for addressing cyber-related risk in the maritime sector.
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to work with federal and nonfederal stakeholders to determine if the Maritime Modal Sector Coordinating Council should be reestablished to better facilitate stakeholder coordination and information sharing across the maritime environment at the national level.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, the U.S. Coast Guard (USCG) stated that the tasking for the National Maritime Security Advisory Committee to explore the issue of information sharing mechanisms in regards to cyber information had been completed. However, USCG did not mention any decision related to the reestablishment of the sector coordinating council.
    Recommendation: To help ensure the effective use of Port Security Grant Program funds to support the program's stated mission of addressing vulnerabilities in the maritime port environment, the Secretary of Homeland Security should direct the FEMA Administrator, in coordination with the Coast Guard, to develop procedures for officials at the field review level (i.e., captains of the port) and national review level (i.e., the National Review Panel and FEMA) to consult cybersecurity subject matter experts from the Coast Guard and other relevant DHS components, if applicable, during the review of cybersecurity grant proposals for funding.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, FEMA officials stated they would provide GAO an update on the status of the recommendation by July 2017. Once provided, we will analyze the information we receive and update status of implementation efforts.
    Recommendation: To help ensure the effective use of Port Security Grant Program funds to support the program's stated mission of addressing vulnerabilities in the maritime port environment, the Secretary of Homeland Security should direct the FEMA Administrator, in coordination with the Coast Guard, to use any information on cyberrelated threats, vulnerabilities, and consequences identified in the maritime risk assessment to inform future versions of funding guidance for grant applicants and reviews at the field and national levels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, FEMA officials stated they would provide GAO an update on the status of the recommendation by July 2017. Once provided, we will analyze the information received and update status of implementation efforts.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help the Coast Guard improve the long-term outlook of its portfolio, the Commandant of the Coast Guard should develop a 20-year fleet modernization plan that identifies all acquisitions needed to maintain the current level of service and the fiscal resources necessary to build the identified assets. The plan should also consider trade-offs if the fiscal resources needed to execute the plan are not consistent with annual budgets.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: Based on this recommendation, Congress has requested that the Coast Guard develop a 20-year plan that identifies all acquisitions needed to maintain the Coast Guard's current level of service and the financial commitment necessary to achieve this plan. As a part of a series of testimonies in June and July 2017, we found that Coast Guard officials stated they are developing a 20-year Capital Investment Plan (CIP), but the timeframe for completion is unknown. The Coast Guard does, however, submit a 5-year CIP annually to Congress that projects acquisition funding needs for the upcoming 5 years. GAO found the CIPs do not match budget realities in that tradeoffs are not included. In the 20-year CIP, GAO would expect to see all acquisitions needed to maintain current service levels and the fiscal resources to build the identified assets as well as tradeoffs in light of funding constraints.
    Director: Eileen Larence
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To help ensure that I&A maintains critical skills and competencies, when planning for and implementing current and future workforce actions, the Secretary of Homeland Security should establish mechanisms to monitor and evaluate workforce initiatives and use results to determine any needed changes.

    Agency: Department of Homeland Security
    Status: Open

    Comments: GAO will update the status of this recommendation when the Department of Homeland Security provides documentation and other information on actions it has taken to monitor and evaluate workforce initiatives.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should establish an updated performance target for completing application vetting and a process to modify that target, as needed, based on factors such as changes in the number of trusted traveler program applications and available resources.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the agency is transitioning to a new vetting platform, which will allow them to more fully assess application data. The estimated completion date is December 30, 2015.
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should assess the feasibility of practices to expedite the interview process, which could include assessing the potential trade-offs, costs, and benefits associated with any proposed practices, such as those currently proposed or implemented at specific enrollment centers, and implement those practices CBP determines to be feasible.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the Office of Field Operations, Trusted Traveler Programs (TTP) Division intends to complete the recommendation and provide a summary of findings and recommended best practices by December 30, 2015.
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should develop a mechanism to track enrollment interview appointment availability data over time.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the agency has initiated a redesign of the Global Online Enrollment System (GOES), to include GOES scheduling. A report on this effort, expected to further establish the project deliverables, level of effort, milestones and estimated completion timeline, is scheduled to be completed by December 30, 2015.
    Recommendation: To better ensure that the trusted traveler eligibility criteria and applicant adjudication processes are consistently implemented in accordance with CBP policy at all enrollment centers and by partner countries, the Commissioner of CBP should establish a mechanism or mechanisms in GES to allow CBP officers to efficiently document the types of interview questions asked and the nature of applicant responses, when appropriate, and then use this information to monitor the implementation of the interview process.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information. Status last updated October 16, 2015.
    Director: Dave Wise
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of Transportation and the Secretary of Homeland Security should direct the Administrators of FTA and FEMA to establish specific guidelines to monitor, evaluate, and report the results of collaborative efforts--including their communications program and protocol--for Hurricane Sandy as well as future disasters.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FTA and FEMA concurred with the recommendation and reported they took two actions in response. First, FTA and FEMA executed the communications protocol contemplated in the memorandum of agreement governing and collaboration between the two agencies in future disasters. This protocol established a joint tracking system to prevent duplicative assistance and included provisions for coordinating funding and for collaborating where insurance settlements and share grantees are involved. Second, in May 2017, FTA and FEMA published an after action report on coordination between the agencies in response to Hurricane Sandy. This report described the coordination that occurred during the Hurricane Sandy response, and discussed lessons learned to be applied to future events, such as the need for more frequent regularly scheduled meetings. We are evaluating FTA's and FEMA's responses.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    4 open recommendations
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the CDM implementation will facilitate normalization efforts across DHS by defining common software license and maintenance requirements. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the CDM implementation will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that CDM tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. The CDM tool will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses, including all licenses purchased, deployed, and in use, as well as spending on subscription services. As this data is captured the DHS OCIO, OSDO will analyze the software license data to track cost, usage, benefits to establish spending data that allows to the Department to perform trend analysis. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To better communicate acquisition funding needs to Congress, the Secretary of Homeland Security should enhance the content of future Future Years Homeland Security Program (FYHSP) reports--for fiscal years 2016-20 and beyond--by presenting acquisition programs' annual cost estimates and any anticipated funding gaps.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that it provides Congress Comprehensive Acquisition Status Reports (CASR) on a quarterly basis that include cost estimates for all major acquisition programs. However, the CASRs do not disaggregate the cost estimates to identify how much the programs are expected to cost each year, and therefore the proposed approach would not allow Congress to identify funding gaps on an annual basis. In April 2016, DHS presented an alternative approach that would incorporate annual funding gaps into future FYHSP reports. DHS stated it plans to initially include these annual funding gaps in the fiscal years 2018-22 FYHSP report, which was expected to be released shortly after the President's fiscal year 2018 budget request in May 2017. However, the transition to a new administration delayed the release of the FYHSP report. Once available, GAO will evaluate the FYHSP report to determine whether DHS has met the intent of this recommendation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    including 3 priority recommendations
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, when updating the schedules for the IFT, Remote Video Surveillance System (RVSS), and Mobile Surveillance Capability programs, the Commissioner of CBP should ensure that scheduling best practices, as outlined in our schedule assessment guide, are applied to the three programs' schedules.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: In March 2014, CBP concurred with our recommendation and in response, stated it planned to ensure that scheduling best practices are applied as far as practical when updating the three program schedules. In May 2016 CBP provided us with complete schedules for the IFT and RVSS programs. In December 2016, we provided CBP our assessment of the updated schedules for the IFT and RVSS programs. In January 2017 CBP provided us with a complete schedule for the MSC program and in March 2017, we provided CBP with our assessment of the MSC schedule. In April 2017, CBP provided additional clarifying information in regards to the MSC schedule. As of May 2017, based on our assessment of the updated schedules for the IFT, RVSS, and MSC programs, CBP has made improvements in the quality of the schedules since our last report, but the program schedules have not met all characteristics of a reliable schedule.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, the Commissioner of CBP should develop and maintain an Integrated Master Schedule for the Plan that is consistent with scheduling best practices.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In March 2014, CBP did not concur with this recommendation and maintained that an integrated master schedule for the Plan in one file undermines the DHS-approved implementation strategy for the individual programs making up the Plan, and that the implementation of this recommendation would essentially create a large, aggregated program, and effectively create an aggregated "system of systems". DHS further stated that a key element of the Plan has been the disaggregation of technology procurements. As of December 2016, CBP continues to non-concur with this recommendation and plans no further action. However, as we noted in the report, collectively these programs are intended to provide CBP with a combination of surveillance capabilities to be used along the Arizona border with Mexico. Moreover, while the programs themselves may be independent of one another, the Plan's resources are being shared among the programs. As such, we continue to believe that developing an integrated master schedule for the Plan is needed. Developing and maintaining an integrated master schedule for the Plan could allow CBP insight into current or programmed allocation of resources for all programs as opposed to attempting to resolve any resource constraints for each program individually.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, when updating Life-cycle Cost Estimates for the IFT and RVSS programs, the Commissioner of CBP should verify the Life-cycle Cost Estimates with independent cost estimates and reconcile any differences.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In March 2014, DHS concurred with this recommendation. In May 2016 CBP provided us with updated life-cycle cost estimates for two of its highest-cost programs under the Plan--the Integrated Fixed Tower (IFT) and the Remote Video Surveillance (RVSS). Further, CBP officials stated that in fiscal year 2016, DHS's Cost Analysis Division started piloting DHS's independent cost estimate capability on the RVSS program. According to CBP officials, the pilot is an opportunity to assist DHS in developing its independent cost estimate capability and that CBP selected the RVSS program for the pilot because the program is at a point in its planning and execution process where it can benefit most from having an independent cost estimate performed as these technologies are being deployed along the southwest border, beyond Arizona. In August 2016, CBP officials provided an update stating that details for an estimated independent cost estimate schedule and analysis plan for the RVSS program had not yet been finalized. As of November 2016, CBP officials stated that the results of the independent cost estimate for the RVSS program are expected to be completed by January 31, 2017. Further, CBP officials have not detailed similar plans for the IFT. We continue to believe that independently verifying the life-cycle cost estimates for the IFT and RVSS programs and reconciling any differences, consistent with best practices, could help CBP better ensure the reliability of the estimates.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, the Commissioner of CBP should revise the IFT Test and Evaluation Master Plan to more fully test the IFT program, before beginning full production, in the various environmental conditions in which IFTs will be used to determine operational effectiveness and suitability, in accordance with DHS acquisition guidance.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: In March 2014, DHS did not concur with this recommendation and stated that the Test and Evaluation Master Plan includes tailored testing and user assessments that will provide much, if not all, of the insight contemplated by the intent of the recommendation. According to CBP officials, acceptance testing was performed on the system in July 2015 and a limited user testing for the IFT system was conducted during October and November 2015. In May 2016, CBP reported that it had conditionally accepted seven out of 53 IFT systems in one area of responsibility. CBP also reported that it is working to deploy and test the remaining IFT unit systems to other areas of responsibility. In November 2016, CBP stated that they continue to non-concur with this recommendation and planned no further action. However, as we reported in March 2014, we continue to believe that revising the Test and Evaluation Master Plan to include more robust testing to determine operational effectiveness and suitability could better position CBP to (1) evaluate IFT capabilities before moving forward to full production for the system, (2) provide CBP with information on the extent to which the towers satisfy Border Patrol's user requirements, and (3) reduce potential program risks. Without conducting operational testing in accordance with DHS guidance, the IFT program may be at increased risk of not meeting Border Patrol operational needs.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, once data on asset assists are required to be recorded and tracked, the Commissioner of CBP should analyze available data on apprehensions and seizures and technological assists, in combination with other relevant performance metrics or indicators, as appropriate, to determine the contribution of surveillance technologies to CBP's border security efforts.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: In February 2015, Border Patrol officials provided documentation stating that the agency has yet to analyze data on asset assists, in combination with other relevant performance metrics and indicators to determine the contributions of surveillance technologies to its mission. However, the Border Patrol plans to address this recommendation using the Capability Gap Analysis Process (CGAP) developed by Johns Hopkins University Applied Physics Lab specifically for the Border Patrol. According to Border Patrol officials, the CGAP will enable the agency to examine the effects of technology and other Border Patrol assets such as agents, infrastructure, in the context of everyday border patrol operations. The data generated by the CGAP along with e3 apprehension and seizure data will better inform the nature of the contributions and impacts of surveillance technology on enforcement efforts. Border Patrol officials explained that capturing data on asset assists within the in e3 Processing database was the first step to determine the contribution of technology to detect, identify, and classify activity along the border. Further, the Border Patrol identified individual types of technology such as Integrated Fixed Towers, Mobile Video Surveillance System, Underground Sensors, etc. and grouped them into classes such as Fixed, Mobile and Relocatable to better distinguish the contribution of each class of technology. As the Border Patrol gains a better understanding through analysis, the agency plans to continue to refine the measures and the collection of the metrics. In November 2014, the Border Patrol proposed a timeline highlighting the agency's future efforts to capture and document the contributions of the different classes of technology to the Border Patrol's mission. In our March 2016 update on the progress made by agencies to address our findings on duplication and cost savings across the federal government, we reported that CBP had modified its time frame for developing baselines for each performance measure and that additional time would be needed to implement and apply key attributes for metrics. In March 2016, according to CBP officials, the actual completion was being adjusted pending test and evaluation results for recently deployed technologies on the southwest border. In addition, Border Patrol officials told us that they planned to have various qualitative and quantitative performance measures of technology completed by the end of fiscal year 2016. These measures would help profile different levels of situational awareness in different areas of the border. In September 2016, Border Patrol provided a case study that assessed CGAP data with technology assist data and other measures to determine contributions of surveillance technologies to its mission. While this is a start to developing performance measures, the case study is limited to one location along the border and the analysis limited to select technologies. As of April 2017, CBP had not conducted assessments of the deployments to determine the contribution of surveillance technologies to the border security mission. Until CBP completes its efforts to fully develop and apply key attributes for performance metrics for all technologies to be deployed under the Plan, it will not be well positioned to fully assess its progress in implementing and determining the Plan and determine when mission benefits have been fully realized.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To better ensure DSOs' and students' compliance with OPT requirements, and strengthen efforts to identify and assess potential risks in OPT, the Director of ICE should direct SEVP to develop and distribute guidance to DSOs on how to determine whether a job is related to a student's area of study and require DSOs to provide information in SEVIS to show that they took steps, based on this guidance, to help ensure that the student's work is related to the area of study.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of April 2015, SEVP has made progress in developing employment guidance to support DSOs in determining whether a job is related to a student's area of study and requiring DSOs to provide such information in SEVIS. SEVP stated that it has drafted such guidance and it is being reviewed by SEVP subject matter experts. In addition, SEVP stated that it is developing information requirements for DSOs to attest that they adhered to the new employment guidance document in SEVIS, which requires system enhancements. In May 2016, the new STEM OPT regulation went into effect and, among other things, SEVP officials stated that it requires much greater detail on the scope of the employment and how it is related to the earned degree. As of October 2016, SEVP expects that non-STEM guidance on field of study will be finalized by the second quarter of fiscal year 2017.
    Director: Wilshusen, Gregory C
    Phone: (202)512-6244

    1 open recommendations
    Recommendation: The Secretary of Homeland Security, in collaboration with emergency service sector stakeholders, should address the cybersecurity implications of implementing Next Generation 911 and the First Responder Network Authority network in the next iteration of sector plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In December 2015, DHS released an updated sector-specific plan for the emergency services sector that describes the sector's greater dependence on cyber-based infrastructure as a notable trend and emerging issue among the sector's risks. However, the plan does not incorporate steps to address the cybersecurity risk of implementing Next Generation 911 or risks associated with the First Responder Network, the public safety broadband network, currently in development. An update to the sector-specific plan will likely not occur until 2018. When DHS provides evidence regarding additional risk mitigation steps, we will review the evidence provided to update the status of this recommendation.
    Director: Wilshusen, Gregory C
    Phone: (202) 512-6244

    3 open recommendations
    Recommendation: To improve the implementation of the act, the Secretary of Homeland Security should develop and implement policies and procedures for cost-benefit analyses related to computer matching agreements to include key elements such as personnel and computer costs, as well as avoidance of future improper payments and recovery of improper payments and debts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Homeland Security should ensure the DIB reviews cost-benefit analyses to make certain cost savings information for the computer matching program is included before approving CMAs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Homeland Security should ensure the DIB performs annual reviews and submits annual reports on agency computer matching activities, as required by the act.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Director: Grover, Jennifer A
    Phone: (202) 512-7141

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To help ensure that security-related funding is directed to programs that have demonstrated their effectiveness, the Secretary of Homeland Security should direct the TSA Administrator to limit future funding support for the agency's behavior detection activities until TSA can provide scientifically validated evidence that demonstrates that behavioral indicators can be used to identify passengers who may pose a threat to aviation security.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security (DHS) did not concur with GAO's November 2013 recommendation to the TSA Administrator to limit future funding support for the agency's behavior detection activities until TSA can provide scientifically validated evidence that demonstrates that behavioral indicators can be used to identify passengers who may pose a threat to aviation security. However, as of July 2017, DHS has reduced funding for its behavior detection activities and taken some steps toward identifying additional evidence to support its use of behavioral indicators. TSA officials stated that GAO's recommendation contributed to DHS's decision to reduce the number of behavior detection officers (BDO) from 3,131 full-time equivalents in fiscal year 2013 to 2,393 full-time equivalents employed in fiscal year 2016. Further, in the summer of 2016 and consistent with the Aviation Security Act of 2016, the agency began assigning BDOs to other positions at passenger screening checkpoints where they are able to observe passengers while performing screening duties. According to TSA officials, all BDOs have now been converted into transportation security officers with behavior detection capabilities, which is expected to reduce the cost of the agency's behavior detection activities. As of August 2017, TSA does not yet have an estimate of any associated cost reductions. Since GAO's 2013 report, TSA has revised its list of behavioral indicators and taken some steps to identify evidence that these indicators can be used to identify passengers who may pose a threat to aviation security. Specifically, TSA hired a contractor to search available literature for sources supporting its revised list of 36 behavioral indicators. However, in 2017, GAO reviewed all 178 sources TSA identified and found that 98 percent (175 of 178) did not provide valid evidence for specific behavioral indicators in its revised list and that the remaining 3 sources could be used as valid evidence to support 8 of the 36 indicators. GAO reported that TSA should continue to limit funding for the agency's behavior detection activities until TSA can provide valid evidence demonstrating that behavioral indicators can be used to identify passengers who may pose a threat to aviation security, consistent with the recommendation in its November 2013 report.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To ensure that the increasing risks of GPS disruptions to the nation's critical infrastructure are effectively managed, the Secretary of Homeland Security should increase the reliability and usefulness of the GPS risk assessment by developing a plan and time frame to collect relevant threat, vulnerability, and consequence data for the various critical infrastructure sectors, and periodically review the readiness of data to conduct a more data-driven risk assessment while ensuring that DHS's assessment approach is more consistent with the National Infrastructure Protection Plan (NIPP).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials had previously indicated that DHS's Office of Infrastructure Protection (IP) and Office of Cyber and Infrastructure Analysis (OCIA) have discussed an update of the GPS risk assessment, noting that such an update may be included in fiscal year 2017 planning documents. However, as of February 2017, no documentation had been provided that demonstrates such plans. Additionally, information from DHS shows that DHS has continued other efforts to collect potentially relevant threat, vulnerability, and consequence data for various GPS equipment in use. For example, according to DHS officials, DHS has conducted visits to major maritime, finance, wireless communications, and electricity firms to gauge their understanding of GPS vulnerabilities and of technology- and strategy-based efforts to improve GPS resilience, and DHS documentation shows that DHS has held events to test GPS receivers as part of assessing vulnerabilities. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To ensure that the increasing risks of GPS disruptions to the nation's critical infrastructure are effectively managed, the Secretary of Homeland Security should, as part of current critical infrastructure protection planning with Sector-Specific Agencys (SSAs) and sector partners, develop and issue a plan and metrics to measure the effectiveness of GPS risk mitigation efforts on critical infrastructure resiliency.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2017, DHS documentation shows that DHS has worked with Sector Specific Agencies (SSAs) and other interagency partners to help manage GPS risks and continues to communicate information on risks to critical infrastructure partners. For example, according to DHS officials, this included briefing field staff and developing questions for infrastructure surveys to gather information on GPS resilience at the facility level. According to DHS officials, at the national level DHS included GPS in discussions with SSAs on topics they could include in their Sector-Specific Plans (each SSA develops a Sector-Specific Plan to detail risk management in its critical infrastructure sector), but DHS has also indicated that sector-oriented metrics are not a viable means of assessing risk management actions. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To improve collaboration and address uncertainties in fulfilling the National Security Presidential Directive 39 (NSPD-39) backup-capabilities requirement, the Secretaries of Transportation and Homeland Security should establish a formal, written agreement that details how the agencies plan to address their shared responsibility. This agreement should address uncertainties, including clarifying and defining DOT's and DHS's respective roles, responsibilities, and authorities; establishing clear, agreed-upon outcomes; establishing how the agencies will monitor and report on progress toward those outcomes; and setting forth the agencies' plans for examining relevant issues, such as the roles of SSAs and industry, how NSPD-39 fits into the NIPP risk management framework, whether an update to the NSPD-39 is needed, or other issues as deemed necessary by the agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2017, the National Executive Committee for Space-Based Positioning, Navigation, and Timing (PNT) Executive Steering group had established an interagency team called the "Complementary PNT Tiger Team" co-chaired by DHS, DOT, and DOD. This team was formed to manage the federal government's efforts to establish a national backup system to GPS. According to DHS officials, this organizational structure obviates the need for a formal, written agreement between DOT and DHS specific to GPS backup responsibilities. They also stated that, in a separate but related effort, DHS, DOT, and DOD are discussing a tri-lateral agreement that covers a broad spectrum of PNT-related responsibilities and activities. We will update the status of this recommendation after we receive additional information from DHS.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To improve the management and oversight of FPS's contract guard program, the Secretary of Homeland Security should direct the Under Secretary of National Protection and Programs Directorate (NPPD) and the Director of FPS to take immediate steps to determine which guards have not had screener or active-shooter scenario training and provide it to them and, as part of developing a national lesson plan, decide how and how often these trainings will be provided in the future.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS has indicated that they plan to implement this recommendation through its implementation of a training management system. FPS anticipates beginning implementation of this system in early 2018 and completing implementation by August 2018. GAO will continue to work with FPS to determine whether this recommendation has been implemented.
    Recommendation: To improve the management and oversight of FPS's contract guard program, the Secretary of Homeland Security should direct the Under Secretary of NPPD and the Director of FPS to require that contract guard companies' instructors be certified to teach basic and refresher training courses to guards and evaluate whether a standardized instructor certification process should be implemented.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS has indicated that they are currently assessing options for implementing a national lesson plan for guard training that addresses this recommendation. GAO will continue to work with FPS to determine whether this recommendation has been implemented.
    Director: Gambler, Rebecca S
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To improve the usefulness of southwest border crossing wait time data for informing public and management decisions, the Commissioner of CBP should identify and carry out steps that can be taken to help CBP port officials overcome challenges to consistent implementation of existing wait time estimation methodologies. Steps for ensuring consistent implementation of these methodologies could include, for example, implementing the fiscal year 2008 Western Hemisphere Travel Initiative report recommendations to use closed-circuit television cameras to measure wait time in real time and provide a standardized measurement and validation tool.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of May 2017, CBP officials report that in order to avoid further investment in a manual wait time methodology, the agency plans to focus resources on developing an enterprise-wide solution for automating the measurement of border delays. CBP estimates that this recommendation will be completed in October 2017.
    Recommendation: To improve the usefulness of southwest border crossing wait time data for informing public and management decisions, the Commissioner of CBP should, in consultation with Federal Highway Administration and state DOTs, assess the feasibility of replacing current methods of manually calculating wait times with automated methods, which could include assessing all of the associated costs and benefits, options for how the agency will use and publicly report the results of automated data collection, the potential trade-offs associated with moving to this new system, and other factors such as those influencing the possible expansion of existing automation efforts to the 34 other locations that currently report wait times but have no automation projects under way.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of May 2017, CBP's Office of Field Operations (OFO) reports working to identify a feasible and cost effective wait time solution to measure commercial vehicle delays along the southern border. Specifically, CBP officials report that they have been partnering with the Federal Highway Administration and the Texas A&M's Transportation Institute on the deployment of an automated radio-frequency identification measurement solution to measure commercial delays at eight crossings. To verify the accuracy of the automated wait time data, CBP officials report that in June 2016 they conducted a ground-truth analysis with mixed results. CBP officials report DHS Science and Technology directorate delivered their final report in February 2017 and by the end of September 2017, pending review and acceptance of the report's findings, CBP will coordinate efforts to develop the required communication protocols and data schematics for near real-time commercial vehicle wait time updates to the CBP Border Wait Time website and Border Wait Time app. CBP estimates that this recommendation will be completed in October 2017.
    Recommendation: To better ensure that CBP's Office of Field Operations' (OFO) staffing processes are transparent and to help ensure CBP can demonstrate that these resource decisions have effectively addressed CBP's mission needs, the Commissioner of CBP should document the methodology and process OFO uses to allocate staff to land ports of entry on the southwest border, including the rationales and factors considered in making these decisions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of May 2017, CBP's Office of Field Operations (OFO) reports that they have adopted a workload staffing model to identify CBP staffing requirements at land ports of entry. CBP officials report that the workload staffing model provides senior leadership with a decision-support tool to identify the number of required resources for each location and accounts for distinct operating environments, unique variables, and major functions and activities. CBP officials report that they use the workload staffing model results in its budget requests and when allocating staff to the ports of entry. However, CBP has not provided GAO with documentation showing how staff are allocated among land ports of entry including how workload staffing model results are used in this process. CBP officials report that in May 2017 OFO began working with contracted experts to synthesize the quantitative and qualitative data available and develop a comprehensive CBP position allocation methodology. CBP estimates that this recommendation will be completed in March 2018.
    Director: Cackley, Alicia P
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To establish full-risk rates for properties with previously subsidized rates that reflect their risk for flooding, the Secretary of the Department of Homeland Security (DHS) should direct the FEMA Administrator to develop and implement a plan, including a timeline, to obtain needed elevation information as soon as practicable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As we reported in February 2016 in GAO-16-190, FEMA has taken limited action to implement this recommendation. For example, FEMA noted that the agency would evaluate the appropriate approach for obtaining or requiring the submittal of information needed to determine full-risk rates for subsidized properties. FEMA also said it would explore technological advancements and engage with industry to determine the availability of technology, building information data, readily available elevation data, and current flood hazard data that could be used to implement the recommendation. However, FEMA officials also said that the agency faced a cost challenge with respect to elevation certificates and that obtaining these certificates could take considerable time and cost. They noted that requiring policyholders to incur the cost of obtaining elevation certificates would not be consistent with NFIP's policy objective to promote affordability. The officials added that the agency encourages subsidized policyholders who seek to ensure the appropriateness of their NFIP rates to voluntarily submit elevation documentation.
    Director: Caldwell, Stephen L
    Phone: (202) 512-9610

    2 open recommendations
    Recommendation: To better assess risk associated with facilities that use, process, or store chemicals of interest consistent with the NIPP and the CFATS rule, the Secretary of Homeland Security should direct the Under Secretary for National Protection and Programs Directorate (NPPD), the Assistant Secretary for NIPP's Office of Infrastructure Protection (IP), and Director of ISCD to develop a plan, with timeframes and milestones, that incorporates the results of the various efforts to fully address each of the components of risk and take associated actions where appropriate to enhance ISCD's risk assessment approach consistent with the NIPP and the CFATS rule.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, they completed development of an updated tiering methodology, which incorporates improvements based on recommendations from both the external peer review of the tiering methodology and a Sandia National Laboratory (Sandia) report on economic consequences, which was submitted to the Department in the first quarter of fiscal year (FY) 2015. Additionally, according to the officials, DHS continued hosting meetings of an external experts panel consisting of representatives from other Federal agencies and the chemical and oil and natural gas industries, who have met repeatedly to review and provide input on the proposed improvements to the Chemical Facility Anti-Terrorism Standards (CFATS) tiering methodology. As noted in the tiering methodology improvement plan previously provided by the Department to GAO, the ISCD is having external entities validate and verify the updated methodology before deployment. To that end, the Homeland Security Studies and Analysis Institute (HSSAI) has reviewed and provided findings and recommendations on all parts of the updated tiering engine. Additionally, Sandia has been conducting component testing of the tiering engine as it is being updated and, beginning in January 2016, Sandia will conduct end-to-end testing of the engine. Concurrent with these efforts, ISCD has been updating the Chemical Security Assessment Tool (CSAT) applications which currently support the collection of the data used by the CFATS tiering methodology (i.e., Top-Screen, Security Vulnerability Assessment). According to the officials, deployment of these new applications cannot occur until the DHS's Information Collection Request (ICR) is approved by the White House's Office of Management and Budget (OMB), which the Department anticipates submitting to OMB in the third quarter of fiscal year 2016. We will update the status of this recommendation after additional information is received from DHS. Status as of January 20, 2016.
    Recommendation: To better assess risk associated with facilities that use, process, or store chemicals of interest consistent with the NIPP and the CFATS rule, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for IP, and Director of ISCD to conduct an independent peer review, after ISCD completes enhancements to its risk assessment approach, that fully validates and verifies ISCD's risk assessment approach consistent with the recommendations of the National Research Council of the National Academies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, the updated CFATS risk-based tiering methodology has been developed and portions of it are undergoing independent review from both HSSAI and Sandia. An independent verification and validation of the updated tiering methodology is scheduled to be conducted by Sandia beginning in January 2016. We will update the status of this recommendation after additional information is received from DHS. Status as of January 20, 2016.
    Director: Larence, Eileen
    Phone: (202)512-6510

    1 open recommendations
    Recommendation: To ensure that USNCB and ICE are providing more comprehensive information to their respective foreign counterparts regarding registered sex offenders traveling internationally, the Attorney General and the Secretary of Homeland Security should take steps to help ensure that USNCB and ICE have information on the same number of registered sex offenders as well as the same level of detail on registered sex offenders traveling internationally. Such steps could include USNCB and ICE copying each other on their notifications to their foreign counterparts or USNCB receiving information directly from the CBP National Targeting Center (NTC).

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that U.S. National Central Bureau (USNCB) and U.S. Immigration and Customs Enforcement (ICE) did not have information on the same registered sex offenders or the same level of detail on registered sex offenders traveling internationally, which affected their ability to notify their respective foreign counterparts. In part, this is because the two agencies rely on different information sources and do not share information with one another. We recommended that DOJ and DHS develop mechanisms that would enable these two agencies to have access to the same information on traveling sex offenders. In August 2013, ICE provided documentation showing that it copied several U.S. Marshals Service (USMS) officials on notifications that ICE sent to other countries regarding registered sex offenders traveling internationally. However, ICE did not copy USNCB on these notifications. ICE explained that it thought sharing information on traveling sex offenders with USMS and relying on USMS to pass that information along to USNCB was the most efficient way to share information with USNCB. However, we analyzed notifications from ICE, USNCB, and USMS regarding sex offenders who initiated international travel in February 2014 and found that USMS only passed along about 30 percent of the notifications it received from ICE to USNCB. We provided the results of this analysis to all three agencies in July 2014. We met with relevant U.S. Customs and Border Protection (CBP), ICE, USMS, and USNCB officials in September 2014 to discuss options for ensuring that USNCB receives more comprehensive information regarding traveling sex offenders. ICE officials stated that since CBP is the source of the information ICE receives on traveling sex offenders, as well as one of the information sources for USMS, that it may be best for CBP to provide information directly to USNCB. USNCB officials also stated that their preference was to receive information directly from CBP, and it was their understanding that CBP and USNCB were in the process of developing an MOU that would allow for this. In October 2015, CBP confirmed that the MOU would enable CBP to share information with USNCB regarding traveling sex offenders. CBP also stated that the MOU had been approved by CBP and sent to USNCB for review. In an April 2016 update, CBP reported that the MOU had been tentatively approved by USNCB and is expected to be finalized and signed in July 2016. In August 2016, CBP stated that the completion date for the MOU was pushed back to September 30, 2016, to allow time for CBP and USNCB to negotiate additional edits. We followed up with CBP about the status of the MOU in February 2017. We are awaiting a response.
    Director: Caldwell, Stephen L
    Phone: (202)512-9610

    1 open recommendations
    Recommendation: To address long-standing challenges that continue to hinder regional preparedness efforts in the NCR, the FEMA Administrator should require that the Director of NCRC assist regional officials in developing measures to better assess the implementation of the NCR's strategic plan.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In May 2017, FEMA officials reported that (1) efforts to update the NCR Homeland Security Strategic Plan had been delayed o provide more time to determine targets for each core capability, and in light of anticipated changes in the NCR homeland security and emergency management governance structure; (2) FEMA's 's Office of National Capital Region Coordination (ONCRC) held a kick-off meeting of a new NCR Strategic Plan Working Group in February 2017; and (3) the working group will continue development of the new plan with a revised estimated completion date of November 2017.
    Director: Caldwell, Stephen L
    Phone: (202)512-9610

    1 open recommendations
    Recommendation: To better ensure consistent implementation of and accountability for DHS's resilience policy, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to develop an implementation strategy for this new policy that identifies the following characteristics and others that may be deemed appropriate: (1) steps needed to achieve results, by developing priorities, milestones, and performance measures; (2) responsible entities, their roles compared with those of others, and mechanisms needed for successful coordination; and (3) sources and types of resources and investments associated with the strategy, and where those resources and investments should be targeted.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In the 60-day letter provided in January 2013, DHS indicated that the Resilience Integration Team (RIT) was developing a draft implementation plan to be circulated among relevant stakeholders for review. On 10/30/13, we notified DHS that we would like to see a copy of the resilience policy implementation plan (if developed), or any other related documentation if the plan is still in development. We were informed later that day that a draft plan had been developed, and DHS needed to confirm its status. In May of 2015, we were told again that a draft plan had been developed but never finalized. As of August 2015, DHS's Policy Office is looking into the status of plan development. We await their response. DHS response still pending as of 10/4/16.
    Director: Powner, David A
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretaries of Homeland Security and Health and Human Services should direct their Chief Information Officers to ensure OAs are performed annually on all major steady state investments and the assessments include all key factors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security has updated their OA policy and is currently performing OAs on investments. We received fiscal year 2016 OAs for CBP but are waiting for the rest of the departments OAs for FY2016.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To strengthen DHS's evaluation and planning process for addressing employee morale, the Secretary of Homeland Security should direct the Office of the Chief Human Capital Officer (OCHCO) and component human capital officials to examine their root cause analysis efforts and, where absent, add the following: comparisons of demographic groups, benchmarking against similar organizations, and linkage of root cause findings to action plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2012, we reviewed and reported on actions DHS took to address the morale of its employees. We reported, among other things, that DHS's Office of the Chief Human Capital Officer and DHS components had not consistently used three survey analysis techniques when analyzing employee survey results--comparisons of demographic groups, benchmarking against similar organizations, and linking root cause findings to action plans. DHS OCHCO officials, and supporting documentation, indicate some actions taken to incorporate these techniques. Specifically, as of June 2017, officials provided copies of the DHS FY 2017 Component Employee Engagement Action Plans. We reviewed the action plans and spoke with DHS OCHCO officials to determine the extent to which DHS's action plans addressed our recommendation. Several action plans we reviewed included evidence of utilizing the three survey analysis techniques we recommended, while other action plans lack some or all of the techniques. For example, components whose action plans fully address the recommendation includes: Customs and Border Protection (CBP), Federal Emergency Management Agency (FEMA), Immigration and Customs Enforcement (ICE), and the Transportation Security Administration (TSA). Components whose action plans partially address the recommendation are: U.S. Citizenship and Immigration Services (USCIS), U.S. Coast Guard (USCG), and U.S. Secret Service (USSS). National Protection and Programs Directorate's (NPPD) action plan did not address any of the three survey analysis techniques. According to DHS OCHCO officials, while OCHCO developed a checklist to consult when creating action plans to address employee survey results, senior management decided not to require that components use the checklist in developing their action plans as it may limit their freedom to develop their goals and planning. To fully address this recommendation, DHS OCHCO officials need to continue to provide documentary evidence of demographic analysis, benchmarking, and root cause linkage efforts completed for components that have not fully addressed the recommendation in their action plans. DHS OCHCO officials agreed with our analysis and reiterated their intent to fully implement this recommendation. We will update the status of this recommendation after additional information is received from DHS. Status as of June 2017.
    Recommendation: To strengthen DHS's evaluation and planning process for addressing employee morale, the Secretary of Homeland Security should direct the OCHCO and component human capital officials to establish metrics of success within the action plans that are clear and measurable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2012, we reviewed and reported on actions DHS took to address the morale of its employees. We reported, among other things, that DHS's Office of the Chief Human Capital Officer and DHS components measures of action plan success related to employee morale could have improved clarity and incorporate measurable targets. DHS officials regularly provided us with copies of annual component employee engagement action plans, most recently as of June 2017. We reviewed the action plans and spoke with DHS OCHCO officials to determine the extent to which DHS's action plans addressed our recommendation. Our review in June 2017 indicated that most components' action plans included clear and measureable targets. For example, components whose action plans fully address the recommendation include CBP, Coast Guard, FEMA, ICE, NPPD, USCIS, and USSS. TSA's action plans partially addressed the recommendation and the component is taking steps to improve its measures. To fully address this recommendation, DHS OCHCO officials need to continue to provide documentary evidence of improved measure clarity and incorporate measurable targets in components' action planning efforts. DHS OCHCO officials agreed with our assessment and told us that they continue to provide feedback to component officials to address action planning improvement. These officials reiterated their efforts to fully implement this recommendation and we will update the status of this recommendation after additional information is received from DHS.
    Director: Mackin, Michele
    Phone: (202) 512-3000

    1 open recommendations
    Recommendation: To help the Coast Guard create stability in the acquisition process and provide decision makers, including DHS, Office of Management and Budget, and Congress, with current information to make decisions about budgets, the Commandant of the Coast Guard should conduct a comprehensive portfolio review to develop revised baselines that reflect acquisition priorities as well as realistic funding scenarios.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. Since 2014, we found efforts are underway to address this issue, but, so far, these efforts have not led to the significant trade-off decisions needed to improve the affordability of the Coast Guard's portfolio. The Coast Guard is currently conducting a fleet-wide analysis, including surface, aviation, and information technology, intended to be a fundamental reassessment of the capabilities and mix of assets the Coast Guard needs to fulfill its missions. The Coast Guard is undertaking this effort consistent with direction from Congress based upon this and other GAO recommendations. Specifically, the Coast Guard has completed its new mission needs statement and plans to release a fleet-wide concept of operations by the end of fiscal 2016. Then, it will use a complex model to develop the full fleet mix study. Based on this, the Coast Guard plans to recommend a set of assets that best meets these needs in terms of capability and cost. The Coast Guard plans to complete the full study in time to inform the fiscal year 2019 budget, though specific dates for these events have not been set forth.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help mitigate the risk of poor acquisition outcomes and strengthen the department's investment management activities, the Secretary of Homeland Security should direct the Under Secretary for Management to, once the department's acquisition programs comply with DHS acquisition policy, prioritize major acquisition programs departmentwide and ensure that the department's acquisition portfolio is consistent with DHS's anticipated resource constraints.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with this recommendation, and stated that its effort to more fully reflect portfolio management practices in its acquisition policy will help DHS prioritize its major acquisition programs departmentwide. DHS also stated that the revised portfolio management approach will help ensure that the department's acquisition portfolio is consistent with anticipated resource constraints. However, it has taken years for some of the department's major acquisition programs to comply with DHS's acquisition policy, which requires getting approval for key acquisition documentation that contains the critical knowledge needed for DHS to make effective portfolio management decisions. In February 2017, we found that DHS had approved the required acquisition documentation for all of its major acquisition programs and planned to continue to ensure that all major acquisition programs have approved documents, such as acquisition program baselines. Now that major acquisition programs are in compliance with DHS's acquisition policy, GAO will evaluate the department's implementation of its revised portfolio management approach to determine whether DHS has met the intent of this recommendation by ensuring that the department's acquisition portfolio is consistent with DHS's anticipated resource constraints.
    Director: Currie, Christopher
    Phone: (404)679-3000

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To increase the efficiency and effectiveness of the process for disaster declarations, the FEMA Administrator should develop and implement a methodology that provides a more comprehensive assessment of a jurisdiction's capability to respond to and recover from a disaster without federal assistance. This should include one or more measures of a jurisdiction's fiscal capacity, such as TTR, and consideration of the jurisdiction's response and recovery capabilities. If FEMA continues to use the PA per capita indicator to assist in identifying a jurisdiction's capabilities to respond to and recover from a disaster, it should adjust the indicator to accurately reflect the annual changes in the U.S. economy since 1986, when the current indicator was first adopted for use. In addition, implementing the adjustment by raising the indicator in steps over several years would give jurisdictions more time to plan for and adjust to the change.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open
    Priority recommendation

    Comments: On January 20, 2016, FEMA published an Advanced Notice of Proposed Rulemaking to solicit comments on an option FEMA is considering to establish a disaster deductible, which would require a predetermined level of financial or other commitment from a recipient, generally the state or territorial government, before FEMA would provide assistance under the Public Assistance Program. According to FEMA, the agency received 150 responses during the 60-day public comment period, which ended on March 21, 2016, and used this input to develop a plan for further engagement on a more detailed proposal for public comment. The Supplemental Advanced Notice of Proposed Rulemaking, published on January 12, 2017, provided another opportunity for stakeholder input prior to any changes to the Public Assistance program. This proposal included an explanation of how deductible amounts might be calculated, identified specific credits that states could apply for, and detailed how the deductible would be applied post-declaration. Comments on the Supplemental Advanced Notice of Proposed Rulemaking must be submitted by April 12, 2017. Until FEMA implements a new methodology, FEMA will not have an accurate assessment of a jurisdiction's capabilities to respond to and recover from a disaster without federal assistance and runs the risk of recommending that the President award Public Assistance to jurisdictions that have the capability to respond and recover on their own.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should develop and implement a new comprehensive and reliable system for contract guard oversight.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FPS officials, as of September 2017, FPS is currently reviewing proposals and preparing to make a decision for the final contract award for a Post Tracking System (PTS). According to FPS, this PTS will allow FPS to comprehensively and reliability mange its contract guards. Once the contract is awarded in late 2017 FPS will begin to implement the PTS system. GAO is keeping this recommendation open pending successful implementation of this system.
    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should verify independently that FPS's contract guards are current on all training and certification requirements.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FPS officials, as of September 2017, FPS plans to address this recommendation through the implementation of FPS?s Training Academy and Management System (TAMS). FPS reported that this system should allow it to verify independently that FPS's contract guards are current on all training and certification requirements. FPS is currently taking various steps to finalize the system and anticipates full implementation of TAMS by August 2018. GAO is leaving this recommendation open pending successful implementation of TAMS.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    3 open recommendations
    Recommendation: To help ensure that FEMA's agencywide workforce planning and training efforts are conducted in a comprehensive and integrated manner, the FEMA Administrator should identify and document long-term and quantifiable mission critical goals that reflect the agency's priorities for workforce planning and training.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In October 2016, agency officials said they had contracted for the development of a Workforce Strategic Plan that is intended to assess current steady state staffing needs based on mission requirements and establish workforce models capable of determining future needs based on workload drivers. Further, they said the plan will monitor and evaluate FEMA's progress towards mission critical goals and the contribution that human capital results have made towards achieving programmatic priorities. In July 2017, they provided an updated estimate that the plan will be completed by June 2020. Pending completion of this effort, the recommendation will remain open.
    Recommendation: To help ensure that FEMA's agencywide workforce planning and training efforts are conducted in a comprehensive and integrated manner, the FEMA Administrator should establish a time frame for completing the development of quantifiable performance measures related to workforce planning and training efforts.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In October 2016, agency officials said they had contracted for the development of a Workforce Strategic Plan that is intended to assess current steady state staffing needs based on mission requirements and establish workforce models capable of determining future needs based on workload drivers. Once complete, they said the plan will identify performance metrics to track FEMA's progress towards mission critical goals regarding workforce planning and training efforts. In July 2017, they provided an updated estimate that the plan will be completed by September 2020. Pending completion of this effort, the recommendation will remain open.
    Recommendation: To better inform FEMA's decision-making related to agencywide workforce planning and training efforts, the FEMA Administrator should develop systematic processes to collect and analyze workforce and training data.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In July 2017, officials reported that FEMA's Chief Component Human Capital Office was preparing a Training Plan that will outline the collection and analysis methodology of training data with an estimated completion date of September 2018. Pending documentation of the results of these efforts this recommendation will remain open.
    Director: Martin, Belva M
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To better inform management and resource allocation decisions, effectively manage limited export control enforcement resources, and improve the license determination process, the Secretary of Homeland Security, in consultation with the departmental representatives of the Export Enforcement Coordination Center, including Commerce, Justice, State, and the Treasury should (1) leverage export control enforcement resources across agencies by building on existing agency efforts to track resources expended, as well as existing agency coordination at the local level; (2) establish procedures to facilitate data sharing between the enforcement agencies and intelligence community to measure illicit transshipment activity; and (3) develop qualitative and quantitative measures of effectiveness for the entire enforcement community to baseline and trend this data.

    Agency: Department of Homeland Security
    Status: Open

    Comments: To help track resources expended and coordination of enforcement resources, the E2C2 has ratified and implemented the investigative deconfliction protocol. The Export Enforcement Coordination Center (E2C2) has also ratified and implemented the dispute resolution protocol and it is being used by all E2C2 partners. These are two of seven standard operating procedures planned to be in use by the E2C2. The Intelligence Community engagement/information protocols are being addressed through the E2C2 Export Enforcement Intelligence Working Group to help facilitate data sharing, and ICE, through the E2C2, is still in the process of establishing interagency agreement on procedures to facilitate data sharing between the enforcement agencies and intelligence community to assist in measuring illicit transshipment activity. The E2C2 Intel Cell White Paper is complete, but the Cell is not staffed or operational. This Cell is to serve as the primary interagency conduit for defining, establishing, and implementing protocols and facilitating information sharing between the IC and export enforcement community. The white paper outlines the E2C2 Intel Cell's mission, general roles and functions, recommended tasks and structure to facilitate enhanced coordination and intelligence sharing. When established, the Cell will develop standard operating procedures but this has not yet occurred. In late August 2016, the Department of Commerce assigned a new Assistant Director and one analyst to the E2C2. Efforts to formalize an intelligence analytical unit and draft a corresponding SOP are ongoing as of the summer of 2017.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To help reduce the risk of duplication by strengthening DHS's administration and oversight of these programs, and to better identify and reduce the risk of duplication through improved data collection and coordination, the FEMA Administrator should take steps, when developing non disaster grant management system (ND Grants) and responding to the May 2011 FEMA report recommendations on data requirements, to ensure that FEMA collects project information with the level of detail needed to better position the agency to identify any potential unnecessary duplication within and across the four grant programs, weighing any additional costs of collecting these data.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: As of March 2017, FEMA had taken steps to address GAO's February 2012 recommendation, but actions were not complete. For example, in fiscal year 2014, FEMA modified its existing grants data system to capture more robust project-level data--such as project budget data--for the Homeland Security Grant Program, which includes the State Homeland Security Grant Program and the Urban Areas Security Initiative. However, FEMA stated that it will not be able to use ND grants to cross-check for redundant projects across all preparedness grant programs until project-based applications are deployed for all preparedness grant programs in the system. For example, Port Security Grant Program and Transit Security Grant Program applications are not housed in the legacy grants data system that was modified to collect more specific project data. To mitigate this issue, FEMA reported that its program officers manually cross-check for redundant projects across all preparedness grant programs. Further, grant program policies call for applicants to coordinate across all preparedness grant stakeholders to help ensure unity of effort and avoid redundant investment proposals. Although future upgrades over several years to ND Grants are planned to eliminate duplication during the application process, FEMA believes the most efficient use of resources is to use current legacy systems to identify duplication in the meantime. Using this interim approach to collect more specific project-level data during the grant application process should help FEMA strengthen the administration and oversight of its grant programs until FEMA implements its long-term solution to upgrade ND Grants. However, implementing ND Grants as previously planned would better position FEMA to identify potentially unnecessary duplication within and across grant programs, as ND Grants was designed to have greater project-level enhancement capability than the legacy system.
    Director: Gambler, Rebecca S
    Phone: (202)512-3000

    2 open recommendations
    Recommendation: To increase the likelihood of successful implementation of the Arizona Border Surveillance Technology Plan and maximize the effectiveness of technology already deployed, the Commissioner of CBP should take the following step in planning the agency's new technology approach: determine the mission benefits to be derived from implementation of the plan and develop and apply key attributes for metrics to assess program implementation.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As GAO recommended in November 2011, CBP has identified mission benefits to be derived from implementing the Arizona Border Surveillance Technology Plan (Plan). In April 2013, CBP issued its Multi-Year Investment and Management Plan for Border Security Fencing, Infrastructure, and Technology for Fiscal Years 2014 through 2017, which identifies mission benefits to be achieved by all surveillance technologies (e.g., cameras or sensors) to be deployed under the Plan. According to CBP, the majority of these technologies will provide the mission benefits of improved situational awareness and agent safety. Furthermore, according to CBP's Multi-Year Investment and Management Plan for Border Security Fencing, Infrastructure, and Technology for Fiscal Years 2014 - 2017, the technologies deployed or planned for deployment as part of the Plan are intended to help enhance the ability of Border Patrol agents to detect, identify, deter, and respond to threats along the border. CBP's identification of mission benefits will help position CBP to assess its progress in implementing the Plan and the effectiveness of the Plan's technologies in achieving their intended goals. CBP has made some progress in identifying key attributes for metrics to assess implementation of the Arizona Border Surveillance Technology Plan (Plan), as GAO recommended in November 2011, but it has not yet fully identified and applied attributes for metrics for all technologies under the Plan. Since August 2010, CBP has operated multiple technology systems under the Secure Border Initiative Network (SBInet), which preceded the Plan and is a combination of surveillance technologies aimed at creating a "virtual fence" along the southwest border. Specifically, CBP has operated two surveillance systems under SBInet's initial deployment in high-priority regions of the Arizona border. In October 2012, CBP officials stated that these operations identified examples of key attributes for metrics that can be useful in assessing the implementation for technologies. For example, according to CBP, to help measure whether illegal activity has decreased, examples of key attributes include decreases in arrests, complaints by citizens and ranchers, and destruction of public and private lands and property. In November 2014, CBP identified a set of potential key attributes for performance metrics for all technologies to be deployed under the Plan. While CBP has yet to apply these measures, it established a timeline for developing performance measures for each technology. CBP initially expected baselines for each performance measure to be developed by the end of fiscal year 2015. However, in October 2015, CBP officials stated that CBP had modified its time frame for developing baselines and that additional time would be needed to implement and apply key attributes for metrics. In March 2016, CBP officials stated that CBP had planned to use the baseline data to establish a tool by the end of fiscal year 2016. In addition, CBP officials stated these performance measures would profile levels of situational awareness in various areas of the border. In September 2016, CBP provided GAO a case study that assessed technology assist data along with other measures such as field-based assessments of capability gaps, to determine the contributions of surveillance technologies to its mission. While this is a start to developing and applying performance metrics, the case study was limited to one border location and the analysis was limited to select technologies. Until CBP completes its efforts to fully develop and apply key attributes for performance metrics for all technologies to be deployed under the Plan, it will likely not be able to fully assess its progress in implementing the Plan and determine when mission benefits have been fully realized.
    Recommendation: To increase the reliability of CBP's Cost Estimate for the Arizona Border Surveillance Technology Plan, the Commissioner of CBP should update its cost estimate for the Plan using best practices, so that the estimate is comprehensive, accurate, well-documented, and credible. Specifically, the CBP's Office of Technology Innovation and Acquisition (OTIA) program office should (1) fully document data used in the cost model; (2) conduct a sensitivity analysis and risk and uncertainty analysis to determine a level of confidence in the estimate so that contingency funding can be established relative to quantified risk; and (3) independently verify the new life-cycle cost estimate with an independent cost estimate and reconcile any differences.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As GAO recommended in 2011, CBP provided cost estimates for the IFT and RVSS programs, the two highest cost programs in the Arizona Border Surveillance Technology Plan (Plan), in February and March 2012, respectively, and updated the cost estimate for the Plan in June 2013. However, these estimates do not fully meet cost-estimating best practices. In November 2011, GAO reported that the Plan's original cost estimate met some, but not all, cost-estimating best practices. Specifically, CBP had not conducted a sensitivity analysis and a risk and uncertainty analysis to determine a level of confidence in the original estimate, nor did CBP compare the original cost estimate with an independent estimate. For the cost estimate that CBP provided for the IFT in February 2012 and RVSS in March 2012, CBP partially documented the data used in the cost model for the IFT's LCCE (but needs to provide additional data and document management approval) and fully documented the cost model for the RVSS' LCCE. Developing a well-documented cost estimate is a best practice. CBP also conducted a sensitivity analysis and risk and uncertainty analysis to determine the level of confidence in both LCCEs so that contingency funding could be established relative to quantified risk. In addition, CBP's June 2013, CBP revised the cost estimate for the Plan does not fully address our concerns. For example, the IFT and RVSS compose over 90 percent of the Plan's cost in the June 2013 cost estimate; however, CBP has not independently verified its cost estimates for these two programs with independent cost estimates and reconciled any differences. Such action would help CBP better ensure the reliability of each system's cost estimate. Furthermore, the remainder of the June 2013 cost estimate is not fully documented for the Plan's other five programs, consistent with best practices. For example, the estimates for the other five programs are not fully documented because they are provided as summary program costs without detailed descriptions, such as including back-up documentation for labor hours. In November 2015, CBP had yet to update its LCCEs for two of its highest cost programs under the plan. In May 2016, CBP officials stated that the DHS's Cost Analysis Division had started piloting DHS's Independent Cost Estimate capability on the RVSS program in fiscal year 2016. According to CBP officials, this pilot test within CBP is an opportunity to assist DHS in developing its Independent Cost Estimate capability and that CBP selected the RVSS program for the pilot because the RVSS program is at a point in its planning and execution process where it can benefit most from having an independent cost estimate performed as these technologies are being deployed along the southwest border, beyond Arizona. As of October 2016, CBP officials stated that the RVSS schedule and analysis, as well as the results of the independent program cost estimate pilot is expected to be completed at the end of fiscal year 2017. CBP officials stated that they will provide information on the final reconciliation of the independent cost estimate and the RVSS program cost estimate once the pilot has been completed. Further, CBP officials have yet to detail similar plans for the IFT program. As updated life-cycle cost estimates have yet to be completed and independent cost estimates have not been conducted, GAO cannot determine the extent to which the agency is following best practices when updating the life-cycle cost estimates. Moreover, to fully address our recommendation, a LCCE for the Plan that fully addresses best practices is needed to ensure that the estimate is comprehensive, accurate, well-documented, and credible to help the agency and Congress fully understand the impacts of integrating the Plan's various programs.
    Director: Caldwell, Stephen L
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To strengthen the Coast Guard's efforts to ensure the security of OCS facilities and deepwater ports, the Commandant of the Coast Guard should make improvements to the Marine Information for Safety and Law Enforcement (MISLE) database or MISLE guidance to better ensure that all OCS facilities, both fixed and floating, are accurately and consistently identified and that the results of security inspections are consistently recorded to allow for better data analyses and management of the security inspections process.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2015, the Coast Guard updated its Marine Information for Safety and Law Enforcement (MISLE) Facilities User Guide to reflect an added feature to MISLE that allows users to identify if a vessel or facility is an OCS facility regulated under the Maritime Transportation Security Act (MTSA), 33 CFR 106. To ensure that this added feature is used in a consistent manner to accurately classify facilities that are regulated under 33 CFR 106, the Coast Guard is in the process of updating Navigation and Vessel Inspection Circular 05-03. In mid-November 2016, the Coast Guard liaison noted that the Coast Guard expects to issue the updated circular and complete related activities by the end of October 2017. On March 24, 2017, the Coast Guard liaison sent an email to notify GAO that the Coast Guard is still awaiting final decision on deployment of Homeport 2.0, prior to finalizing NVIC 5-03 and that the MISLE User Guide remains under development, with the estimated completion date (ECD) remaining as 10/31/17.
    Director: Goldstein, Mark L
    Phone: (202)512-6670

    1 open recommendations
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.
    Director: Brown, Orice Williams
    Phone: (202)512-5837

    3 open recommendations
    Recommendation: To improve strategic planning, performance management, and program oversight within and related to NFIP, the Secretary of DHS should direct the FEMA Administrator to develop a comprehensive workforce plan according to PKEMRA that identifies agency staffing and skills requirements, addresses turnover and staff vacancies, and analyzes FEMA's use of contractors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FEMA officials, as of July 2016, FEMA is in the process of developing a Workforce Strategic Plan they say will contribute to organizational performance and mission by enabling FEMA to align the overall workforce with strategic priorities. FEMA expected to complete the plan by the first quarter of FY2017. As of December 2016, FEMA officials said they were still working to implement this recommendation and agreed to provide us with an update of their progress.
    Recommendation: To improve FEMA's policies, procedures, and systems for achieving NFIP's program goals, the Secretary of DHS should direct the FEMA Administrator to consider the costs and benefits of implementing an interim system for FEMA and updating its document management policies and procedures while waiting for DHS to implement an agencywide electronic document management system.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA officials stated that, as of July 2016, FEMA is working to pilot an Electronic Records Management System (ERMS). They said that they expected to have all email records in an electronic state by December 31, 2016, and all records in an electronic state by December 31, 2019. They said that they expect the end state in 2019 to meet the Presidential Directive and NARA guidelines. As of December 2016, FEMA officials said they were still working to implement this recommendation and agreed to provide us with an update of their progress.
    Recommendation: To improve FEMA's policies, procedures, and systems for achieving NFIP's program goals, the Secretary of DHS should direct the FEMA Administrator to establish timelines for and complete the development and implementation of FEMA's revised acquisition process, in line with the DHS Acquisition Directive 102-01, including a rollout process with staff training and a mechanism to better ensure that all acquisitions undergo the necessary reviews.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA officials stated that, as of July 2016, a Disaster Acquisitions Response Team (DART) was in place along with metrics in place to monitor the team's success. They said they had also awarded a contract to serve as a contract file repository and that previously scanned contract files would be uploaded by December 31, 2016. As of December 2016, FEMA officials said they were still working to implement this recommendation and agreed to provide us with an update of their progress.
    Director: Grover, Jennifer A
    Phone: (202) 512-7141

    3 open recommendations
    including 1 priority recommendation
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should perform an internal control assessment of the TWIC program by (1) analyzing existing controls, (2) identifying related weaknesses and risks, and (3) determining cost-effective actions needed to correct or compensate for those weaknesses so that reasonable assurance of meeting TWIC program objectives can be achieved. This assessment should consider weaknesses we identified in this report among other things, and include: (1) strengthening the TWIC program's controls for preventing and detecting identity fraud, such as requiring certain biographic information from applicants and confirming the information to the extent needed to positively identify the individual, or implementing alternative mechanisms to positively identify individuals; (2) defining the term extensive criminal history for use in the adjudication process and ensuring that adjudicators follow a clearly defined and consistently applied process, with clear criteria, in considering the approval or denial of a TWIC for individuals with extensive criminal convictions not defined as permanent or interim disqualifying offenses; and (3) identifying mechanisms for detecting whether TWIC holders continue to meet TWIC disqualifying criminal offense and immigration-related eligibility requirements after TWIC issuance to prevent unqualified individuals from retaining and using authentic TWICs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that internal control weaknesses governing the enrollment, background checking, and use of TWIC potentially limit the program's ability to provide reasonable assurance that access to secure areas of MTSA-regulated facilities is restricted to qualified individuals. We further reported that TSA did not assess the internal controls designed and in place to determine whether they provided reasonable assurance that the program could meet defined mission needs for limiting access to only qualified individuals, and that internal control weaknesses in TWIC enrollment, background checking, and use could have contributed to the breach of selected MTSA-regulated facilities during covert tests conducted by our investigators. We recommended that DHS perform an internal control assessment of the TWIC program by (1) analyzing existing controls, (2) identifying related weaknesses and risks, and (3) determining cost-effective actions needed to correct or compensate for those weaknesses so that reasonable assurance of meeting TWIC program objectives can be achieved. In April 2013, DHS reported that it had taken a number of steps to address our recommendations. For example, it had refreshed and reissued fraudulent document detection training to enrollment personnel; created a mechanism for enrollment personnel to send detailed information of suspected fraud to adjudication personnel; benchmarked TWIC enrollment processes with passport enrollment processes; and defined guidance for adjudicators on the application of discretionary authority. As we reported in May 2013, to determine if the internal control weaknesses identified in our May 2011 report still exist, we conducted limited covert testing in late 2012. Our investigators again acquired an authentic TWIC through fraudulent means and were able to use this card and counterfeit TWIC cards to access areas of ports or port facilities requiring a TWIC for entry at four ports. In February 2014, TSA reported that it, in coordination with Coast Guard and DHS subject matter experts, had established an Executive Steering Committee to address recommendations from the May 2011 report on the TWIC program's internal controls (GAO-11-657). GAO recommended that the internal control assessment be the basis of the effectiveness assessment. In response, the Executive Steering Committee developed an internal control action plan that lists TWIC program control issues GAO identified, along with actions that TSA and the Coast Guard would or would not take to address them. However, based on our review of the internal control action plan and associated documents, and further discussing with TSA officials the methodology used to arrive at the internal control action plan, we determined that the internal control assessment we recommended has not been implemented. Specifically, there is no evidence of a detailed mapping of each policy and process in the program, their interrelationships, and clear linkage to show how actions in one step may enhance or reduce the effectiveness of the TWIC program achieving its stated mission needs. In January 2017 TSA awarded a contract for an internal control assessment of the TWIC program, including the TWIC program?s internal controls of the enrollment, background checking, and credential issuance processes. The assessment, however, is to exclude an assessment of Coast Guard?s role in TWIC enforcement. The project held a kickoff meeting in March of 2017 and is expected to produce final recommendations by August 2017. We believe that this is a positive step towards addressing our recommendation. However, the assessment does not include an evaluation of the use of TWIC, including Coast Guard's role in TWIC enforcement. We continue to believe that the internal control assessment inclusive of TWIC use and the interrelationship between acquiring a TWIC and using it in the maritime environment is needed. For the reasons noted above, this recommendation remains open.
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should conduct an effectiveness assessment that includes addressing internal control weaknesses and, at a minimum, evaluates whether use of TWIC in its present form and planned use with readers would enhance the posture of security beyond efforts already in place given costs and program risks.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: We reported that DHS had not assessed the program's effectiveness at enhancing security. We recommended that DHS conduct an effectiveness assessment that includes addressing internal control weaknesses and, at a minimum, evaluates whether use of TWIC in its present form and planned use with readers would enhance the posture of security beyond efforts already in place given costs and program risks. In March 2012, DHS reported that it agreed that the results and progress of the internal control actions should be used to further evaluate the effectiveness of the TWIC program. They further noted that as the different long term actions progress, DHS will develop specific plans to address this action. In May 2013 (see GAO-13-198), we reported that DHS had not addressed this recommendation. On January 17, 2014, the explanatory statement accompanying the Consolidated Appropriations Act, 2014, directed DHS to complete the assessment that we recommended within 90 days after enactment (April 17, 2014). In February 2014, TSA reported that it, in coordination with Coast Guard and DHS subject matter experts, had established an Executive Steering Committee to address recommendations from the May 2011 report on the TWIC program's internal controls (GAO-11-657). GAO recommended that the internal control assessment be the basis of the effectiveness assessment. In response, the Executive Steering Committee developed an internal control action plan that lists TWIC program control issues GAO identified, along with actions that TSA and the Coast Guard would or would not take to address them. However, based on our review of the internal control action plan and associated documents, and further discussing with TSA officials the methodology used to arrive at the internal control action plan, we determined that the internal control assessment we recommended has not been implemented. Specifically, there is no evidence of a detailed mapping of each policy and process in the program, their interrelationships, and clear linkage to show how actions in one step may enhance or reduce the effectiveness of the TWIC program achieving its stated mission needs. As of March 2017, the internal control assessment we recommended as the basis for initiating the effectiveness assessment had not been completed. However, on January 15, 2016, Coast Guard reported that it had completed its effectiveness assessment. Specifically, DHS completed an effectiveness assessment titled "Security Assessment of the Transportation Worker Identification Credential and Readers." However, the effectiveness assessment did not substantively address the risk concerns identified in our report. For example, the effectiveness assessment lacked the internal control assessment we deem to be the critical first step for fully understanding the TWIC program's controls, costs, and risks. Further, while the effectiveness assessment presented a comparison of alternative credentialing approaches, the assessment did not fully consider, as discussed in our 2011 and 2013 reports, an approach wherein federal security threat assessments could be leveraged in concert with site-specific credentials. The analysis did consider the benefits of updating the TWIC credential to new federal credentialing standards. However, absent from the analysis is a risk-informed basis for disallowing site-specific credentials. While TWIC credentials are developed based on standards aligned with those used by federal entities, each federal entity continues to use site-specific credentials that have varying appearances, rather than a single credential for granting access to all federal entities. This is important, especially because Coast Guard's risk assessment does not include an evaluation of the security benefits and shortfalls that a single credential used nation-wide provide. Absent effectiveness assessment that meets the intent of our recommendation, this recommendation remains open.
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should use the information from the internal control and effectiveness assessments as the basis for evaluating the costs, benefits, security risks, and corrective actions needed to implement the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks as part of conducting the regulatory analysis on implementing a new regulation on the use of TWIC with biometric card readers.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that prior to issuing the regulation on implementing the use of TWIC as a flashpass, DHS conducted a regulatory analysis, which asserted that TWIC would increase security. The analysis included an evaluation of the costs and benefits related to implementing TWIC. We further reported that as a proposed regulation on the use of TWIC with biometric card readers is under development, DHS is to issue a new regulatory analysis. Conducting a regulatory analysis using the information from the internal control and effectiveness assessments as the basis for evaluating the costs, benefits, security risks, and needed corrective actions could better inform and enhance the reliability of the new regulatory analysis. Moreover, these actions could help DHS identify and assess the full costs and benefits of implementing the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks, and help ensure that the TWIC program is more effective and cost-efficient than existing measures or alternatives at enhancing maritime security. We therefore recommended that DHS use the information from the internal control and effectiveness assessments we recommended as the basis for evaluating the costs, benefits, security risks, and corrective actions needed to implement the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks as part of conducting the regulatory analysis on implementing a new regulation on the use of TWIC with biometric card readers. In March 2012, DHS reported that upon completion of the internal control and effectiveness assessments, DHS will evaluate the results to determine any subsequent actions, and that any applicable data or risks will be communicated to the Coast Guard for consideration during their regulatory analysis. However, DHS has not implemented the internal control assessment we recommended, which is to be the basis for the effectiveness assessment and addressing this recommendation. Further, the January 15, 2016 effectiveness assessment titled "Security Assessment of the Transportation Worker Identification Credential and Readers" did not substantively address the risk concerns identified in our report. Given shortfalls that remain in addressing our internal control assessment and effectiveness assessment recommendations, this recommendation remains open pending DHS taking corrective actions. As of March 2017, no further action has been taken.
    Director: Sherrill, Andrew
    Phone: (202)512-7252

    1 open recommendations
    Recommendation: To help ensure that the number of new H-1B workers who are subject to the cap--both entering the United States and changing to H-1B status within the United States--does not exceed the cap each year, U.S. Citizenship and Immigration Services should take steps to improve its tracking of the number of approved H-1B applications and the number of issued visas under the cap by fully leveraging the transformation effort currently under way, which involves the adoption of an electronic petition processing system that will be linked to the Department of State's tracking system. Such steps should ensure that linkages to the Department of State's tracking system will provide Homeland Security with timely access to data on visa issuances, and that mechanisms for tracking petitions and visas against the cap are incorporated into U.S. Citizenship and Immigration Services' business rules to be developed for the new electronic petition system.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In 2016, USCIS officials reported that, according to their current timeframes, the business rules associated with the nonimmigrant visa petition process (including Form I-129) in the USCIS Electronic Immigration System (ELIS) were slated to be developed in late 2017, with implementation projected for the beginning of 2018. They stated that during the requirements-gathering phase, the Service Center Operations officials and the Office of Transformation Program officials planned to discuss potential options for improving the tracking of the number of approved H-1B applications and the number of issued visas under the cap, including assessing the feasibility of linking DHS and State Department data. GAO will follow-up with USCIS on the status of this recommendation when business rules for the nonimmigrant line of the ELIS are developed and released.
    Director: Caldwell, Stephen L
    Phone: (202) 512-9610

    1 open recommendations
    Recommendation: To facilitate better agency understanding of the potential need and feasibility of expanding electronic verification of seafarers, to improve data collection and sharing, and to comply with the Inflation Adjustment Act, the Secretary of Homeland Security should direct the Commandant of the Coast Guard and Commissioner of CBP to jointly establish an interagency process for sharing and reconciling records of absconder and deserter incidents occurring at U.S. seaports.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) concurred and stated that U.S. Customs and Border Protection (CBP) and the Coast Guard would begin to assess the appropriate offices within each component involved in the review and to establish a working group to evaluate the current reporting process within each component, and between CBP and Coast Guard. Further, DHS noted that it was working to co-locate the Coast Guard's ICC Coastwatch and CBP's National Targeting Center-Passenger and that this would help to eliminate many of the absconder-and deserter- reporting inconsistencies GAO identified between Coast Guard and CBP. In January 2013, CBP and Coast Guard officials reported that they had studied the CBP and Coast Guard data and found that multiple factors had likely contributed to the data variances, including differences in definitions for absconders/deserters among CBP and Coast Guard field units, and the method in which field units had recorded and reported absconder and deserter incidents. Officials reported that the two agencies were planning to develop an interagency memorandum of agreement (MOA) with field guidance for reporting absconder and deserter incidents. Officials reported that they expected to finalize and implement the MOA and field guidance by November 30, 2013. In July 2014, CBP described a new process in place for interagency data reconciliation, reporting that this action was taken in lieu of previously discussed plans to develop an interagency MOU. In December 2015, CBP reported that it expected to complete the effort by March 2016. In March 2016, CBP report that it expected to complete the effort by September 2016. CBP officials reported that the Coast Guard and CBP determined that the absconder data variances were caused by the agencies using different reporting criteria. Officials reported that the two agencies were preparing a memo and guidance to issue to field units by August 31, 2016. Officials reported that the recommendation would be fully implemented by September 30, 2016. In September 2016, CBP reported that it expected to implement the effort by December 31, 2016. In December 2016, CBP reported that the agency had drafted a memo to coincide with new Coast Guard procedure for conducting asymmetric migration vetting and deconfliction. CBP was also working to require all ports of entry to report all maritime asymmetric migration events directly to Coastwatch or a Targeting Framework event. However, on October 18, 2016, the DHS Deputy Secretary issued Department Policy Regarding Investigative Data and Event Deconfliction Policy Directive 045-04 that sets forth DHS policy for investigative data and event deconfliction and the use of related deconfliction systems in the course of certain law enforcement activity. As a result of the newly published Directive, DHS requires that CBP develop and implement related policy, by January 17, 2017. The policy directive requires DHS components to develop a policy applicable to components having equities in Investigative Data and Event Deconfliction. The policy will focus on more effective coordination of investigative activity to ensure officer safety by identifying links between ongoing criminal investigations. The Policy also requires that CBP components, at a minimum, conduct deconfliction thru the Deconfliction and Information Coordination Endeavor, Regional Information Sharing Systems Officer Safety Event Deconfliction System, Secure Automated Fast Event Tracking Network or Case Explorer systems. CBP and Coast Guard are now looking at a directive which makes it a port responsibility to deconflict case related information. The timeline for drafting and finalizing that directive is January 2017. Because of this change in direction, CBP and Coast Guard are requesting an extension to March 31, 2017 to finalize and disseminate the new policy.
    Director: Gambler, Rebecca
    Phone: (202) 512-6912

    2 open recommendations
    Recommendation: To help ensure DHS is maximizing the benefits of its coordination efforts with northern border partners through interagency forums, documented agreements, and its resource planning process, the Secretary of Homeland Security should provide DHS-level guidance and oversight for interagency forums established or sponsored by its components to ensure that the missions and locations are not duplicative and to consider the downstream burden on northern border partners.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2011, we reviewed and reported the extent to which the Department of Homeland Security (DHS) had improved federal coordination of border security intelligence and enforcement operations with state, local, and Canadian law enforcement partners. We found, among other things, that DHS improved northern border security coordination through interagency forums and joint operations; however, partners raised concerns about the resources needed for the increasing number of interagency forums and that some efforts may be overlapping. In May 2011 and June 2012, DHS reported that it took action to coordinate law enforcement initiatives and advance communications interoperability and information sharing, while reducing duplicative activities. DHS also reported that the DHS Northern Border Strategy, released in June 2012, is intended to align internal DHS operations and provide a unified direction that will also help the department reduce duplicative activities. However, DHS's efforts to coordinate law enforcement initiatives and its Northern Border Strategy do not specifically address possible duplication of efforts and resource constraints that may be imposed by interagency forums. Further, DHS leadership has not yet determined how the strategy will be implemented. In October 2015, DHS officials stated that a statement of cooperation for a Cross-Border Law Enforcement Advisory Committee was signed by all five core members. The intent of the committee is to provide executive-level strategic guidance to cross-border law enforcement initiatives involving partnerships between U.S. and Canadian law enforcement agencies on the northern border. However, DHS officials stated that it will take at least a year to show how this committee will increase coordination and prevent duplication among interagency forums, including the IBET and BEST. Development of this committee is a positive step; however, it is too soon to assess the extent to which this committee helps prevent duplication of effort and strengthen coordination efforts along the northern border. As of August 31, 2017, DHS had not provided updated information to show how the committee increased coordination and prevented duplication among interagency forums. To fully address this recommendation, DHS needs to provide guidance specific to interagency forums established or sponsored by its components and conduct DHS-level oversight for those forums to ensure they are not duplicative and do not burden northern border partners.
    Recommendation: To help ensure DHS is maximizing the benefits of its coordination efforts with northern border partners through interagency forums, documented agreements, and its resource planning process, the Secretary of Homeland Security should provide regular DHS-level oversight of Border Patrol and ICE compliance with the provisions of the interagency memorandum of understanding (MOU), including evaluation of outstanding challenges and planned corrective actions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2011, we reviewed and reported on the extent to which the Department of Homeland Security (DHS) had made progress in addressing past coordination challenges between U.S. Border Patrol, an office within U.S. Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE), and across the Drug Enforcement Administration and Forest Service, according to northern border security partners. We found, among other things, that federal agency coordination to secure the northern border was improved, but partners cited ongoing challenges sharing information and resources for daily border security related to operations and investigations despite the efforts made to establish and update interagency agreements. In June 2012, DHS reported that the DHS Northern Border Strategy emphasizes the importance of partnerships and coordination and discusses the benefits that can be garnered through collaboration and information sharing. DHS also reported that a National Special Agent in Charge/Chief Patrol Agent Advisory Council was established to enhance collaboration between Border Patrol and ICE, which includes addressing historical points of contention between the two components. While the strategy emphasizes and encourages coordination between Border Patrol and ICE, it does not specifically address compliance with the interagency memoranda of agreement, evaluation of longstanding challenges, or any planned corrective actions. In addition, the advisory council established does not provide DHS-level oversight as it is composed of ICE and Border Patrol officials. In October 2015, DHS officials stated that the Cross-Border Law Enforcement Advisory Committee may provide DHS-level oversight because both CBP and ICE officials are members of the committee. However, as of August 31, 2017, DHS has not yet indicated how the committee may provide guidance and oversight to ensure Border Patrol and ICE compliance with the provisions of the interagency memorandum of understanding, and DHS could not provide timeframes for addressing this recommendation. To fully address this recommendation, DHS needs to take action to specifically address long-standing coordination challenges and enforce DHS-level oversight of Border Patrol and ICE compliance with the interagency memoranda of agreement.
    Director: Mackin, Michele
    Phone: (202) 512-7773

    1 open recommendations
    Recommendation: To capitalize on the increase in knowledge gained by creating new baselines for Deepwater assets, and to better manage acquisitions of further assets and capabilities, the Commandant of the Coast Guard should complete, and present to Congress, a comprehensive review of the Deepwater Program that clarifies the overall cost, schedule, quantities, and mix of assets that are needed to meet mission needs and what trade-offs need to be made considering fiscal constraints, given that the currently approved Deepwater baseline is no longer feasible.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken actions necessary to implement it. Since this report, DHS and the Coast Guard have each completed studies examining the mix of assets that composed the Deepwater Program. To date, the Coast Guard has not yet provided the Congress with a comprehensive review that clarifies the program's cost, schedule, quantities, and mix of assets or takes into account the Coast Guard's needs and available resources and makes recommendations about what trade-offs may be necessary. In 2015, we found that the Coast Guard is currently conducting a fleet-wide analysis, including surface, aviation, and information technology, intended to be a fundamental reassessment of the capabilities and mix of assets the Coast Guard needs to fulfill its missions. The Coast Guard is undertaking this effort consistent with direction from Congress. Specifically, the Coast Guard plans first to rewrite its mission needs statement and concept of operations by 2016. Then, it will use a complex model to develop the full fleet mix study. Based on this, the Coast Guard plans to recommend a set of assets that best meets these needs in terms of capability and cost. The Coast Guard plans to complete the full study in time to inform the fiscal year 2019 budget, though specific dates for these events have not been set forth. As of July 2016, the Coast Guard informed GAO that the modeling is complete and the CONOPS report is being developed with a target date of September 30 for completion.
    Director: Gambler, Rebecca S
    Phone: (202)512-8816

    4 open recommendations
    Recommendation: To improve the reliability and accountability of checkpoint performance results to the Congress and the public, the Commissioner of Customs and Border Protection should establish internal controls for management oversight of the accuracy, consistency, and completeness of checkpoint performance data.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: In our review of Border Patrol traffic checkpoints, we found inconsistencies in the way field agents collected and entered performance data into the checkpoint information system. As a result, data reported in the system were unreliable. We recommended that Border Patrol establish internal controls to ensure the accuracy, consistency, and completeness of checkpoint performance data. In October 2009, the Border Patrol reported internal control solutions were underway, which would primarily involve upgrading its existing checkpoint data systems and creating a checkpoint data oversight protocol. In June 2013, Border Patrol reported that it was developing a redesigned checkpoint information system that should address the data errors and issues identified by our report. The agency also noted that it was exploring ways to implement a data oversight procedure and training on the importance of accurate data collection. In October 2014, the Border Patrol reported that the recommendation was being addressed in various phases, with a new expected completion date of March 2015. In June 2015, Border Patrol revised the expected completion date to September 2015. In September 2016, Border Patrol officials stated that the agency had not yet updated its checkpoint data system or created a data oversight protocol. Without established internal controls, the integrity of Border Patrol's performance and accountability system with regard to checkpoint operations remains uncertain.
    Recommendation: To improve the reliability and accountability of checkpoint performance results to the Congress and the public, the Commissioner of Customs and Border Protection should implement the quality of life measures that have already been identified by the Border Patrol to evaluate the impact that checkpoints have on local communities. Implementing these measures would include identifying appropriate data sources available at the local, state, or federal level, and developing guidance for how data should be collected and used in support of these measures.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: In our review of Border Patrol traffic checkpoints, we found that the Border Patrol had identified some measures to evaluate the impact that checkpoints have on local communities in terms of quality of life, but Border Patrol had not implemented the measures. As a result, the Border Patrol lacked information on how checkpoint operations could affect nearby communities. In October 2009, the Border Patrol reported that it was reevaluating its checkpoint performance measures, including quality of life measures. In June 2012, Border Patrol reported that the University of Arizona and the University of Texas, El Paso had completed a study for CBP on checkpoints. This study made several recommendations to Border Patrol on evaluating the impact of checkpoints on local communities using quantitative measures and with maintaining regular contact with the public to elicit opinions on experiences with the checkpoint, both positive and negative. At the time, the Border Patrol noted it intended to develop quantitative measures on community impact, such as on public safety and quality of life, using information collected in the new checkpoint information system it was planning. Border Patrol also noted that it was considering the budgetary feasibility of (1) conducting a survey of checkpoint travelers to gather detailed information about the community and impact metrics that are of highest importance to the public and (2) implementing an expedited lane for regular and pre-approved travelers. In July 2014, the Border Patrol revised the expected completion date for this recommendation to March 2015, noting that it planned to request ideas from the field commanders on what the agency could measure that would accurately depict the impact of checkpoints on the community. In June 2015, Border Patrol revised the expected completion date to September 2015. In September 2016, officials from Border Patrol's Checkpoint Program Management Office said quality of life measures had not been implemented and they were not aware of any plans to develop and implement such measures.
    Recommendation: To improve the reliability and accountability of checkpoint performance results to the Congress and the public, the Commissioner of Customs and Border Protection should use the information generated from the quality of life measures in conjunction with other relevant factors to inform resource allocations and address identified impacts.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: In our review of Border Patrol traffic checkpoints, we found that while the Border Patrol's national strategy cites the importance of assessing the community impact of Border Patrol operations, the implementation of such measures was lacking in terms of checkpoint operations. We recommended that Border Patrol implement such measures in areas of community concern to provide greater attention and priority in Border Patrol operational and staffing decisions to address any existing issues. In October 2009, the Border Patrol reported that once it had completed an upgrade of its existing checkpoint data systems and had reevaluated its checkpoint performance measures, the agency would begin using information garnered by these performance measures to inform future resource allocation decisions. This was originally expected to be completed by September 30, 2010, but due to budgetary and other issues, the checkpoint system upgrades were not yet completed as of June 2013. Border Patrol reported to us in June 2013 that the redesigned and upgraded checkpoint information system was expected to be implemented in September 2014. In July 2014, however, Border Patrol revised its expected completion date to March 2016. In June 2015, Border Patrol reported that it was on target to meet this March 2016 completion date. However, in September 2016, officials from Border Patrol's Checkpoint Program Management Office stated that they were not aware of any planned or completed actions to address this recommendation.
    Recommendation: To ensure that the checkpoint design process results in checkpoints that are sized and resourced to meet operational and community needs, the Commissioner of Customs and Border Protection should, in connection with planning for new or upgraded checkpoints, conduct a workforce planning needs assessment for checkpoint staffing allocations to determine the resources needed to address anticipated levels of illegal activity around the checkpoint.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: In our review of Border Patrol traffic checkpoints, we found that Border Patrol's checkpoint strategy to push illegal aliens and smugglers to areas around checkpoints-which could include nearby communities-underscores the need for the Border Patrol to ensure that it deploys sufficient resources and staff to these areas. We recommended that Border Patrol conduct a needs assessment when planning for a new or upgraded checkpoint in order to better ensure that officials consider the potential impact of the checkpoint on the community and plan for a sufficient number of agents and resources. In October 2009, Border Patrol reported that the agency was evaluating its checkpoint policy regarding the establishment of a new checkpoint or the upgrade of an old checkpoint, and checkpoint policy changes would be finalized by September 30, 2010. Border Patrol also reported that checkpoint system upgrades that capture data on checkpoint performance would help management determine future resource needs at checkpoints. In June 2013, Border Patrol reported that due to budget and other issues, the checkpoint system upgrade had not been completed, and the rewritten checkpoint data protocol had not been approved. In June 2013, Border Patrol reported that as part of the checkpoint study conducted by the DHS Centers of Excellence, the Centers created checkpoint simulation tools that would help inform resource allocations when determining the number of inspection lanes on current or new checkpoints. The Border Patrol agreed with the utility of such a model, but noted that the Border Patrol would need to purchase modeling software--a cost-prohibitive measure in the current budget environment. In the interim, Border Patrol is developing a formal workforce staffing model to identify staffing strategies for all Border Patrol duties. Border Patrol expected to implement this model for checkpoint staffing assignments in fiscal year 2014. However, in July 2014, Border Patrol reported that the Border Patrol Personnel Requirements Determination project was still being developed and would not be complete until 2015. That process will inform staffing at checkpoints. As a result, Border Patrol revised its expected implementation date to September 2015. In June 2015, Border Patrol reported that it was on target to implement this recommendation by September 2015. In September 2016, Border Patrol officials reported that the agency's Personnel Requirements Determination process would not provide information on staffing needs until fiscal year 2017 or 2018, and also noted that this effort is not specifically examining staffing needs at checkpoints. Officials said there could be additional ways to address the recommendation, but that there were no ongoing efforts to do so apart from any information that may be available from the Personnel Requirements Determination process.
    Director: Brown, Orice Williams
    Phone: (202) 512-3000

    5 open recommendations
    Recommendation: To provide transparency and accountability over the payments FEMA makes to WYOs for expenses and profits, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to determine in advance the amounts built into the payment rates for estimated expenses and profit.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA is continuing (as of 08/29/2014) to analyze Write-Your-Own (WYO) payments and related flood expenses for selected companies and is evaluating the reliability (accuracy, consistency, etc.) of the National Association of Insurance Commissioners (NAIC) data for purposes of performing the analysis we had recommended.
    Recommendation: To provide transparency and accountability over the payments FEMA makes to WYOs for expenses and profits, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to annually analyze the amounts of actual expenses and profit in relation to the estimated amounts used in setting payment rates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In its initial response to this report, FEMA did not concur with this recommendation. In November 2016, FEMA restated its position and concurs with this recommendation, and is in the process of implementing it.
    Recommendation: To provide transparency and accountability over the payments FEMA makes to WYOs for expenses and profits, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to consider the results of the analysis of payments, actual expenses, and profit in evaluating the methods for paying WYOs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA is continuing (as of 08/29/2014) to analyze WYO payments and related flood expenses for selected companies and is evaluating the reliability (accuracy, consistency, etc.) of the National Association of Insurance Commissioners (NAIC) data for purposes of performing the analysis we had recommended.
    Recommendation: To increase the usefulness of the data reported by WYOs to the National Association of Insurance Commissioners (NAIC) and to institutionalize FEMA's use of such data, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to take actions to obtain reasonable assurance that NAIC flood insurance expense data can be considered in setting payment rates that are appropriate, including identifying affiliated company profits in reported flood insurance expenses.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA continues (as of 08/29/2014) to work with the National Association of Insurance Commissioners (NAIC) to improve the consistency with which commission, operating, and loss adjustment expenses are reported by insurance companies that participate in the National Flood Insurance Program.
    Recommendation: To increase the usefulness of the data reported by WYOs to the National Association NAIC and to institutionalize FEMA's use of such data, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to develop comprehensive data analysis strategies to annually test the quality of flood insurance data that WYOs report to NAIC.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA continues (as of 08/29/2014) to work with the National Association of Insurance Commissioners (NAIC) to improve the consistency with which commission, operating, and loss adjustment expenses are reported by insurance companies that participate in the National Flood Insurance Program.
    Director: Williams, Orice M
    Phone: (202)512-5837

    2 open recommendations
    Recommendation: The Secretary of the Department of Homeland Security should direct FEMA to take steps to ensure that its rate-setting methods and the data it uses to set rates result in full-risk premiums rates that accurately reflect the risk of losses from flooding. These steps should include, for example, verifying the accuracy of flood probabilities, damage estimates, and flood maps; ensuring that the effects of long-term planned and ongoing development, as well as climate change, are reflected in the flood probabilities used; and reevaluating the practice of aggregating risks across zones.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of January 2017, FEMA is taking steps to verify the accuracy of flood probabilities by collecting and analyzing data from flood insurance studies. FEMA is also continuing to monitor the completion of these studies to determine when a statistically valid amount of data is available so that it can better assess flood risk. To verify the accuracy of damage estimates, FEMA is collecting data required to revise its estimates of flood damage and is undertaking studies to determine factors beyond flood water depth that contribute to flood damage. FEMA will incorporate that information into its rate-setting methodology as the necessary data becomes available. To verify the accuracy of flood maps, FEMA continues to reassess flood risk, evaluate coastal flood maps, and update its overall map inventory. To ensure that flood probabilities reflect long-term and ongoing planned development and climate change, FEMA is working with the Technical Mapping Advisory Committee to ensure the best available information on flood probabilities is used for rate-setting. In addition, as FEMA collects information on flood probabilities, it will conduct analyses to evaluate the practice of classifying risk across zones.
    Recommendation: The Secretary of the Department of Homeland Security should direct FEMA to ensure that information is collected on the location, number, and losses associated with existing and newly created grandfathered properties in NFIP and to analyze the financial impact of these properties on the flood insurance program.

    Agency: Department of Homeland Security
    Status: Open

    Comments: To assess the impact of grandfathered properties on the NFIP, as of January 2017, FEMA has begun to develop a process to obtain current zone designations for all existing policyholders. In addition, FEMA is requiring zone determination data to be updated as flood maps change. According to FEMA, this will allow officials to determine which policyholders are grandfathered but will not allow the determination of a property-specific rate in all circumstances.
    Director: Shear, William B
    Phone: (202)512-4325

    1 open recommendations
    Recommendation: To ensure compliance with federal contracting regulations and to more transparently disclose the extent to which subcontracting opportunities are available to small businesses, the Secretaries of Homeland Security and Defense and the Administrator of General Services should consider asking their respective Inspectors General to conduct a review at an appropriate future date to ensure that this guidance and related requirements are being followed.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS issued a chapter on its small business subcontracting program in its DHS Acquisition Manual in October 2009 and developed a subcontracting plan checklist that officials are to use when awarding a contract. In May 2010 DHS officials claimed that these documents are examples of progress they have made to address the recommendation on ensuring compliance with federal contracting regulations and other related requirements. After reviewing these documents we disagreed with the agency and do not believe that these documents constitute agency guidance on the contract administration duties to monitor contractor compliance with subcontracting plan reporting requirements.
    Director: Kingsbury, Nancy R
    Phone: (202)512-2700

    1 open recommendations
    Recommendation: To help correct undercounts, eliminate conceptual problems, and where possible, fill gaps for information on immigration flow, the Commissioner of INS should: (1) evaluate and, where feasible, improve data on flow; and (2) utilize an effective information typology (either the one put forward in table 2.1 of this report or an alternative designed by INS) to clearly distinguish different demographic concepts and to determine which statistics can fairly be compared to others.

    Agency: Department of Homeland Security: Office of the Secretary
    Status: Open

    Comments: On September 5, 2017, GAO called the Deputy Assistant Secretary, Office of Immigration Statistics, and discussed this open recommendation. The Deputy Assistant Secretary said that in response to the February 6, 2017, e-mail and a brief personal discussion with GAO during a Migration Policy Institute conference in August 2017, he had assigned a staff member to complete work on the typology, but that the staff member was one of several who were temporarily reassigned to work in Houston as a consequence of Hurricane Harvey, and for that reason work on the typology would be delayed. He said DHS would like to have this typology completed and published before the end of 2017, but could not guarantee that, and said that it would be completed. On February 6, 2017, GAO sent an e-mail to the Deputy Assistant Secretary, Office of Immigration Statistics at DHS, which included a PDF of the typology GAO created, as well as a PDF of the published report. GAO followed up with a telephone call to the Deputy Assistant Secretary on February 24, 2017, and noted the former Director of the Office of Immigration Statistics had been working on adding some categories to the typology and planned on completing those and publishing it. The Deputy Assistant Secretary said he agreed that doing the typology and publishing it is important, and that he would be addressing it in the near future. On June 1, 2016, the Special Assistant for the Office of Policy at the Department of Homeland Security told GAO that it has initiated an examination of this recommendation to determine how it might be closed. When the typology is published and utilized, this recommendation will be closed.