Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Government information dissemination"

    19 publications with a total of 57 open recommendations including 3 priority recommendations
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    9 open recommendations
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should determine the extent to which the statutorily required implementing principles apply to NCCIC's cybersecurity functions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC is currently conducting an analysis of all mission functions to include the following goals: simplify the descriptions of NCCIC's mission functions, document all NCCIC functional capabilities, document the applicability of implementing principles to NCCIC mission functions, and map as appropriate. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should develop metrics for assessing adherence to applicable principles in carrying out statutorily required functions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that they were still in the process completing mission functional analysis described in DHS's response to Recommendation 1, which would serve as the basis of developing metrics. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should establish methods for monitoring the implementation of cybersecurity functions against the principles on an ongoing basis.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC is updating existing policies and procedures for program management reviews (PMR) to include the metrics developed in recommendation two. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should integrate information related to security incidents to provide management with more complete information about NCCIC operations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the NCCIC updated guidelines for incident reporting would be completed in May 2017. In addition, according to DHS, incident management system requirements were updated to support the new guidelines and are scheduled to be implemented in June 2017. DHS stated that these steps will enable the successful implementation of the new National Cyber Incident Scoring Schema (NCISS), which the NCCIC Watch Operations uses to help facilitate the timely, actionable, and relevant dissemination of information to leadership. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. As of August 2017, DHS has not provided evidence that the new guidelines have been implemented. However, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should determine the necessity of reducing, consolidating, or modifying the points of entry used to communicate with NCCIC to better ensure that all incident tickets are logged appropriately.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC had completed initial mapping of information flows, as well as the roles and responsibilities for the incident management function. A plan to integrate or consolidate disparate incident reporting systems is scheduled to be completed in December 2017. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should develop and implement procedures to perform regular reviews of customer information to ensure that it is current and reliable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NPPD is gathering the requirements for a customer relationship management (CRM) tool that will support regular reviews and updates to customer information. Additionally, DHS stated that NCCIC will establish and implement a standing operating procedure for capturing and regularly updating prioritized customer information including contact information in the event of an incident. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should take steps to ensure the full representation of the owners and operators of the nation's most critical cyber-dependent infrastructure assets.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the Office of Cybersecurity and Communications is establishing integrated customer engagement activities that support cyber risk mitigation and incident response planning. In addition, NCCIC will develop standing operating procedures that leverage existing information sharing programs, activities and relationships to tailor engagements that support owners and operators of the most critical cyber-dependent infrastructure assets including designated lifeline sectors. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should establish plans and time frames for consolidating or integrating the legacy networks used by NCCIC analysts to reduce the need for manual data entry.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the Assistant Secretary of Office of Cybersecurity and Communications (CS&C) had consolidated the Enterprise Architecture role within the Office of the Chief Technology Officer (CTO). Working across CS&C, the CTO will establish a technology roadmap, to include consolidation of networks. In addition, NCCIC is working to determine the potential impact of network consolidation on mission functions, including mapping current data sources. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should identify alternative methods to collaborate with international partners, while ensuring the security requirements of high-impact systems.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the potential reduction in sharing cybersecurity products that may result from migrating the NCCIC Portal to HSIN should be minimal. Contingency information sharing plans will be developed to mitigate potential issues through alternate information sharing practices, particularly involving an actual incident during migration transition. Foreign partnerships will continued to be maintained by exercises, analytic exchanges with our closest partners, and continued participation in multilateral and bilateral engagements. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Director: Kay E. Brown
    Phone: (202) 512-7215

    2 open recommendations
    including 1 priority recommendation
    Recommendation: The Secretary of Agriculture should take additional steps to collect and disseminate information on promising practices that could help improve data matching processes among state SNAP agencies, including broad and timely dissemination of information on results of recent relevant pilots or demonstrations.

    Agency: Department of Agriculture
    Status: Open
    Priority recommendation

    Comments: The U.S. Department of Agriculture's (USDA) Food and Nutrition Service (FNS) agreed with this recommendation. The agency noted it is moving in this direction and would build on current efforts to address them. GAO will monitor these efforts and consider closing the recommendation when these efforts have been completed.
    Recommendation: The Secretary of Agriculture should work with the Department of Health and Human Services (as appropriate) to analyze spending and understand data needs for SNAP across federal and state contracts and in relation to other programs as FNS explores ways to potentially reduce the costs of using commercial data services.

    Agency: Department of Agriculture
    Status: Open

    Comments: The U.S. Department of Agriculture's (USDA) Food and Nutrition Service (FNS) agreed with this recommendation. The agency noted it has been moving in this general direction and would build on current efforts to address it. GAO will monitor these efforts and consider closing the recommendation when these efforts have been completed.
    Director: David A. Powner
    Phone: (202) 512-9286

    5 open recommendations
    Recommendation: Given the importance of providing accurate and clear information to facilitate congressional decision making and inform the public, the Secretary of Commerce should direct NOAA's Assistant Administrator for Satellite and Information Services to require satellite programs to perform regular availability assessments and use these analyses to inform the flyout charts and support its budget requests.

    Agency: Department of Commerce
    Status: Open

    Comments: NOAA agreed with this recommendation, but has not yet addressed it. We will continue to monitor the agency's actions on this recommendation.
    Recommendation: Given the importance of providing accurate and clear information to facilitate congressional decision making and inform the public, the Secretary of Commerce should direct NOAA's Assistant Administrator for Satellite and Information Services to establish and implement a consistent approach to depicting satellites that are expected to last beyond their design lives.

    Agency: Department of Commerce
    Status: Open

    Comments: NOAA agreed with this recommendation and has taken steps to implement it. The agency updated its flyout chart policy and is in the process of drafting a separate policy to describe how the satellite's extended life is to be predicted and to establish the agency's criteria for publishing the information. This policy is expected to be completed in Fall 2017. We will continue to monitor the agency's actions on this recommendation.
    Recommendation: Given the importance of providing accurate and clear information to facilitate congressional decision making and inform the public, the Secretary of Commerce should direct NOAA's Assistant Administrator for Satellite and Information Services to revise and finalize the draft policy governing how flyout charts are to be updated to address the shortfalls with analysis, accuracy, consistency, and documentation noted in the above recommendations.

    Agency: Department of Commerce
    Status: Open

    Comments: NOAA agreed with this recommendation and has taken steps to implement it. NOAA updated its policy governing how the flyout charts are to be updated. In doing so, the agency updated the policy's roles and responsibilities, guidelines, and its methodology for depicting extended life. However, the policy does not clearly define or describe fuel-limited life and its use, or establish standard artifacts for documenting and supporting planned changes to its flyout chart. We will continue to monitor the agency's actions on this recommendation.
    Recommendation: Given the importance of providing accurate and clear information to facilitate congressional decision making and inform the public, the Secretary of Commerce should direct NOAA's Assistant Administrator for Satellite and Information Services to ensure that flyout chart updates are consistent with supporting data from the program and from satellite availability assessments.

    Agency: Department of Commerce
    Status: Open

    Comments: NOAA agreed with this recommendation, but has not yet demonstrated the steps it is taking to ensure that flyout chart updates are consistent with supporting data. We will continue to monitor the agency's actions on this recommendation.
    Recommendation: Given the importance of providing accurate and clear information to facilitate congressional decision making and inform the public, the Secretary of Commerce should direct NOAA's Assistant Administrator for Satellite and Information Services, for each flyout chart update, to maintain a complete package of documentation on the reasons for any changes and executive approval of the changes.

    Agency: Department of Commerce
    Status: Open

    Comments: NOAA agreed with this recommendation and has taken steps to implement it. Specifically, NOAA provided its March 2017 flyout charts and the associated justification packages. However, NOAA has not established a standard set of artifacts to be included in the justification packages to support changes to its flyout charts. We are working with NOAA to obtain additional justification packages for the next iteration of flyout charts, and will continue to monitor the agency's actions on this recommendation.
    Director: Gretta L. Goodwin
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To enhance the clarity and transparency of sexual violence data that is reported to the public, the Secretary of Education should direct the Assistant Secretary for the Office of Postsecondary Education, the Secretary of Health and Human Services should direct the Director of Centers for Disease Control and Prevention, and the Attorney General should direct the Director of the Bureau of Justice Statistics to make information on the acts of sexual violence and contextual factors that are included in their measurements of sexual violence publicly available. This effort could entail revising their definitions of key terms used to describe sexual violence so that the definitions match the measurements of sexual violence.

    Agency: Department of Education
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance the clarity and transparency of sexual violence data that is reported to the public, the Secretary of Education should direct the Assistant Secretary for the Office of Postsecondary Education, the Secretary of Health and Human Services should direct the Director of Centers for Disease Control and Prevention, and the Attorney General should direct the Director of the Bureau of Justice Statistics to make information on the acts of sexual violence and contextual factors that are included in their measurements of sexual violence publicly available. This effort could entail revising their definitions of key terms used to describe sexual violence so that the definitions match the measurements of sexual violence.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance the clarity and transparency of sexual violence data that is reported to the public, the Secretary of Education should direct the Assistant Secretary for the Office of Postsecondary Education, the Secretary of Health and Human Services should direct the Director of Centers for Disease Control and Prevention, and the Attorney General should direct the Director of the Bureau of Justice Statistics to make information on the acts of sexual violence and contextual factors that are included in their measurements of sexual violence publicly available. This effort could entail revising their definitions of key terms used to describe sexual violence so that the definitions match the measurements of sexual violence.

    Agency: Department of Justice
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help lessen confusion among the public and policy makers regarding federal data on sexual violence, the Director of OMB should establish a federal interagency forum on sexual violence statistics. The forum should consider the broad range of differences across the data collection efforts to assess which differences enhance or hinder the overall understanding of sexual violence in the United States.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    4 open recommendations
    Recommendation: To improve DOL's management of FOIA requests, the Secretary of Labor should direct the Chief FOIA Officer to establish a time frame for implementing, and take actions to implement, section 508 requirements in the department's FOIA system and online portal.

    Agency: Department of Labor
    Status: Open

    Comments: As of May 2017, the Department of Labor had provided a response regarding its actions to address our recommendation. We have not yet verified if the actions meet the intent of our recommendation. When we confirm what actions the agency has taken we will provide updated information.
    Recommendation: To improve DOL's management of FOIA requests, the Secretary of Labor should direct the Chief FOIA Officer to establish a time frame for implementing, and take actions to fully implement, recommended best practice capabilities for enhanced processing of requests in the department's FOIA system and online portal.

    Agency: Department of Labor
    Status: Open

    Comments: As of May 2017, the Department of Labor had provided a response regarding its actions to address our recommendation. We have not yet verified if the actions taken meet the intent of our recommendations. When we confirm what actions the agency has taken we will provide updated information.
    Recommendation: To improve DOL's management of FOIA requests, the Secretary of Labor should direct the Chief FOIA Officer to require components to document in the Secretary's Information Management System for FOIA the rationales for delays in responding to FOIA requests, and to notify requesters of the delayed responses when processing requests.

    Agency: Department of Labor
    Status: Open

    Comments: As of May 2017, the Department of Labor had provided a response regarding its actions to address our recommendation. We have not yet verified if the actions taken meet the intent of our recommendations. When we confirm what actions the agency has taken we will provide updated information.
    Recommendation: To improve DOL's management of FOIA requests, the Secretary of Labor should direct the Chief FOIA Officer to establish a time frame for consulting with the Department of Justice's Office of Information Policy on including language in DOL's response letters to administrative appeals notifying requesters of the National Archives and Records Administration's Office of Government Information Services' mediation services as an alternative to litigation, and then ensure that the department includes the language in the letters.

    Agency: Department of Labor
    Status: Open

    Comments: As of May 2017, the Department of Labor had provided a response regarding its actions to address our recommendation. We have not yet verified if the actions taken meet the intent of our recommendations. When we confirm what actions the agency has taken we will provide updated information.
    Director: Carolyn L. Yocom
    Phone: (202) 512-7114

    3 open recommendations
    including 2 priority recommendations
    Recommendation: To improve the effectiveness of states' and plans' Medicaid managed care (MMC) plan provider screening efforts, the Acting Administrator of CMS should consider which additional databases that states and MMC plans use to screen providers could be helpful in improving the effectiveness of these efforts and determine whether any of these databases should be added to the list of databases identified by CMS for screening purposes.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open
    Priority recommendation

    Comments: HHS concurred with this recommendation. CMS analyzed 22 databases that were reported to GAO as being used by Medicaid managed care plans to screen providers. It determined that several were already in use by CMS and mentioned in its guidance, several required more study by CMS, and others were not reliable. In April 2017, we reviewed CMS's analysis. For 8 of the databases, CMS noted that more information is needed, including the availability of the data and whether CMS would need an identifier to link providers to the data. CMS has requested additional information for these databases and has not yet concluded whether the databases should be added to the list of databases it has identified for screening purposes. To close the recommendation, CMS will need to determine whether the remaining databases it has studied should be added to the CMS list of databases to be used for provider screening and take the appropriate action.
    Recommendation: To improve the effectiveness of states' and plans' MMC plan provider screening efforts, the Acting Administrator of CMS should collaborate with SSA to facilitate sharing CMS's Death Master File subscription with state Medicaid programs.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open
    Priority recommendation

    Comments: HHS concurred with this recommendation. CMS has signed an Interagency Agreement that provides for the states' ability to access the SSA Death Master File. CMS said that it will provide Death Master File information to specific individuals within each state in the near future. To close the recommendation, CMS will need to begin to provide the states with access to Death Master File data and provide us with documentation that it has done so.
    Recommendation: To improve the effectiveness of states' and plans' MMC plan provider screening efforts, the Acting Administrator of CMS should coordinate with other federal agencies, as necessary, to explore the use of an identifier that is relevant for the screening of MMC plan providers and common across databases used to screen MMC plan providers.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: HHS concurred with the recommendation. We will update the status of this recommendation when we receive additional information.
    Director: Robert Goldenkoff
    Phone: (202) 512-2757

    3 open recommendations
    Recommendation: To better ensure agencies fulfill their requirements, including implementing IQA guidelines and helping to promote easier public access to IQA information on agency websites, the Director of OMB should consolidate and centralize on OMB's IQA guidance website a government-wide summary of requests for correction submitted under the IQA.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: Spoke with OMB Contact on 1/30/17. She agreed to provide an update on OMB's actions in response to this recommendation in the near future.
    Recommendation: To better ensure agencies fulfill their requirements, including implementing IQA guidelines and helping to promote easier public access to IQA information on agency websites, the Director of OMB should work with the Department of Defense and the Federal Housing Finance Agency to help ensure that they post their IQA administrative mechanisms and IQA guidance online.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: Spoke with OMB Contact on 1/30/17. She agreed to provide an update on OMB's actions in response to this recommendation in the near future.
    Recommendation: To better ensure agencies fulfill their requirements, including implementing IQA guidelines and helping to promote easier public access to IQA information on agency websites, the Director of OMB should provide additional guidance for agencies to help improve the transparency and usability of their IQA websites to help ensure the public can easily find and access online information about agency IQA implementation. Such guidance should include (1) specific time frames for agencies to post information on the IQA correction requests they have received, including making it clear when agencies have not received IQA requests; (2) instructions for agencies to include a statement on their IQA websites that the agencies may address correction requests through other administrative processes; (3) instructions for agencies to include, when responding to correction requests, whether those agencies plan to address the request through another administrative processes, and if so, which process they will use; and (4) suggestions for improving usability of agencies' websites including fixing broken links.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: Spoke with OMB Contact on 1/30/17. She agreed to provide an update on OMB's actions in response to this recommendation in the near future.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    7 open recommendations
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretary of Homeland Security should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear sectors' cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has released updated sector-specific plans for the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear reactors sectors. The plans include a section on measuring effectiveness based on the plan development guidance. The plans provide expected metrics to track the progress of sector activities and state that the outcomes will be reported through the National Annual Reporting process as well as through the quadrennial plan update. Because the metrics are new and annual reporting has not yet occurred, DHS has not provided evidence of metrics data collected and reported to address the challenges. We will continue to follow-up to determine how performance measures have been implemented and what reporting is available based on those measures.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretary of the Treasury should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the financial services sector's cybersecurity progress.

    Agency: Department of the Treasury
    Status: Open

    Comments: The 2015 sector-specific plan for the financial services sector includes a section on measuring the effectiveness of sector activities; however, the plan does not include specific metrics. The plan refers to working groups and meetings of sector stakeholders as mechanisms to track sector progress. No specific metrics and associated reports of outcomes have been provided to address overcoming the challenges of monitoring the sector's cybersecurity progress. We will continue to monitor financial services sector activities and determine any specific metrics and related reports developed and implemented to track and report on the sector's cybersecurity progress.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Agriculture and Health and Human Services (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the food and agriculture sector's cybersecurity progress.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Departments of Agriculture and Health and Human Services released an update to the food and agriculture sector-specific plan for 2015. The plan states the sector's lack of an overarching mechanism to measure and evaluate risk mitigation activities and the challenge of obtaining performance measurement data from non-federal partners. However, the plan notes a goal of evaluating the progress of individual protective programs and strategies. No metrics or reports of outcomes have been provided to address the challenge of monitoring the sector's cybersecurity progress. We will continue to follow up to determine whether USDA and HHS have developed and implemented mechanisms to measure the outcomes of their sector cybersecurity-related activities.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Agriculture and Health and Human Services (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the food and agriculture sector's cybersecurity progress.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Departments of Agriculture and Health and Human Services released an update to the food and agriculture sector-specific plan for 2015. The plan states the sector's lack of an overarching mechanism to measure and evaluate risk mitigation activities and the challenge of obtaining performance measurement data from non-federal partners. However, the plan notes a goal of evaluating the progress of individual protective programs and strategies. No metrics or reports of outcomes have been provided to address the challenge of monitoring the sector's cybersecurity progress. We will continue to follow up to determine whether HHS has developed and implemented mechanisms to measure the outcomes of its sector cybersecurity-related activities.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Homeland Security and Transportation (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the transportation systems sector's cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The co-Sector-Specific Agencies (SSAs) for the Transportation Systems Sector, DHS (TSA and Coast Guard) and the Department of Transportation, provided an update on efforts to develop sector cybersecurity metrics. The update described measures under consideration such as tracking the number of sector stakeholders receiving cybersecurity products, monitoring the usefulness of products through satisfaction surveys, and tracking attendance at sector events and seminars encompassing cybersecurity. The co-SSAs plan to report sector cyber activities, progress, and relevant metrics annually through the Critical Infrastructure National Annual Report and through quadrennial updates to the sector-specific plan. The latest sector-specific plan was released in 2015. The proposed metrics have not been formalized in a strategy or plan. We will continue to monitor and evaluate efforts to formalize and implement the proposed metrics to determine whether they address the intent of the recommendation.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Homeland Security and Transportation (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the transportation systems sector's cybersecurity progress.

    Agency: Department of Transportation
    Status: Open

    Comments: The co-Sector-Specific Agencies (SSAs) for the Transportation Systems Sector, DHS (TSA and Coast Guard) and the Department of Transportation, provided an update on efforts to develop sector cybersecurity metrics. The update described measures under consideration such as tracking the number of sector stakeholders receiving cybersecurity products, monitoring the usefulness of products through satisfaction surveys, and tracking attendance at sector events and seminars encompassing cybersecurity. The co-SSAs plan to report sector cyber activities, progress, and relevant metrics annually through the Critical Infrastructure National Annual Report and through quadrennial updates to the sector-specific plan. The latest sector-specific plan was released in 2015. The proposed metrics have not been formalized in a strategy or plan. We will continue to monitor and evaluate efforts to formalize and implement the proposed metrics to determine whether they address the intent of the recommendation.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Administrator of the Environmental Protection Agency should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the water and wastewater systems sector's cybersecurity progress.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The 2015 water and wastewater sector-specific plan includes a segment on measuring the effectiveness of sector activities that describes the overall principles for collecting data and using the National Annual Report data calls as a tool for assessing performance and reporting on progress within the sector. However, the plan does not state specific measures and the agency acknowledged in its response to our report that it does not collect performance metrics on the effectiveness of its cybersecurity programs for the sector. According to agency officials, the development of performance metrics in collaboration with sector partners is underway. We will continue to follow up to identify any specific metrics developed and implemented and resulting outcome-based reports.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Chairman of FCC should evaluate the effectiveness of FCC's accessibility-related public outreach efforts and ensure those efforts incorporate key practices identified in this report, such as defining objectives and establishing process and outcome metrics.

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michelle Sager
    Phone: (202) 512-6806

    3 open recommendations
    Recommendation: To better ensure the adherence to requirements for approval and public access to and feedback on significant guidance in accordance with OMB's Final Bulletin for Agency Good Guidance Practices (M-07-07), the Secretary of HHS should develop written procedures for the approval of significant guidance documents.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In comments printed in the April 2015 final report, HHS concurred with the recommendation and stated that it would explore the best mechanism for distributing written procedures for approval of significant guidance. As of August 2017, GAO is working with HHS officials to obtain additional updates and documentation regarding the department's implementation of this recommendation.
    Recommendation: To improve agencies' guidance development, review, evaluation, and dissemination processes for non-significant guidance, we recommend that the Secretaries of USDA, HHS, DOL, and Education should strengthen their selected components' application of internal controls to guidance processes by adopting, as appropriate, practices developed by other departments and components, such as assessment of risk; written procedures and tools to promote the consistent implementation and communication of management directives; and ongoing monitoring efforts to ensure that guidance is being issued appropriately and has the intended effect. Examples of practices that could be adopted more widely include (1) written procedures for guidance production to, among other things, clearly define management roles; (2) improved communication tools, such as routing slips to document management review; and (3) consistent and ongoing monitoring to determine if guidance is being accessed and having the intended effect.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In comments printed in the April 2015 final report, HHS concurred with the recommendation and stated that it would continue to work with its agencies to share best practices and ensure that agency practices are alighted with departmental standards. As of August 2017, GAO is working with HHS officials to obtain additional updates and documentation regarding the department's implementation of this recommendation.
    Recommendation: To improve agencies' guidance development, review, evaluation, and dissemination processes for non-significant guidance, we recommend that the Secretaries of USDA, HHS, DOL, and Education should improve the usability of selected component websites to ensure that the public can easily find, access, and comment on online guidance. These improvements could be informed by the web and customer satisfaction metrics that components have collected on their websites. Some examples of changes that could facilitate public access to online guidance include (1) improving website usability by clarifying which links contain guidance; (2) highlighting new or important guidance; and (3) ensuring that posted guidance is current.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In comments printed in the April 2015 final report, HHS concurred with the recommendation and stated that it would review current links to guidance documents and explore ways to enhance their visibility and usability. As of August 2017, GAO is working with HHS officials to obtain additional updates and documentation regarding the department's implementation of this recommendation.
    Director: David C. Trimble
    Phone: (202) 512-3841

    1 open recommendations
    Recommendation: To enhance the usefulness of NNSA's future reports to Congress describing the costs and benefits of its competition of M&O contracts under the requirements contained in Section 3121 of the National Defense Authorization Act for fiscal year 2013, as amended, the NNSA Administrator should take steps to ensure that future reports reflect DOE's information quality guidelines, federal cost accounting standards, and GAO's best practices guidance relevant to the clear and complete presentation of information on each of the required topics. In particular, future reports should clearly and completely describe costs and benefits, including the agency's expectations, as well as the associated analysis, assumptions, information sources, and key limitations and uncertainties about costs and benefits described. The description of uncertainties should include key excluded or unspecified costs and benefits, such as those that are anticipated but not fully known at the time of report writing.

    Agency: Department of Energy: National Nuclear Security Administration
    Status: Open

    Comments: NNSA recently awarded an M&O contract for Sandia NL. NNSA will have to produce a report on the costs and benefits of its competition, which will need to be delivered in early spring, 2017. Upon delivery to Congress, GAO will be able to assess whether NNSA fulfilled this recommendation.
    Director: Melvin, Valerie C
    Phone: (202) 512-6304

    3 open recommendations
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to improve reporting of FOIA costs by including salaries, employee benefits, non-personnel direct costs, indirect costs, and costs for other offices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In responding to our recommendation, DHS said it has developed a spreadsheet that is to be used by its components to track FOIA costs. However, as of September 2017, DHS has not yet provided information containing such details as when its components will be required to use the spreadsheet and if the spreadsheet is to track all the categories of costs discussed in our report. We plan to update the status of this recommendation when DHS provides documentation that further explains, and confirms the department's use of, the spreadsheet.
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to direct USCIS and Coast Guard to fully implement the recommended FOIA processing system capabilities and the section 508 requirement.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS issued a memo to all of the department's FOIA officers in March 2015 which focused on ensuring that each component's FOIA processing systems are 508 compliant. However, as of September 2017, DHS has not yet provided us with evidence that the U.S. Citizenship and Immigration Services and the Coast Guard have implemented system capabilities that are 508 compliant. When DHS provides information concerning its actions taken to make the systems compliant, we will update the status of the recommendation.
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to determine the viability of re-establishing the service-level agreement between the U.S. Citizenship and Immigration Services (USCIS) and U.S. Immigration and Customs Enforcement to eliminate duplication in the processing of immigration files. If the benefits of doing so would exceed the costs, re-establish the agreement.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has stated that it is taking steps to determine if the U.S. Immigration and Customs Enforcement and the U.S. Citizenship and Immigration Services will re-establish the service-level agreement to process FOIA requests related to immigration files. In addition, the department has stated that duplication no longer exists in the processing of these type of requests. However, DHS has not yet provided evidence, such as a cost-benefit analysis, that could demonstrate the steps it is taking regarding the service-level agreement. Further, GAO has not yet received evidence from the department to support its assertion that duplication no longer exists in the processing of immigration files. We will update the status of this recommendation when DHS provides documentation.
    Director: John Neumann
    Phone: (202) 512-3841

    4 open recommendations
    Recommendation: To more effectively fulfill its expanded role in providing a clearinghouse of information on available federal technology transfer opportunities, the Chair of FLC, in coordination with the other members of the Executive Board, should work collaboratively with agency and lab members to take steps to better communicate with potential customers during the design and implementation of FLC's clearinghouse initiatives, including conducting customer needs assessments, conducting customer testing of current and future web-based initiatives, and collecting customer feedback on all FLC initiatives to make the initiatives more useful.

    Agency: Federal Laboratory Consortium for Technology Transfer
    Status: Open

    Comments: FLC has provided GAO with information on steps they are taking to address the recommendations in GAO-15-127. A number of these actions should be completed towards the end of 2016 after which we plan to request additional information from FLC.
    Recommendation: To more effectively fulfill its expanded role in providing a clearinghouse of information on available federal technology transfer opportunities, the Chair of FLC, in coordination with the other members of the Executive Board, once feedback is collected from potential customers, should work collaboratively with agency and lab members to use this feedback to improve FLC's initiatives to make them more useful to potential customers, including asking FLC members for additional or different information, as appropriate.

    Agency: Federal Laboratory Consortium for Technology Transfer
    Status: Open

    Comments: FLC has provided GAO with information on steps they are taking to address the recommendations in GAO-15-127. A number of these actions should be completed towards the end of 2016 after which we plan to request additional information from FLC.
    Recommendation: To more effectively fulfill its expanded role in providing a clearinghouse of information on available federal technology transfer opportunities, the Chair of FLC, in coordination with the other members of the Executive Board, should work collaboratively with agency and lab members to develop performance goals and measures for FLC's clearinghouse initiatives and use the results to evaluate progress toward meeting FLC's goals on outreach and networking.

    Agency: Federal Laboratory Consortium for Technology Transfer
    Status: Open

    Comments: FLC has provided GAO with information on steps they are taking to address the recommendations in GAO-15-127. A number of these actions should be completed towards the end of 2016 after which we plan to request additional information from FLC.
    Recommendation: To more effectively fulfill its expanded role in providing a clearinghouse of information on available federal technology transfer opportunities, the Chair of FLC, in coordination with the other members of the Executive Board, should report on FLC's progress in these efforts in its annual report to the President and Congress.

    Agency: Federal Laboratory Consortium for Technology Transfer
    Status: Open

    Comments: FLC has provided GAO with information on steps they are taking to address the recommendations in GAO-15-127. A number of these actions should be completed towards the end of 2016 after which we plan to request additional information from FLC.
    Director: Brown, Kay E
    Phone: (202) 512-7215

    2 open recommendations
    Recommendation: In order to help inform federal, state, and local initiatives to prevent and respond to child sexual abuse by school personnel, the Secretary of Education should lead an effort, in collaboration with the Secretary of HHS and the Attorney General, to leverage resources, expertise, and capacities across the departments to determine the most cost-effective way to disseminate federal information so that relevant state and local educational agencies, child welfare agencies, and criminal justice entities are aware of and have access to it.

    Agency: Department of Education
    Status: Open

    Comments: In May 2016, the Department of Education reported that on November 16, 2015, the Office of Safe and Healthy Students within the Office of Elementary and Secondary Education convened a meeting with federal partners to explore ways in which the agencies can better support states and to devise dissemination strategies for sharing information and providing technical assistance in the most cost- effective ways to state and local educational agencies and child welfare agencies, and ensure that resources are accessible to the various stakeholders. It noted several next steps including creating and implementing a Federal dissemination plan for the new adult sexual misconduct guidance, repository of federal resources, and for information on all state-level mandates and policies addressing adult sexual misconduct in schools. GAO will consider this recommendation closed when the department provides timelines for the completion of these activities and documentation of their completion.
    Recommendation: In order to help inform federal, state, and local initiatives to prevent and respond to child sexual abuse by school personnel, the Secretary of Education should lead an effort, in collaboration with the Secretary of HHS and the Attorney General, to leverage resources, expertise, and capacities across the departments to identify mechanisms to better track and analyze the prevalence of child sexual abuse by school personnel through existing federal data collection systems, such as the School Survey on Crime and Safety, the National Child Abuse and Neglect Data System, and the National Crime Victimization Survey.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education reported that experts within the National Center for Education Statistics (NCES) consulted with research partners in the Department of Justice and academic research experts to determine if an effective item or item set about this important issue could be derived. After review of extant sources and consultation with item development experts, a clear question that would result in meaningful information from school administrator respondents could not be developed. They also noted that they understand there is continuing interest on this issue and will continue studying item possibilities for the next School Survey on Crime and Safety (SSOCS) provided the collection is funded. As of May 2016, NCES does not have funds to field SSOCS after 2016, but there is a request in the 2016 budget to support a 2018 collection. GAO will consider this recommendation closed when the department has taken the above mentioned action to continue studying item possibilities for the next SSOCS if the collection is funded.
    Director: Powner, David A
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretary of Health and Human Services should direct appropriate officials to assess whether it would be cost effective to consolidate the remaining functions of the Medicare coverage determination systems.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We contacted the department and are awaiting a response on its efforts to implement this recommendation.
    Director: Melvin, Valerie C
    Phone: (202)512-6304

    1 open recommendations
    Recommendation: In light of the agency's declining revenue associated with its basic statutory function and the charging for information that is often freely available elsewhere, Congress should consider examining the appropriateness and viability of the fee-based model under which NTIS currently operates for disseminating technical information to determine whether the use of this model should be continued.

    Agency: Congress
    Status: Open

    Comments: Congress has not yet enacted legislation to re-examine the fee-based model under which NTIS operates, although it has begun taking actions that give it an opportunity to do so. Specifically, the Department of Commerce Appropriations Acts, 2015, 2016 and 2017, prohibited NTIS from charging customers for reports authored by legislative branch offices unless the agency tells the customer how an electronic copy of the report can be accessed or downloaded for free online. The Act further stated that, if a customer still requires such a report from NTIS, the agency should not charge more than what is needed to recover the cost of processing, reproducing, and delivering the document requested. Additionally, in the 114th Congress, three bills (H.R. 443, S.787, and S.1636) were introduced and referred to the House Committee on Science, Space, and Technology and the Senate Committee on Commerce, Science, and Transportation. However, none of these bills were passed. The 115th Congress has yet to consider legislation that would ensure the assessment of the appropriateness or viability of NTIS functions.
    Director: Mctigue, James R Jr
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To better ensure that economically similar outcomes are taxed similarly and minimize opportunities for abuse, the Secretary of the Treasury should undertake a study that compares the current approach to alternative approaches for the taxation of financial derivatives. To determine if changes would be beneficial, such a study should weigh the tradeoffs to IRS and taxpayers that each alternative presents, including simplicity, administrability, and economic efficiency.

    Agency: Department of the Treasury
    Status: Open

    Comments: Treasury disagreed with this recommendation based on the fact that many outside studies already exist and IRS did not comment. While Treasury disagreed with the recommendation, debate on tax reform, both in Congress and within IRS, continues and actions to ensure that economically similar outcomes are taxed similarly seem likely. GAO continues to maintain that further study is needed in coordination with IRS. If financial derivatives are included in tax reform, this could lead to savings for the federal government. GAO will continue to monitor progress on tax reform and whether it includes changes to the taxation of financial derivatives consistent with the recommendation.
    Director: Jones, Yvonne D
    Phone: (202) 512-9095

    2 open recommendations
    Recommendation: If pilot projects are approved by EEOC, the Acting Chairman of EEOC should direct pilot project officials to develop for each pilot project an evaluation plan that includes key features to improve the likelihood that pilot project evaluations will yield sound results, such as (1) well-defined, clear, and measurable objectives; measures that are directly linked to the program objectives; criteria for determining pilot program performance; (2) a way to isolate the effects of the pilot programs; (3) a data analysis plan for the evaluation design; and (4) a detailed plan to ensure that data collection, entry, and storage are reliable and error free.

    Agency: Equal Employment Opportunity Commission
    Status: Open

    Comments: According to EEOC officials, the agency is in the process of proposing changes in regulations that would allow use of the pilot programs. The EEOC must then send the guidance to OMB for its approval. Depending on what happens during that process, the guidance could be returned to EEOC for additional consideration. However, once approved, the EEOC can then implement the pilot programs and address our recommendations. These recommendations were to include an evaluation plan in the programs. As part of the evaluation plan, we also recommended that the EEOC adopt an appropriate methodology that could assess the success of the programs. Therefore, we are keeping the recommendation open. 12/2011: In providing comments on this report, EEOC concurred with this recommendation. While the agency has not implemented the recommendation, it is proposing changes to the Federal sector regulatory process that would allow the use of pilot projects subject to Commission approval. EEOC has sent a notice of proposed rulemaking (NPRM) to 170 agencies to solicit their comments on pilot programs to test alternative approaches to administering the EEOC complaint process. EEOC has received and is reviewing comments from the 33 agencies which submitted comments on the proposed draft. According to an EEOC official, EEOC currently is analyzing the comments on the NPRM and drafting the Final Rule. Once approved by EEOC, we will request and review EEOC's plans to evaluation the pilot projects. 5/28/13: According to EEOC, pilot projects in the Federal sector were included in the Notice of Proposed Rule Making (NPRM) that would modify EEOC regulations governing the Federal Sector process. That regulation is currently under consideration by the Commission. At the time of our contact, EEOC did not have a timeframe for a decision. Further, after EEOC's decision, it would then go to OMB for review and approval before the final rule is published. We recently contacted the EEOC and have a meeting scheduled for 12/17/16 to discuss the status of the pilot program and the recommendations.
    Recommendation: If pilot projects are approved by EEOC, the Acting Chairman of EEOC should direct commission staff to review and approve pilot projects' evaluation plans to increase the likelihood that evaluations will yield methodologically sound results, thereby supporting effective program and policy decisions.

    Agency: Equal Employment Opportunity Commission
    Status: Open

    Comments: According to EEOC officials, the agency is in the process of proposing changes in regulations that would allow use of the pilot programs. The EEOC must then send the guidance to OMB for its approval. Depending on what happens during that process, the guidance could be returned to EEOC for additional consideration. However, once approved, the EEOC can then implement the pilot programs and address our recommendations. These recommendations were to include an evaluation plan into the programs. As part of the evaluation plan, we also recommended that the EEOC adopt an appropriate methodology that could assess the success of the programs. Therefore, we are keeping the recommendation open. 12/2011: In providing comments on this report, EEOC concurred with this recommendation. While the agency has not implemented the recommendation, it is proposing changes to the Federal sector regulatory process that would allow the use of pilot projects subject to Commission approval. EEOC has sent a notice of proposed rulemaking (NPRM) to 170 agencies to their solicit comments on pilot programs to test alternative approaches to administering the EEOC complaint process. EEOC has received and is reviewing comments from the 33 agencies who submitted comments on the proposed draft. According to an EEOC official, EEOC currently is analyzing the comments on the NPRM and drafting the Final Rule. Once approved by EEOC, we will request and review information on EEOC's efforts to review and approve evaluation plans for the pilot projects. 12/23/2011: According to EEOC, pilot projects in the Federal sector were included in the Notice of Proposed Rule Making (NPRM) that would modify EEOC regulations governing the Federal Sector process. That regulation is currently under consideration by the Commission. At the time of our contact, EEOC did not have a timeframe for a decision. Further, after EEOC's decision, it would then go to OMB for review and approval before the final rule is published. We recently contacted the EEOC and have a meeting scheduled for 12/17/16 to discuss the status of the pilot program and the recommendations.
    Director: Trimble, David C
    Phone: (202)512-6225

    1 open recommendations
    Recommendation: To better enable EPA and its partner agencies to minimize the environmental risks resulting from future disasters, the EPA Administrator should work with potentially affected federal land management agencies, the Coast Guard, DHS, and FEMA to determine what actions are needed to ensure that environmental contamination on federal lands, such as national wildlife refuges, can be expeditiously and efficiently addressed in future disasters. Potential actions include the development of protocols or memorandums of understanding or amendments to the Stafford Act if the agencies determine that amendments are needed to achieve the timely availability of such funding when responding to disasters involving federal lands.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In July 2016, EPA reported that the National Response Team considered this issue but decided that it was addressed by the Major Disasters, Section 405 of the Stafford Act and that no further action was needed. We will update the status of this recommendation when we complete our review of Section 405 and determine whether additional actions by EPA are needed to respond to disasters involving federal lands.