Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Topic: "Homeland Security"

    155 publications with a total of 534 open recommendations including 39 priority recommendations
    Director: Carol Harris
    Phone: (202) 512-4456

    14 open recommendations
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes and implements specific time frames for determining key strategic implementation details, including how the program will transition from the current state to the final TIM state. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes a schedule that provides planned completion dates based on realistic estimates of how long it will take to deliver capabilities. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes new time frames for implementing the actions identified in the organizational change management strategy and effectively executes against these time frames. (Recommendation 3)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office defines and documents the roles and responsibilities among product owners, the solution team, and any other relevant stakeholders for prioritizing and approving Agile software development work. (Recommendation 4)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes specific prioritization levels for current and future features and user stories. (Recommendation 5)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office implements automated Agile management testing and deployment tools, as soon as possible. (Recommendation 6)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office updates the Systems Engineering Life Cycle Tailoring Plan to reflect the current governance framework and milestone review processes. (Recommendation 7)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes thresholds or targets for acceptable performance-levels. (Recommendation 8)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office begins collecting and reporting on Agile-related cost metrics. (Recommendation 9)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office ensures that program velocity is measured and reported consistently. (Recommendation 10)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office ensures that unit test coverage for software releases is measured and reported accurately. (Recommendation 11)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that appropriate DHS leadership reaches consensus on needed oversight and governance changes related to the frequency of reviewing Agile programs, and then documents and implements associated changes. (Recommendation 12)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that the Office of the Chief Technology Officer completes guidance for Agile programs to use for collecting and reporting on performance metrics. (Recommendation 13)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that DHS-level oversight bodies review key Agile performance and cost metrics for the TIM program and use them to inform management oversight decisions. (Recommendation 14)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: The Commissioner of CBP should develop and implement a policy and related guidance for documenting arrangements with landowners, as needed, on Border Patrol's maintenance of roads it uses to conduct its operations, and share these documented arrangements with its sectors. (Recommendation 1)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commissioner of CBP should clearly document the process and criteria for making decisions on funding non-owned operational requirements and communicate this process to Border Patrol sectors. (Recommendation 2)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commissioner of CBP should assess the feasibility of options for addressing the maintenance of nonfederal public roads. This should include a review of data needed to determine the extent of its reliance on non-owned roads for border security operations. (Recommendation 3)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jessica Farb
    Phone: (202) 512-6991

    2 open recommendations
    Recommendation: The Assistant Secretary of State for Diplomatic Security should take steps to ensure the implementation of revised standard operating procedures for collecting electronic ATA course and participant data. (Recommendation 1)

    Agency: Department of State
    Status: Open

    Comments: On August 28, 2017, having reviewed a draft version of GAO-17-704, State concurred with this recommendation and noted that ATA had revised its standard operating procedures for collecting data and shared the document with us. We will follow-up with ATA regarding steps taken to ensure the implementation of those procedures.
    Recommendation: The Assistant Secretary of State for Diplomatic Security should develop and implement a process to confirm and document whether future ATA participants return to their home countries following the completion of ATA training and, for any participants trained in the United States who do not, share relevant information with the Department of Homeland Security. (Recommendation 2)

    Agency: Department of State
    Status: Open

    Comments: On August 28, 2017, having reviewed a draft version of GAO-17-704, State concurred with this recommendation and stated that, by the end of the year, it will implement a process to ensure that participants sent to ATA training in the United States return to their home countries. We will follow-up with ATA regarding the implementation of such a process for participants sent to ATA training in the United States or other locations outside of their home countries.
    Director: Asif A. Khan
    Phone: (202) 512-9869

    2 open recommendations
    Recommendation: The DHS Under Secretary for Management should develop and implement effective processes and improve guidance to reasonably assure that future AAs fully follow AOA process best practices and reflect the four characteristics of a reliable, high-quality AOA process. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The DHS Under Secretary for Management should improve the Risk Management Planning Handbook and other relevant guidance for managing risks associated with financial management system modernization projects to fully incorporate risk management best practices, including (1) defining thresholds to facilitate review of performance metrics to determine when risks become unacceptable; (2) identifying and analyzing risks to include periodically reconsidering risk sources, documenting risks specifically related to the lack of sufficient, reliable cost and schedule information needed to help properly manage and oversee the project, and timely disposition of IV&V contractor-identified risks; (3) developing risk mitigation plans with specific risk-handling activities, the costs and benefits of implementing them, and contingency plans for selected critical risks; and (4) implementing risk mitigation plans to include establishing periods of performance for risk-handling activities and defining time intervals for updating and certifying the accuracy and completeness of information on risks in DHS's risk register. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Grover, Jennifer A
    Phone: 202-512-7141

    1 open recommendations
    Recommendation: The Commandant of the Coast Guard should complete a comprehensive cost estimate for a limited service life extension of the Polar Star that follows cost estimating best practices before committing to this approach for bridging the potential capability gap. (Recommendation 1)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: The Administrator of TSA should explore and pursue methods to assess the deterrent effect of TSA's passenger aviation security countermeasures; such an effort should identify FAMS—a countermeasure with a focus on deterring threats—as a top priority to address. (Recommendation 1)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. When we confirm what actions TSA has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of TSA should systematically evaluate the potential cost and effectiveness tradeoffs across countermeasures, as TSA improves the reliability and extent of its information on the effectiveness of aviation security countermeasures. (Recommendation 2)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: DHS concurred with this recommendation and in its September 2017 response to our report, DHS stated that TSA will continue efforts to improve both its analysis of information related to security effectiveness and its cost information, leading to better informed cost-benefit decisions for individual countermeasures. To address the intent of our recommendation, TSA will need to evaluate the costs and effectiveness of individual aviation security countermeasures and then use this information to systematically evaluate the potential cost and effectiveness tradeoffs across countermeasures. When we confirm what actions TSA has taken in response to this recommendation, we will provide updated information.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To ensure that current pilot programs related to electronic advance data provide insights that help in assessing USPS's effectiveness at providing mail targeted by CBP for inspection, the Secretary of Homeland Security should direct the Commissioner of CBP to, in conjunction with USPS, (1) establish measureable performance goals for pilot programs and (2) assess the performance of the pilots in achieving these goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide information on the costs and benefits of collecting electronic advance data for use in targeting inbound international mail for screening, the Secretary of Homeland Security should direct the Commissioner of CBP to, in conjunction with USPS, evaluate the relative costs and benefits of collecting electronic advance data for targeting mail for inspection in comparison to other methods.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    6 open recommendations
    Recommendation: To better assess whether RSCs are meeting USRAP objectives, the Assistant Secretary of State for Population, Refugees, and Migration should develop outcome-based indicators, as required by State policy.

    Agency: Department of State: Bureau of Population, Refugees and Migration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better assess whether RSCs are meeting USRAP objectives, the Assistant Secretary of State for Population, Refugees, and Migration should monitor RSC performance against such indicators on a regular basis.

    Agency: Department of State: Bureau of Population, Refugees and Migration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better ensure that USCIS officers effectively adjudicate applications for refugee status, the Director of USCIS should develop and implement a plan to deploy officers with national security expertise on circuit rides.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better ensure that USCIS officers effectively adjudicate applications for refugee status, the Director of USCIS should conduct regular quality assurance assessments of refugee application adjudications across USCIS's Refugee Affairs Division and International Operations Division.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: USCIS provided documentation that U.S. Citizenship and Immigration Services (USCIS) officials conducted a quality assurance assessment of refugee adjudications in July 2017 and has plans to conduct an additional quality assurance assessment in January or February 2018. To fully address this recommendation, USCIS should demonstrate a continued commitment to conducting regular quality assurance assessments of refugee application adjudications.
    Recommendation: To provide reasonable assurance that USRAP applicant fraud prevention and detection controls are adequate and effectively implemented, the Secretaries of Homeland Security and State should conduct regular joint assessments of applicant fraud risk across USRAP.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that USRAP applicant fraud prevention and detection controls are adequate and effectively implemented, the Secretaries of Homeland Security and State should conduct regular joint assessments of applicant fraud risk across USRAP.

    Agency: Department of State
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    7 open recommendations
    Recommendation: The Secretary of the Interior should direct the Director of the National Park Service to direct the U.S. Park Police to ensure that performance measures linked to program goals are included as part of its updated strategic plan and direct it to develop a timeline for completion of this plan.

    Agency: Department of the Interior
    Status: Open

    Comments: Interior concurred with this recommendation and said it would take steps to implement it. When we confirm what actions Interior has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Interior should direct the Director of the National Park Service to direct the U.S. Park Police to seek additional input from federal entities with expertise regarding ways to enhance testing of its physical security program.

    Agency: Department of the Interior
    Status: Open

    Comments: Interior concurred with this recommendation and said it would take steps to implement it. When we confirm what actions Interior has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Smithsonian Institution should direct the Office of Protection Services to develop program goals and ensure that performance measures linked to those goals are included as part of the strategic plan for security and develop a timeline for completion of this plan.

    Agency: Smithsonian Institution
    Status: Open

    Comments: The Smithsonian concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the Smithsonian has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Smithsonian Institution should direct the Office of Protection Services to seek additional input from federal entities with expertise regarding ways to enhance testing of the physical security program.

    Agency: Smithsonian Institution
    Status: Open

    Comments: The Smithsonian concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the Smithsonian has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to develop a process for documenting risk management decisions.

    Agency: National Gallery of Art
    Status: Open

    Comments: The National Gallery concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the National Gallery has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to ensure that program goals and performance measures linked to those goals are included as part of the master security plan and develop a timeline for completion of this plan.

    Agency: National Gallery of Art
    Status: Open

    Comments: The National Gallery concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the National Gallery has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to seek additional input from federal entities with expertise regarding ways to enhance testing of the physical security program.

    Agency: National Gallery of Art
    Status: Open

    Comments: The National Gallery concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the National Gallery has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    3 open recommendations
    Recommendation: To enhance CBP's identification of high-risk cargo shipments and its enforcement of the ISF rule, the Commissioner of CBP should enforce the ISF rule requirement that carriers provide CSMs to CBP when targeters identify CSM noncompliance.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP's Office of Field Operations is developing an enforcement strategy for container status messages (CSM) that it plans to complete by August 31, 2017. Once the strategy is completed, OFO plans to provide CSM enforcement guidance to the Advance Targeting Units. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Recommendation: To enhance CBP's identification of high-risk cargo shipments and its enforcement of the ISF rule, the Commissioner of CBP should evaluate the ISF enforcement strategies used by ATUs to assess whether particular enforcement methods could be applied to ports with relatively low submission rates.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP plans to discuss enforcement strategies during monthly conference calls held by the National Targeting Center-Cargo with all Advance Targeting Units (ATU) in order to identify the factors that are impacting ports with lower Importer Security Filing (ISF) compliance rates. In addition, CBP plans to leverage the strategies employed by ATUs overseeing ports with higher ISF compliance rates in order to increase the ISF submission rates at the ports with lower compliance rates. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Recommendation: The Commissioner of CBP should identify and collect additional performance information on the impact of the ISF rule data, such as the identification of shipments containing contraband, to better evaluate the effectiveness of the ISF program.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP is developing a plan (by August 31, 2017) to assess additional performance metrics to evaluate the effectiveness of the Importer Security Filing Program. After the plan has been developed, CBP will extract the performance data for analysis and, if needed, take actions to implement changes to the Program. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Director: Chris Currie
    Phone: (404) 679-1875

    6 open recommendations
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to document policies and procedures to address potential Surge Capacity Force misconduct.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to document Reservist disciplinary options and appeals policies and procedures that are currently in practice at the agency.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to communicate the range of penalties for specific misconduct offenses to all employees and supervisors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to better identify and address trends in employee misconduct, the Secretary of Homeland Security should direct the FEMA Administrator to improve the quality and usefulness of the misconduct data it collects by implementing quality control measures, such as adding additional drop-down fields with standardized entries, adding unique case identifier fields, developing documented guidance for data entry, or considering the adoption of database software.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to better identify and address trends in employee misconduct, the Secretary of Homeland Security should direct the FEMA Administrator to, once the quality of the data is improved, conduct routine reporting on employee misconduct trends.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to ensure that all allegations of employee misconduct referred by DHS OIG are reviewed and addressed, the Secretary of Homeland Security should direct the FEMA Administrator to develop reconciliation procedures to consistently track referred cases.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    11 open recommendations
    Recommendation: To better address current and future staffing needs, the Director of EOIR should develop and implement a strategic workforce plan that addresses, among other areas, key principles of effective strategic workforce planning, including (1) determining critical skills and competencies needed to achieve current and future programmatic results; (2) developing strategies that are tailored to address gaps in number, deployment, and alignment of human capital approaches for enabling and sustaining the contributions of all critical skills and competencies; and (3) monitoring and evaluation of the agency's progress toward its human capital goals and the contribution that human capital results have made toward achieving programmatic results.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: In August 2017, EOIR officials reported that its Immigration Court Staffing Committee, established in April 2017, would, among other things, examine how to best leverage the judicial and court staff workload model to address its short- and long-term staffing needs, assess the critical skills and competencies needed to achieve future programmatic results, and develop strategies to address human capital gaps. This committee expects to complete its work in March 2018. EOIR also reported that it is developing an agency-wide strategic plan that includes human capital planning as a critical component, which will be used to guide workforce planning for the entire agency. To fully address this recommendation, EOIR's Immigration Court Staffing Committee should complete its work and provide documentation demonstrating that it: 1) addressed the agency's short- and long-term staffing needs; 2) identified the critical skills and competencies needed to achieve future programmatic results; and 3) developed strategies to address human capital gaps. EOIR should also provide documentation, including the completed strategic plan, describing how the agency tailored its human capital strategies to address gaps in the number, deployment, and alignment of human capital approaches; and is monitoring and evaluating the agency's progress toward its human capital goals.
    Recommendation: To better address EOIR's immigration judge staffing needs, the Director of EOIR should: (1) assess the immigration judge hiring process to identify opportunities for efficiency; (2) use the assessment results to develop a hiring strategy that targets short- and long-term human capital needs; and (3) implement any corrective actions related to the hiring process resulting from this assessment.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: In August 2017, EOIR stated that it is actively implementing a new streamlined hiring plan that aims to reduce the hiring timeline. According to EOIR, this revised hiring plan, among other things, sets clear deadlines for assessing applicants moving through different stages of the process and for making decisions on advancing applicants to the next stage, as well as allows for temporary appointments for all selected judges pending full background investigations. EOIR stated that it will use this revised process in the future to fill judge vacancies. Regarding the development of a hiring strategy, EOIR stated that it recognizes the importance of assessing immigration judge hiring needs holistically to continue to develop an overall immigration judge hiring strategy, and will utilize a planned human capital strategy and additional data to further refine the hiring process. To fully address this recommendation, EOIR should continue its efforts to assess and improve its hiring process and provide documentation describing: 1) its new hiring process, including how EOIR assessed the prior hiring process to identify opportunities for efficiency; 2) its hiring strategy targeting short- and long-term human capital needs; and (3) the corrective actions EOIR implemented in response to the assessment results, such as eliminating procedures that increased the length of the hiring process.
    Recommendation: To help ensure that EOIR meets its cost and schedule expectations for EOIR Courts and Appeals Systems (ECAS), the EOIR Director should identify and establish the appropriate entity for exercising oversight over ECAS through full implementation.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: As of August 2017, EOIR reported that it had selected the EOIR Investment Review Board to serve as the ECAS oversight body with the Office of Information Technology (OIT) directly responsible for the management of the ECAS program. To fully address this recommendation, EOIR should provide documentation related to this decision.
    Recommendation: To help ensure that EOIR meets its cost and schedule expectations for ECAS, the EOIR Director should document and implement an oversight plan that is consistent with best practices for overseeing IT projects, including (1) establishing how the oversight body is to monitor program performance and progress toward expected cost, schedule, and benefits; (2) ensuring that corrective actions are identified and assigned to the appropriate parties at the first sign of cost, schedule, or performance slippages; and (3) ensuring that corrective actions are tracked until the desired outcomes are achieved.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: As of August 2017, EOIR reported that it had selected the EOIR Investment Review Board to serve as the ECAS oversight body with the Office of Information Technology (OIT) directly responsible for the management of the ECAS program. According to EOIR, OIT will record on a weekly basis all financial metrics, risks, issues, and corrective actions in EOIR's project management tool, as well as regularly evaluating the program's performance and progress and immediately implementing any needed corrective actions. To fully address this recommendation, EOIR should document and implement an oversight plan that describes how the EOIR Investment Review Board and OIT will oversee the full implementation of ECAS, including how these bodies will, consistent with best practices for overseeing IT projects: 1) monitor program performance and progress toward expected cost, schedule, and benefits; (2) ensure that corrective actions are identified and assigned to the appropriate parties at the first sign of cost, schedule, or performance slippages; and (3) ensure that corrective actions are tracked until the desired outcomes are achieved.
    Recommendation: To provide further assurance that EOIR's use of video teleconference (VTC) in immigration hearings is outcome-neutral, the Director of EOIR should collect more complete and reliable data on the number and type of hearings it conducts through VTC.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: In August 2017, EOIR stated that it is studying how to collect more complete and reliable data on the number and type of hearings it conducts through video teleconference (VTC). To fully address this recommendation, once EOIR determines how to collect more complete and reliable VTC hearing data, EOIR should provide documentation describing its approach and evidence of its implementation.
    Recommendation: To provide further assurance that EOIR's use of VTC in immigration hearings is outcome-neutral, the Director of EOIR should collect data on appeals in which the use of VTC formed some basis for the appeal, and the number of in-person hearing motions filed.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: In August 2017, EOIR stated that it is planning a pilot project to collect data on the number and type of appeals to the Board of Immigration Appeals (BIA) in which the use of video teleconference (VTC) formed an element of the basis for the appeal. EOIR expects to begin this 6-month pilot project in the first quarter of fiscal year 2018. Additionally, EOIR stated that it will assess the feasibility of collecting data on the number of filed motions requesting an in-person hearing instead of a VTC hearing. To fully address this recommendation, EOIR should continue these efforts and begin systematically collecting data on appeals in which the use of VTC formed some basis for the appeal and the number of in-person hearing motions filed.
    Recommendation: To provide further assurance that EOIR's use of VTC in immigration hearings is outcome-neutral, the Director of EOIR should use these and other data to assess any effects of VTC on immigration hearings and, as appropriate, address any issues identified through such an assessment.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: In August 2017, EOIR stated that it intends to analyze data on appeals in which the use of VTC formed some basis for the appeal from the Board of Immigration Appeals' pilot program as well as other data to further assess any effects of video teleconference (VTC) usage on immigration hearings. To fully address this recommendation, EOIR should, pending the results of the pilot program, use these and other data to assess any effects of VTC on immigration hearings and, as appropriate, address any issues identified through such an assessment.
    Recommendation: To further ensure that EOIR's VTC hearings meet all user needs and help EOIR identify and address technical issues with VTC hearings, the Director of EOIR should develop and implement a mechanism to solicit and monitor feedback from respondents regarding their satisfaction and experiences with VTC hearings, including the audio and visual quality of the hearing.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: In August 2017, EOIR stated that it partially agreed with this recommendation and would create a mechanism to solicit open-ended feedback from respondents regarding their satisfaction and experience with video teleconference (VTC) hearings, including the audio and visual quality of the hearing. EOIR reported that it is exploring and expects to implement some options by the first quarter of fiscal year 2018, such as a feedback portal on the EOIR website, a dedicated e-mail box, or a comment card for distribution to respondents at immigration courts and detention centers where VTC hearings are held. To fully address this recommendation, EOIR should continue to explore and implement a mechanism to solicit and monitor feedback from respondents regarding their satisfaction and experiences with VTC hearings, including the audio and visual quality of the hearing.
    Recommendation: To better assess court performance and use data to identify potential management challenges, the Director of EOIR should establish and monitor comprehensive case completion goals, including a goal for completing non-detained cases not currently captured by performance measures, and goals for cases it considers a priority.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: In August 2017, EOIR stated that it agrees that the agency should measure case completions in all categories and is evaluating the best way to measure its courts' performance to improve efficiency and productivity. Additionally, EOIR reported that it is working with the immigration judges' union to conduct this assessment and expects to complete this evaluation and begin working toward making any changes to its performance assessment system by the second quarter of fiscal year 2018. To fully address this recommendation, EOIR should continue these efforts and establish and monitor comprehensive case completion goals, including a goal for completing non-detained cases not currently captured by performance measures, and goals for cases it considers a priority.
    Recommendation: To better assess court performance and use data to identify potential management challenges, the Director of EOIR should systematically analyze immigration court continuance data to identify and address any operational challenges faced by courts or areas for additional guidance or training.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: In August 2017, EOIR stated that it will further analyze continuance data to identify and address operational challenges as well as determine areas where immigration judges might benefit from additional guidance or training on the use of continuances. EOIR plans to prepare new reports assessing continuance data by the first quarter of fiscal year 2018. Additionally, EOIR reported that it anticipates releasing a new Operating Policies and Procedures Memorandum addressing the appropriate use of continuances in August 2017. To fully address this recommendation, EOIR should continue to systematically analyze continuance data to identify any operational challenges faced by courts or areas for additional guidance or training, and address any challenges through taking actions such as issuing the new memorandum on continuances.
    Recommendation: To better assess court performance and use data to identify potential management challenges, the Director of EOIR should update policies and procedures to ensure the timely and accurate recording of Notices to Appear.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: In August 2017, EOIR stated that it partially agreed with this recommendation and will continue to monitor the timeliness and accuracy of NTA recording and implement corrective actions as needed. Additionally, EOIR stated that it will explore the need to create new guidance for immigration court staff to address instances where EOIR exceeds average recording times timeframes in the future. To fully implement this recommendation, EOIR should update its policies and procedures to better ensure the timely and accurate recording of NTAs, and thus provide greater assurance that EOIR's case management data are accurate, including case completion times and the size of its case backlog.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    6 open recommendations
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to update the department's IT Acquisition Review governance process to increase the number of contracts and agreements (associated with both major and non-major investments) that are reviewed by the CIO and appropriate delegates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the specific staff or positions currently within the department's IT acquisition cadre; and (2) assessing whether these staff and positions address all of the specialized skills and knowledge needed, as outlined in OMB's Office of Federal Procurement Policy's guidance for developing an IT acquisition cadre.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the department's future IT skillset needs as a result of DHS's new delivery model, (2) conducting a skills gap analysis, and (3) resolving any skills gaps identified.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update the department's acquisition policies and guidance to be consistent in identifying that the DHS CIO is to certify investments' incremental development activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update DHS headquarters', Customs and Border Protection's, and U.S. Coast Guard's processes to track, for all contracts and agreements, the IT investment with which each is associated (as applicable).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update and implement the process DHS uses for assessing the risks of major IT investments to ensure that the CIO rating reported to the Dashboard fully reflects the CIO's assessment of each major IT investment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP to assess and document how the alternative technological solutions being considered will fully meet operational needs related to ultralight aircraft.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and stated that it plans to assess and document requirements related to ultralight aircraft threats and how technological solutions will address these requirements as part of U.S. Customs and Border Protection Air and Marine Operations air domain awareness efforts. DHS plans to complete these efforts by July 2018.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP and the Director of ICE to jointly establish and monitor performance measures and targets related to cross-border tunnels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and stated that U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement will review available information and develop performance measures and targets as deemed appropriate by February 2018.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP to establish and monitor performance targets related to ultralight aircraft.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred and stated that within U.S. Customs and Border Protection, Air and Marine Operations and the U.S. Border Patrol are developing a joint performance measure and targets for interdicting ultralight aircraft. DHS plans to complete these efforts by October 2017.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the U.S. Customs and Border Protection (CBP)-U.S. Immigration and Customs Enforcement (ICE) tunnel committee to convene and establish standard operating procedures for addressing cross-border tunnels, including procedures for sharing information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS did not concur with this recommendation. However, CBP and ICE agreed that strengthening operational procedures may be beneficial and stated that they will jointly review procedures and discuss revising and/or consolidating the procedures. We continue to believe that the recommendation is valid and will monitor DHS's efforts to address it.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commandant of the Coast Guard, Commissioner of CBP, and the Director of ICE to establish and monitor Regional Coordinating Mechanisms performance measures and targets related to panga boat and recreational vessel smuggling.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS did not concur with this recommendation. DHS stated that that it believes that by establishing common terminology to address our first recommendation, the RECOMs will have more reliable, usable analyses to inform their maritime interdiction efforts. However, DHS did not believe that performance measures and targets related to smuggling by panga boats would provide the most useful strategic assessment of operations to prevent all illicit trafficking, regardless of area of operations or mode of transportation. DHS also cited the recent creation of the DHS Office of Policy, Strategy, and Plans that is to work with U.S. Coast Guard, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, and other components and offices to better evaluate the effectiveness of all operations that work to prevent the illegal entry of goods and people into the country, as appropriate. We continue to believe that the recommendation is valid and will monitor DHS's efforts to address it.
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Justice
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Justice
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Director: Michele Mackin
    Phone: (202) 512-4841

    3 open recommendations
    Recommendation: To mitigate the risk of poor acquisition outcomes and strengthen the department's investment decisions, the Secretary of Homeland Security should direct the Undersecretary for Management to update the acquisition policy to require that major acquisition programs' technical requirements are well defined and key technical reviews are conducted prior to approving programs to initiate product development and establishing Acquisition Program Baselines, in accordance with acquisition best practices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it planned to initiate a study to assess how to better align its processes for technical reviews and acquisition decisions. Upon completion of the study, DHS plans to update its acquisition policies, as appropriate.
    Recommendation: To mitigate the risk of poor acquisition outcomes and strengthen the department's investment decisions, the Secretary of Homeland Security should direct the Undersecretary for Management to update the acquisition policy to specify that acquisition decision memorandums clearly document the rationale of decisions made by DHS leadership, such as, but not limited to, the reasons for allowing programs to deviate from the requirement to obtain department approval for certain documents at Acquisition Decision Events and the results of considerations or trade-offs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it had begun expanding the content included in Acquisition Decision Memorandums (ADM) to include greater detail and that future ADMs would address the status of the acquisition documentation. DHS also said it had updated the guidance for writing ADMs in a handbook for Office of Program Accountability and Risk Management staff, thus making progress toward satisfying the recommendation. However, we did not close the recommendation because the updated guidance was not incorporated into the department's official acquisition policy, which may limit DHS's ability to implement the changes consistently over time. We will continue to review ADMs to assess whether the department's actions address the intent of this recommendation.
    Recommendation: To mitigate the risk of poor acquisition outcomes and strengthen the department's investment decisions, the Secretary of Homeland Security should direct the Undersecretary for Management to update the acquisition policy to specify at what point minimum standards for KPPs should be met, and clarify the performance data that should be used to assess whether or not a performance breach has occurred.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it had updated guidance related to its performance breaches in a handbook for Office of Program Accountability and Risk Management staff, thus moving toward satisfying the intent of this recommendation. Specifically, DHS identified that programs' KPPs should be met and verified no later than initial operational test and evaluation conducted prior to Acquisition Decision Event 3, the point at which DHS leadership approves the program to transition into sustainment. If programs have not met a KPP by this point, they will be required to declare a performance breach and submit a remediation plan documenting the root cause of the breach, along with how and when the breach will be resolved. However, we did not close the recommendation because the department's official acquisition policy has yet to be updated. DHS will fully address this recommendation when it incorporates the changes into its acquisition policy to ensure that the updated guidance on performance breaches is communicated and implemented consistently throughout the department.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To improve the usefulness of airport wait time data that CBP currently reports on its public website, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to report airport wait time data for different categories of travelers.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Gambler, Rebecca S
    Phone: (202) 512-6912

    9 open recommendations
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should ensure SAVE guidance, including written materials and instructional videos, clearly and accurately reflects user agencies' responsibilities for completing each step of a SAVE check, as outlined in each agency's memorandum of agreement.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a mechanism to oversee agencies' completion of training on additional verification in accordance with SAVE MOA provisions and program policies.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should provide notifications to user agencies when a case is ready for the user agency to review.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a more effective method for ensuring that individuals are aware of how they can access and correct their immigration records, such as by updating and improving the Fact Sheet for Benefit Applicants.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a documented, risk-based approach to monitoring and compliance, including (1) a risk-based approach to selecting behaviors to monitor; (2) standards for what triggers compliance actions for the selected behaviors; and (3) a risk-based process for how USCIS will prioritize and select agencies for compliance actions.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and communicate a process for user agencies to update contact information.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should ensure that user agencies participate in compliance reviews when selected, in accordance with SAVE MOA provisions and USCIS policy.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should identify the root causes of agencies' noncompliance with SAVE MOA provisions and program policies and tailor agency recommendations to those identified causes.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a process for ensuring user agencies implement corrective actions such as through a system of escalating compliance assistance actions and follow-up.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To ensure that the Coast Guard makes effective use of its resources, specifically regarding its budget, the Secretary of DHS should direct the Commandant of the Coast Guard to update the Joint Surface Engineering Change Process Guide to require a documented cost analysis to provide decision makers adequate data to make informed decisions regarding the expected costs and when it is most cost effective to install design changes.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard concurred with our recommendation and is working to determine a consistent, repeatable cost benefit analysis methodology that will be considered with other factors such as safety, schedule impacts, operational impacts, and crew impacts and technical aspects for making design change decisions. This methodology will be incorporated into the Coast Guard's next update to its Joint Surface Engineering Change Process Guide scheduled for December 2017.
    Recommendation: To ensure that the Coast Guard makes effective use of its resources, specifically regarding its budget, the Secretary of DHS should direct the Commandant of the Coast Guard to periodically update standard support levels to account for actual expenditures so that the Coast Guard follows best practices and to provide decision makers an understanding of the actual depot-level maintenance funds required for Coast Guard assets.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard concurred with our recommendation and is working to establish of formal process to use actual depot maintenance expenditure data to inform and update a vessel's life cycle cost estimate. For vessels in sustainment, the Coast Guard is developing a plan to periodically review depot maintenance expenditures and how they should affect the depot maintenance budget. These processes are expected to be completed by October 2017.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should develop and document procedures for Predator B coordination among supported agencies in all operating locations.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should update and maintain guidance for recording Predator B mission information in its data collection system.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should provide training to users of CBP's data collection system for Predator B missions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should record air support forms for Predator B mission requests from non-CBP law enforcement agencies in its data collection system for Predator B missions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should update Border Patrol's data collection practices to include a mechanism to distinguish and track asset assists associated with TARS from tactical aerostats.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure Border Patrol has the best available information to inform future investments in TI and resource allocation decisions among TI and other assets Border Patrol deploys in the furtherance of border security operations, and to ensure that key parties within Border Patrol's Requirements Management Process are aware of their roles and responsibilities within the process, the Chief of the Border Patrol should develop metrics to assess the contributions of pedestrian and vehicle fencing to border security along the southwest border using the data Border Patrol already collects and apply this information, as appropriate, when making investment and resource allocation decisions.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open
    Priority recommendation

    Comments: DHS concurred agreed with the this recommendation and stated that it planned to develop and incorporate metrics into Border Patrol's Requirements Management Process.
    Recommendation: To ensure Border Patrol has the best available information to inform future investments in TI and resource allocation decisions among TI and other assets Border Patrol deploys in the furtherance of border security operations, and to ensure that key parties within Border Patrol's Requirements Management Process are aware of their roles and responsibilities within the process, the Chief of the Border Patrol should develop and implement written guidance to include roles and responsibilities for the steps within its requirements process for identifying, funding, and deploying tactical infrastructure assets for border security operations.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open
    Priority recommendation

    Comments: DHS concurred with the recommendation and stated that it plans to update the Requirements Management Process and, as part of that update, plans to add communication and training methods and tools to better implement the Process. DHS plans to complete these efforts by September 2019.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    4 open recommendations
    Recommendation: The Attorney General should instruct the Director of the Marshals Service to ensure that the improvements being made to the Marshals Service's information on the security concerns of individual buildings allow the Marshals Service to understand the concerns across the portfolio.

    Agency: Department of Justice
    Status: Open

    Comments: When we confirm what actions the Marshalls Service has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of GSA and the Director of the AOUSC, on behalf of the Judicial Conference of the United States, in conjunction with the Marshals Service and FPS, should improve CSP documentation in order to improve transparency and collaboration in the CSP program.

    Agency: General Services Administration
    Status: Open

    Comments: When we confirm what actions GSA has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of GSA and the Director of the AOUSC, on behalf of the Judicial Conference of the United States, in conjunction with the Marshals Service and FPS, should improve CSP documentation in order to improve transparency and collaboration in the CSP program.

    Agency: Administrative Office of the United States Courts
    Status: Open

    Comments: When we confirm what actions AOUSC has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of GSA--in conjunction with AOUSC, the Marshals Service, and FPS--should establish a national-level working group or similar forum, consisting of leadership designees with decision-making authority, to meet regularly to address courthouse security issues.

    Agency: General Services Administration
    Status: Open

    Comments: When we confirm what actions GSA has taken in response to this recommendation, we will provide updated information.
    Director: Joe Kirschbaum
    Phone: (202) 512-9971

    3 open recommendations
    Recommendation: As DOD plans to respond to a pandemic, the Secretary of Defense should direct the Under Secretary of Defense for Policy and other DOD officials, as appropriate, to use DOD's existing coordination mechanisms with HHS and the Federal Emergency Management Agency (FEMA) to explore opportunities to improve their preparedness and response to a pandemic if DOD's capabilities are limited.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As HHS plans to respond to a pandemic, the Secretary of Health and Human Services should direct the Assistant Secretary for Preparedness and Response to use HHS's existing coordination mechanisms with DOD and FEMA to explore opportunities to improve their preparedness and response to a pandemic if DOD's capabilities are limited.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As DHS, through FEMA, plans to respond to a pandemic, the Secretary of Homeland Security should direct the Administrator of FEMA to use FEMA's existing coordination mechanisms with DOD and HHS to explore opportunities to improve their preparedness and response to a pandemic if DOD's capabilities are limited.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To ensure that C-TPAT program managers are provided consistent data from the C-TPAT field offices on security validations, the Commissioner of U.S. Customs and Border Protection should develop standardized guidance for the C-TPAT field offices to use in tracking and reporting information on the number of required and completed security validations.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: On April 28, 2017, CBP officials provided documentation--a common worksheet, instructions, and related standard operating procedures for C-TPAT field offices to use in tracking and reporting information to headquarters staff on security validations required and completed. We reviewed the information and interviewed C-TPAT officials in two field offices and C-TPAT's Plans and Operations Branch, which is responsible for overseeing these efforts, about the new procedures. In early August 2017, we asked for additional evidence that C-TPAT is ensuring one standard approach across its field offices for capturing and reporting security validations required and completed. The BBP liaison informed us that C-TPAT officials are to provide the additional evidence by the end of September 2017.
    Recommendation: To ensure the availability of complete and accurate data for managing the C-TPAT program and establishing and maintaining reliable indicators on the extent to which C-TPAT members receive benefits, the Commissioner of U.S. Customs and Border Protection should determine the specific problems that have led to questionable data contained in the Dashboard and develop an action plan, with milestones and completion dates, for correcting the data so that the C-TPAT program can produce accurate and reliable data for measuring C-TPAT member benefits.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: On July 28, 2017, CBP provided us with documentation, to include: a schedule of completed and planned activities related to refining data reporting system requirements, testing of preliminary results from new data runs, developing a reporting system for tracking security examination rates, and a copy of the results of a preliminary data run identifying shipment examination rates by mode of transportation and C-TPAT member Tier level. CBP staff informed us that the steps being taken to address this recommendation are to continue through the end of the 2017. In the interim, we are reviewing the documents CBP provided to determine what, if any, additional information we may need to assess progress in addressing this recommendation.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    2 open recommendations
    Recommendation: To enhance its ability to fulfill its role as the facilitator of cross-sector collaboration and best-practices sharing, the Secretary of Homeland Security should direct the Assistant Secretary of Infrastructure Protection, Office of Infrastructure Protection, to explore with key critical infrastructure partners, whether and what opportunities exist to harmonize federally-administered screening and credentialing access control efforts across critical infrastructure sectors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure that SCO uses its time and resources to pursue the most efficient and effective screening and credentialing harmonization goals on behalf of the department, the Secretary of Homeland Security should direct the Deputy Assistant Secretary for Screening Coordination, Office of Policy, to establish goals and objectives to support its broader strategic framework for harmonization.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Gretta L. Goodwin
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To ensure that the Capitol Police Board's current and any new approaches help enhance accountability, transparency, and effective external communication with its stakeholders, the Board should revise its Manual of Procedures to fully incorporate each of the leading practices for internal control and governance standards discussed in this report. In so doing, the Board should engage stakeholders in the revision process, such as by soliciting their input on any non-statutory changes that could particularly address the concerns stakeholders have raised, and incorporating their views as appropriate. If, in making revisions to its Manual, the Board determines that statutory changes may be helpful to enhance Board operations, then the Board should also engage with stakeholders on such proposed changes.

    Agency: Capitol Police Board
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Kay Brown
    Phone: (202) 512-7215

    3 open recommendations
    Recommendation: To better ensure FEMA's regional activities effectively support individuals with disabilities, the Secretary of Homeland Security should direct the FEMA Administrator to take steps to establish written procedures for how regions should involve the Office of Disability Integration and Coordination in clarifying disability integration staff's roles, evaluating staff performance, and setting expectations for how staff communicate with headquarters and the regions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA agreed with this recommendation and FEMA's Office of Disability Integration and Coordination is in the process of establishing a working group that will clarify and codify the roles, responsibilities, and expectations among the various agency offices and personnel involved in carrying out the agency's disability integration mission. GAO will monitor the progress of these efforts. FEMA expects to complete these efforts by December 31, 2017. At that time, GAO will await documentation of the agency's procedures for carrying out its disability integration mission.
    Recommendation: To better position FEMA to expand access to key training on incorporating access and functional needs into emergency planning for state, local, and voluntary organization emergency management officials, the Secretary of Homeland Security should direct the FEMA Administrator to evaluate alternative cost-effective methods for delivering its course on access and functional needs, such as via virtual classes.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA agreed with this recommendation and reported that it will explore options for updating one of its existing online courses--IS-368 "Including People with Disabilities and Other with Access and Functional Needs in Disaster Operations"--to tailor the content for a broader audience, including members of the public. The agency also reported that it will evaluate the need for alternative cost-effective methods for delivering other courses on inclusive emergency management it currently offers, such as its classroom course, "Integrating Access and Functional Need into Emergency Planning." The agency anticipates completing these efforts by December 31, 2017. When these efforts are complete, GAO will await documentation that the agency has evaluated its delivery of key training on incorporating access and functional needs into emergency planning.
    Recommendation: To help ensure its key training on incorporating access and functional needs into emergency planning reaches a sufficiently wide audience, the Secretary should direct the FEMA Administrator to collect information about the potential pool of participants, set general goals for the number of state and local emergency managers that will take this course, and implement the delivery methods needed to meet these goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA agreed with this recommendation and reported that it will work with its regional staff to map potential training participants in each state and set goals for delivery of the course to state and local emergency managers. The agency also reported that it may be able to use data in the State Preparedness Report and states' self-reporting on the need for training on integrating the needs of people with access and functional needs into emergency management. GAO will monitor the progress of these efforts. The agency anticipates completing these efforts by December 31, 2017.
    Director: Shelby S. Oakley
    Phone: (202) 512-3841

    3 open recommendations
    Recommendation: To improve the awareness of how risk-significant radioactive sources are transported within the United States and to better determine whether Nuclear Regulatory Commission (NRC) is meeting its goal of providing reasonable assurance for preventing the theft or diversion of these dangerous materials, the Chairman of NRC should take actions to collect information from licensees on the number of shipments and mode of transport for such sources--for example, by identifying the extent to which an existing NRC database (e.g., the National Source Tracking System) may be used to capture this information.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In its 60-day response letter from NRC to GAO, NRC repeated its position on this recommendation as stated in its formal agency response that was included as appendix III in the report. In both cases, NRC states that it disagrees with this recommendation. NRC disagrees that the specific number of shipments by mode of transport is always needed. NRC explained that existing information collection requirements already exist for category 1 quantities and that it had previously determined that collection of shipment information for category 2 quantities was not necessary. NRC also stated that NSTS would not be the appropriate database to capture shipment information; it is not designed to capture real-time information. In addition, NRC does not consider the proposed collection activity to be of sufficient benefit to justify the additional cost of capturing the information. Therefore, NRC does not believe that adopting this recommendation would result in significant improvements to safety. Despite its disagreement with this recommendation, we will continue to monitor whether NRC takes any actions that would result in addressing the concern GAO raised.
    Recommendation: To further enhance the security of radioactive sources during ground transport, the Chairman of NRC, in consultation with the Secretary of Transportation and the Secretary of Homeland Security, should identify an approach to verify that motor carriers are meeting NRC's Part 37 security requirements applicable to transportation, for example by having DOT inspectors verify compliance with NRC Part 37 security requirements during their on-site investigations.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: As noted in the NRC comments on the GAO report, the NRC agrees in general with the second recommendation to explore with Federal partners an approach to verify that motor carriers meet 10 CFR Part 37 transportation security requirements. The NRC commits to exploring how the respective agencies can verify that motor carriers are meeting the NRC's applicable Part 37 transportation security requirements. This recommendation will remain open until NRC presents evidence that it has acted on it.
    Recommendation: To further enhance the security of radioactive sources during ground transport, the Secretary of Transportation, in consultation with the Chairman of NRC and the Secretary of Homeland Security, should consider examining the potential costs and security benefits associated with lowering the Highway Route Controlled Quantity (HRCQ) threshold so that more, or all, category 1 shipments are classified as HRCQ shipments.

    Agency: Department of Transportation
    Status: Open

    Comments: In its 60-day response letter, NRC stated that it recognizes that HRCQ thresholds fall under the jurisdiction of DOT. The NRC commits to exploring with DOT the potential costs and security benefits associated with lowering the HRCQ threshold so that more if not all , of the shipments of Category 1 quantities of radioactive material may be classified as HRCQ shipments. In its 60-day response letter, DOT concurred with this recommendation and stated that it planned to consult with NRC and the Department of Homeland Security Domestic Nuclear Detection Office, and its internal stakeholders to evaluate potential costs and security benefits of lowering the HRCQ threshold, which they expect to complete by January 15, 2018. This recommendation will remain open until evidence is presented by NRC and DOT that they have examined the costs and benefits of lowering the HRCQ threshold.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    9 open recommendations
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should determine the extent to which the statutorily required implementing principles apply to NCCIC's cybersecurity functions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC is currently conducting an analysis of all mission functions to include the following goals: simplify the descriptions of NCCIC's mission functions, document all NCCIC functional capabilities, document the applicability of implementing principles to NCCIC mission functions, and map as appropriate. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should develop metrics for assessing adherence to applicable principles in carrying out statutorily required functions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that they were still in the process completing mission functional analysis described in DHS's response to Recommendation 1, which would serve as the basis of developing metrics. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should establish methods for monitoring the implementation of cybersecurity functions against the principles on an ongoing basis.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC is updating existing policies and procedures for program management reviews (PMR) to include the metrics developed in recommendation two. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should integrate information related to security incidents to provide management with more complete information about NCCIC operations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the NCCIC updated guidelines for incident reporting would be completed in May 2017. In addition, according to DHS, incident management system requirements were updated to support the new guidelines and are scheduled to be implemented in June 2017. DHS stated that these steps will enable the successful implementation of the new National Cyber Incident Scoring Schema (NCISS), which the NCCIC Watch Operations uses to help facilitate the timely, actionable, and relevant dissemination of information to leadership. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. As of August 2017, DHS has not provided evidence that the new guidelines have been implemented. However, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should determine the necessity of reducing, consolidating, or modifying the points of entry used to communicate with NCCIC to better ensure that all incident tickets are logged appropriately.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC had completed initial mapping of information flows, as well as the roles and responsibilities for the incident management function. A plan to integrate or consolidate disparate incident reporting systems is scheduled to be completed in December 2017. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should develop and implement procedures to perform regular reviews of customer information to ensure that it is current and reliable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NPPD is gathering the requirements for a customer relationship management (CRM) tool that will support regular reviews and updates to customer information. Additionally, DHS stated that NCCIC will establish and implement a standing operating procedure for capturing and regularly updating prioritized customer information including contact information in the event of an incident. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should take steps to ensure the full representation of the owners and operators of the nation's most critical cyber-dependent infrastructure assets.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the Office of Cybersecurity and Communications is establishing integrated customer engagement activities that support cyber risk mitigation and incident response planning. In addition, NCCIC will develop standing operating procedures that leverage existing information sharing programs, activities and relationships to tailor engagements that support owners and operators of the most critical cyber-dependent infrastructure assets including designated lifeline sectors. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should establish plans and time frames for consolidating or integrating the legacy networks used by NCCIC analysts to reduce the need for manual data entry.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the Assistant Secretary of Office of Cybersecurity and Communications (CS&C) had consolidated the Enterprise Architecture role within the Office of the Chief Technology Officer (CTO). Working across CS&C, the CTO will establish a technology roadmap, to include consolidation of networks. In addition, NCCIC is working to determine the potential impact of network consolidation on mission functions, including mapping current data sources. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should identify alternative methods to collaborate with international partners, while ensuring the security requirements of high-impact systems.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the potential reduction in sharing cybersecurity products that may result from migrating the NCCIC Portal to HSIN should be minimal. Contingency information sharing plans will be developed to mitigate potential issues through alternate information sharing practices, particularly involving an actual incident during migration transition. Foreign partnerships will continued to be maintained by exercises, analytic exchanges with our closest partners, and continued participation in multilateral and bilateral engagements. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    8 open recommendations
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to incorporate medical screening questions specific to gambling disorder as part of a systematic screening process across DOD, such as DOD's annual Periodic Health Assessment, for behavioral and mental-health issues.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to update DOD Instruction 1010.04, Problematic Substance Use by DOD Personnel, to explicitly include gambling disorder as defined in the 2013 Diagnostic and Statistical Manual of Mental Disorders.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Secretary of the Army to update Army Regulation 600-85, The Army Substance Abuse Program, to explicitly include gambling disorder.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Secretary of the Navy to update Naval Operations Instruction 5350.4D, Navy Alcohol and Drug Abuse Prevention and Control, to explicitly include gambling disorder.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Secretary of the Air Force to update Air Force Instruction 44-121, Alcohol and Drug Abuse Prevention and Treatment (ADAPT) Program, to explicitly include gambling disorder.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Commandant of the Marine Corps to update Marine Corps Order 5300.17, Marine Corps Substance Abuse Program, to explicitly include gambling disorder.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commandant of the Coast Guard should update Commandant Instruction M6000.1F, Coast Guard Medical Manual, to classify gambling disorder as an addiction and not as an impulse control issue.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commandant of the Coast Guard should update Commandant Instruction M1000.10, Coast Guard Drug and Alcohol Abuse Program, to explicitly include gambling disorder.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To better ensure the effectiveness of CBP's predeparture programs, the Commissioner of U.S. Customs and Border Protection should develop and implement a system of performance measures and baselines to evaluate the effectiveness of CBP's predeparture programs and assess whether the programs are achieving their stated goals.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: U.S. Customs and Border Protection's (CBP) Office of Field Operations (OFO) reported that it established a working group comprised of designated program officials from CBP's Admissibility and Passenger Programs; National Targeting Center; Planning, Program Analysis, and Evaluation; and, Preclearance offices to develop and implement a system of performance measures and baselines to evaluate the effectiveness of CBP's predeparture programs. As of July 2017, CBP reported that the working group had developed three performance measures for its predeparture programs. According to OFO officials, fiscal year 2018 will be the first complete year that each of these measures is calculated using a standardized and repeatable methodology and will thus be used as a baseline year. The baselines developed during fiscal year 2018 will then be used in future assessments of program effectiveness. To fully address this recommendation to develop and implement performance measures and baselines for evaluating its predeparture programs, GAO will review documentation from CBP, when available, on the fiscal year 2018 baselines and CBP's planned evaluation of fiscal year 2019 data against those baselines.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    6 open recommendations
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should strengthen the methodology for calculating recidivism such as by using an alien's apprehension history beyond one fiscal year and excluding aliens for whom there is no record of removal and who may remain in the United States.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should collect information on reasons agents do not apply the CDS guides' Most Effective and Efficient consequences to assess the extent that agents' application of these consequences can be increased and modify development of CDS guides, as appropriate.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should revise CDS guidance to ensure consistent and accurate methodologies for estimating Border Patrol costs across consequences and to factor in, where appropriate and available, the relative costs of any federal partner resources necessary to implement each consequence.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should ensure that sector management is monitoring progress in meeting their performance targets and communicating performance results to Border Patrol headquarters management.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should provide consistent guidance for alien classification and take steps to ensure CDS Project Management Office and sector management conduct data integrity activities necessary to strengthen control over the classification of aliens.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Assistant Secretary of Immigration and Customs Enforcement and Commissioner of Customs and Border Protection to collaborate on sharing immigration enforcement and removal data to help Border Patrol account for the removal status of apprehended aliens in its recidivism rate measure.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Tim Persons
    Phone: (202) 512-6412

    1 open recommendations
    Recommendation: The Secretary of Homeland Security--in consultation with the Federal Bureau of Investigation--should conduct a formal bioforensics capability gap analysis to identify scientific and technical gaps and needs in bioforensics capabilities to help guide current and future bioforensics investments and update its analysis periodically.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David Wise
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Administrator of the General Services Administration should determine whether the beneficial owner of high-security space that GSA leases is a foreign entity and, if so, share that information with the tenant agencies so they can adequately assess and mitigate any security risks.

    Agency: General Services Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Alicia Puente Cackley
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To improve the transparency and accountability over the compensation paid to WYO companies and set appropriate compensation rates, the FEMA administrator should take into account WYO company characteristics that may impact companies' expenses and profits when developing the new compensation methodology and rates.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To better assess whether the LOP and LOPC are having a measurable impact in meeting their program objectives, the Director of EOIR should develop and implement a system of performance measures, including establishing a baseline, to regularly evaluate the effectiveness of LOP and LOPC and assess whether the programs are achieving their stated goals.

    Agency: Department of Justice: Executive Office for Immigration Review
    Status: Open

    Comments: In January 2017, EOIR reported that the agency is working with a contractor to redesign EOIR's performance management system consistent with the principles outlined in the Government Performance and Results Modernization Act of 2010. In addition, EOIR reported that staff from its Office of Legal Access Programs (OLAP) plan to participate in strategic planning training, which will include how to establish performance measurements. To fully address the recommendation, EOIR should develop and implement a system of performance measures for LOP and LOPC, including establishing a baseline, and assess program performance against such measures.
    Director: Shea, Rebecca
    Phone: (202) 512-2834

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To improve federal agency LMR procurement practices, the Director of OMB should direct the Office of Federal Procurement Policy to examine the feasibility of including LMR technology in the category management initiative.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: OMB generally agreed with this recommendation and noted that it is working to identify which information-technology strategies will produce the best return on investment and that it continues to evaluate its category-specific plans. We will update the status of this recommendation after we receive additional information from OMB.
    Recommendation: To improve federal agency LMR procurement practices, the Director of OMB should direct the Office of Federal Procurement Policy to, if warranted, include LMR technology within the appropriate spend category.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: OMB generally agreed with this recommendation and noted that it is working to identify which information-technology strategies will produce the best return on investment and that it continues to evaluate its category-specific plans. We will update the status of this recommendation after we receive additional information from OMB.
    Director: Currie, Christopher P
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To better assess the impact of the fire grants program, the Secretary of Homeland Security should direct the FEMA Administrator to establish measurable performance targets linked to AFG and SAFER program goals, such as the desired percentage of awardees who used grants to achieve compliance with equipment standards.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to officials, FEMA's Grant Programs Directorate is reviewing the current set of program metrics to determine the feasibility of establishing performance targets. FEMA plans to include approved targets in its annual report to Congress that will be issued for fiscal year 2016; the report was undergoing internal review for approval and release as of November 2016. Pending issuance of the report with measurable performance targets linked to AFG and SAFER program goals, this recommendation will remain open.
    Recommendation: To enhance FEMA's efforts to assess and integrate the fire grant programs' contributions to national preparedness, the Secretary of Homeland Security should direct the FEMA Administrator to use the National Preparedness Goal's definition of critical infrastructure as the basis of collecting information from applicants and using the National Critical Infrastructure Prioritization Program list to measure fire grant programs' performance in addressing national priorities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to officials, FEMA's Grant Programs Directorate plans to incorporate the National Preparedness Goal definition of national critical infrastructure into fire grant performance measures in FEMA's fiscal year 2017 Annual Report to Congress. Specifically, they said FEMA plans to conduct an assessment of data from AFG program application and awards in order to verify recipients are reporting infrastructure that aligns with the National Preparedness Goal definition of critical infrastructure. In addition, FEMA plans to meet as needed with the National Programs and Protection Directorate's Office of Critical Infrastructure Analysis to determine how the Critical Infrastructure Prioritization Program list can be used in the application process. Pending completion of these efforts, this recommendation will remain open.
    Recommendation: To enhance FEMA's efforts to incorporate new National Fire Operations Reporting System (NFORS) and Fire Community Assessment Response Evaluation System (FireCARES) data elements into fire grants program management activities, the Secretary of Homeland Security should direct the FEMA Administrator to develop a project management plan for identifying relevant data elements in the new NFORS and FireCARES systems and determining how they can be used to improve fire grant applications and awards processes and the performance assessment system.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to officials, FEMA's Grant Programs Directorate intends to develop a plan to assess the data collected to determine feasibility for integration of NFORS and FireCARES data into the AFG programs. The plan will incorporate ways to improve the applications, awards processes, and tracking of performance. This plan should be completed by March 2017, and FEMA will continue to collaborate with stakeholders for the improvement of the AFG application, awards processes, and performance management. According to FEMA, the estimated completion of this effort is September 2017.
    Director: Jenny Grover
    Phone: (202) 512-7141

    5 open recommendations
    Recommendation: To ensure effective evaluation of air marshal training, the TSA Administrator should direct OTD to implement a mechanism for regularly collecting and incorporating incumbent air marshals' feedback on the training they receive from field office programs.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure effective evaluation of air marshal training, the TSA Administrator should direct OTD to take additional steps to improve the response rates of the training surveys it conducts.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to specify in policy who at the headquarters level has oversight responsibility for ensuring that field office Supervisory Air Marshals-in-Charge or their designees meet their responsibilities for ensuring that training completion records are entered in a timely manner.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to specify in policy who at the headquarters level is responsible for ensuring that headquarters personnel enter approved air marshals' training exemptions into the Federal Air Marshal Information System, and define the timeframe for doing so.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to develop and implement standardized methods, such as examinations and checklists, for determining whether incumbent air marshals continue to be mission ready in key skills.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Seto Bagdoyan
    Phone: (202) 512-6722

    1 open recommendations
    Recommendation: To strengthen USCIS's EB-5 Program fraud risk management, the Director of USCIS should develop a fraud risk profile that aligns with leading practices identified in GAO's Fraud Risk Framework.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In November 2016, Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS)stated that the program would implement GAO's recommendation to develop a fraud risk profile and anticipated completion by September 30, 2017. In April 2017, USCIS provided an update including supporting documentation which reported that USCIS had contracted with an outside consultant to, among other things, develop a fraud risk profile that aligns with leading practices identified in GAO's Fraud Risk Framework. According to its response, USCIS expected to complete development of the profile by September 30, 2017.
    Director: Chris Currie
    Phone: (404) 679-1875

    3 open recommendations
    including 1 priority recommendation
    Recommendation: To strengthen efforts to mitigate earthquake risks to federal buildings, the Secretary of Defense and the Administrator of GSA should (1) Define what constitutes an exceptionally high risk building, identify such buildings, and develop plans to mitigate those risks, including prioritizing associated funding requests as needed; and (2) To the extent practicable, prioritize and implement comprehensive seismic safety measures which could include earthquake drills, seismic safety inspections, and non-structural retrofits to decrease risks and reduce damage in federally-owned and -leased buildings in earthquake hazard areas.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To strengthen efforts to mitigate earthquake risks to federal buildings, the Secretary of Defense and the Administrator of GSA should (1) Define what constitutes an exceptionally high risk building, identify such buildings, and develop plans to mitigate those risks, including prioritizing associated funding requests as needed; and (2) To the extent practicable, prioritize and implement comprehensive seismic safety measures which could include earthquake drills, seismic safety inspections, and non-structural retrofits to decrease risks and reduce damage in federally-owned and -leased buildings in earthquake hazard areas.

    Agency: General Services Administration
    Status: Open
    Priority recommendation

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: Following the expansion of the ShakeAlert governance structure to include key stakeholders, the Secretary of the Department of the Interior should direct the U.S. Geological Survey, working through the ShakeAlert governance structure, to establish a program management plan that addresses, among other things, the known implementation challenges.

    Agency: Department of the Interior
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: If DHS's proposed CBRNE program consolidation is approved by Congress, the Secretary of Homeland Security should direct the Assistant Secretary for the Office of Policy to use, where appropriate, the key mergers and organizational transformation practices identified in our previous work to help ensure that a CBRNE consolidated office benefits from lessons learned from other organizational transformations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We found that key mergers and organizational transformation practices identified in previous GAO work could benefit the Department of Homeland Security (DHS) if Congress approves the proposed CBRNE consolidation. As a result, we recommended that should Congress approve DHS's CBRNE consolidation plan, the department use key mergers and organizational transformation practices identified in previous GAO work. In November 2016, DHS stated that while Congress had yet to authorize DHS's CBRNE reorganization proposal, DHS remained committed to evaluating GAO's identified practices when developing an implementation plan. We will update the status of this recommendation as additional information is made available.
    Director: Fennell, Anne-marie Lasowski
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: To help ensure that the Corps and FEMA carry out the national leveesafety- related activities required in the Water Resources Reform and Development Act of 2014, the Secretary of Defense should direct the Secretary of the Army to direct the Chief of Engineers and Commanding General of the U.S. Army Corps of Engineers and that the Secretary of Homeland Security direct the FEMA Administrator to develop a plan, with milestones, for implementing these activities, using existing resources or requesting additional resources as needed. This plan could be posted on the Corps' website and monitored for progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of December 2016, GAO is awaiting action by the agency to implement this recommendation.
    Recommendation: To help ensure that the Corps and FEMA carry out the national leveesafety- related activities required in the Water Resources Reform and Development Act of 2014, the Secretary of Defense should direct the Secretary of the Army to direct the Chief of Engineers and Commanding General of the U.S. Army Corps of Engineers and that the Secretary of Homeland Security direct the FEMA Administrator to develop a plan, with milestones, for implementing these activities, using existing resources or requesting additional resources as needed. This plan could be posted on the Corps' website and monitored for progress.

    Agency: Department of Defense
    Status: Open

    Comments: As of December 2016, GAO is awaiting action by the agency to implement this recommendation.
    Director: Andrew Von Ah
    Phone: (213) 830-1011

    4 open recommendations
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to document the processes and analyses for assessing and, as appropriate, for managing the difference between program costs and collections and document resulting decisions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS's Fee Governance Council, led by the Deputy CFO plans to draft and publish a revised section of the Financial Management Policy Manual devoted to documenting the processes and analyses for assessing and managing the difference between program costs and collections and document resulting decisions. The Council is currently working to establish interim milestones associated with this objective.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to establish processes for managing unobligated carryover balances, to include targets for minimum and maximum balances for programs that lack such processes and targets.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Fee Governance Council will draft and publish a revised section of the Financial Management Policy Manual devoted to managing unobligated carryover balances. The Council is currently working to develop specific milestones associated with this objective.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to conduct reviews to identify any management and operational deficiencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The DHS Fee Governance Council plans to publish a revised section of the Financial Management Policy Manual devoted to how components conduct studies of fee programs to identify any management or operational deficiencies. The Council is currently working to establish specific milestones associated with this objective.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to take action to track and report on management and operational deficiencies--including reasons supporting any decisions to not pursue recommended actions--identified in fee reviews or through other means.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The DHS Fee Governance Council will publish a revised section of the Financial Management Policy Manual devoted to how regular biennial reviews are conducted at DHS and how any findings and recommendations on management and operational deficiencies identified in these fee studies are tracked and reported.
    Director: Alicia Puente Cackley
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To address a potential challenge for consumers who wish to opt for private flood insurance and who must have insurance under the mandatory purchase requirement, the FEMA Administrator should consider reinstating the cancellation reason code allowing policyholders to cancel their NFIP policy and be eligible for premium refunds, on a prorated basis, if they obtain a non-NFIP policy after their NFIP policy became effective. If changes are needed to NFIP's standard flood insurance policy to allow such refunds, FEMA should take the necessary steps to amend its standard flood insurance policy.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should clearly document the ECPC's strategic goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should establish a mechanism to track progress by the ECPC's member agencies in implementing the ECPC's recommendations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should clearly define the roles and responsibilities of the ECPC's member agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Kimberly M. Gianopoulos
    Phone: (202) 512-8612

    3 open recommendations
    Recommendation: To better manage the AD/CV duty liquidation process, CBP should issue guidance directing the Antidumping and Countervailing Duty Centralization Team to (a) collect and analyze data on a regular basis to identify and address the causes of liquidations that occur contrary to the process or outside the 6-month time frame mandated by statute, (b) track progress on reducing such liquidations, and (c) report on any effects these liquidations may have on revenue.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and said it would take steps to implement it. CBP has issued guidance requiring the collection, analysis, and reporting of AD/CV data to identify and address the causes of liquidations that occur contrary to the process or outside the 6-month time frame mandated by statute, as GAO recommended in July 2016. CBP is analyzing the results of its fiscal year 2017 self-inspection program to assess its progress on reducing such liquidations and report on the revenue effect. CBP expects to complete its analysis by Fall 2017. Systematically collecting and analyzing liquidation data on a regular basis to identify and address the causes of untimely liquidations and tracking and reporting on progress toward reducing such liquidations could help CBP reduce revenue loss.
    Recommendation: To improve risk management in the collection of AD/CV duties and to identify new or changing risks, CBP should regularly conduct a comprehensive risk analysis that assesses both the likelihood and the significance of risk factors related to AD/CV duty collection. For example, CBP could construct statistical models that explore the associations between potential risk factors and both the probability of nonpayment and the size of nonpayment when it occurs.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and said it would take steps to implement it. As of September 2017, CBP had not regularly conducted a risk analysis that assesses both the likelihood and significance of risk factors related to AD/CV duty collection, as GAO recommended in July 2016. However, CBP was in the process of developing a model to enable it to conduct such a risk analysis on a regular basis. CBP expects to test the model by Fall 2017; however, CBP officials said that full implementation of the model will not take place until the end of fiscal year 2018 due to the complexity of the project. CBP officials noted that they are working to hire additional staff to dedicate to model development; acquire a dedicated server for processing data to regularly update the models; and identify other CBP programs that would benefit from risk models similar to the ones they are developing for AD/CV duties. Regularly conducting a comprehensive risk analysis of factors related to AD/CV duty non-collection could enhance CBP's capacity to collect additional revenue. For example, it could result in the identification of new factors generating a requirement for an importer to provide additional security in the form of bonds as part of an enhanced bonding requirement.
    Recommendation: To improve risk management in the collection of AD/CV duties, CBP should, consistent with U.S. law and international obligations, take steps to use its data and risk assessment strategically to mitigate AD/CV duty nonpayment, such as by using predictive risk analysis to identify entries that pose heightened risk and taking appropriate action to mitigate the risk.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and said it would take steps to implement it. As of September 2017, CBP was in the process of developing a risk analysis model to use in mitigating AD/CV duty nonpayment, as GAO recommended in July 2016. The model will use predictive risk analysis to identify entries that pose a heightened risk of nonpayment. CBP has contacted the Customs Surety Association and the Commercial Customs Operations Advisory Committee to discuss bonding options to help mitigate the risk of nonpayment. Developing a risk analysis model to use in mitigating AD/CV duty nonpayment could enhance CBP's capacity to collect additional revenue. For example, it could be used to identify entries from importers requiring additional security in the form of bonds as part of an enhanced bonding requirement.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To help ensure that whistleblower retaliation reports are addressed efficiently and effectively, the Secretary of Homeland Security should direct the Under Secretary of DHS's National Protection and Programs Directorate's (NPPD), the Assistant Secretary for Infrastructure Protection, and the Director of the Infrastructure Security Compliance Division (ISCD) to develop a documented process and procedures to address and investigate whistleblower retaliation reports that could include existing practices, such as the Department of Labor's Occupational Safety and Health Administration's recommended practices, in developing the process and procedures.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, in September 2016 they initiated development of a standard operating procedure for addressing and investigating whistleblower retaliation complaints. ISCD expects to complete a final version of the standard operating procedure by June 2017. According to ISCD officials, the procedure will consider OSHA's guidance, once available, when developing this set of procedures. We will update the status of this recommendation after additional information is received from DHS.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    9 open recommendations
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of the Department of Homeland Security (DHS) should direct the Director of USCIS to direct the USCIS Chief Information Officer (CIO), in coordination with the DHS CIO and the Chief of the Office of Transformation Coordination (OTC), to review and update, as needed, existing policies and guidance and consider additional controls to complete planning for software releases prior to initiating development and ensure software meets business expectations prior to deployment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, the U.S. Citizenship and Immigration Services (USCIS) within the Department of Homeland Security (DHS) had taken steps to address this recommendation. In particular, in June 2017, USCIS provided an updated policy, dated April 2017, governing planning and deploying software releases. USCIS also demonstrated partial compliance with that policy. For example, it provided some release planning review documentation for recent releases that are required by the updated policy, including readiness review memos for releases 7.2 and 8.1. However, USCIS did not demonstrate that the program responsible for developing the USCIS Electronic Immigration System (USCIS ELIS) was consistently following its updated policy. For example, USCIS did not demonstrate that the program was completing all planning activities prior to initiating development, as called for in its updated policy. Moreover, the agency did not demonstrate compliance with its previous policy for all software releases planned and deployed since our July 2016 report. We will continue to work with USCIS to monitor actions the agency is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to consistently implement the principles of the framework adopted for Agile software development.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software releases, dated April 2017, along with release planning artifacts specific to USCIS ELIS. The updated policy included an appendix devoted to generally accepted agency practices and applying Agile principles in the agency. However, USCIS had not clearly indicated if USCIS ELIS was to implement the practices described in the policy. For example, the updated policy did not require program compliance with the generally accepted agency practices. Moreover, supporting artifacts from the release planning process did not always define a commitment to a particular development methodology or set of development practices. For example, the team process agreements, which describe how members of individual teams will work with each other, did not indicate if developers were to adhere to the practices described in updated USCIS policy. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to define and consistently execute appropriate roles and responsibilities for individuals responsible for development activities consistent with its selected development framework.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in June 2017, USCIS provided updated policy, dated April 2017, governing the development of software releases and release planning artifacts. The updated policy and release documentation defined some roles and responsibilities that were previously only described by USCIS in its informal November 2014 management model, such as the authority and responsibility of a product owner. However, program documentation and policy did not define all of the roles and responsibilities. For example, program documentation and policy did not define the roles and responsibilities of a facilitator, or Scrum Master, which is a position identified in leading practices for software development using Scrum, the development methodology previously identified by the program. In addition, USCIS did not demonstrate that it had defined and committed to an updated development methodology for software releases. Such a defined methodology will impact expectations for the roles and responsibilities in software development. Without such a defined methodology or approach to Agile software development, it is not clear if roles and responsibilities defined by previously documented approach to Agile software development are still applicable for the current development approach. Moreover, documentation associated with program releases and updated policy did not define all of the roles and responsibilities for positions described by USCIS in its May 2017 written response to GAO. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to identify all system users and involve them in release planning activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, DHS and USCIS had not provided information demonstrating that the department has addressed this recommendation. In October 2016, DHS provided a written response stating that the USCIS Office of Information Technology and Office of Transformation Coordination were working closely with the various USCIS directorates to obtain and integrate feedback through regular review sessions with the end users and through additional end user testing. However, as of July 2017, DHS and USCIS have not provided new information about the status of this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to write user stories that identify user roles, include estimates of complexity, take no longer than one sprint to complete, and describe business value.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had provided GAO with documentation intended to demonstrate that the agency had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software releases along with release planning artifacts specific to USCIS ELIS and an Independent Verification and Validation assessment. The agency also provided a series of backlogs that captured user stories for some software releases. In addition, the Independent Verification and Validation assessment indicated that the program was tracking user story quality as part of assessing whether value was continuously discovered and aligned to the mission. However, the assessment report provided to GAO indicated a negative trend for this outcome. Moreover, USCIS policy no longer set expectations regarding user story development. In addition, supporting artifacts from the release planning process did not always define a commitment to a particular development methodology, which is turn impacts the expectations for writing user stories. Finally, backlogs provided by USCIS did not cover all releases in development since our July 2016 report and did not include enough detail to assess all aspects of the user story process (e.g., story size and user involvement). We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to establish outcomes for Agile software development.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in April 2017, USCIS issued updated policy governing software development at the agency. The updated policy included an appendix devoted to generally accepted agency practices and applying Agile principles in the agency. This appendix also included a set of ten outcomes associated with using Agile practices at USCIS. For example, outcomes included that value is continuously discovered and aligned to the mission. However, the updated policy did not require program compliance with the practices and principles described in the appendix. Moreover, the agency did not demonstrate that USCIS ELIS had committed to achieving a specific set of outcomes for Agile software development, such as the outcomes described in the USCIS policy. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to monitor program performance and report to appropriate entities through the collection of reliable metrics.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software that called for teams to prepare an Operations Monitoring Plan or dashboard showing the practices, tools, and measures that will monitor applications in production. The agency also provided a series of documents from internal systems and processes intended to monitor performance, such as a product dashboard for analyzing code quality (i.e., SonarQube) and a report from its Independent Verification and Validation team. However, the program was undergoing a re-baseline and had yet to document updated cost, schedule, and performance expectations against which to monitor. Moreover, the agency did not demonstrate that other metrics, such as customer satisfaction and team velocity, were being reliably collected. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To help manage the USCIS ELIS system, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update existing policies and guidance and consider additional controls to conduct unit and integration, and functional acceptance tests, and code inspection consistent with stated program goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided artifacts from internal systems in place to monitor software development performance. These metrics monitored aspects of testing, such as code quality and code coverage. However, the program did not provide an updated Test and Evaluation Master Plan, which is a document it will produce as part of its ongoing effort to re-baseline. A Test and Evaluation Master Plan sets the testing expectations for the program as agreed upon with its stakeholders in DHS and USCIS. The updated plan will provide a basis for further evaluation of the steps DHS and USCIS have taken to address this recommendation. Moreover, the agency did not demonstrate that functional acceptance tests were being conducted in accordance with stated program goals. For example, the agency did not provide acceptance criteria or the associated tests demonstrating that user stories passed the defined acceptance criteria. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To help manage the USCIS ELIS system, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update existing policies and guidance and consider additional controls to develop complete test plans and cases for interoperability and end user testing, as defined in the USCIS Transformation Program Test and Evaluation Master Plan, and document the results.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, DHS and USCIS had not provided information demonstrating that they had addressed this recommendation. In October 2016, DHS provided a written response indicating that an internal process for revisiting the USCIS ELIS Test and Evaluation Master Plan had been initiated, with participation from all relevant stakeholder groups. A Test and Evaluation Master Plan sets the testing expectations for the program as agreed upon with its stakeholders in DHS and USCIS. The updated plan will provide a basis for further evaluation of the steps DHS and USCIS have taken to address this recommendation. The letter also stated that USCIS had begun to work on a policy for new interoperability test procedures. Moreover, the letter added that end user testing is a continuing activity, including providing feedback of observed issues into the development queue, with the slow launch of the naturalization capabilities in USCIS ELIS being a model. However, as of July 2017, DHS and USCIS had not provided new information about the status of this recommendation. We will continue to work with DHS and USCIS to obtain additional documentation about actions they are taking to address this recommendation.
    Director: Farrell, Brenda S
    Phone: (202) 512-3604

    5 open recommendations
    Recommendation: To help ensure that the Gold Star Advocate Program achieves its mission and objectives and to enhance outreach for the program, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in collaboration with the service secretaries, to develop interim policies to govern the program, to include identification of roles, responsibilities, and procedures.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) is planning to incorporate policies regarding the Gold Star Advocate Program into the revision of DOD Instruction 1300,18, Department of Defense (DOD) Personnel Casualty Matters, Policies, and Procedures. The revision is anticipated to be published in 2017. In the interim, DOD is planning to establish a charter for the Gold Star Advocate Program.
    Recommendation: To help ensure that the Gold Star Advocate Program achieves its mission and objectives and to enhance outreach for the program, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in collaboration with the service secretaries, to determine outreach goals and metrics by which to measure progress in attaining those goals.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) is planning to determine outreach goals and metrics by the end of 2016. DOD is also planning to include a question concerning the Gold Star Advocate Program in its telephonic survey of survivors of deceased servicemembers to ensure awareness of the Gold Star Advocate Program amongst survivors.
    Recommendation: To help ensure that the Gold Star Advocate Program achieves its mission and objectives and to enhance outreach for the program, the Commandant of the Coast Guard should develop interim policies to govern the program, to include identification of roles, responsibilities, and procedures.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard Personnel Service Center is planning to publish a policy memorandum on the Personnel Service Center Casualty Matters website announcing the establishment of the Gold Star Advocate Program and outlining the policies, procedures, and responsibilities of the Gold Star Advocate Program.
    Recommendation: To help ensure that the Gold Star Advocate Program achieves its mission and objectives and to enhance outreach for the program, the Commandant of the Coast Guard should determine outreach goals and metrics by which to measure progress in attaining those goals.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard is planning to establish goals and metrics for the Coast Guard's Gold Star Advocate Program to include: identifying resources to support the program, creating a Gold Star Advocate Program website, updating the Coast Guard's "A Survivor's Guide to Benefits" and link it to the Gold Star Advocate Program website. The Coast Guard also plans to begin capturing addresses and other contact information for survivors of each active duty servicemember death and perform a one-time mass mailing to survivors to inform them of the program. They also plan to develop measures for outreach effectiveness and to partner with the Department of Defense to identify other ways to ensure that all survivors are contacted.
    Recommendation: To improve the efficacy of the training provided, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to develop indicators to help determine how casualty assistance officer training contributes to the quality of the casualty assistance program.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) is planning to develop two surveys to gauge how effective casualty assistance officers found the simulation training program that was developed by the Office of the Under Secretary of Defense for Personnel and Readiness (OUSD(P&R)).
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To better position the Coast Guard to effectively plan its Arctic operations, the Commandant of the Coast Guard should develop measures, as appropriate, for gauging how the agency's actions have helped to mitigate the Arctic capability gaps.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2016, we reviewed and reported on the U.S. Coast Guard's efforts in the Arctic. We found that the Coast Guard had taken actions to implement its Arctic strategy and conduct Arctic operations, which may help the Coast Guard to better understand and mitigate identified Arctic capability gaps. Further, we found that the Coast Guard was tracking, or had plans to track, its various activities in the Arctic, but that it had not developed measures to systematically assess how its actions have helped to mitigate Arctic capability gaps. We recommended that the Coast Guard develop measures, as appropriate, for gauging how the agency's actions have helped to mitigate the Arctic capability gaps. In response to our recommendation, in August 2016, the Coast Guard reported that specific measures for some activities would be developed and included as part of the Coast Guard's update to its implementation plan for its Arctic strategy. In March 2017, the Coast Guard reported that it completed an annual review of its implementation plan in January 2017. However, officials stated that technology updates and modifications to its tracking tool are required to better represent the completion percentage. To fully address this recommendation, the Coast Guard will need to finalize the development of its measures to gauge how its actions have helped to mitigate Arctic capability gaps.
    Recommendation: To better position the Coast Guard to effectively plan its Arctic operations, the Commandant of the Coast Guard should design and implement a process to systematically assess the extent to which actions taken agency-wide have helped mitigate the Arctic capability gaps for which it has responsibility.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2016, we reviewed and reported on the U.S. Coast Guard's efforts in the Arctic. We found that the Coast Guard had taken actions to implement its Arctic strategy and conduct Arctic operations, which may help the Coast Guard to better understand and mitigate identified Arctic capability gaps. Further, we found that the Coast Guard was tracking, or had plans to track, its various activities in the Arctic, but that it had not systematically assessed how its actions have helped to mitigate Arctic capability gaps. We recommended that the Coast Guard design and implement a process to systematically assess the extent to which actions taken agency-wide have helped mitigate the Arctic capability gaps for which it has responsibility, so that it will better understand the status of these gaps and be better positioned to effectively plan its Arctic operations. In August 2016, the Coast Guard reported that through its annual review of its implementation plan for its Arctic Strategy, that it will systematically assess how its actions have mitigated capability gaps for which it is the lead agency under the Implementation Framework for the National Strategy for the Arctic Region. In March 2017, the Coast Guard reported that it completed an annual review of its implementation plan in January 2017 which resulted in the consolidation, removal, and addition of Arctic initiatives. Further, officials stated that the Coast Guard will continue to work with the Arctic Executive Steering Committee to provide information for the tracking and measurement of national capabilities, needs and gaps, and impacts in the Arctic Region. To fully address this recommendation, the Coast Guard will need to assess how its actions have helped to mitigate Arctic capability gaps, and provide documentation that identifies the progress it has made in helping to mitigate Arctic capability gaps.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    13 open recommendations
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Agriculture should describe the Department of Agriculture's (USDA) major management challenges and include performance goals, performance measures, milestones and an agency official responsible for resolving each of its major management challenges as part of USDA's agency performance plan.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of August 2017, USDA had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Commerce should describe the Department of Commerce's major management challenges and include performance goals, performance measures, milestones and an agency official responsible for resolving each of its major management challenges as part of the Department of Commerce's agency performance plan.

    Agency: Department of Commerce
    Status: Open

    Comments: According to the Department of Commerce' action plan to address GAO's recommendations, it will begin including a description of the Department's major management challenges, as well as related performance goals, performance milestones and an agency official responsible for resolving each of its major management challenges, in the Department's annual performance plan reporting, starting with the report to be issued concurrent with final fiscal year 2018 Congressional Budget Justifications (CBJ). As of August 2017, Commerce has not taken action to implement our recommendation. Our review of the Department of Commerce's 2018 CBJ found that it did not include recommended information. When the 2019 CBJ is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Defense should include planned actions for each of the Department of Defense's (DOD) major management challenges and ensure that required information about its major management challenges, currently in DOD's Agency Strategic Plan for Fiscal Years 2015-2018, be included in its agency performance plan so that progress toward resolving each of its major management challenges is transparent and reported annually.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, the Department of Defense had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Energy should describe the Department of Energy's major management challenges and include performance goals, performance measures, milestones and an agency official responsible for resolving each of its major management challenges as part of the Department of Energy's agency performance plan.

    Agency: Department of Energy
    Status: Open

    Comments: As of August 2017, the Department of Energy had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Attorney General should describe the Department of Justice's major management challenges and include performance goals, performance measures, milestones, planned actions and an agency official responsible for resolving each of its major management challenges as part of the Department of Justice's agency performance plan.

    Agency: Department of Justice
    Status: Open

    Comments: According to the Department of Justice's action plan to address GAO's recommendations, it will report the Office of Inspector General Top Management Challenges in both the Annual Financial Report (AFR) and the Annual Performance Report(APR)/Annual Performance Plan(APP). For the APR/APP, the Department of Justice will also include the appropriate performance goals, performance measures, milestones, planned actions addressing the challenges and the name(s) of agency official(s) responsible for resolving each of its major management challenges. As of August 2017, however, the Department of Justice had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Labor should describe the Department of Labor's major management challenges and include performance goals, performance measures, milestones, planned actions, and an agency official responsible for resolving each of its major management challenges as part of the Department of Labor's agency performance plan.

    Agency: Department of Labor
    Status: Open

    Comments: According to the Department of Labor's action plan to address GAO's recommendations, it will comply with the updated Circular A-11 guidance to report on major management challenges in its next Annual Performance Report (APR), published with the FY 2018 Congressional Budget Justification. In its most recent APR, the Department of Labor took steps to implement this recommendation by including planned actions and an agency official responsible for each of the three issues it identified as a major management challenge. Further action is needed to establish performance goals, performance measures, and milestones. When the Fiscal Year 2017 APR is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Transportation should describe the Department of Transportation's major management challenges and include performance goals, performance measures, milestones, planned actions and an agency official responsible for resolving major management challenges as part of the Department of Transportation's agency performance plan.

    Agency: Department of Transportation
    Status: Open

    Comments: As of August 2017, the Department of Transportation had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of the Treasury should include performance goals, performance measures, milestones, and an agency official responsible for resolving major management challenges as part of the Department of the Treasury's agency performance plan.

    Agency: Department of the Treasury
    Status: Open

    Comments: As of August 2017, Treasury had not taken any actions to implement our recommendation. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Administrator of the Environmental Protection Agency (EPA) should include performance goals, performance measures, milestones, planned actions and an agency official responsible for resolving each of its major management challenges as part of EPA's agency performance plan.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its Fiscal Year 2018 APP, EPA took steps to implement this recommendation by clearly identifying its major management challenges and including planned actions for resolving them. Further action is needed to establish performance goals, performance measures, milestones, and identify an agency official responsible for resolving the challenge. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Administrator of the General Services Administration (GSA) should describe GSA's major management challenges and include performance goals, performance measures, milestones and an agency official responsible for resolving each of its major management challenges as part of GSA's agency performance plan.

    Agency: General Services Administration
    Status: Open

    Comments: In its Fiscal Year 2018 APP, GSA took steps to implement this recommendation by clearly identifying three major management challenges and including planned actions, performance measures, milestones, and an agency official responsible for resolving them. Further action is needed to establish performance goals. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of Health and Human Services (HHS) should include performance goals, milestones and an agency official responsible for resolving each of HHS's major management challenges as part of HHS's agency performance plan.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: According to its website, for fiscal year 2018, HHS is meeting its performance reporting requirements as designated in the GPRA Modernization Act of 2010 and OMB Circular A-11 through the program performance information provided in the FY 2018 HHS Budget Justifications to Congress. As of August 2017, however, HHS has not taken action to implement our recommendation. Our review of HHS' 2018 Congressional Budget Justification found that it did not include recommended information. When the 2019 CBJ is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Secretary of the Interior should describe the Department of Interior's major management challenges and include performance goals, performance measures, planned actions, milestones and an agency official responsible for resolving each of its major management challenges as part of the Department of the Interior's agency performance plan.

    Agency: Department of the Interior
    Status: Open

    Comments: As of August 2017, the Department of Interior had not taken any actions to implement our recommendation. It is unclear in the APP what Interior considers to be its major management challenges and, if there are such issues, which performance information aligns with resolving those issues. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Recommendation: To improve the public reporting of major management challenges and to ensure performance information is useful, transparent, and complete, the Director of the National Science Foundation (NSF) should describe NSF's major management challenges and identify performance goals, performance measures, milestones, and an agency official responsible for resolving each of its major management challenges as part of NSF's agency performance plan.

    Agency: National Science Foundation
    Status: Open

    Comments: In its Fiscal Year 2018 APP, NSF took steps to implement this recommendation by clearly identifying its major management challenges and including planned actions for resolving them. Further action is needed to establish performance goals, performance measures, milestones, and identify an agency official responsible for resolving the challenge. When the 2019 annual performance plan is issued, we will update the status of this recommendation.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    6 open recommendations
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should update the Risk Assessment of Airport Security to reflect changes to its risk environment, such as those updates reflected in Transportation Sector Security Risk Assessment (TSSRA) and JVA findings, and share results of this risk assessment with stakeholders on an ongoing basis.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should establish and implement a process for determining when additional risk assessment updates are needed.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should develop and implement a method for conducting a system-wide assessment of airport vulnerability that will provide a more comprehensive understanding of airport perimeter and access control security vulnerabilities.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should use security event data for specific analysis of system-wide trends related to perimeter and access control security to better inform risk management decisions.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should update the 2012 Strategy for airport security to reflect changes in risk assessments, agency operations, and the status of goals and objectives. Specifically, this update should reflect: (1) information from the Risk Assessment of Airport Security, as well as information contained in the most recent TSSRA and JVAs; (2) new airport security-related activities; (3) the status of TSA efforts to address goals and objectives; and (4) finalized outcome-based performance measures and performance levels--or targets--for each relevant activity and strategic goal.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should establish and implement a process for determining when additional updates to the Strategy are needed.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To better ensure that FAMS uses its resources to cover the highest-risk flights, in addition to considering risk when determining how to divide FAMS's international flight coverage resources among international destinations, the Director of FAMS should incorporate risk into FAMS's method for initially setting its annual target numbers of average daily international and domestic flights to cover.

    Agency: Department of Homeland Security: Transportation Security Administration: Office of Law Enforcement - Federal Air Marshal Service
    Status: Open

    Comments: In May 2016, we found that FAMS officials considered risk when selecting specific domestic and international flights to cover, but they did not consider risk when deciding how to initially divide their annual resources between domestic and international flights. Rather, each year FAMS considered two variables--travel budget and number of air marshals--to identify the most efficient way to divide the agency's resources between domestic and international flights. As a result, we recommended that FAMS incorporate risk into FAMS's method for initially setting its annual target numbers of average daily international and domestic flights to cover. In March 2017, TSA officials reported that FAMS was continuing to identify ways to refine the methodology FAMS uses to allocate resources between international and domestic flights. Specifically, TSA officials noted that FAMS was considering ways to incorporate information on the travel patterns of known or suspected terrorists, trends in TSA PreCheck passenger data, airport screening capabilities, and other factors. FAMS officials also reported that, as part of this effort, they were reviewing their International Concept of Operations. It is unclear how these steps will address the recommendation. To fully address this recommendation, FAMS should incorporate risk into its method for initially setting its annual target numbers of average daily international and domestic flights to cover.
    Recommendation: To better ensure that FAMS uses its resources to cover the highest-risk flights, the Director of FAMS should conduct and document a risk assessment--systematically collecting information on and assigning value to current risks--to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas.

    Agency: Department of Homeland Security: Transportation Security Administration: Office of Law Enforcement - Federal Air Marshal Service
    Status: Open

    Comments: In May 2016, we reported that FAMS's choice of domestic geographic focus areas and resource allocation levels were based on professional judgment, not risk assessment. With regard to the geographic focus areas, for example, FAMS officials explained that they did not conduct a risk assessment to inform this decision, but rather selected these areas in consultation with 30 subject matter experts from various offices within TSA based on their intuitive, qualitative perceptions of threats, vulnerabilities, potential impacts, history, and the demographics of the areas. Without fully incorporating risk when determining such priorities, FAMS cannot reasonably ensure it is targeting its resources to the highest-risk flights. As a result, we recommended that FAMS conduct and document a risk assessment--systematically collecting information on and assigning value to current risks--to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas. In March 2017, TSA officials explained that they were continuing to develop their "risk-by-flight" initiative--a long-term effort to develop a method of assigning each domestic flight a relative risk score to assist in identifying high-risk flights. At the time of our report in 2016, FAMS officials estimated that the risk-by-flight tool would probably be ready for use within 7 to 10 years. In March 2017, TSA officials stated that they had developed a prototype Risk-Based Resource Deployment Decision Aid, which they refer to as R2D2. TSA officials further reported that the DHS Science and Technology Directorate had contracted for the development of a risk engine--based on the R2D2 data--to assign risk values to all U.S.-carrier domestic and international flights. TSA officials reported that this contract runs through early 2018. To fully address this recommendation, FAMS should conduct and document a risk assessment to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To enhance the monitoring of holding facilities, the Secretary of Homeland Security should direct Border Patrol and ICE to develop and implement a process to assess their time in custody data for all individuals in holding facilities, including: (1) identifying and addressing potential data quality issues; and (2) identifying cases where time in custody exceeded guidelines and assessing the factors impacting time in custody.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To strengthen the transparency of the complaints process, the Secretary of Homeland Security should direct CBP and ICE to develop and issue guidance on how and which complaint mechanisms should be communicated to individuals in custody at holding facilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate the tracking of holding facility complaints, the Secretary of Homeland Security should include a classification code in all complaint tracking systems related to DHS holding facilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide useful information for compliance monitoring, the Secretary of Homeland Security should direct CBP and ICE to develop and implement a process for analyzing trends related to holding facility complaints across their respective component.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michelle Sager
    Phone: (202) 512-6806

    4 open recommendations
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to conduct a systematic analysis of the information generated from FEMA's readiness assessments to determine the extent of regional office efforts to help states implement the NDRF, including conducting education and outreach.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, its Office of Readiness Assessment (ORA) launched the 2016 bi-annual FEMA Readiness Assessment Program in April 2016, which includes NDRF related assessment discussions in five FEMA regions. We met with officials in April 2017, who told us that ORA plans to incorporate into this year's assessments, a retrospective review of NDRF findings and progress made in implementing the NDRF since 2013. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to develop best practices and lessons learned with regard to conducting NDRF education and outreach to states based on the analysis of readiness assessments and create a mechanism to disseminate and share those best practices and lessons learned to FEMA regional offices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, its Recovery Support Function Leadership Group initiated an information management workgroup, which shares best practices information as one of its objectives. The workgroup has piloted the use of an existing interagency portal as a potential platform for improved information sharing. We met with officials in April 2017, who told us that FEMA will incorporate its 2016 readiness review findings and best practices from regional Federal Disaster Recovery Coordinators for stakeholder outreach and education into the final platform build-out. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to clarify with regional offices and Federal Disaster Recovery Coordinators (FDRCs) the role of the regional implementation plans in FDRC performance plans and how they will be used to assess NDRF regional implementation efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, to achieve greater integration of FEMA's field leadership components, FEMA's Field Operations Directorate (FOD) convened a Field Leadership Working Group of senior subject matter experts to conduct a mission analysis of FEMA's Field Leadership function (which includes Federal Disaster Recovery Coordinators as well as Federal Coordinating Officers and Incident Management Assistance Teams team leads). According to FEMA, one of the assigned tasks of the group involves developing performance metrics to define a steady state and operational performance framework for field leaders, to include Federal Disaster Recovery Coordinators. According to FEMA, the Working Group is currently underway and is preparing a Field Leader Manual for review by FOD leadership. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to align the annual FDRC performance expectations with clearly defined organizational goals and priorities, consistent with key management practices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, the Field Leadership Working Group will implement the elements of this recommendation alongside efforts to clarify the role of the regional National Disaster Recovery Framework implementation plans. FEMA also provided documentation to GAO noting that the Working Group is progressing in its work on its Field Leadership Professional Development Plan. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    16 open recommendations
    including 4 priority recommendations
    Recommendation: The Director of OMB should identify and publish a specific goal associated with its non-provisioned O&M spending measure.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The agency agreed with the recommendation. In April 2017, OMB indicated that it has been working with agencies on their Strategic Plans and associated performance goals and measures, but that it would be premature to say whether there would be a specific goal on its non-provisioned O&M spending measure. We will continue to monitor the implementation of this recommendation.
    Recommendation: The Director of OMB should commit to a firm date by which its draft guidance on legacy systems will be issued, and subsequently direct agencies to identify legacy systems and/or investments needing to be modernized or replaced.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The agency agreed with the recommendation. In April 2017, OMB stated that it was updating the draft guidance on legacy systems and were unable to provide a date when they would be issuing it. We will continue to monitor the implementation of this recommendation.
    Recommendation: To monitor whether existing investments are meeting the needs of their agencies, the Secretaries of Commerce and the Treasury should direct the respective agency CIO to ensure that required analyses are performed on investments in the operations and maintenance phase.

    Agency: Department of Commerce
    Status: Open

    Comments: The agency agreed with the recommendation. In a May 2017 written update, the agency stated that it had updated its Capital Planning and Investment Control handbook with instructions on conducting operational analyses. However, the agency was unable to demonstrate that operational analyses were being completed on an annual basis, as required. We will continue to monitor the implementation of this recommendation.
    Recommendation: To monitor whether existing investments are meeting the needs of their agencies, the Secretaries of Commerce and the Treasury should direct the respective agency CIO to ensure that required analyses are performed on investments in the operations and maintenance phase.

    Agency: Department of the Treasury
    Status: Open

    Comments: The agency had no comment on the recommendation. In June 2017, Treasury provided an update on the IRS's efforts to ensure that operational analyses are performed on investments in the operations and maintenance phase. However, the recommendation is intended to address issues at the department level and not just at the IRS. Treasury declined to provide an update at the department level. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The agency agreed with the recommendation and in July 2017 stated that the department has drafted a Legacy Systems Modernization Framework. DHS is waiting for OMB?s draft guidance to be issued to ensure compliance. As a result, they now estimate this will be completed by December 2017. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Agriculture
    Status: Open

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it had taken steps to improve its overall IT governance processes, and in particular, its oversight of legacy systems. These steps included, implementing its FITARA strategy, creating a Cloud Strategy and Policy Office, and two new executive oversight groups. In addition, the agency stated that it planned to complete an IT Modernization Plan in calendar year 2018. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Commerce
    Status: Open

    Comments: The agency agreed with the recommendation. In May 2017, the agency stated that it was continuously assessing its current IT portfolio for opportunities to retire or modernize its mission critical legacy systems. Specifically, Commerce stated that it had identified two candidate systems for modernization--the National Weather Service Telecommunications Gateway and the USPTO Examiner Automated Search Tool. However, it is unclear how these plans will relate to OMB's guidance. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Defense
    Status: Open

    Comments: The agency partially concurred with the recommendation, and stated that it would continue to identify, prioritize, and manage legacy systems that should be modernized or replaced, based on existing DOD policies, using existing department processes, consistent to the extent practicable with OMB's draft guidance. In June 2017, the department stated that its position has not changed; the department believes that no corrective actions are necessary or planned. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Energy
    Status: Open
    Priority recommendation

    Comments: The department partially agreed with the recommendation and in an April 2017 update stated that the department has begun an initiative to migrated corporate business IT systems to cloud service providers. The department added that they were coordinating with their program offices to identify and prioritize other IT systems for migration. The department intends to review any forthcoming OMB guidance, and will consider early implementation of such guidance, as applicable to the department, when the guidance is provided. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The agency agreed with the recommendation and in a September 2016 written update stated that the office of the CIO is working to identify and plan to modernize or replace IT systems. As of July 2017, the agency had not responded to requests for updates on the implementation of this recommendation. We will continue to monitor this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Social Security Administration
    Status: Open

    Comments: The agency agreed with the recommendation and as of May 2017, the agency stated that it was working on finishing its Information Technology Modernization Plan that outlines 5 major applications that it plans to update. However, since OMB had not yet issued its legacy system guidance, it is unknown whether this plan is consistent with OMB's guidance. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Justice
    Status: Open

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it was completing the initial steps of an assessment to provide a qualitative and definitive list of systems which meet criteria for retirement and/or decommission. This assessment is to review the complexity of work per system, and provide a rough order of magnitude cost estimate on a system-by-system basis. Further, VA is in the process of decommissioning the BDN and PAID systems mentioned in our report. The decommissioning of BDN is in the planning stage and the agency estimates the project to cost $100 million to complete. The replacement of PAID has been occurring in incremental phases, but the agency did not provide an estimated date of retirement. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Transportation
    Status: Open

    Comments: The agency agreed with the recommendation and stated that work is underway to identify systems in need of modernization and upgrade. The department anticipated being able to close the recommendation 90 days after OMB issues guidance on legacy systems. Further, in a recent update, the agency stated that it had recently started a project to create an integrated inventory of Transportation's systems. According to the agency, through this project, it has been able to identify duplication and opportunities to create efficiencies. The next phase of this project is a future state diagram and a roadmap to show planned modernizations and possible divestments of legacy systems. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: The agency had no comment on the recommendation. In a June 2017, Treasury provided an update on the IRS's efforts to modernize the IRS's legacy systems. However, the recommendation is intended to address issues at the department level and not just at the IRS. Treasury declined to provide an update at the department level. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Veterans Affairs
    Status: Open
    Priority recommendation

    Comments: The agency agreed with the recommendation. As of May 2017, the agency stated that it was completing the initial phase of an assessment to provide a qualitative and definitive list of systems which meet criteria for retirement and/or decommission. This assessment will review the complexity of work per system, and provide a rough order of magnitude cost estimate on a system-by-system basis. Further, VA is in the process of decommissioning the BDN and PAID systems mentioned in our report. The decommissioning of BDN is in the planning stage and the agency estimates the project to cost $100 million to complete. The replacement of PAID has been occurring in incremental phases, but the agency did not provide an estimated date of retirement. We will continue to monitor the implementation of this recommendation.
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: The agency agreed with the recommendation and stated that it plans to work with OMB upon the publication of OMB's guidance to identify opportunities for modernization. In an April 2017 update, the agency stated that it had extended plans to replace the systems mentioned in the report by several years. As of August 2017, the agency stated that it had finalized a new capital planning guide which includes investment review policy to identify opportunities for modernization and away from legacy systems. However, it is too soon to tell if it is in line with OMB's forthcoming guidance. We will continue to monitor the implementation of this recommendation.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    3 open recommendations
    Recommendation: To improve transparency in allocating its limited resources, and to help ensure that its resource allocation decisions are the most effective ones for fulfilling its missions given existing risks, the Commandant of the Coast Guard should document how the risk assessments conducted were used to inform and support its annual asset allocation decisions.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: On December 14, 2016, the Coast Guard noted that the FY 2017 Strategic Planning Direction (SPD) was issued on October 1, 2016, which addresses GAO's recommendation and requested closure of this recommendation. In reviewing the FY 2017 SPD, however, it was not clear how risk assessments were conducted or the impact, if any, that risk factors had on asset allocations. GAO requested details on these issues on 12-17-2016 and as of 1-25-2017 GAO had not received any additional information, so this recommendation remains open.
    Recommendation: To ensure that high priority mission activities are fully supported with the appropriate number of staff possessing the requisite mix of skills and abilities, the Commandant of the Coast Guard should develop a systematic process that prioritizes manpower requirements analyses for units that are the most critical for achieving mission needs.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: On December 14, 2016, the Coast Guard noted the following: CG-1B submitted two FY 2019 Resource Proposals to staff and equip the Manpower Requirements Determination Division to conduct the analysis as described in the recommendation. Estimated completion: TBD. On March 24, 2017, the Coast Guard noted that it continues to prioritize and analyze manpower requirements and is tracking an initiative to catalogue and validate all DHS manpower modeling/analysis programs, but noted that the estimated completion for the recommendation remains as TBD.
    Recommendation: To improve the strategic allocation of assets, the Commandant of the Coast Guard should incorporate field unit input, such as information on assets' actual performance from Operational Performance Assessment Reports and Planning Assessments, to inform more realistic asset allocation decisions--in addition to asset performance capacities currently used--in the annual Strategic Planning Directions to more effectively communicate strategic intent to field units.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: On December 14, 2016, the Coast Guard noted that the Atlantic Area and Pacific Area Commands' Operational Planning Directions (OPDs) were approved and provided to their field units in July 2016 and August 2016, respectively, and that the OPDs took into account the actual performance of the assets in the allocation of asset hours to field units in line with GAO's recommendation. The Coast Guard requested closure of this recommendation. However, in reviewing the provided planning documents, it was not clear how asset allocations were changed to reflect actual asset performance by the field units, so GAO asked for further details on 12-17-2016. As of 1-25-2017, GAO had not received any updated information, so this recommendation remains open.
    Director: Michael J. Courts
    Phone: (202) 512-8980

    2 open recommendations
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should specify time frames for working with VWP countries to institute the additional VWP security requirements, including the requirement that the countries fully implement agreements to share information about known or suspected terrorists through the countries' Homeland Security Presidential Directive 6 arrangements and Preventing and Combating Serious Crime agreements with the United States.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS reported that nearly all VWP countries have begun sharing information on known or suspected terrorists through Homeland Security Presidential Directive 6 arrangements and that DHS also made progress in fully implementing Preventing and Combating Serious Crime agreements. According to DHS, all VWP countries were informed of the new VWP requirements in July 2016. In its initial response, DHS stated that it planned to conduct a comprehensive assessment of VWP countries' compliance with the new VWP requirements and establish a time frame for each VWP country to reach full compliance as part of each country's next formal review. However, as of April 2017, DHS needs to provide documentation to GAO to support all of these actions. GAO will continue to monitor DHS efforts to fully address this recommendation.
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should take steps to improve DHS's timeliness in reporting to Congress, within the statutory time frame, the department's determination of whether each VWP country should continue participating in the program and any effects of the country's participation on U.S. law enforcement and security interests.

    Agency: Department of Homeland Security
    Status: Open

    Comments: Since 2016, DHS has issued several reports on VWP countries to Congress that have addressed several of the overdue reports identified in 2016, but some gaps remain. As of April 2017, DHS reported plans to deliver additional reports in 2017 to address these gaps. In its initial response, DHS reported that the department had taken steps to ensure timely reporting to Congress and committed to providing Congress with advance notification of any delays in delivering future reports. To fully address this recommendation, DHS needs to issue reports to Congress on VWP countries that have not been covered within the last two years. GAO will continue to monitor DHS efforts.
    Director: Andrew Von Ah
    Phone: (213) 830-1011

    4 open recommendations
    Recommendation: To ensure the quality of the risk assessments used to inform its future QHSR processes, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to ensure future QHSR risk assessment methodologies reflect key elements of successful risk assessment methodologies, such as being: (1) Documented, which includes documenting how risk information was integrated to arrive at the assessment results, (2) Reproducible, which includes producing comparable, repeatable results, and (3) Defensible, which includes communicating any implications of uncertainty to users of the risk results.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis and Risks completed initial meetings in April 2016 with government and non-government subject matter experts to refine risk analyses for the upcoming 2018 QHSR. Representatives from the department's component and headquarters staff are to take part in the Department's Risk Modeling and Analysis Steering Committee by reviewing, documenting and approving proposed new methodologies planned to help identify and prioritize threats and hazards. This effort is intended to lead to a documented, reproducible, and defensible assessment, according to the DHS officials. This recommendation will remain open until we verify that the risk analysis contains these elements.
    Recommendation: To enable the use of risk information in supporting resource allocation decisions, guiding investments, and highlighting the measures that offer the greatest return on investment, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to refine its risk assessment methodology so that in future QHSRs it can compare and prioritize homeland security risks and risk mitigation strategies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk, with support from the RAND Corporation, has proposed a methodology to assess threats, hazards, and vulnerabilities impacting U.S. homeland security. In addition, the department's Risk Modeling and Analysis Executive Steering Committee is to review and approve the proposed methodology. The methodology is intended to enable the Department of Homeland Security to compare and prioritize homeland security risks and risk mitigation strategies, according to DHS officials. The recommendation will remain open until we verify that the methodology allows such comparisons.
    Recommendation: To ensure proper management of the QHSR stakeholder consultation process, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to identify and implement stakeholder meeting processes to ensure that communication is interactive when project planning for the next QHSR.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk finalized a draft stakeholder outreach plan to include use of the Office of Management and Budget's Max electronic collaboration website to engage with federal, state, and local stakeholders. The OMB-MAX website is available to government and non-government offices and allows the posting of documents, articles, and links, as well as facilitating collaborative editing of documents and participant interaction threads, according to DHS officials. In addition, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk is exploring the use of different tools to facilitate more interactive stakeholder engagement. For example, DHS's Office of Partnerships and Engagement is to facilitate additional engagement with external subject matter experts, arrange interagency coordination, and organize review and approval with parties of the homeland security enterprise in order to coordinate and approve the development of the 2018 QHSR. This recommendation will remain open until we verify that interactive communication approaches are implemented.
    Recommendation: To ensure proper management of the internal QHSR stakeholder consultation process, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to clarify component detailee roles and responsibilities when project planning for the next QHSR.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk (SPAR) drafted a memorandum for the Deputy Secretary to solicit Component subject matter experts. The memorandum specifies component detailee roles and responsibilities, to include serving in an advisory, consultation, and coordination role, according to DHS officials. SPAR is to lead an integrated group of analysts and strategic planners that are to be supported and augmented by the subject matter experts. The experts and detailees are to serve as members of study teams analyzing key threats, trends, and strategy and policy alternatives associated with issues and challenges relating to DHS's mission and objectives. A second memorandum requesting additional detailee support is to be issued in November 2016, prior to the formal review phase of the new QHSR which is to begin in January 2017. This recommendation will remain open until we verify that clarified detailee roles and responsibilities are finalized and implemented.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    5 open recommendations
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to define the scope, implementation strategy, and schedule of the agency's overall modernization approach, with related goals and measures for effectively overseeing the effort. At a minimum, the agency should update its IT strategic plan and complete its modernization plan.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with this recommendation, and reported on actions taken to update its IT Modernization Plan such as conducting cross-functional work sessions to establish an actionable implementation roadmap in line with agency priorities. However, as of April 2017, we have not yet obtained evidence that FEMA has fully updated its IT strategic plan and completed its modernization plan to address the weaknesses identified in our report. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to establish time frames for current and future IT workforce planning during its modernization efforts and ensure all regions and offices are included in these initiatives.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department stated that FEMA completed the assessment of skills gap and identified and prioritized the skills required to staff and sustain the core competencies required to successfully implement FEMA's IT modernization efforts. However, we have not yet validated the agency actions to establish time frames for current and future IT workforce planning during its modernization efforts. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement complete program plans that define overall budget and schedule, key deliverables and milestones, assumptions and constraints, description and assignment of roles and responsibilities, staffing and training plans, and an approach for maintaining these plans.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with our recommendation and in response updated its program management plans that support the program offices of the Disaster Assistance Improvement Plan, Emergency Management Mission Integrated Environment, and Integrated Public Alert and Warning System. The program plans addressed some of the weaknesses we identified in our report. For example, the program management plans identified and described the overall program management processes and methods to be used during all phases of projects and defined key deliverables and milestones, roles and responsibilities, staffing and training and an approach for maintaining the plans. However, the plans did not clearly define the knowledge and skills needed to carry out the program or provide sufficient details on the budget and scheduling for the programs under review. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement a system integration plan that include all systems to be integrated with the system, roles and responsibilities for all relevant participants, the sequence and schedule for every integration step, and how integration problems are to be documented and resolved.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department reported that the system owner for DAIP, EMMIE, and IPAWS programs have updated their respective system integration plans to address the risks identified within the recommendation. In addition, the agency provided documentation such as the IPAWS Integrated Logistics Support Plan, as well as the quality control plan, and test execution plans for both the DAIP and EMMIE programs. However, we have not yet completed our analysis and validated the agency actions on this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As part of the effort of improving IT management at the three programs, the FEMA Administrator should direct the CIO to ensure that FEMA policy for managing IT programs includes guidance for implementing the key management practices.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with the recommendation. In its November 2016 update, FEMA reported that the System Owner for DAIP, EMMIE, and IPAWS have updated their respective IT management program and plans and coordinated with the FEMA CIO to address the risks identified within the recommendation. However, we have not yet validated the agency actions on this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Joseph W. Kirschbaum
    Phone: (202) 512-9971

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To help improve DOD's planning and processes for supporting civil authorities in a cyber incident, the Secretary of Defense should direct the Under Secretary of Defense for Policy in coordination with the Chairman of the Joint Chiefs of Staff to issue or update guidance that clarifies roles and responsibilities for relevant entities and officials--including the DOD components, supported and supporting commands, and dual-status commander--to support civil authorities as needed in a cyber incident.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: The Department of Defense concurred with the recommendation and indicated that, in response, it would update existing agency guidance (e.g., doctrine, directives, instructions) or develop new guidance as appropriate. As of October 2016, DOD has not provided additional information concerning the status of this recommendation.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To enhance DHS leadership's ongoing efforts to improve the affordability of the department's major acquisition portfolio, and to ensure adequate communication with Congress, the Secretary of the Department of Homeland Security should ensure that the fiscal year 2017 Future Years Homeland Security Program report, which DHS must submit to Congress at or about the same time as the President's fiscal year 2018 budget request, reflects the results of any tradeoffs stemming from the acquisition affordability reviews recommended above.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the fiscal year 2017 Future Years Homeland Security Program (FYHSP) report would reflect decisions made in response to our second recommendation. DHS expected to release the FYHSP report shortly after the President's fiscal year 2018 budget request in May 2017. However, the transition to a new administration delayed the release of the FYHSP report. Once available, GAO will evaluate the FYHSP report to determine whether DHS has met the intent of this recommendation.
    Recommendation: To enhance DHS leadership's ongoing efforts to improve the affordability of the department's major acquisition portfolio, and to help ensure programs secure stable funding that matches resources to requirements, the Secretary of the Department of Homeland Security should require components to establish formal, repeatable processes for addressing major acquisition affordability issues, similar to the process the Transportation Security Administration has established.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that DHS headquarters would ensure all components are updating their cost estimates each year to inform the annual resource allocation process by March 31, 2017. However, DHS did not establish a requirement that components do so through formal, repeatable processes for addressing major acquisition affordability issues, similar to the process the Transportation Security Administration has established. As of August 2017, seven of DHS's components were in the process of establishing formal, repeatable processes for addressing affordability issues, but had not completed these efforts. GAO will continue to review the components' progress to determine whether the components' actions meet the intent of this recommendation.
    Director: Chris Currie
    Phone: (404) 679-1875

    5 open recommendations
    Recommendation: To enhance accountability for key risk-management activities and facilitate coordination with federal and industry stakeholders regarding electromagnetic risks, the Secretary of Homeland Security should designate roles and responsibilities within the department for addressing electromagnetic risks and communicate these to federal and industry partners.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a June 2016 update to our proposed recommendation, DHS reported that the Cyber, Infrastructure and Resilience (CIR) Policy Office within the DHS Office of Policy is working with DHS components to identify and articulate the roles of the National Protection and Programs Directorate, Federal Emergency Management Agency, Science and Technology Directorate, and others regarding to address electromagnetic risks. As part of this effort, CIR is to coordinate the development of a joint roles and responsibilities document to be communicated through existing partnership structures with internal and external entities.
    Recommendation: To more fully leverage critical infrastructure expertise and address responsibilities to identify critical electrical infrastructure assets as called for in the National Infrastructure Protection Plan, the Secretary of Homeland Security and the Secretary of Energy direct responsible officials to review FERC's electrical infrastructure analysis and collaborate to determine whether further assessment is needed to adequately identify critical electric infrastructure assets, potentially to include additional elements of criticality that might be considered.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a June 2016 update to our proposed recommendation, DHS reported that the National Protection and Programs Directorate (NPPD) will increase collaborative outreach activities with FERC staff that will include a review of identified critical substations developed by FERC. The intended outcome of this review is to inform DHS activities regarding identification and prioritization of critical infrastructure assets for use during steady state and response activities. NPPD is also to inform FERC of its criticality modeling capabilities through the National Infrastructure Simulation and Analysis Center (NISAC) to enhance engagement with FERC's electric power subject matter expertise and inform future capability developments regarding response to and recovery from events such as electromagnetic pulse.
    Recommendation: To more fully leverage critical infrastructure expertise and address responsibilities to identify critical electrical infrastructure assets as called for in the National Infrastructure Protection Plan, the Secretary of Homeland Security and the Secretary of Energy direct responsible officials to review FERC's electrical infrastructure analysis and collaborate to determine whether further assessment is needed to adequately identify critical electric infrastructure assets, potentially to include additional elements of criticality that might be considered.

    Agency: Department of Energy
    Status: Open

    Comments: In June 2016, DOE provided an update (60-day letter) reiterating their intent to continue with actions identified previously to address the GAO recommendation, namely that the Office of Electricity Delivery and Energy Reliability was to review the Federal Energy Regulatory Commission's electrical infrastructure analysis, and subsequently engage with FERC and DHS to identify if any additional elements of criticality should be considered.
    Recommendation: To enhance federal efforts to assess electromagnetic risks and help determine protection priorities, the Secretary of Homeland Security should direct the Under Secretary for National Protection and Programs Directorate and the Assistant Secretary for the IP to work with other federal and industry partners to collect and analyze key inputs on threat, vulnerability, and consequence related to electromagnetic risks--potentially to include collecting additional information from DOD sources and leveraging existing assessment programs such as the Infrastructure Survey Tool, Regional Resiliency Assessment Program, and DCIP.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a June 2016 update, DHS reported that the department had completed the planned refresh of the Strategic National Risk Assessment, which was intended to incorporate potential impacts to the power system from electromagnetic events. In addition, DHS reported that the Electricity Sub-sector Coordinating Council created an Electromagnetic pulse (EMP) task force, which met in April 2016 and is currently working to develop a joint industry and government approach to address EMP. It was further noted that DHS and DOE initiated a joint study on the effects of EMP on the electric power sector - led by Los Alamos National Laboratory and the National Infrastructure Simulation and Analysis Center (NISAC) - to analyze the hazard environments, impacts, and consequences of EMP and GMD on U.S. electric power infrastructure. In addition, DHS noted their support of a new effort by the Electric Power Research Institute and 39 industry partners to further study EMP vulnerabilities.
    Recommendation: To facilitate federal and industry efforts to coordinate risk-management activities to address an EMP attack, the Secretary of Homeland Security and the Secretary of Energy should direct responsible officials to engage with federal partners and industry stakeholders to identify and implement key EMP research and development priorities, including opportunities for further testing and evaluation of potential EMP protection and mitigation options.

    Agency: Department of Energy
    Status: Open

    Comments: On March 9, 2016 DOE provided agency comments on GAO-16-243 concurring with the recommendation and identifying related actions. Specifically, DOE reported collaboration with the Electric Power Research Institute to develop a joint DOE/Industry EMP Strategy to include key goals and objectives and identification of R&D priorities. The Strategy is expected to be completed by August 31, 2016 to be followed by more detailed action plans. DOE reported that they will collaborate with DHS and DOD in development of the Strategy and action plans. DOE further noted that a report by the Idaho National Laboratory report also identifies potential technology gaps and includes recommendations for further R&D efforts, which will be incorporated when developing the forthcoming action plans.
    Director: Marcia Crosse
    Phone: (202) 512-7114

    28 open recommendations
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Agriculture should revise existing department policies for managing hazardous biological agents in high-containment laboratories to contain specific requirements for reporting laboratory incidents to senior department officials, including the types of incidents that should be reported, to whom, and when, or direct the Administrator of the Food Safety and Inspection Service to develop agency policies that contain these requirements.

    Agency: Department of Agriculture
    Status: Open

    Comments: In October 2016 USDA reported that its science and safety councils chartered a joint biorisk management policy committee to oversee the revisions of existing policies to include department-wide incident reporting requirements and time frames. USDA also reported that FSIS will collaborate with the department to ensure that FSIS policies comply with USDA reporting requirements. USDA did not provide an anticipated completion date for revising departmental polices.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Agriculture should review and update outdated department policies for managing hazardous biological agents in high-containment laboratories and direct the Administrators of the Animal and Plant Health Inspection Service (APHIS) and Agricultural Research Service to update their policies and, in the case of APHIS, establish a regular review schedule.

    Agency: Department of Agriculture
    Status: Open

    Comments: In October 2016, USDA reported that the science and safety councils' joint biorisk management policy committee will review and update the existing outdated USDA policies. In addition, USDA reported that APHIS will review agency policies for biological laboratories every 3-5 years or sooner, if necessary, and that this schedule will be reflected in USDA policy. USDA did not provide an anticipated completion date for reviewing and updating departmental polices. USDA reported that ARS has finalized its policies for its institutional biological safety committee in April 2016. Once all USDA and component agency policies have been updated and review schedules established, we will close this recommendation.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Agriculture should routinely analyze results of the department's laboratory inspections and incident reports to identify potential trends that may highlight recurring laboratory safety or security issues and share lessons learned with laboratory personnel.

    Agency: Department of Agriculture
    Status: Open

    Comments: In October 2016, USDA reported that the joint biorisk management policy committee will oversee efforts to collect and analyze laboratory inspection and incident reports and share these reports and critical analyses with USDA senior leadership. USDA did not provide an anticipated start date for analyzing reports and sharing analyses with senior departmental officials. USDA stated that the joint biorisk committee also serves as an information-sharing platform across USDA agencies and, as such, is positioned to share lessons learned from analyses of inspection and incident reports with laboratory personnel as necessary. USDA also provided additional information on APHIS, ARS, and FSIS planned or ongoing inspection and incident report analyses.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Agriculture should require routine reporting of the results of department, agency, and select agent laboratory inspections to senior department officials.

    Agency: Department of Agriculture
    Status: Open

    Comments: In October 2016, USDA reported that the joint biorisk management policy committee will oversee efforts to revise existing departmental regulations to include requirements for routine reporting of inspection results to senior USDA officials. USDA did not provide an anticipated completion date for revising existing departmental regulations. USDA also provided additional information on APHIS, ARS, and FSIS planned or ongoing reporting of inspection results or revisions of agency policies to require such reporting.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Agriculture should require routine reporting of incidents at agency laboratories to senior department officials.

    Agency: Department of Agriculture
    Status: Open

    Comments: In October 2016, USDA reported that the joint biorisk management policy committee will oversee efforts to revise existing departmental regulations to include requirements for routine reporting of laboratory incidents to senior USDA officials. USDA did not provide an anticipated completion date for revising existing departmental regulations. USDA also provided additional information on APHIS, ARS, and FSIS planned or ongoing incident reporting or revisions of agency policies to require such reporting.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Defense should revise existing department policies for managing hazardous biological agents in high-containment laboratories to contain specific requirements for inventory control for all of DOD's high-containment laboratories, not just for its select agent-registered laboratories, or direct the Secretaries of the Air Force, Army, and Navy to revise their existing, respective policies to contain these requirements.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2016, DOD noted that its comments on the final report--in which it agreed with all of our findings and recommendations for the department--had not changed. However, DOD did not provide us with an update on its status in implementing these recommendations.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Defense should direct the Secretaries of the Air Force and Army to review and update their respective outdated policies for managing hazardous biological agents in high-containment laboratories.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2016, DOD noted that its comments on the final report--in which it agreed with all of our findings and recommendations for the department--had not changed. However, DOD did not provide us with an update on its status in implementing these recommendations.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Defense should routinely analyze agencies' inspection results and incident reports to identify potential trends that may highlight recurring laboratory safety or security issues and share lessons learned with laboratory personnel, or direct the Secretaries of the Army and Navy to do so.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2016, DOD noted that its comments on the final report--in which it agreed with all of our findings and recommendations for the department--had not changed. However, DOD did not provide us with an update on its status in implementing these recommendations.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Defense should require routine reporting of the results of Air Force, Army, and Navy inspections of non-select agent registered laboratories to senior department officials.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2016, DOD noted that its comments on the final report--in which it agreed with all of our findings and recommendations for the department--had not changed. However, DOD did not provide us with an update on its status in implementing these recommendations.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Defense should require routine reporting of laboratory incidents at Air Force, Army, and Navy non-select agent registered laboratories to senior department officials.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2016, DOD noted that its comments on the final report--in which it agreed with all of our findings and recommendations for the department--had not changed. However, DOD did not provide us with an update on its status in implementing these recommendations.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Defense should direct the Secretaries of the Army and Navy to require reporting of agency and select agent laboratory inspection results to senior agency officials.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2016, DOD noted that its comments on the final report--in which it agreed with all of our findings and recommendations for the department--had not changed. However, DOD did not provide us with an update on its status in implementing these recommendations.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Defense should develop time frames for the 19 specific recommendations from the July 2015 review, or direct the Secretary of the Army to do so.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2016, DOD noted that its comments on the final report--in which it agreed with all of our findings and recommendations for the department--had not changed. However, DOD did not provide us with an update on its status in implementing these recommendations.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Energy should revise existing department policies for managing hazardous biological agents in high-containment laboratories to contain specific requirements for inspections, or direct the Administrator of the National Nuclear Security Administration and the Director of the Office of Science to develop agency policies that contain this requirement.

    Agency: Department of Energy
    Status: Open

    Comments: In August 2016, DOE reported that it is revising department policy for its select agent and toxin work to highlight oversight of facilities working with these agents and toxins. DOE will solicit input from NNSA, the Office of Science, and its biosurety executive team to determine if specific inspection requirements should be included in the select agent, or other department or agency policies. DOE provided us with information as to other department policies and regulations that allow for inspections. DOE plans to complete its efforts by the end of July 2017. We maintain that DOE should make laboratory inspection requirements explicit and that these requirements apply to all high-containment laboratories, not just those registered with the select agent program.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Energy should review and update its outdated policies for managing hazardous biological agents in high-containment laboratories.

    Agency: Department of Energy
    Status: Open

    Comments: In August 2016, DOE reported that it is updating its outdated select agent policy and plans to complete this update by the end of July 2017.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Administrator of the Environmental Protection Agency (EPA) should revise existing EPA policies for managing hazardous biological agents in high-containment laboratories to contain specific requirements for inventory control, or direct the Director of the Office of Pesticide Programs to incorporate this requirement into its policy.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: EPA agreed with this recommendation in its February 2016 comments on the draft report, but maintains that agency, or senior-level policies, exist that include this requirement. EPA officials cited a Microbiology Laboratory Branch standard operating procedure (SOP) as containing inventory control requirements for the agency's one high-containment laboratory. However, in July 2016, EPA officials told us that it disagreed with our assessment that the SOP, as a laboratory-level document, was insufficient to meet our expectations for senior-level policies. In November 2016, EPA officials reiterated its position stating that the SOP had been approved by senior agency management and, as the requirements in it are universally applied by all laboratory staff, appropriately represents an agency-level policy. EPA further noted that the Office of Pesticide Policy, in which the Microbiology Laboratory Branch is located, is a sub-office within EPA's Office of Chemical Safety and Pollution Prevention (OCSPP), an Assistant Administrator-level office. We continue to believe that senior-level policies--in this case, either those policies issued at the EPA level or at the OCSPP/OPP level--that include all of the policy elements we analyzed reflect critical management commitment to and support for a culture of laboratory safety throughout the organization, regardless of the number of agency laboratories.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Administrator of EPA should review and update EPA's outdated policies for managing hazardous biological agents in high-containment laboratories and establish a regular schedule for reviewing and updating EPA and Office of Pesticide Programs policies.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In July 2016, EPA reported that the policies and procedures for both the facility that houses its microbiology laboratory and the laboratory itself are reviewed and updated on a bi-yearly or yearly basis consistent with the EPA schedules for biosafety and laboratory plans set in policy. However, EPA did not provide us with the policy that sets the EPA schedules. In addition, our analysis focused on policy documents issued by EPA or its senior-level offices, such as EPA's Safety, Health, and Environmental Management Program manual, dated November 2012. When we analyzed that policy for the report, we were unable to determine whether it was up-to-date because it did not include a review and update schedule or a specific recertification date. As of November, 2016, EPA maintains that this recommendation has been completed, because the office revised the standard operating procedure that provides guidance for establishing the receipt, expiration dates, and disposal of biological inventory used in the laboratory. As of April 2017, we have reached out to EPA for documentation of the actions the agency stated it has taken. Until received, we continue to believe that EPA action on this recommendation is still needed, such as by providing an updated EPA-level safety manual that includes a schedule for reviewing and updating, or providing EPA's schedule set in policy, so long as it also applies to agency- or senior office-level policies.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Administrator of EPA should require routine reporting of the results of department, agency, and select agent laboratory inspections to senior department officials.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: EPA agreed with this recommendation in its February 2016 comments on the draft report. ?In July 2016, EPA reported that its high-containment laboratory will notify senior officials within 3 weeks of any laboratory inspection findings. ?This is a positive step. We are waiting for EPA to provide us with supporting documentation.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Health and Human Services should develop department policies for managing hazardous biological agents in high-containment laboratories that contain specific requirements for reporting laboratory incidents to senior department officials, including the types of incidents that should be reported, to whom, and when, or direct the Director of CDC and the Commissioner of FDA to incorporate these requirements into their respective policies.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In August 2016, HHS reported that both CDC and FDA were working to incorporate incident reporting requirements and time frames into formal agency policies and practices but did not provide an anticipated completion date. In summer 2017, CDC and FDA reported that they were continuing to incorporate incident reporting, which includes all laboratory incidents, accidents, injuries, infections, and near-misses, into formal agency policies. CDC did not provide an anticipated completion date. FDA anticipated completing the policy revisions/updates by summer 2018.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Health and Human Services should develop department policies for managing hazardous biological agents in high-containment laboratories that contain specific requirements for training and inspections for all high-containment component agency laboratories and not just for their select-agent-registered laboratories; or direct the Director of CDC to provide these requirements in agency policies.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In August 2016, HHS reported that CDC plans to revise its policies to include training and inspection requirements for inspections for all high-containment laboratories but did not provide an anticipated completion date. In June 2017, HHS reported that CDC was in the process of revising its formal policies to ensure they included requirements for training and inspections for all of the agency's high-containment laboratories but did not provide an anticipated completion date.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Health and Human Services should require routine reporting of the results of agency and select agent laboratory inspections to senior department officials.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In August 2016, HHS reported that CDC was working with FDA and NIH to establish a process for notifying HHS leadership of inspection results through the department's Biosafety and Biosecurity Coordinating Council. HHS did not provide us with an anticipated time frame for implementing this notification practice or when the agencies plan to begin notifying HHS of inspection results.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Health and Human Services should direct the Director of NIH and the Commissioner of FDA to require routine reporting of the results of agency laboratory inspections--and in the case of FDA, require routine reporting of select agent inspection results--to senior agency officials.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In August 2016, HHS reported that FDA is working to establish a process for notifying senior agency officials of inspection results, and in August 2017, FDA reported that it was in the process of updating its policies to reflect such a notification process. FDA anticipated that the updated policies and processes would be in place by summer 2018. In August 2016, HHS reported that NIH's ongoing practice is to report the results of external inspections to senior agency officials and, in May 2016, developed a standard operating procedure that outlines this reporting process. In March 2017, NIH officials provided assurance that its Division of Occupational Safety and Health provides NIH's intramural governing body with information about NIH's safety performance at least annually; officials further assured that this information includes the overall results of annual inspections (or audits, as NIH calls them) of all NIH laboratories and discussion of the top 10 most report safety infractions for the year. GAO considers NIH to have implemented the recommended action. GAO will close the overall recommendation once FDA has taken equivalent, appropriate action.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Health and Human Services should require routine reporting of incidents at CDC, FDA, and NIH laboratories to senior department officials.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In August 2016, HHS reported that its Biosafety and Biosecurity Council is working to establish incident reporting requirements for CDC, FDA, and NIH but did not provide an anticipated completion date. HHS noted that NIH formally adopted a standard operating procedure that lays out the agency's requirements for reporting incidents to senior officials.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of the Interior should develop department policies, or direct the Directors of Fish and Wildlife Service and U.S. Geological Survey to develop agency policies for managing hazardous biological agents in high-containment laboratories that contain specific requirements for reporting laboratory incidents to senior department officials--including the types of incidents that should be reported, to whom, and when--and specific requirements for roles and responsibilities, training, inventory control, and inspections.

    Agency: Department of the Interior
    Status: Open

    Comments: In July 2016, DOI reported that the Fish and Wildlife Service and U.S. Geological Survey will develop agency-level policies that contain the key elements GAO identified. DOI did not provide us with a time frame for these activities.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of the Interior should routinely analyze the results of the agency's laboratory inspections and incident reports to identify potential trends that may highlight recurring laboratory safety or security issues and share lessons learned with laboratory personnel, or direct the Directors of Fish and Wildlife Service and U.S. Geological Survey to do so.

    Agency: Department of the Interior
    Status: Open

    Comments: In July 2016, DOI reported that its Biosafety Working Group, composed of officials across the department, including Fish and Wildlife Service and U. S. Geological Survey, is developing an automated process for analyzing results of laboratory inspections and incident reports to identify safety and security trends. The working group is also developing a process to share information gleaned from these analyses, including lessons learned, with laboratory personnel in a timely manner. DOI did not provide us with a time frame for these activities.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of the Interior should require routine reporting of the results of agency and select agent inspections to senior department officials.

    Agency: Department of the Interior
    Status: Open

    Comments: In July 2016, DOI reported that in according with the reporting requirements it plans to incorporate into agency-level policies in response to our first recommendation, Fish and Wildlife Service and U. S. Geological survey will be required to submit routine or periodic reports of the results of agency and select agent inspections to the department's designated agency safety and health official.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of the Interior should direct the Director of the U.S. Geological Survey to require routine reporting of the results of agency and select agent laboratory inspections to senior agency officials.

    Agency: Department of the Interior
    Status: Open

    Comments: In July 2016, DOI reported that the U. S. Geological Survey will modify and expand its existing policies to require reporting of agency and select agent inspection results to senior USGS officials.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Veterans Affairs should develop department policies for managing hazardous biological agents in high-containment laboratories that contain specific requirements for reporting laboratory incidents to senior department officials--including the types of incidents that should be reported, to whom, and when--and requirements for inventory control for all of its high-containment laboratories, including its select agent-registered clinical laboratory, or direct the Under Secretary of Health to incorporate these requirements into its policies.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In June 2016, VA reported that while it has policies for reporting laboratory incidents at the local level (VA medical center or laboratory level), VA plans to develop a national level policy for reporting laboratory incidents to senior department officials, including the types of incidents to report, to whom, and when. VA will convene a task force for the purposes of developing such a policy and anticipates that the task force will finalize its policy by March 2018. In June 2017, VA reported that the task force concluded that VA's existing emergency management plan contained all of the necessary requirements for laboratory incident reporting. However, VA has not provided GAO with the emergency management plan. VA further noted that a intradepartmental memorandum was sufficient for making employees aware of such policy requirements in the emergency plan and that such a memorandum was drafted and was being processed for dissemination throughout VA, with an anticipated completion date of August 2017.
    Recommendation: To ensure that federal departments and agencies have comprehensive and up-to-date policies and stronger oversight mechanisms in place for managing hazardous biological agents in high-containment laboratories and are fully addressing weaknesses identified after laboratory safety lapses, the Secretary of Veterans Affairs should direct the Under Secretary of Health to review and update outdated agency policies for managing hazardous biological agents in high-containment laboratories.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA updated and finalized its outdated policy for its clinical laboratories in February 2016. In July 2016, VA reported that it has begun updating its policies for its research laboratories and anticipated finalizing them in 6 months. In June 2017, VA reported that its policies for its research laboratories remain under review and revision, with an anticipated completion date of December 2017.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To further build on the efforts to improve emergency communications interoperability in the NCR, as part of its efforts to restructure the JFC, the Federal Emergency Management Agency Administrator should direct the Director of ONCRC to clearly articulate in a written agreement the roles and responsibilities of the participating agencies and specify how these agencies are to work together across agency boundaries.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jacqueline M. Nowicki
    Phone: (202) 512-7215

    1 open recommendations
    including 1 priority recommendation
    Recommendation: Using its general authority to collaborate with other federal agencies, the Secretary of Education should convene its federal interagency partners to develop a strategic approach to interagency collaboration on school emergency preparedness. This group could include designees or delegates from the Secretaries of DHS, HHS, and the Attorney General, including representatives from relevant agency components, such as the Federal Emergency Management Agency, Transportation Security Administration, and the Federal Bureau of Investigation, and others as appropriate, and should incorporate leading federal interagency collaboration practices, for example, by: (1) identifying leadership, (2) defining outcomes and assigning accountability, (3) including all relevant participants, and (4) identifying necessary resources.

    Agency: Department of Education
    Status: Open
    Priority recommendation

    Comments: The Department of Education agrees that improved federal coordination will better assist K-12 schools in preparing for emergencies, and noted that other federal agencies, including especially FEMA, play a significant role in school emergency preparedness. Additionally, Education cited the importance of involving other relevant agencies in obtaining agreement on the assignment of roles and responsibilities, including selecting a lead agency charged with primary responsibility for coordinating federal emergency preparedness assistance to K-12 schools. In August 2016, Education convened a committee of Assistant Secretary-level representatives from relevant agencies, including DHS, FEMA, and TSA, among others, to develop a strategic approach to interagency collaboration on school emergency management efforts. Subsequently, in October 2016, it convened a task force consisting of program staff from the relevant agencies to draft a plan for organizational structure, goals, and objectives for the next five years, which it expects will be approved for implementation beginning in January 2017. We are encouraged by these actions and will monitor the group's progress towards developing a strategic approach to school emergency preparedness. Education stated that it expects to complete these efforts very soon. At that time, we will await documentation showing that it has finalized and implemented its strategic approach for interagency collaboration around school emergency management.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To enhance Department of Homeland Security's (DHS) U.S. Immigration and Customs Enforcement's (ICE) ability to make more effective business decisions across immigration detention facilities with respect to the provision of medical care, the Secretary of Homeland Security should direct ICE to track inspection results and conduct analyses of oversight data over time, by standards, and by facility type.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, ICE has not provided a status update regarding the implementation of this recommendation. We will provide updated information after confirming any agency actions.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    11 open recommendations
    Recommendation: To ensure that the HRIT investment receives necessary oversight and attention, the Secretary of Homeland Security should direct the Under Secretary of Management to ensure that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT, including approving key program management documents, such as HRIT's operational plan, schedule, and planned cost estimate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS provided documentation demonstrating that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT in response to our recommendation. DHS also provided documentation demonstrating that the Executive Steering Committee approved HRIT's operational plan for fiscal years 2016-2018. However, DHS still needs to demonstrate that the HRIT ESC has approved the schedule and cost estimate for HRIT.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to update and maintain a schedule estimate for when DHS plans to implement each of the strategic improvement opportunities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to HRIT officials, in response to our recommendation, DHS has developed an implementation plan, including a schedule estimate, for addressing HRIT's strategic improvement opportunities. We will continue to follow-up with them for documentation of this implementation plan.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to develop a complete life-cycle cost estimate for the implementation of HRIT.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS prepared an independent cost estimate for the HRIT investment. When developing this estimate, the cost estimators made many assumptions about HRIT's strategic improvement opportunities that had not yet been defined, such as the scope and the preliminary acquisition strategies for each. We will continue to follow-up with DHS for supporting documentation for this estimate in order to better understand it.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to document and track all costs, including components' costs, associated with HRIT.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with the recommendation and is working to implement it. While DHS provided certain cost tracking information for HRIT, this information was incomplete and did not demonstrate ongoing tracking of all costs. We will continue to follow-up with DHS to obtain additional documentation.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to update and maintain the department's human resources system inventory.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS provided its updated human resources systems inventory that it developed in response to our recommendation. According to officials, the list is reviewed and updated on an annual basis or as-needed when a system is deployed or retired. We will continue to monitor this recommendation to ensure that DHS is maintaining this inventory.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to establish a time frame for deciding whether PALMS will be fully deployed at the Federal Emergency Management Agency (FEMA) and the U.S. Coast Guard (USCG), and determine an alternative approach if the learning and/or performance management capabilities of PALMS are deemed not feasible for the U.S. Immigration and Customs Enforcement, FEMA, the Transportation Security Administration, or USCG.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials stated that PALMS will not be fully deployed at FEMA, USCG, ICE, or TSA. The officials stated that future Human Resources Information Technology (HRIT) programs will include enhancing learning management and performance management capabilities. Officials stated that the details related to these efforts are to be discussed in the HRIT strategic improvement opportunity implementation plan. We will continue to follow-up with DHS for documentation of this plan.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to develop a comprehensive life-cycle cost estimate, including all government and contractor costs, for the PALMS program.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials stated that the PALMS program will move into an operations and maintenance phase once the PALMS learning management capabilities are deployed to U.S. Secret Service. As such, DHS does not plan to develop an updated life-cycle cost estimate (LCCE) for PALMS. We will continue to follow-up with DHS for documentation of PALMS's actual costs, including government costs.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to develop and maintain a single comprehensive schedule that includes all government and contractor activities, and includes all planned deployment milestones related to performance management.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, the PALMS program office updated its integrated master schedule. However, this schedule has not been appropriately maintained. We will continue to follow-up with DHS officials on this recommendation.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to track and monitor all costs associated with the PALMS program.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with the recommendation and is working to implement it. DHS provided certain cost tracking information for PALMS, but this information did not include government costs or certain past PALMS costs, such as 2017 costs for the Federal Law Enforcement Training Centers' ongoing use of PALMS. We will continue to follow-up with DHS officials on this recommendation.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to document PALMS's progress and milestone reviews, including all issues and corrective actions discussed.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS is documenting certain PALMS progress reviews. We have requested documentation related to U.S. Secret Service's deployment of PALMS, to determine whether the Service conducted and documented a milestone review prior to deploying the system.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to establish a comprehensive risk log that maintains an aggregation of all up-to-date risks (including both government- and vendor-identified)and associated mitigation plans. Additionally, within the comprehensive risk log, the PALMS program office should (1) identify and document planned completion dates for each risk mitigation step (where appropriate), and (2) prioritize the risks by determining each risk's relative priority and overall risk level.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS updated its PALMS risk register. However, this register was not comprehensive. We will continue to follow-up with DHS officials on this recommendation.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    12 open recommendations
    Recommendation: To enhance and to promote more consistent oversight of efforts within the department to address the incidence of hazing, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to regularly monitor the implementation of DOD's hazing policy by the military services.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance and to promote more consistent oversight of efforts within the department to address the incidence of hazing, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to require that the Secretaries of the military departments regularly monitor implementation of the hazing policies within each military service.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the ability of servicemembers to implement DOD and service hazing policies, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to establish a requirement for the Secretaries of the military departments to provide additional clarification to servicemembers to better inform them as to how to determine what is or is not hazing. This could take the form of revised training or additional communications to provide further guidance on hazing policies.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the military services' collection of data on reported hazing incidents and the methods used to track them, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in coordination with the Secretaries of the military departments, to issue DOD-level guidance on the prevention of hazing that specifies data collection and tracking requirements, including the scope of data to be collected and maintained by the military services on reported incidents of hazing.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the military services' collection of data on reported hazing incidents and the methods used to track them, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in coordination with the Secretaries of the military departments, to issue DOD-level guidance on the prevention of hazing that specifies data collection and tracking requirements, including a standard list of data elements that each service should collect on reported hazing incidents.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the military services' collection of data on reported hazing incidents and the methods used to track them, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in coordination with the Secretaries of the military departments, to issue DOD-level guidance on the prevention of hazing that specifies data collection and tracking requirements, including definitions of the data elements to be collected to help ensure that incidents are tracked consistently within and across the services.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater visibility over the extent of hazing in DOD to better inform DOD and military service actions to address hazing, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in collaboration with the Secretaries of the Military Departments, to evaluate prevalence of hazing in the military services.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance and to promote more consistent oversight of the Coast Guard's efforts to address the incidence of hazing, the Commandant of the Coast Guard should regularly monitor hazing policy implementation.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including the scope of the data to be collected and maintained on reported incidents of hazing.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including a standard list of data elements to be collected on reported hazing incidents.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including definitions of the data elements to be collected to help ensure that incidents are tracked consistently within the Coast Guard.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater visibility over the extent of hazing in the Coast Guard to better inform actions to address hazing, the Commandant of the Coast Guard should evaluate the prevalence of hazing in the Coast Guard.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To enable FEMA to and more effectively respond to disasters, the Secretary of Homeland Security should direct the FEMA Administrator to develop a workforce strategy to manage and improve retention that includes a process for systematically gathering attrition data and a plan to retain IMAT Cadre-of On-Call Response Employees.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, FEMA provided an update on the status of actions taken in response to our report. In the update, FEMA officials said they had issued a new FEMA Human Capital Strategic Plan for fiscal years 2016-2020 that includes an objective to build a scalable and skilled workforce with associated measures including a decrease in attrition rate for permanent full time employees, and an increase in disaster workforce through improvements in the recruitment and retention of incident management employees. FEMA also stated that pay issues and work-life balance have been identified as contributing to retention on National Type I and Regional Type II IMATs. FEMA is actively addressing the pay issues. FEMA provided a brief summary of the actions being taken--which includes development of a policy that provides information on establishing base pay under the new pay system, movement within the pay bands, and merit-based increases is in development. Until completion of the action items, this recommendation will remain open. FEMA officials plan to provide a status update in October 2017.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    2 open recommendations
    Recommendation: To promote more effective grant management coordination, the Secretary of Homeland Security should direct the FEMA Administrator to develop a plan with time frames, goals, metrics and milestones detailing how Grant Programs Directorate intends to resolve longstanding challenges associated with its existing hybrid grants management model, which divides responsibilities between regional and headquarters staff.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of March 2017, FEMA did not believe a plan was warranted to address long-standing coordination issues associated with its existing hybrid grants management model, as recommended in GAO's February 2016 report. According to the Department of Homeland Security, FEMA believes strongly in the importance of close and collaborative relationships between headquarters and regional grants staff. Further, FEMA stated the Grant Programs Directorate at headquarters already has in place numerous steps to ensure coordination and collaboration with regional grants staff. However, these steps by FEMA were already in place when GAO conducted its review in 2015 and early 2016, yet GAO identified continuing challenges related to coordination between headquarters and regions in conducting monitoring visits and providing consistent guidance to state grantees. As a result, GAO continues to believe that without a plan with time frames, goals, metrics, and milestones detailing how officials intend to resolve long-standing challenges associated with FEMA's existing hybrid grants management model, these challenges will continue to hamper the effectiveness of interactions between FEMA and state and local stakeholders in implementing the grant programs.
    Recommendation: To enable more sophisticated and comprehensive awareness of states' NIMS implementation, the Secretary of Homeland Security should direct the FEMA Administrator to develop policies and procedures for regional staff to review after-action reports from preparedness exercises within their region, and headquarters staff to review these evaluations in order to have a better understanding of NIMS implementation.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In March 2017, FEMA officials provided an update on the status of actions taken in response to our report. In the update, FEMA officials said the National Integration Center (NIC) is holding consultative sessions with state and local emergency managers to ensure the revised National Incident Management System (NIMS) doctrine and implementation objectives is operationally sound from the perspective of FEMA's stakeholders. They expect to complete this effort by September 30, 2017. Pending completion of this effort, the recommendation will remain open.
    Director: Brian J. Lepore
    Phone: (202) 512-4523

    1 open recommendations
    Recommendation: Recognizing that DOD has recently revised its disposition guidance, the Secretary of Defense should direct the Director, DLA, to further reassess DOD's disposal process to determine whether additional changes are needed in the priority given to recipients within the process, including potential changes to the categories and quantities of property that special programs may obtain, and revise its guidance reflecting those priorities accordingly to better enable DOD to fulfill the disposal program's objectives.

    Agency: Department of Defense
    Status: Open

    Comments: In September 2017, DOD officials stated that the department has been coordinating with the National Association of State Agencies for Surplus Property (NASASP) to identify classes of non-controlled property that state and local law enforcement agencies would no longer be able to obtain during the reutilization (first) stage of the disposal process. The Defense Logistics Agency is reviewing NASASP's proposed list of property items, and DOD officials said that the department planned to issue a policy memorandum that would specify which items would be removed from those that law enforcement agencies could obtain during the reutilization stage. Because DOD has not yet completed its review or issued updated guidance, this recommendation remains open.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    9 open recommendations
    Recommendation: The Secretary of Homeland Security should direct Network Security Deployment (NSD) to determine the feasibility of enhancing NCPS's current intrusion detection approach to include functionality that would detect deviations from normal network behavior baselines.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 Update: In Feb. 2017, DHS officials stated that they have continued pilot activities that will enable DHS to identify suspicious network activity based on anomalous behavior and reputation and have collected lessons learned that are being tracked by the NCPS Program Management Office. Officials added that DHS had identified a contractor to support the transition of the pilot, including drafting an implementation plan; however, it had yet to award a contract due to lack of resources. As such, the agency did not have an estimated date on the completion of a draft plan for how the transition would be implemented. We requested that DHS provide a copy of the draft implementation plan for our review, when it became available. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct NSD to determine the feasibility of developing enhancements to current intrusion detection capabilities to facilitate the scanning of traffic not currently scanned by NCPS.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the NCPS Program Management Office is working with participating Internet Service Providers (ISP) to develop plans to support IPv6 for Traffic Aggregation, DNS redirection, and SMTP quarantining capabilities. Officials stated that an implementation plan that would include all ISP schedules for all planned intrusion prevention services would be available in the third quarter of fiscal year 2017. Additionally, regarding encrypted traffic, officials stated that it is conducting an analysis of Security on Encrypted Traffic (SonET) to better understand options for addressing the challenges, viability of options, and how the issue is being addressed at a broader industry level. The study is scheduled to continue through the fourth quarter of fiscal year 2017. We asked DHS to provide the ISP implementation plans (when finalized) and any findings from the ongoing SCADA and Encrypted traffic studies. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct United States Computer Emergency Readiness Team (US-CERT) to update the tool it uses to manage and deploy intrusion detection signatures to include the ability to more clearly link signatures to publicly available, open-source data repositories.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS stated that the NCPS PMO is working with participating Internet Service Providers (ISP) to develop plans to support IPv6 for Traffic Aggregation, DNS redirection, and SMTP quarantining capabilities. Officials stated that an implementation plan that would include all ISP schedules for all planned intrusion prevention services would be available in the third quarter of fiscal year 17. Additionally, officials stated that NSD is conducting an analysis on Security on Encrypted Traffic (SonET) to better understand options for addressing the challenges, viability of options, how the issue is being addressed at a broader industry level. The study will continue through the fourth quarter of fiscal year 2017. We asked DHS to provide the ISP implementation plans (when finalized) and any output/results (findings) from the ongoing studies DHS has related to SCADA and Encrypted traffic. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to consider the viability of using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, as an input into the development and management of intrusion detection signatures.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that enhancements were made so that Continuous Diagnostics and Mitigation program (CDM) data can be viewed with the Cyber Indicators Analysis Program (CIAP). Officials stated that the CDM data now may be combined with known vulnerability findings from NCATS and known threats collected from the CIAP system to further prioritize signature development as necessary. We have requested a meeting with DHS to observe the described enhancements. We believe that we will be able to close this recommendation, once we observe the claimed enhancements.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to develop a timetable for finalizing the incident notification process, to ensure that customer agencies are being sent notifications of potential incidents, which clearly solicit feedback on the usefulness and timeliness of the notification.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 Update: In Feb. 2017, DHS stated that US-CERT is in the process of developing a targeted survey of EINSTEIN customers (based off of a prior survey). Additionally, US-CERT has updated the Incident Reporting Guidelines to address previously mentioned process concerns. We have requested a copy of these guidelines and will review the modifications made within. Additionally, DHS stated that modifications to the Remedy ticketing system are underway that would allow for the inclusion of user feedback. These changes are anticipated to be implemented by October 2017. We likely would not be able to close this recommendation until we could review the results of the modifications.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop metrics that clearly measure the effectiveness of NCPS's efforts, including the quality, efficiency, and accuracy of supporting actions related to detecting and preventing intrusions, providing analytic services, and sharing cyber-related information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the Office of Cyber Security and Communications (CS&C) had developed, refined, and were baselining a first set of measures that relate to the Einstein 3A program. Further, they are considering adding one of these measures as an addition to the measures tracked in support of the yearly Government Performance and Results Act (GPRA) required reporting in FY 2018. Additionally, DHS officials stated they are developing information sharing related measures, including exploring how its public and private sector recipients of information measure the value cyber threat indicators and defensive measures. In March 2017, we requested a copy of the developed measures, when they became available. This recommendation will remain open until we are able to review the developed metrics and the subsequent data they are to measure.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop clearly defined requirements for detecting threats on agency internal networks and at cloud service providers to help better ensure effective support of information security activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS provided memos that gave an overview of the planned enhancements to the Continuous Diagnostics and Mitigation (CDM) program that included references to cloud providers. However, DHS did not provide any specific requirements for us to review. We have requested a follow-up meeting to review the specific requirements developed in support of the planned enhancements described in the provided memos. We will not be able to close this recommendation until we can review the developed requirements and determine that cloud providers are appropriately covered.
    Recommendation: The Secretary of Homeland Security should direct NSD to develop processes and procedures for using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, to help ensure DHS is using a risk-based approach for the selection/development of future NCPS intrusion prevention capabilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS stated that the NCPS Program Management Office has made enhancements to the Continuous Diagnostics and Mitigation (CDM) dashboard, but had yet to fully develop the CDM/NCPS data correlation. In March 2017, we asked for update on the status of data correlation, once available. In order to close this recommendation, we would need to review this model and determine how, if at all, the vulnerability information was used as part of a risk-based approach to intrusion prevention.
    Recommendation: The Secretary of Homeland Security should direct NSD to work with their customer agencies and the Internet service providers to document secure routing requirements in order to better ensure the complete, safe, and effective routing of information to NCPS sensors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the agency worked with the Office of Management and Budget to develop a draft Trusted Internet Connections Reference Architecture. This architecture is to serve as the new guidance for agencies on perimeter security capabilities as well as alternative routing strategies. In March 2017, we requested a copy of the guidance to review the alternative routing guidance. This recommendation will remain open until we have been able to review the information above.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To address different interpretations of cutter boat requirements, the Commandant of the Coast Guard should direct the NSC program office to clarify the NSC's key performance parameters for the cutter boat operations (specifically the launch and recovery of cutter boats).

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard is in the process of updating the operator's handbook for the Long Range Interceptor II cutter boat to clarify that it is capable of operating through sea state 5, which will meet the National Security Cutter's key performance parameter related to cutter boat operations. According to Coast Guard officials, the updated operator's handbook should be signed and approved between August and November 2017.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help ensure that actions taken to improve the test and evaluation process address identified challenges, the Administrator of TSA should finalize all aspects of the third party testing strategy before implementing further third party testing requirements for vendors to enter testing.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In its response to this recommendation, the Department of Homeland Security concurred and identified initial planned actions to implement the finalize third party strategy. Subsequently, in the Spring of 2016, the TSA Office of Security Capabilities finalized its third party tester application and approval process; established quality conformance standards for potential third party testers; and gathered and considered industry feedback on potential third party test strategy consequences among other actions. Collectively, TSA established and published program requirements and procedures for the third party test strategy. In late 2016, TSA formally delayed its planned implementation of the third-party testing program by a calendar year to now be completed by December 31, 2017. TSA cited a need to conduct additional assessments, coordination challenges, and larger TSA security equipment related initiatives as the reasons for the delay. As part of its regular recommendation status reporting to GAO, TSA in the Spring 2017, noted that it is on track to meet the intent of the recommendation by the later revised date. TSA noted it had recently updated its qualification process by which qualified product lists will be populated and has already incorporated various aspects of third party testing for legacy security equipment qualification.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To strengthen FCC's data collection efforts, the Chairman of FCC should develop a strategy to gather additional information on the IP transition to assess the transition's potential effects on public safety and consumers.

    Agency: Federal Communications Commission
    Status: Open

    Comments: FCC stated it will continue to use its existing strategy to obtain data necessary to ensure that core values remain intact through the tech transitions with present resource commitment levels. FCC plans to dedicate resources toward upgrading FCC systems and software to better use "big-data" capabilities.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    8 open recommendations
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on a joint strategy and finalizing it in order to define and articulate a common understanding of expected outcomes and align the two agencies' activities and core processes to achieve their related missions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for completing a joint strategy for federal security once its memorandum of agreement with the General Services Administration is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on a joint strategy and finalizing it in order to define and articulate a common understanding of expected outcomes and align the two agencies' activities and core processes to achieve their related missions.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported that until FPS works with GSA specifically on the joint strategy, no final document will be released.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on the two agencies' respective roles and responsibilities for federal facility security, and update and finalize the two agencies' MOA accordingly.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it is working internally to prepare the memorandum of agreement for review and signature by the FPS Director, pending no additional changes are required to the document.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on the two agencies' respective roles and responsibilities for federal facility security, and update and finalize the two agencies' MOA accordingly.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported sending a final MOA draft to FPS in December 2015 and stated that it hopes to have a signed MOA by both agencies when leadership is in place.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop a process to ensure that compatible policies and procedures, including those for information sharing, are communicated at the regional level so that regional officials at both agencies have common information on how to operationalize the two agencies' collaborative efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for the issuance of a joint field guidance for working with the General Services Administration (GSA) once its memorandum of agreement with GSA is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop a process to ensure that compatible policies and procedures, including those for information sharing, are communicated at the regional level so that regional officials at both agencies have common information on how to operationalize the two agencies' collaborative efforts.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported developing and releasing "GSA Order 1000.1 Document Security for Handling Facility Security Assessments" to ensure that when GSA receives a Facility Security Assessment from FPS, it will be handled in a consistent, appropriate manner.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop mechanisms to monitor, evaluate, and report on their collaborative efforts to protect federal facilities in order to identify possible areas for improvement and to reinforce accountability.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for the appointment of an FPS-GSA Liaison once its memorandum of agreement with GSA is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop mechanisms to monitor, evaluate, and report on their collaborative efforts to protect federal facilities in order to identify possible areas for improvement and to reinforce accountability.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported that the updated MOA will cover this recommendation once signed.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    7 open recommendations
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretary of Homeland Security should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear sectors' cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has released updated sector-specific plans for the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear reactors sectors. The plans include a section on measuring effectiveness based on the plan development guidance. The plans provide expected metrics to track the progress of sector activities and state that the outcomes will be reported through the National Annual Reporting process as well as through the quadrennial plan update. Because the metrics are new and annual reporting has not yet occurred, DHS has not provided evidence of metrics data collected and reported to address the challenges. We will continue to follow-up to determine how performance measures have been implemented and what reporting is available based on those measures.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretary of the Treasury should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the financial services sector's cybersecurity progress.

    Agency: Department of the Treasury
    Status: Open

    Comments: The 2015 sector-specific plan for the financial services sector includes a section on measuring the effectiveness of sector activities; however, the plan does not include specific metrics. The plan refers to working groups and meetings of sector stakeholders as mechanisms to track sector progress. No specific metrics and associated reports of outcomes have been provided to address overcoming the challenges of monitoring the sector's cybersecurity progress. We will continue to monitor financial services sector activities and determine any specific metrics and related reports developed and implemented to track and report on the sector's cybersecurity progress.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Agriculture and Health and Human Services (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the food and agriculture sector's cybersecurity progress.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Departments of Agriculture and Health and Human Services released an update to the food and agriculture sector-specific plan for 2015. The plan states the sector's lack of an overarching mechanism to measure and evaluate risk mitigation activities and the challenge of obtaining performance measurement data from non-federal partners. However, the plan notes a goal of evaluating the progress of individual protective programs and strategies. No metrics or reports of outcomes have been provided to address the challenge of monitoring the sector's cybersecurity progress. We will continue to follow up to determine whether USDA and HHS have developed and implemented mechanisms to measure the outcomes of their sector cybersecurity-related activities.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Agriculture and Health and Human Services (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the food and agriculture sector's cybersecurity progress.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Departments of Agriculture and Health and Human Services released an update to the food and agriculture sector-specific plan for 2015. The plan states the sector's lack of an overarching mechanism to measure and evaluate risk mitigation activities and the challenge of obtaining performance measurement data from non-federal partners. However, the plan notes a goal of evaluating the progress of individual protective programs and strategies. No metrics or reports of outcomes have been provided to address the challenge of monitoring the sector's cybersecurity progress. We will continue to follow up to determine whether HHS has developed and implemented mechanisms to measure the outcomes of its sector cybersecurity-related activities.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Homeland Security and Transportation (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the transportation systems sector's cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The co-Sector-Specific Agencies (SSAs) for the Transportation Systems Sector, DHS (TSA and Coast Guard) and the Department of Transportation, provided an update on efforts to develop sector cybersecurity metrics. The update described measures under consideration such as tracking the number of sector stakeholders receiving cybersecurity products, monitoring the usefulness of products through satisfaction surveys, and tracking attendance at sector events and seminars encompassing cybersecurity. The co-SSAs plan to report sector cyber activities, progress, and relevant metrics annually through the Critical Infrastructure National Annual Report and through quadrennial updates to the sector-specific plan. The latest sector-specific plan was released in 2015. The proposed metrics have not been formalized in a strategy or plan. We will continue to monitor and evaluate efforts to formalize and implement the proposed metrics to determine whether they address the intent of the recommendation.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Homeland Security and Transportation (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the transportation systems sector's cybersecurity progress.

    Agency: Department of Transportation
    Status: Open

    Comments: The co-Sector-Specific Agencies (SSAs) for the Transportation Systems Sector, DHS (TSA and Coast Guard) and the Department of Transportation, provided an update on efforts to develop sector cybersecurity metrics. The update described measures under consideration such as tracking the number of sector stakeholders receiving cybersecurity products, monitoring the usefulness of products through satisfaction surveys, and tracking attendance at sector events and seminars encompassing cybersecurity. The co-SSAs plan to report sector cyber activities, progress, and relevant metrics annually through the Critical Infrastructure National Annual Report and through quadrennial updates to the sector-specific plan. The latest sector-specific plan was released in 2015. The proposed metrics have not been formalized in a strategy or plan. We will continue to monitor and evaluate efforts to formalize and implement the proposed metrics to determine whether they address the intent of the recommendation.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Administrator of the Environmental Protection Agency should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the water and wastewater systems sector's cybersecurity progress.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The 2015 water and wastewater sector-specific plan includes a segment on measuring the effectiveness of sector activities that describes the overall principles for collecting data and using the National Annual Report data calls as a tool for assessing performance and reporting on progress within the sector. However, the plan does not state specific measures and the agency acknowledged in its response to our report that it does not collect performance metrics on the effectiveness of its cybersecurity programs for the sector. According to agency officials, the development of performance metrics in collaboration with sector partners is underway. We will continue to follow up to identify any specific metrics developed and implemented and resulting outcome-based reports.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    2 open recommendations
    Recommendation: To provide greater assurance that the Interagency Rotation Program for national security personnel will be implemented as provided in section 1107 of the National Defense Authorization Act for Fiscal Year 2013, the Director of the Office of Personnel Management, in collaboration with the Committee on National Security Personnel, should establish a clear leadership and oversight structure to guide future implementation efforts.

    Agency: Office of Personnel Management
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide greater assurance that the Interagency Rotation Program for national security personnel will be implemented as provided in section 1107 of the National Defense Authorization Act for Fiscal Year 2013, the Director of the Office of Personnel Management, in collaboration with the Committee on National Security Personnel, should work with the departments and agencies to identify and take action on necessary next steps to proceed with the program's implementation, including developing and issuing required guidance for implementation within identified timeframes.

    Agency: Office of Personnel Management
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Timothy M. Persons
    Phone: (202) 512-6412

    2 open recommendations
    Recommendation: To help ensure that biosurveillance-related funding is directed to programs that can demonstrate their intended capabilities, and to help ensure sufficient information is known about the current Gen-2 system to make informed cost-benefit decisions about possible upgrades and enhancements to the system, the Secretary of Homeland Security should direct the Assistant Secretary for Health Affairs and other relevant officials within the Department to not pursue upgrades or enhancements to the current BioWatch system until the Office of Health Affairs (OHA): (1) establishes technical performance requirements, including limits of detection, necessary for a biodetection system to meet a clearly defined operational objective for the BioWatch program by detecting attacks of defined types and sizes with specified probabilities; (2) assesses the Gen-2 system against these performance requirements to reliably establish its capabilities; and (3) produces a full accounting of statistical and other uncertainties and limitations in what is known about the system's capability to meet its operational objectives.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help reduce the risk of acquiring immature detection technologies, the Secretary of Homeland Security should direct the Assistant Secretary for Health Affairs, in coordination with the Under Secretary for Science and Technology, to use the best practices outlined in this report to inform test and evaluation actions for any future upgrades or changes to technology for BioWatch.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Timothy J. DiNapoli
    Phone: (202) 512-4841

    13 open recommendations
    including 6 priority recommendations
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to conduct a comprehensive analysis of Army IT services spending to determine the extent to which requirements can be addressed by Computer Hardware, Enterprise Software and Solutions (CHESS) or other strategic sourcing approaches, and based on this analysis, consider opportunities to reduce duplicative contracts.

    Agency: Department of Defense: Department of the Army
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to implement utilization metrics and mandatory use or consideration policies.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to develop guidance and overarching goals and metrics for savings.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to conduct a review of the benefits and disadvantages of standardized labor categories for CHESS or future contracts.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Navy, the Secretary of the Navy should direct its strategic sourcing accountable official to conduct a comprehensive analysis of IT services spending to determine the extent to which requirements can be addressed by the existing contracts or other strategic sourcing approaches and based on this analysis, reduce duplicative contracts.

    Agency: Department of Defense: Department of the Navy
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Navy, the Secretary of the Navy should direct its strategic sourcing accountable official to implement utilization metrics and monitor agency efforts to comply with the Navy's existing use policies for IT services.

    Agency: Department of Defense: Department of the Navy
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to conduct a comprehensive analysis of IT services spending to determine the extent to which requirements can be addressed by Network-Centric Solutions (NETCENTS) or other strategic sourcing approaches, and based on this analysis, reduce duplicative contracts.

    Agency: Department of Defense: Department of the Air Force
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our three recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to implement utilization metrics.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to develop guidance and overarching goals and metrics for savings.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to conduct a review of the benefits and disadvantages of standardized labor categories for primary strategic sourcing vehicles such as NETCENTS.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within NASA, the Administrator of NASA should direct its strategic sourcing accountable official to use its 2014 spend analysis to determine the extent to which requirements can be addressed by the IT Infrastructure Integration Program or other strategic sourcing approaches, and based on this analysis, reduce duplicative contracts.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA agreed with this recommendation. To fully implement it, NASA needs to successfully implement its planned actions, including (1) implement new strategic sourcing policies in the NASA federal acquisition regulation supplement, (2) revise the 2014 spend analysis by December 14, 2017, and (3) require strategic sourcing of IT services by December 2018 for services such as mobile communications, telecommunications, cloud computing, and seat management.
    Recommendation: To improve efforts to strategically source IT services within NASA, the Administrator of NASA should direct its strategic sourcing accountable official to implement utilization metrics and mandatory use policies.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA partially agreed with this recommendation. Specifically, NASA agreed to establish metrics, but sought to employ mandatory consideration policies, where applicable, instead of mandatory use policies. We agreed that the proposed approach would meet the intent of our recommendation. To fully implement this recommendation, NASA needs to successfully implement its planned actions, including (1) revising the NASA strategic sourcing guide to include establishment of utilization metrics, and (2) issuing updated strategic sourcing policies in the NASA federal acquisition regulation supplement to include mandatory use policies.
    Recommendation: To improve efforts to strategically source IT services within NASA, the Administrator of NASA should direct its strategic sourcing accountable official to develop guidance and overarching goals and metrics for savings.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA agreed with this recommendation. To fully implement this recommendation, NASA needs to successfully implement its planned actions, including (1) issuing updated strategic sourcing policies in the NASA federal acquisition regulation supplement, (2) updating its strategic sourcing website, and (3) updating the NASA strategic sourcing guide to include the setting of goals or baselines as a method of evaluating the strategic sourcing approach.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To help ensure that agencies' policies and oversight are fully consistent with The Attorney General's Guidelines Regarding the Use of Confidential Informants, the Assistant Secretary of ICE and the Commandant of USCG should update their respective agencies' informant policies and corresponding monitoring processes to explicitly address the Guidelines' provisions on oversight of informants' illegal activities.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: In December 2016, ICE issued a memo regarding changes to its policies for the registration and suitability of confidential informants. The memo included updated forms to oversee those aspects of confidential informant oversight. In April 2017, ICE officials informed GAO that a working group is in the process of updating the Informants Handbook and the Undercover Operations Handbook. ICE expects to finalize drafts of the handbooks in September 2017 and implement them by December 2017. When the updated handbooks are available for GAO's review, we will assess the extent to which they address our recommendation.
    Director: Gambler, Rebecca S
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should plan and conduct regular future fraud risk assessments of the EB-5 Program.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: The Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS) is responsible for administering the Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program). In 2015, we reviewed the EB-5 program to determine if USCIS assesses fraud and other related risks facing the program. We found that USCIS had collaborated with its interagency partners to assess fraud and national security risks in the program in fiscal years 2012 and 2015 but that these assessments were onetime efforts that did not have documented plans to conduct regular future risk assessments, in accordance with fraud prevention practices, which could help inform efforts to identify and address evolving program risks. To strengthen the program's fraud prevention, detection, and mitigation capabilities, we recommended that USCIS plan and conduct regular future fraud risk assessments. USCIS concurred with the recommendation, stating that it will continue to conduct at least one fraud, national security, or intelligence assessment on an aspect of the program annually. In September 2015, USCIS stated that the Fraud Detection and National Security Directorate unit of its Immigrant Investor Program (IPO) will conduct its next fraud, national security, and intelligence assessment in FY 2016 and one assessment annually thereafter. In an August 2016 update, USCIS stated that it had conducted a national security assessment, the draft of which was under review by management, to be finalized by September 30, 2016. We will continue to monitor USCIS's efforts to ensure that the agency finalizes this assessment and documents plans to conduct future fraud assessments on a regular basis.
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should develop a strategy to expand information collection, including considering the increased use of interviews at the I-829 phase as well as requiring the additional reporting of information in applicant and petitioner forms.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In 2015, we evaluated the Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS) Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program) to determine the extent to which the agency had addressed any identified fraud risks in the program. We found that USCIS had identified unique fraud risks in the program and had taken certain steps to address and enhance its fraud risk management efforts, including establishing a dedicated entity to oversee these efforts. However, we found that USCIS's information systems and processes limited its ability to collect and use data on EB-5 Program participants to comprehensively address fraud risks in the program. To strengthen the program's fraud mitigation capabilities, we recommended that USCIS develop a strategy to expand information collection, including considering the increased use of interviews at the application for permanent residency (form I-829) phase as well as requiring the additional reporting of information in applicant and petitioner forms. USCIS concurred with the recommendation, stating that IPO will develop a strategy to enhance and expand information collection, including publishing revised EB-5 application and petition forms, and considering the use of interviews. In a September 2015 update to this recommendation, USCIS stated that it had begun internal discussions for developing a comprehensive strategy to incorporate interviews into various stages of the EB-5 process, including the I-829 phase. In addition, USCIS was implementing a comprehensive approach for revising all EB-5 specific forms (I-526, I-924, and I-924A) to improve program integrity and data collection. USCIS expects the revised forms to be available after December 31, 2015. In an August 2016 update, USCIS stated that it has revised Forms I-924, I-924A, and I-526, and anticipated revising Forms I-924 and I-924A by November 2016 and Form I-829 by March 2017. USCIS also stated that IPO had initiated a new process to allow interview of Form I-829 petitioners by video conference, and planned to develop a comprehensive interview strategy based on the results of initial and future interviews as well as other relevant information. We will continue to monitor USCIS's efforts to develop and implement this more comprehensive EB-5 data collection strategy.
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should track and report data that immigrant investors report, and the agency verifies on its program forms for total investments and jobs created through the EB-5 Program.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In 2015, we evaluated the Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS)'s capacity to verify job creation and to use a valid and reliable methodology to report the economic benefits of its Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program). We found that over time USCIS had increased its capacity to verify job creation by increasing the size and expertise of its workforce and by providing clarifying guidance and training, among other actions. However, we found that USCIS's methodology for reporting program outcomes and overall economic benefits of the EB-5 Program was not valid and reliable because it may understate or overstate program benefits in certain instances as it was based on the minimum program requirements of 10 jobs and a $500,000 investment per investor, instead of the number of jobs and investment amounts collected by USCIS on individual EB-5 Program forms. To more accurately and comprehensively assess and report the overall economic benefits of the program, we recommended that USCIS track and report data that immigrant investors report, and the agency verifies on its program forms for total investments and jobs created. USCIS concurred with this recommendation, stating that IPO will develop a plan to collect and aggregate additional data regarding EB-5 investment amounts and job creation, including revising USCIS data systems and processes, as appropriate. In a September 2015 update, USCIS further stated that IPO officials had already met with officials from the USCIS Office of information Technology (OIT) on August 25, 2015, to discuss EB-5 data requirements, and that IPO is reviewing the fields in the Intranet Computer Linked Application Information Management System (iCLAIMS) database used for maintaining EB-5 and other immigration program data, to define data entry requirements. Once that is completed, USCIS stated that IPO will work with OIT to discuss any system changes needed to reliably aggregate data regarding EB-5 program investment amounts and job creation. In an August 2016 update, USCIS stated that through regular meetings with OIT, IPO has identified the assets needed to develop a case management system to meet the complex data needs of the EB-5 program. This system, which will be compatible with USCIS's electronic immigration system, is tentatively projected to be completed in FY 2017. We will continue to monitor USCIS's efforts to develop a system that will enable it to accurately and comprehensively assess and report the overall economic benefits of the program.
    Director: Chris Currie
    Phone: (404) 679-1875

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To increase states' abilities to improve disaster resilience and mitigate future damage when using federal funding in the wake of disasters, the FEMA Administrator should, consistent with the goals of the NDRF to integrate hazard mitigation and risk reduction opportunities into all major decisions and reinvestments during the recovery process, assess the challenges state and local officials reported, including the extent to which the challenges can be addressed and implement corrective actions, as needed.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open
    Priority recommendation

    Comments: In April 2017, FEMA officials provided a corrective action plan that included interim actions and milestones leading to the establishment of procedures and training to assist in implementing policy changes through the end of calendar year 2016. In September 2016, FEMA issued new policies to establish minimum standards for Public Assistance projects that are intended to promote resilience and achieve risk reduction. The April 2017 update indicates that FEMA plans to complete actions to implement this recommendation by May 2017. GAO will assess the actions taken when they are complete.
    Recommendation: To help the federal, state, and local governments plan for and invest in hazard mitigation opportunities to enhance resilience against future disasters, the Director of the Mitigation Framework Leadership Group, in coordination with other departments and agencies that are MitFLG members, should supplement the National Mitigation Framework by establishing an investment strategy to identify, prioritize, and guide federal investments in disaster resilience and hazard mitigation-related activities and make recommendations to the President and Congress on how the nation should prioritize future disaster resilience investments. Such a strategy could address, among other things, (1) the extent to which current hazard mitigation and disaster resilience programs are adequately addressing critical lifelines and critical infrastructure, (2) an approach to identifying information on what disaster resilience and hazard mitigation efforts are most effective against known risks and their potential impacts on the nation's fiscal exposure, (3) the balance of federal and nonfederal investments, and (4) the balance of pre- and postdisaster resilience investments.

    Agency: Mitigation Framework Leadership Group
    Status: Open
    Priority recommendation

    Comments: In March 2016, officials from FEMA's Federal Insurance and Mitigation Administration told us they are working with the Office of Management and Budget to implement this recommendation and shared a high-level work plan designed to guide MitFLG through the creation of a disaster resilience investment strategy. According to this plan, the strategy is to be complete in October 2017.
    Director: Chris Currie
    Phone: (404) 679-1875

    2 open recommendations
    Recommendation: To ensure the accuracy of the data submitted by chemical facilities, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for the Office of Infrastructure Protection, and the Director of ISCD, in the interim, to identify potentially miscategorized facilities with the potential to cause the greatest harm and verify the Distance of Concern these facilities report is accurate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, as of November 2016 ISCD completed its assessment of all Top-Screens which reported threshold quantities of release-toxic chemicals of interest and identified 158 facilities with the potential to cause the greatest harm. ISCD contacted all 158 facilities and received revised Top-Screens from 101, according to ISCD officials. ISCD halted pursuit of revised Top-Screens from the remaining facilities during summer 2016 in anticipation of the pending release of CSAT 2.0, the Top-Screen application, which both eliminates the Distance of Concern question and will result in all remaining facilities being required to submit a new Top-Screen upon the activation of CSAT 2.0. CSAT 2.0 was activated October 1, 2016, and DHS sent a letter to each of the remaining facilities informing them of their obligation to submit a new top-screen, according to ISCD officials. ISCD is continuing to monitor the resolution of the remaining cases and expects to have assessed updated Top-Screens for all of them within the first or second quarter of 2017. We will update the status of this recommendation after additional information is received from DHS.
    Recommendation: In addition, to better manage compliance among high-risk chemical facilities and demonstrate program results, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for the Office of Infrastructure Protection, and the Director of ISCD to develop documented processes and procedures to track noncompliant facilities and ensure they implement planned measures as outlined in their approved site security plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, ISCD is nearing finalization of the updated CFATS Inspection Standard Operating Procedure (SOP) and has made progress on the new CFATS Enforcement SOP. Once completed, expected in mid-2017, these two documents collectively will formally document the processes and procedures currently being used to track noncompliant facilities and ensure they implement planned measures as outlined in their approved site security plans, according to ISCD officials. We will update the status of this recommendation after additional information is received from DHS.
    Director: Charles Michael Johnson, Jr.,
    Phone: (202) 512-7331

    2 open recommendations
    Recommendation: Given that countering violent extremism is a priority for the U.S. government in general and State's Bureau of Counterterrorism (CT Bureau), the Secretary of State should take steps to ensure that CVE program efforts abroad are evaluated.

    Agency: Department of State
    Status: Open

    Comments: In June 2017, the CT Bureau indicated that a third-party evaluation of the CVE program has been completed. The evaluation focused on process and programming, including all CVE projects funded between fiscal years 2012 and 2016 and resulted in two related but disparate sets of recommendations and findings. The CT Bureau indicated that it has begun incorporating the recommendations made in the evaluation into its overall CVE efforts.
    Recommendation: To improve State's CT Bureau's program management efforts, the Secretary of State should take steps to ensure the Bureau of Counterterrorism establishes specific time frames for addressing recommendations from program evaluations.

    Agency: Department of State
    Status: Open

    Comments: In June 2017, the CT Bureau indicated it is in the process of reviewing recommendations from the CVE evaluation, and will soon be assigning timelines to those recommendations that the bureau deems relevant and achievable. For other evaluations, the CT Bureau indicated that it has already acknowledged the need to assign specific timelines to evaluation recommendations and has adjusted accordingly.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    9 open recommendations
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to develop and implement TVPRA training for OFO officers at airports who have substantive contact with UAC.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Office of Field Operations (OFO) within U.S. Customs and Border Protection (CBP), in collaboration with U.S. Immigration and Customs Enforcement, conducted a "Train-the-Trainer" conference in August 2015 that focused on juvenile and unaccompanied alien children (UAC). The conference, among other things, addressed screening requirements for UAC consistent with Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA). CBP officers who received this additional training were then responsible for training other officers who process UAC at the ports of entry. According to CBP, while the conference was comprehensive, it did not fully encompass CBP's needs. In June 2016, CBP reported that OFO, Office of Chief Counsel, and a headquarters-level working group on UAC issues are finalizing a revised Form CBP-93 and with that are developing a detailed, relevant Train-the-Trainer course for officers responsible for TVPRA at all CBP ports of entry. In December 2016, CBP notified GAO that OFO, in coordination with CBP's Office of Training and Development, was concluding the design and embarking on the development phase of a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." This course will be an annual requirement for all OFO officers. In April 2017, CBP reported that OFO was no longer pursuing a separate Train-the-Trainer course for CBP officers at air ports of entry. However, CBP continues to develop a new UAC training course. The new course is a collaborative effort between OFO and USBP, in consultation with CBP's Office of Chief Counsel, and in partnership with CBP's Office of Training and Development (OTD) to develop, deconflict, and revise training consistent with requirements under TVPRA, specifically outlining rules to identify and screen UAC, among other things. As of September 2017, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP needs to ensure that OFO officers at airports who have substantive contact with UAC complete this training.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to revise the Form 93 to include indicators or questions that agents and officers should ask UAC to better assess (1) a child's ability to make an independent decision to withdraw his or her application for admission to the United States and (2) credible evidence of the child's risk of being trafficked if returned to his or her country of nationality or last habitual residence.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2015, CBP officials stated that CBP formed a working group in headquarters with representatives from the department's Office of Policy and Office for Civil Rights and Civil Liberties to examine the screening process for UAC. In addition, CBP officials noted that CBP is in the process of convening a similar group in the field. According to CBP officials, the working group meets weekly and is coordinating with nongovernmental organizations and the United Nations High Commissioner for Refugees, among others. As of June 30, 2016, CBP reported that CBP's Office of Field Operations (OFO) and U.S. Border Patrol (BP) have finalized and routed the Form CBP-93 to the OFO Executive Assistant Commissioner and United States Border Patrol Chief for final approval. As of June 2017, the revised CBP Form 93 is still under review and CBP officials estimate that the review process will be completed by December 31, 2017. To fully address this recommendation, CBP should revise the Form 93 to include indicators or questions that CBP officers and Border Patrol agents should ask UAC relative to their ability to make an independent decision and regarding the potential risk of the UAC being trafficked if returned to their country of nationality or last habitual residence.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to provide guidance to Border Patrol agents and OFO officers that clarifies how they are to implement the TVPRA requirement to transfer to HHS all Mexican UAC who have fear of returning to Mexico owing to a credible fear of persecution.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In commenting on a draft of our report, DHS indicated that CBP's U.S. Border Patrol (USBP) and Office of Field Operations (OFO) would issue further guidance to agents and officers emphasizing TVPRA transfer procedures for UAC who are nationals or habitual residents of Canada or Mexico and who are victims of a severe form of trafficking in persons. In September 2015, CBP reported that USBP and OFO estimated implementing this additional guidance by the end of calendar year 2015. In January 2016, CBP reported to GAO that, since June 2015, a headquarters level working group had been reviewing CBP's screening process for UAC. According to CBP officials, the activities of this working group will influence the guidance that will be deployed to Border Patrol agents and OFO officers and that USBP and OFO will be working together to develop additional guidance to the field by September 2016. In December 2016, CBP notified GAO that Border Patrol and OFO have partnered with CBP's Office of Training and Development, as well as the Office of Chief Counsel, to develop a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." According to CBP, this course will be an annual requirement for all CBP agents and officers. As of September 2017, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP should ensure that this distance learning training module on how to implement the Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA) criteria is developed and implemented, as required by CBP policy, to all Border Patrol agents and OFO officers.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to develop and implement guidance on how Border Patrol agents and OFO officers are to implement the TVPRA requirement to transfer to HHS all Canadian and Mexican UAC who are victims of a severe form of trafficking in persons.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In commenting on a draft of our report, DHS indicated that CBP's U.S. Border Patrol (USBP) and Office of Field Operations (OFO) would issue further guidance to agents and officers emphasizing TVPRA transfer procedures for UAC who are nationals or habitual residents of Canada or Mexico and who are victims of a severe form of trafficking in persons. In September 2015, CBP reported that USBP and OFO estimated implementing this additional guidance by the end of calendar year 2015. In January 2016, CBP reported to GAO that, since June 2015, a headquarters level working group has been reviewing CBP's screening process for UAC. According to CBP officials, the activities of this working group will influence the guidance that will be deployed to Border Patrol agents and OFO officers and that USBP and OFO will be working together to develop additional guidance to the field by September 2016. In December 2016, CBP notified GAO that Border Patrol and OFO have partnered with CBP's Office of Training and Development as well as the Office of Chief Counsel to develop a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." According to CBP, this course will be an annual requirement for all CBP agents and officers. As of September 2017, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP should ensure that this distance learning training module on how to implement the Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA) criteria is developed and implemented, as required by CBP policy, to all Border Patrol agents and OFO officers.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to ensure that Border Patrol agents document the basis for their decisions when assessing screening criteria related to (1) an unaccompanied alien child's ability to make an independent decision to withdraw his or her application for admission to the United States, and (2) whether UAC are victims of a severe form of trafficking in persons.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of December 2015, CBP officials reported that an internal working group charged with assessing UAC screening procedures was considering issues related to independent decision-making and appropriate documentation as it develops a revised screening tool. As of June 30, 2016, CBP reported that CBP's Office of Field Operations (OFO) and U.S. Border Patrol (BP) had finalized and routed a revised CBP Form 93 to the OFO Executive Assistant Commissioner and United States Border Patrol Chief for final approval. As of August 31, 2016, the revised CBP Form 93 was still under review and CBP officials estimated that the review process would be completed by December 31, 2016. In January 2017, CBP notified GAO that the expected completion date for the revised form is April 2017, and that direction to Border Patrol agents on the new form would be delivered by June 2017. In June 2017, CBP told GAO that Border Patrol and other CBP partners were continuing to determine which changes are necessary to the CBP Form 93 and estimated that these efforts would not be completed until December 31, 2017. As of September 2017, CBP reported that these efforts would not be completed until June 2018. To fully address this recommendation, CBP should ensure that Border Patrol agents document the basis for their decisions when assessing screening criteria related to (1) an unaccompanied alien child's ability to make an independent decision to withdraw his or her application for admission to the United States, and (2) whether UAC are victims of a severe form of trafficking in persons.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to determine which agents and officers who have substantive contact with UAC, complete the annual UAC training, and ensure that they do so, as required.

    Agency: Department of Homeland Security
    Status: Open

    Comments: On July 1, 2015, the Assistant Commissioner for Field Operations (OFO) disseminated a memorandum to all OFO Field Office Directors regarding the mandatory annual UAC training requirement. The Assistant Commissioner directed all Field Offices to ensure that officers completed the required training by December 31, 2015 (the memo also specified which officers are required to complete the training). On July 31, 2015, the Chief of the U.S. Border Patrol disseminated a memorandum to all Chief Patrol Agents and Directorate Chiefs for dissemination to all uniformed personnel, including supervisors, regarding the mandatory annual UAC training requirement. CBP documentation indicates that CBP implemented a new learning management system mandated by DHS on July 13, 2015, through which online training courses are offered to all CBP employees. Further, in 2016 DHS added a feature to this system that provided the capability to produce reports on courses completed by CBP employees. In April 2017, CBP provided 2016 data on the OFO officers and Border Patrol agents that had completed the required UAC training course. According to the data, 23 percent of OFO officers and 7 percent of Border Patrol agents required to complete the training had not done so. CBP officials stated that they plan to take steps to increase the percent of agents and officers who complete the required training in 2017 and will provide new data to GAO in early 2018. To fully address this recommendation, Border Patrol and OFO should ensure that all required personnel have completed the annual training, as required.
    Recommendation: To help ensure that DHS has complete and reliable data needed to ensure compliance with the UAC time-in-custody requirement under TVPRA and for required reports on UAC time in custody under the Flores Agreement, the Secretary of Homeland Security should require ICE officers to record accurate and reliable data in their automated system when UAC leave ICE custody in order to track the length of time UAC are in ICE custody.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a July 23, 2015 memo, ICE's Assistant Director for Custody Management, with concurrence from the Acting Assistant Director for Field Operations, provided instructions to all ICE Field Office Directors, Deputy Field Office Directors, and Field Office Juvenile Coordinators (FOJCs) with instructions for processing juveniles, including unaccompanied alien children (UAC). The memo stated that FOJCs or assigned officers must immediately book UAC into ICE's automated system upon the UAC's transfer into ICE's custody (including ICE transportation contractors). The instructions state that no more than 4 hours may elapse without recording the UAC's time in ICE custody. Further, the instructions stated that when ICE transfers UAC to a new location, that FOJCs, or other assigned officers, must also ensure that ICE's automated system is updated to reflect the exact location of the transfer. According to ICE, these instructions are to be included in a juvenile processing handbook that will provide detailed instructions for officers in processing and managing juvenile cases. ICE expects to complete this handbook by June 30, 2016. As of October 2016, the handbook was still being cleared within ICE. To fully implement our recommendation, ICE should require that officers record accurate and reliable data (date and time) in their automated system when UAC leave ICE custody.
    Recommendation: To increase the efficiency and improve the accuracy of the interagency UAC referral and placement process, the Secretaries of Homeland Security and Health and Human Services should jointly develop and implement a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2015, DHS stated that the department was collaborating with HHS on finalizing a Memorandum of Agreement (MOA) regarding UAC procedures. According to DHS, the MOA is meant to provide a framework for interagency coordination on the responsibilities of the parties in coordinating and establishing procedures, shared goals, and interagency cooperation with respect to UAC. In February 2016, DHS and HHS finalized the MOA. The MOA states that DHS and HHS agree to establish a Joint Concept of Operations (JCO) that should be completed no later than one year following the signing of the MOA. According to the MOA, the JCO should include, among other things, standard protocols for consistent interagency cooperation on the care, processing, and transport of UAC during both steady state operations, as well as in the event the number of UAC exceeds the standard capabilities of the departments to process, transport, and/or shelter with existing resources. As of February 2017, HHS told GAO that HHS and DHS are still in the process of drafting the JCO. To fully address the recommendation, DHS and HHS will need to ensure that the JCO, once finalized and implemented, includes a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.
    Recommendation: To increase the efficiency and improve the accuracy of the interagency UAC referral and placement process, the Secretaries of Homeland Security and Health and Human Services should jointly develop and implement a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In September 2015, DHS stated that the department was collaborating with HHS on finalizing a Memorandum of Agreement (MOA) regarding UAC procedures. According to DHS, the MOA is meant to provide a framework for interagency coordination on the responsibilities of the parties in coordinating and establishing procedures, shared goals, and interagency cooperation with respect to UAC. In February 2016, DHS and HHS finalized the MOA. The MOA states that DHS and HHS agree to establish a Joint Concept of Operations (JCO) that should be completed no later than one year following the signing of the MOA. According to the MOA, the JCO should include, among other things, standard protocols for consistent interagency cooperation on the care, processing, and transport of UAC during both steady state operations, as well as in the event the number of UAC exceeds the standard capabilities of the departments to process, transport, and/or shelter with existing resources. As of August 2017, HHS told GAO that HHS and DHS are still in the process of drafting the JCO. To fully address the recommendation, DHS and HHS will need to ensure that the JCO, once finalized and implemented, includes a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.
    Director: Joseph Kirschbaum
    Phone: (202) 512-9971

    3 open recommendations
    Recommendation: To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to fully institutionalize the use of risk assessments to support future investment decisions, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to update the roles and responsibilities guidance in DOD Directive 5160.05E to identify which organizations are responsible for conducting and participating in CBDP Enterprise risk assessments.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation but has not yet completed actions to implement it. As of August 2017, DOD was still waiting to release the final version of DOO Directive 5160.05E.
    Recommendation: To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to fully institutionalize the use of risk assessments to support future investment decisions, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to update the CBDP Enterprise's portfolio planning process, to include when risk assessments will be conducted.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation but has not yet completed actions to implement it. On 6/8/16, DOD reported that the risk assessment process was initially piloted in 2014 to determine its utility for informing CBDP Enterprise portfolio planning and guidance. Moving forward, the CBDP Enterprise plans to conduct risk assessments annually to support portfolio planning and guidance. As of August 2017, DOD reported that the department was beginning an approximately 12-month process to revise the CBDP Business Plan, which would likely be published as a DOD Instruction. This plan should address the risk assessment recommendation.
    Recommendation: To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to enhance PAIO's ongoing analysis of potential infrastructure duplication in the CBDP Enterprise and gain potential efficiencies, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to identify, request, and consider any information from existing infrastructure studies from other federal agencies with chemical and biological research and development and test and evaluation infrastructure.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation but has not yet completed actions to implement it. As of July 2017, DOD has requested, but not received, such studies from other federal agencies. However, DOD is currently engaged in phase two of a three-phase effort regarding its chemical and biological defense infrastructure program (CBDP), which includes a review of the department's interagency roles and responsibilities for its chemical and biological defense Infrastructure Manager. Targeted completion for this phase is December 2017, at which time, DOD may have obtained relevant information from other federal agencies.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To improve the accountability and transparency of FirstNet's operations, and ensure that FirstNet is gaining as much knowledge from the early builder projects as possible, FirstNet should strengthen FirstNet's internal control system by fully assessing risks, developing standards of conduct, and evaluating performance against these standards.

    Agency: Department of Commerce: National Telecommunications and Information Administration: First Responder Network Authority
    Status: Open

    Comments: When we confirm what actions the First Responder Network Authority (FirstNet) has taken in response to this recommendation, we will provide updated information.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To improve DHS's management of major acquisition programs, the Secretary of Homeland Security should ensure future baselines for all of TSA's major acquisition programs capture the overall historical record of change.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the Transportation Security Administration (TSA) will begin to incorporate an addendum to future Acquisition Program Baselines (APB) that will provide a single source to show the changes to cost, schedule, and performance metrics, beginning with the initial program baseline and showing traceability of all interim approved versions to the current APB. DHS estimated it would complete this effort April 30, 2016. As of August 2017, DHS leadership had approved updated versions of the two APBs that were the basis for this recommendation. Both included addendums with metrics from prior APBs, but raised questions about traceability to the current cost, schedule, and performance metrics. GAO will assess the updated APBs as a part of its annual review of select DHS major acquisition programs to determine whether the department has addressed the recommendation.
    Recommendation: To more accurately communicate DHS's funding plans for USCG's major acquisition programs, the Secretary of Homeland Security should ensure the funding plans presented to Congress in fiscal year 2015 are comprehensive and clearly account for all operations and maintenance funding DHS plans to allocate to each of the USCG's major acquisition programs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the U.S. Coast Guard and the DHS Chief Financial Officer will develop a plan to address this recommendation by September 30, 2015, then work together to fully implement the plan. DHS estimated it would complete this effort March 31, 2016. However, the USCG encountered technical challenges during this process and was unable to implement the plan by that time. The U.S. Coast Guard has revised the estimated completion date, and now anticipates it will be able to address this recommendation in fiscal year 2020.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of the Department of Homeland Security should direct FPS to develop and implement a strategy for using covert-testing data and data on prohibited items to improve FPS's security-screening efforts. The strategy should, at a minimum, aim to ensure that: (1) covert-testing data are used to systematically monitor, review, and improve performance nationwide; (2) covert-testing data are used to determine which testing scenarios will be implemented or reinstated; and (3) data on prohibited items are analyzed to determine the reasons for wide variations in the number of reported prohibited-items detected across buildings and to assist with managing the screening process and informing policy.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, implementation of this recommendation was in process, according to the Federal Protective Service (FPS). FPS provided no additional information, but plans to update GAO in the coming weeks on the status of this and other open recommendations.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    6 open recommendations
    Recommendation: To ensure that CBP's land mobile radio systems are functioning as intended in each location and are meeting user needs, the CBP Commissioner should develop a plan to monitor the performance of its deployed radio systems.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure the ICE TACCOM program is effectively managed, the Assistant Secretary of ICE should develop a program plan to ensure that the agency establishes the appropriate documentation of resource needs, program goals, and measures to monitor the performance of its deployed radio systems.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve CBP training efforts, CBP Commissioner should develop and implement a plan to address any skills gaps for CBP agents and officers related to understanding the new digital radio systems and interagency radio use protocols.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve CBP training efforts, CBP Commissioner should develop a mechanism to verify that all Border Patrol and OFO radio users receive radio training.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve ICE training efforts, the Assistant Secretary of ICE should develop and implement a plan to address any skills gaps for ICE agents related to understanding the new digital radio systems and interagency radio use protocols.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve ICE training efforts, the Assistant Secretary of ICE should develop a mechanism to verify that all ICE radio users receive radio training.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: In order to help ensure consistent, effective oversight of DHS's acquisition programs, and to make the CASR more useful, starting with the report reflecting fiscal year 2015 program data, the Secretary of DHS should adjust the CASR to do the following: (1) report an individual rating for each program's cost, schedule, and technical risks; (2) report a best estimate of procurement quantities or indicate why this is not applicable, as appropriate; (3) report all programs' significant changes in acquisition cost, quantity, or schedule from the previous CASR report by determining a means to account for programs that lack acquisition program baselines; (4) report major program events that are included in acquisition program baselines, such as scheduled acquisition decision events; and (5) report the level at which the program's life-cycle cost estimate was approved.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation, and took some actions to address it. The Office of Program Accountability and Risk Management (PARM) updated its template for the Comprehensive Acquisition Status Report (CASR) to reflect the following changes: individual ratings for each program's cost, schedule, and technical risks; significant changes in programs' acquisition cost, quantity, or schedule; and major events included in the acquisition program baselines. In addition, PARM intended to revise the reporting information for the level at which a program's life-cycle cost estimate was approved and its estimate of procurement quantities. However, the 2017 Consolidated Appropriations Act discontinued the requirement to submit the CASR with future budget requests and DHS did not submit one for 2017. Recently introduced legislation would reestablish the CASR requirement and we will revisit this recommendation pending the outcome of that legislation.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    7 open recommendations
    including 4 priority recommendations
    Recommendation: To ensure that the NSCs can be operated and maintained in the most demanding environments based on mission and maintenance requirements prior to implementation of the CRC, the Coast Guard should, as expeditiously as possible under its capacity limits and fiscal constraints, fulfill the staffing requirements recommended in the 2011 manpower requirements analysis, including ensuring that while implementing the interim 210 Plan, the NSCs operate with sufficient numbers of crew members who possess the recommended mix of skills and abilities.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In August 2015, the Coast Guard stated that funding to fulfill the staffing requirements recommended in the 2011 manpower requirements analysis for the National Security Cutter is under review and is expected to be determined by February 2016. On January 24, 2017, the Coast Guard noted that it expects the crew increase to be reflected in the FY 2017 Appropriation.
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including determining the appropriate number of NSC crew and shoreside-based support personnel with the right mix of skills and abilities and having them in place when the Coast Guard tests the CRC.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In July 2015, the Coast Guard provided documentation of a manpower requirements analysis and manpower requirements determination, which specify the number of shoreside-based support personnel, such as engineering and maintenance, that are needed to support 4 National Security Cutters (NSC) based in Alameda, CA (i.e., three of the four NSCs using the crew rotational concept). In March 2016, the Coast Guard stated that it would request resources, as appropriate, to ensure that these personnel are in place prior to testing and expects to close this recommendation by November 2017. On January 24, 2017, the Coast Guard noted that it is continuing to develop the final test plan.
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including addressing the misalignment of the crewing concept to be used in the planned CRC test, as compared to the NSC homeporting plan, so that the CRC test is conducted in an operationally realistic environment and that the test results can be used to determine the optimal schedules for rotating crews and performing maintenance.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that it continues to analyze and develop various testing plans to reach 225 DAFHP onboard NSCs. The test will be performed by Coast Guard Pacific Area during normal operations over an extended period to ensure it is operationally realistic; lessons learned will be used to inform future crewing models. The Coast Guard will submit a final test plan to Congress prior to the deadline set forth by the 2012 Coast Guard Authorization Bill (end of 2017).
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including addressing the potential impacts of wide variations between alternative CRC deployment schedules.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that it continues to analyze and develop various testing plans to reach 225 DAFHP onboard NSCs. The test will be performed by Coast Guard Pacific Area during normal operations over an extended period to ensure it is operationally realistic; lessons learned will be used to inform future crewing models. The Coast Guard will submit a final test plan to Congress prior to the deadline (end of 2017) set forth by the 2012 Coast Guard Authorization Bill.
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including expanding the Coast Guard's training infrastructure capacity to provide crew members with the necessary training for off-cycle rotating NSC crew members under the CRC.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that it continues to analyze and develop various testing plans to reach 225 DAFHP onboard NSCs. The test will be performed by Coast Guard Pacific Area during normal operations over an extended period to ensure it is operationally realistic; lessons learned will be used to inform future crewing models. The Coast Guard will submit a final test plan to Congress prior to the deadline set forth by the 2012 Coast Guard Authorization Bill (the end of 2017).
    Recommendation: To ensure that the Coast Guard is making progress in a timely manner to address and effectively mitigate the risk factors identified above, the Coast Guard should develop interim milestones for the various actions to be taken on each of the risk factors as the Coast Guard completes the CRC Plan.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that the analysis is ongoing, and will be addressed in the test plan submitted to Congress in accordance with the 2012 Coast Guard Authorization Bill (end of 2017).
    Recommendation: Finally, to ensure that the Coast Guard is making progress in developing alternative measures that provide more accurate indicators of operational performance in a timely manner, the Coast Guard should establish time frames and interim milestones for developing and implementing these alternative measures for use prior to CRC testing. These measures could then be used for both the NSCs, as well as for other cutters, such as the Offshore Patrol Cutter, that currently use or plan to use the traditional DAFHP performance measure.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In August 2015, the Coast Guard stated that its analysis of alternative measures for use prior to testing the NSCs to use the crew rotational concept was ongoing and did not provide a date for completion. On January 24, 2017, the Coast Guard noted that, in the process of analyzing an alternative to DAFHP, it found that while its enterprise data management system collects the necessary data; the system didn't have an efficient way of aggregating the data for analysis. The first step to develop an appropriate enterprise measure is to improve the data management system through a software change. Once the change is complete, the system will be evaluated and tested to ensure that an aggregated report of discrete Coast Guard Cutter activity is accurate and reliable. The change will include the functionality to separate underway from in-port activity. After examining the results from the software change, the Coast Guard will evaluate an alternative to DAFHP. However, all analyses to date indicate DAFHP remains an important measure for personnel operations tempo and cutter scheduling and will not be eliminated as an available measure. The Coast Guard updated the estimated completion date for this recommendation to July 2018.
    Director: Andrew Sherrill
    Phone: (202) 512-7215

    5 open recommendations
    Recommendation: To better report the occupations filled by H-2B workers who have been approved by DHS, the Director of U.S. Citizenship and Immigration Services should implement during its transformation process to an electronic petition form, an occupation classification system that conforms to a national standard.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In September 2016, USCIS indicated that it was revising its Transformation Roadmap (schedule). The conversion to electronic nonimmigrant petitions is expected to be completed during the second quarter of fiscal year 2018. USCIS also noted that it is exploring the adoption of a single set of occupation codes across multiple form types, but has not yet made a final decision whether to implement this. USCIS estimates this recommendation will be completed by March 31, 2018.
    Recommendation: To help potential H-2A and H-2B workers and their advocates better assess employment offers and reduce their vulnerability to abuse, the Director of U.S. Citizenship and Immigration Services should, during its transformation to an electronic petition form, ensure that petition job information is collected in an electronic manner and made available to the public as soon as possible following a final adjudication decision. Such job information should include number of positions, wage, and any staffing, placement or recruitment agency the employer plans to use.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In September 2016, USCIS indicated that it was revising its Transformation Roadmap (schedule). The conversion to electronic nonimmigrant petitions is expected to be completed during the second quarter of fiscal year 2018. Therefore, USCIS estimates this recommendation will be completed by March 31, 2018.
    Recommendation: To help protect workers from being hired by employers who have been debarred from program participation, the Secretary of Labor should direct the Assistant Secretary, Employment and Training Administration, to use all employer-related information it collects on debarred employers to screen new applications.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2016, the agency noted that it continues to screen for debarred employers in two ways: 1) by adding debarred employers to its iCERT System, which matches incoming employer applications using the federal Employer Identification Number; and 2) by conducting additional reviews during analyst case adjudications using a more expansive set of employer-related information. While the Employment and Training Administration explored enhancing its iCERT system in 2015 to flag more information on debarred employers, the agency said this enhancement was not pursued due to technical difficulties in matching open text fields (e.g., physical employer addresses).
    Recommendation: To ensure that H-2B workers are adequately protected and that DOL's investigative resources are appropriately focused, the Secretary of Labor should direct the Administrator, Wage and Hour Division, to review its enforcement efforts and conduct a national investigations-based evaluation of H-2B employers.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2016, DOL's Wage and Hour Division (WHD) indicated that it is coordinating closely with the department's Chief Evaluation Office on evaluations and special projects involving data analytics. As a result of that coordination, it is shifting away from large-scale compliance surveys and toward leveraging internal enforcement data and external survey data to assess compliance levels in priority industries. Therefore, WHD is not currently considering a national level survey of the H-2B program. However, WHD indicated that its focus of enforcement resources on industries that employ workers vulnerable to violations of labor laws will include H-2B workers and employers.
    Recommendation: To determine to what extent, if any, the 2-year statute of limitations on debarment limits its use as a remedy for employers who violate program requirements: (1) the Secretary of Labor should direct the Assistant Secretary, Employment and Training Administration, and the Administrator, Wage and Hour Division, to collect data on the nature of the cases where debarment would have been recommended but was not because the 2-year statute of limitations had expired, and based on that data determine whether to pursue a legislative proposal to extend the statute of limitations; and (2) the Department of Labor Inspector General should direct the Assistant Inspector General, Office of Labor Racketeering and Fraud Investigations to provide the Assistant Secretary, Employment and Training Administration, and the Administrator, Wage and Hour Division, data on the number of referrals for debarment that the Inspector General's Office sent to the department after the 2-year statute of limitations had expired.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2016, DOL indicated that it was considering the utility of collecting these data in light of the fact that the new H-2B regulations that were issued in April 2015 eliminated the 2-year statute of limitations for the H-2B program. We continue to believe, however, that this data collection would be valuable given that the H-2A program is still subject to the 2-year statute of limitations. The department indicated it is undertaking a modernization of its data systems--by implementing a data governance structure that will manage its data as a business asset--and our recommendation for the collection of these data will be vetted through this process.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To improve disposition reporting that would help states update and complete criminal history records, the Director of the FBI should task the FBI Advisory Policy Board to establish a plan with time frames and milestones for achieving its Disposition Task Force's stated goals.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better equip states to meet the regulatory requirement to notify individuals of their rights to challenge and update information in their criminal history records, and to ensure that audit findings are resolved, the Director of the FBI--in coordination with the Compact Council-- should determine why states do not comply with the requirement to notify applicants and use this information to revise its state educational programs accordingly.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To ensure that DHS components have sustained effective and appropriate use of AUO in accordance with law and regulation, Congress should consider requiring DHS to report annually to Congress on the use of AUO within the department, including the extent to which DHS components have made progress remediating AUO implementation deficiencies and information from annual third-party AUO audits or other department AUO oversight efforts.

    Agency: Congress
    Status: Open

    Comments: As of May 2017, three DHS components continue to use administratively uncontrollable overtime (AUO) to compensate employees for time worked beyond the standard 8-hour workday. The Border Patrol Agent Pay Reform Act of 2014 (BPAPRA), passed in December 2014, established a new overtime compensation system for Border Patrol agents (the majority of former AUO-users). Further, an amendment to Title V, enacted in December 2016, expanded law enforcement availability pay to U.S. Customs and Border Protection's (CBP) Air and Marine Operations. However, CBP continues to use AUO to compensate other employees, such as those within in the Office of Field Operations. Also, both U.S. Immigration and Customs Enforcement (ICE) and U.S. Secret Service (USSS) continue to use AUO to compensate employees with AUO. Though the negative effects of implementing AUO incorrectly have been mitigated to some extent through the deauthorization of over 20,000 Border Patrol agents, in addition to other deauthorizations and alternative compensation mechanisms, three DHS components continue to utilize AUO. Therefore, DHS still needs to consider a holistic approach to ensuring those components use AUO correctly and our matter for congressional consideration will remain open.
    Recommendation: To better position DHS to monitor components' progress remediating AUO deficiencies, the Secretary of DHS should develop and execute a department-wide oversight mechanism to ensure components implement AUO appropriately on a sustained basis, and in accordance with law and regulation.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2015, the Department of Homeland Security (DHS) took actions toward addressing our recommendation by developing a department-wide oversight mechanism described in a directive and instruction on administratively uncontrollable overtime (AUO). DHS's AUO directive defines responsibility for Office of the Chief Human Capital Officer (OCHCO) that includes establishing AUO policy and guidance, providing program oversight and evaluating component AUO compliance, and administering an AUO training program, among other things. The directive also requires component heads to develop component-specific AUO policies that must be reviewed by DHS OCHCO for concurrence and also submit to OCHCO the results of an independent, third-party audit of compliance with applicable AUO law and policy no later than 18 months after the date of the directive (i.e., by December 2016) and annually thereafter . In March 2016, Immigration and Customs Enforcement (ICE) completed its annual financial audit, conducted by a separate office within DHS, which now incorporates audit of ICE's use of AUO. As of May 2017, the other DHS components that continue to use AUO--U.S. Secret Service and U.S. Customs and Border Protection--have not yet submitted results of third-party audits of AUO to OCHCO. To ensure that the AUO directive has been fully and appropriately executed across the department, the recommendation will remain open until USSS and CBP have submitted their first independent, third-party audit to OCHCO. At that point we will we review the remaining audits to determine if the recommendation has been addressed, and can therefore be closed.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    2 open recommendations
    including 1 priority recommendation
    Recommendation: The Secretary of Homeland Security, in consultation with GSA, should develop and implement a strategy to address cyber risk to building and access control systems that, among other things: (1) defines the problem; (2) identifies roles and responsibilities; (3) analyzes the resources needed; and (4) identifies a methodology for assessing this cyber risk.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the Department has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of the General Services Administration should assess the building and access control systems that it owns in FPS-protected facilities in a manner that is fully consistent with FISMA and its implementation guidelines.

    Agency: General Services Administration
    Status: Open
    Priority recommendation

    Comments: As of October 2016, GSA recently provided documentation about its assessments of the control systems that the agency owns in FPS-protected facilities. We are reviewing this information to determine whether GSA has implemented the recommendation.
    Director: Seto J. Bagdoyan
    Phone: (202) 512-6722

    2 open recommendations
    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should assess the cost and feasibility of addressing limitations in FEMA's control for identifying duplicate information in applications in high-risk data fields--such as SSN, bank-account information, address, and phone number--that may currently allow individuals or households to improperly receive multiple payments, and if determined to be costbeneficial take steps to address the system design limitation.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In April 2017, FEMA reported that the agency had reviewed its software system's controls for identifying duplicate SSNs, bank account, address, and phone information. FEMA reported that it would be cost effective and feasible to improve its software system's controls for identifying duplicate address information, and the agency expects to deploy these system changes in the summer of 2017. FEMA also reported that, based on its review of the cases GAO referred to FEMA, errors in SSN and bank account information were related to human casework processing rather than software system limitations. Consequently, FEMA reported that it was reviewing and updating its casework training, guidance, and quality control documentation. We will continue to monitor FEMA's efforts to implement this recommendation.
    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should collaborate with SSA to assess the cost and feasibility of checking recipient SSNs against the Enumeration Verification System and the full death file to more accurately identify recipients who used Social Security numbers (SSNs) that were ineligible or belonged to likely deceased individuals, document the results of this assessment, and if determined to be cost-beneficial take steps to implement a partnership to use SSA data.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In April 2017, FEMA reported that the agency completed a cost estimate for system changes needed to include a direct data exchange with SSA. FEMA further reported that the agency was continuing to explore alternative means of conducting a direct data exchange that would help FEMA verify if an SSN belongs to a deceased person. We will continue to monitor FEMA's progress in implementing this recommendation.
    Director: Grover, Jennifer A
    Phone: (202)512-7141

    1 open recommendations
    Recommendation: To ensure that TSA's planned testing yields reliable results, the TSA Administrator should take steps to ensure that TSA's planned effectiveness testing of the Managed Inclusion process adheres to established evaluation design practices.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: TSA continues to make progress on implementing this recommendation. In March 2017, TSA reported that an evaluation of the security effectiveness of the managed inclusion process is to be completed over the next few weeks. Once documentation for the evaluation is available, TSA will provide it for review and analysis.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To ensure data required by IMBRA are collected, maintained, and reliable, the Director of USCIS should ensure that IMBRA-required data elements will be collected in an automated manner with the release of the electronic I-129F petition.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In January 2015, USCIS reported that it expected to start development for the electronic I-129F petition in March 2016. As of March 2016, USCIS officials confirmed that the electronic I-129F petition is tied to the Family-Based Adjustment of Status (AOS) product line for USCIS ELIS. USCIS officials stated that, as of March 2016, the requirements-gathering phase for this product line is underway and, as of June 2016, USCIS began the requirements-gathering phase. In October 2016, the Office of Transformation Coordination reported that there have been some delays in the product line that includes the I-129F petition and the tentative expected completion date is the second quarter of fiscal year 2018. To fully implement this recommendation, USCIS should ensure that IMBRA-required data elements are collected in an automated manner with the release of the electronic I-129F petition.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To enhance the Secretary of Homeland Security's ability to assess national preparedness and provide management oversight of federal interagency efforts to close previously identified capability gaps, the Secretary of Homeland Security should direct the Administrator of FEMA--in coordination and collaboration with the National Security Council Staff and other federal departments and agencies--to collect information on and regularly report to the Secretary the status of federal interagency implementation of corrective actions identified (1) through prior national-level exercises and (2) following real-world incidents, specifically major disasters.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In November 2016, FEMA officials reported that the agency had developed an approach for collecting and reporting on the status of federal interagency corrective actions from Level I disasters to add to the current practice of reporting on national level exercises. According to officials, the proposed approach was under review and the agency plans to coordinate with the other federal departments and agencies before submitting their proposal to DHS for final approval. In August 2017, FEMA's National Preparedness Directorate reported an expected completion date of December 29, 2017. Pending completion of this effort, this recommendation remains open.
    Director: Melvin, Valerie C
    Phone: (202) 512-6304

    3 open recommendations
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to improve reporting of FOIA costs by including salaries, employee benefits, non-personnel direct costs, indirect costs, and costs for other offices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In responding to our recommendation, DHS said it has developed a spreadsheet that is to be used by its components to track FOIA costs. However, as of September 2017, DHS has not yet provided information containing such details as when its components will be required to use the spreadsheet and if the spreadsheet is to track all the categories of costs discussed in our report. We plan to update the status of this recommendation when DHS provides documentation that further explains, and confirms the department's use of, the spreadsheet.
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to direct USCIS and Coast Guard to fully implement the recommended FOIA processing system capabilities and the section 508 requirement.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS issued a memo to all of the department's FOIA officers in March 2015 which focused on ensuring that each component's FOIA processing systems are 508 compliant. However, as of September 2017, DHS has not yet provided us with evidence that the U.S. Citizenship and Immigration Services and the Coast Guard have implemented system capabilities that are 508 compliant. When DHS provides information concerning its actions taken to make the systems compliant, we will update the status of the recommendation.
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to determine the viability of re-establishing the service-level agreement between the U.S. Citizenship and Immigration Services (USCIS) and U.S. Immigration and Customs Enforcement to eliminate duplication in the processing of immigration files. If the benefits of doing so would exceed the costs, re-establish the agreement.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has stated that it is taking steps to determine if the U.S. Immigration and Customs Enforcement and the U.S. Citizenship and Immigration Services will re-establish the service-level agreement to process FOIA requests related to immigration files. In addition, the department has stated that duplication no longer exists in the processing of these type of requests. However, DHS has not yet provided evidence, such as a cost-benefit analysis, that could demonstrate the steps it is taking regarding the service-level agreement. Further, GAO has not yet received evidence from the department to support its assertion that duplication no longer exists in the processing of immigration files. We will update the status of this recommendation when DHS provides documentation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should assess the extent to which ICE has appropriate internal controls for tracking and managing detention facility costs and develop additional controls as necessary.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of December 2016, no additional information had been provided on the status of ICE efforts to address this recommendation. In February 2015, the Department of Homeland Security (DHS) reported that Immigration and Customs Enforcement (ICE) had created a spend plan tool to help track costs for each detention facility. In addition, DHS reported that ICE headquarters and field offices were coordinating to determine the resources needed to track and manage detention facilities costs. To fully address this recommendation, ICE should assess the extent to which the spend plan tool is an appropriate internal control for tracking and managing detention facilities costs and whether additional controls are necessary.
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should document the reasons facilities cannot be transitioned to the most recent standards.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: The Department of Homeland Security (DHS) did not concur with this recommendation. As of December 2016, no additional information had been provided on the status of Immigration and Customs Enforcement (ICE) efforts to address this recommendation. To fully address this recommendation, ICE should document the reasons detention facilities cannot be transition to the most recent national detention standards.
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should take additional steps to help ensure that personnel responsible for reviewing and paying facility detention invoices follow internal control procedures to ensure proper payments.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of December 2016, no additional information had been provided on the status of ICE efforts to address this recommendation. In October 2014, the Department of Homeland Security (DHS) reported that Immigration and Customs Enforcement (ICE) had issued a new "Receipt & Acceptance" policy applicable to all program offices and would assess if additional internal controls are required and implement any needed ones, as appropriate. In February 2015, DHS reported that ICE had not finalized an impact assessment of the new policy for fiscal year 2014 to determine if additional controls would be required. To fully address this recommendation, ICE should complete an impact assessment of the new policy to determine if additional controls are needed to ensure proper payment of facility detention invoices.
    Director: Charles Michael Johnson, Jr.
    Phone: (202) 512-7331

    1 open recommendations
    Recommendation: For elements identified in the Countering Iran in the Western Hemisphere Act of 2012 that were not fully addressed in the strategy, the Secretary of State should provide the relevant congressional committees with information that would fully address these elements. In the absence of such information, State should explain to the congressional committees why it was not included in the strategy.

    Agency: Department of State
    Status: Open

    Comments: In a letter dated December 23, 2014, the Department of State (State) noted that the elements identified in the GAO report as not being adequately addressed by State were matters where the consensus of the intelligence community was that there was not an identifiable threat to counter. GAO's report assessed that State did not address four specific elements identified in the Countering Iran in the Western Hemisphere Act of 2012. State's December 2014 letter provided explanations for these four elements, including the availability of information on existing agency websites, briefings provided to Congress, and State's lack of finding that foreign governments showed clear threats. We continue to maintain that the strategy did not include all of the elements that the law stated should be included, and State did not demonstrate that it provided relevant congressional committees with information that would fully address these elements. In December 2015, State noted that it remains in close contact with the relevant congressional committees across a range of security, economic and political with regard to the Western Hemisphere on a regular and continuing basis. State further noted that it provided an oral briefing along with its original submission of the report to Congress and answered questions posed by Congress. State officials said that they stand ready to provide further information in the appropriate setting should it be requested. However, State did not provide GAO with information about whether it had provided information to Congress specifically for the elements identified in the Countering Iran in the Western Hemisphere Act of 2012 that were not fully addressed in the strategy, nor provide additional information about whether State explained to the congressional committees why any absence of such information was not included in the strategy. Furthermore, GAO learned from the House Foreign Affairs Committee staff that State and the Office of the Director for National Intelligence provided a briefing to the committee regarding Iranian activities in Latin America on February 25, 2016. As of August 2016, GAO did not receive any documents related to the briefings because, according to State, the talking points document was considered deliberative and therefore could not be shared. According to State officials, they continue to monitor the issue and brief Congress as appropriate. As of June 2017, State noted that its position regarding this recommendation and the deliberative nature of the talking points document remains unchanged.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    6 open recommendations
    including 5 priority recommendations
    Recommendation: The Secretary of Homeland Security should designate the headquarters consolidation program a major acquisition, consistent with DHS acquisition policy, and apply DHS acquisition policy requirements.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: In alignment with GAO's recommendation, on September 16, 2014, DHS issued an Acquisition Decision Memorandum designating the DHS-funded portions of the headquarters consolidation program as a Major Acquisition Program to be overseen by the departmental Acquisition Review Board (ARB). DHS made further progress implementing this recommendation by conducting and documenting an ARB of the program on November 15, 2016. The ARB process provided DHS greater oversight of headquarters consolidation, and provided a forum for officials to consider a wide range of issues affecting consolidation efforts, such as funding and project scope. However, DHS and General Services Administration (GSA) were required to revise their cost and schedule estimates subsequent to the ARB's review. In addition, as of March 2017, DHS, in coordination with GSA, had not submitted the report to Congress on DHS Headquarters Consolidation mandated by Pub. L. No. 114-150. GAO will reassess the status of this recommendation after cost and schedule estimates are finalized and DHS and GSA submit the required report to Congress, i.e., when there is more certainty about the future direction of the project overall and DHS's funded portion in particular.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to conduct the following assessments and use the results to inform updated DHS headquarters consolidation plans: (1) a comprehensive needs assessment and gap analysis of current and needed capabilities that take into consideration changing conditions, and (2) an alternatives analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the project and prioritizes options to account for funding instability.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes a comprehensive assessment of property and facilities utilized by DHS in the National Capital Region, and an analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the consolidation project. DHS and GSA have made significant progress in developing a revised plan for headquarters consolidation since 2014, including the completion of a business case analysis to support the new plan. GAO will review the latest information on DHS headquarters consolidation efforts when it is provided to Congress, and will assess the materials in the context of this recommendation at that time. Continued DHS and GSA attention to following leading capital planning practices is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to conduct the following assessments and use the results to inform updated DHS headquarters consolidation plans: (1) a comprehensive needs assessment and gap analysis of current and needed capabilities that take into consideration changing conditions, and (2) an alternatives analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the project and prioritizes options to account for funding instability.

    Agency: General Services Administration
    Status: Open
    Priority recommendation

    Comments: GSA agreed with both recommendations to conduct a comprehensive needs assessment and gap analysis and to update cost and schedule estimates. The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150), enacted on April 29, 2016, mirrors GAO recommendations in this area. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS's headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes a comprehensive needs assessment, a costs and benefits analysis, and updated cost and schedule estimates. Furthermore, the act requires the Comptroller General to evaluate the cost and schedule estimates not later than 90 days after their submittal to Congress. DHS and GSA have made significant progress in developing an Enhanced Plan for headquarters consolidation since 2014, including the completion of a business case analysis to support the new plan. In addition, GSA is leading efforts to revise the project's cost and schedule estimates, and according to GSA officials, the revised figures will take into account GAO's leading cost-estimation practices. We will review the latest information on DHS's headquarters consolidation efforts when it is provided to Congress, and will assess the materials in the context of these recommendations at that time. Continued DHS and GSA attention to following leading practices for capital planning and cost and schedule estimation is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, after revising the DHS headquarters consolidation plans, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to develop revised cost and schedule estimates for the remaining portions of the consolidation project that conform to GSA guidance and leading practices for cost and schedule estimation, including an independent evaluation of the estimates.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes updated cost and schedule estimates for the consolidation project that are consistent with GAO's recommendations in GAO-14-648. Furthermore, the act requires the Comptroller General to evaluate the cost and schedule estimates not later than 90 days after their submittal to Congress. GSA is leading efforts to revise project cost and schedule estimates, and according to GSA officials, the revised figures will take into account GAO's leading estimation practices. GAO will review the latest DHS headquarters consolidation cost and schedule estimates when they are provided to Congress, and will assess the materials in the context of this recommendation at that time. Continued DHS and GSA attention to following leading cost and schedule estimation practices is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, after revising the DHS headquarters consolidation plans, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to develop revised cost and schedule estimates for the remaining portions of the consolidation project that conform to GSA guidance and leading practices for cost and schedule estimation, including an independent evaluation of the estimates.

    Agency: General Services Administration
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes updated cost and schedule estimates for the consolidation project that are consistent with GAO's recommendations in GAO-14-648. Furthermore, the act requires the Comptroller General to evaluate the cost and schedule estimates not later than 90 days after their submittal to Congress. GSA is leading efforts to revise project cost and schedule estimates, and according to GSA officials, the revised figures will take into account GAO's leading estimation practices. GAO will review the latest DHS headquarters consolidation cost and schedule estimates when they are provided to Congress, and will assess the materials in the context of this recommendation at that time. Continued DHS and GSA attention to following leading cost and schedule estimation practices is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Recommendation: Congress should consider making future funding for the St. Elizabeths project contingent upon DHS and GSA developing a revised headquarters consolidation plan, for the remainder of the project, that conforms with leading practices and that (1) recognizes changes in workplace standards, (2) identifies which components are to be colocated at St. Elizabeths and in leased and owned space throughout the National Capital Region, and (3) develops and provides reliable cost and schedule estimates.

    Agency: Congress
    Status: Open

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes: a comprehensive assessment of property and facilities utilized by DHS in the National Capital Region; an analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the consolidation project; and updated cost and schedule estimates for the project that are consistent with GAO's recommendations in GAO-14-648. Furthermore, the act requires the Comptroller General to evaluate the cost and schedule estimates not later than 90 days after their submittal to Congress. A comprehensive report to Congress on DHS headquarters consolidation, along with reliable project cost and schedule estimates, could inform Congress's funding decisions.
    Director: Stephen Caldwell
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: Within DHS, to promote efficiency and harmonize the various assessments to advance security and resilience across the spectrum of CI in a manner consistent with the Homeland Security Act of 2002, PPD-21, and the NIPP, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate work with other DHS offices and components to develop and implement ways that DHS can facilitate data sharing and coordination of vulnerability assessments to minimize the risk of potential duplication or gaps in coverage.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has taken action in response to GAO's September 2014 recommendation to develop a department-wide process to facilitate data sharing and coordination among the various DHS components that conduct or require vulnerability assessments, but has not fully implemented the recommendation. DHS first reported to GAO in August 2015 that its Office of Infrastructure Protection (IP) and the Sector Outreach and Programs Division Innovation Center had formed a vulnerability assessment working group comprised of a variety of federal stakeholders, both within and outside DHS, to enhance overall integration and coordination of vulnerability assessment efforts. In December 2015, DHS stated that IP was conducting pilot projects to expand access to its IPGateway portal--IP's system that houses infrastructure data and identifies facilities that have been assessed by IP. In a July 2016 update, DHS reported that IP had reached agreement with DHS components to expand access to its IP Gateway portal to those partners as a means to share IP's vulnerability assessment information and help coordinate assessment visits and related activities. DHS also noted in its update that IP had begun providing access to IP Gateway to components within DHS but did not provide a date as to when that step would be complete. These are positive steps toward implementing a systematic and integrated approach for facilitating data sharing and coordination of vulnerability assessments throughout the department. However, developing a department-wide process to facilitate data sharing and coordination among the DHS offices and components that conduct or require vulnerability assessments would better enable DHS to minimize the risk of potential duplication and gaps by its offices and components in the vulnerability assessments they conduct. Because DHS is still in the process of completing these steps, the recommendation has not yet been fully implemented.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to identify key CI security-related assessment tools and methods used or offered by SSAs and other federal agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to analyze the key CI security-related assessment tools and methods offered by sector-specific agencies (SSA) and other federal agencies to determine the areas they capture.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to develop and provide guidance for what areas should be included in vulnerability assessments of CI that can be used by DHS, SSAs, and other CI partners in an integrated and coordinated manner, among and across sectors, where appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To ensure effective evaluation of federal training programs and enhance DHS's stewardship of resources for federal training programs, the Secretary of Homeland Security should direct DHS components to ensure that their documented training evaluation processes fully address attributes for effective training evaluation processes as they are drafted, updated, or revised.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2014, we reported on the Department of Homeland Security's (DHS) training efforts, including the extent to which DHS has a documented process to evaluate training and development programs. We found that all five DHS components in GAO's review--U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, the U.S. Coast Guard, the Transportation Security Administration, and the Federal Law Enforcement Training Center--have a documented process to evaluate their training programs. Their documented processes fully included three of six attributes of effective training evaluation processes identifying goals, programs to evaluate, and how results are to be used. However, the documented processes did not consistently include the other three attributes: methodology, timeframes, and roles and responsibilities. We concluded that by updating documentation to address these attributes, DHS components would have more complete information to guide its efforts in conducting effective evaluations. We therefore recommended that DHS direct its components to ensure that their documented training evaluation processes fully address attributes for effective training evaluation processes as they are drafted, updated, or revised. In September 2016, DHS officials reported that a DHS-wide self-audit of training evaluation processes was completed on March 31, 2016 and found that DHS has current documentation addressing effective learning evaluation programs and that there are commonalities in evaluation procedures across the components. As a part of the self-audit, components provided policy and procedures documents related to their training evaluation processes and found that they adhere to sound instructional systems design models. However, the self-audit focused on identifying the specific training evaluation practices for a sample of courses at each component and not whether the component-level guidance included the attributes for effective training evaluation processes we identified in our report. Further, although DHS updated its department-wide guidance on training evaluation in April 2016 to incorporate the attributes for effective training evaluation processes and some components have followed suit, other components have not. For example, we found that some components, such as Customs and Border Protection and the U.S. Coast Guard, had updated their training evaluation guidance to include the attributes we identified in our report. Others, such as U.S. Immigration and Customs Enforcement were in the process of updating their guidance. However, as of April 2017, the guidance from the Transportation Security Administration remained in draft and the guidance from the Federal Law Enforcement Training Center had not been updated since our review. Therefore, this recommendation remains open pending action on the above noted items.
    Recommendation: To ensure effective evaluation of federal training programs and enhance DHS's stewardship of resources for federal training programs, the Secretary of Homeland Security should identify existing challenges that prevent DHS from accurately capturing training costs department-wide and, to the extent that the benefits of addressing those challenges exceed the costs, implement corrective measures to overcome these challenges..

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2014, we reported on the Department of Homeland Security's (DHS) training efforts, including the extent to which DHS has a documented process to reliably capture costs. We found that DHS identified efficiencies and cost savings for delivering a number of training programs. However, different methods are used for capturing training costs across the department, which poses challenges for reliably capturing these costs across DHS. Components capture training costs differently, contributing to inconsistencies in training costs captured across DHS. Variation in methods used to collect data can affect the reliability and quality of DHS-wide training program costs. However, DHS has not identified all challenges that contribute to these inconsistencies. We concluded that DHS could improve its awareness about the costs of training programs DHS-wide and thereby enhance its resource stewardship by identifying existing challenges that prevent DHS from accurately capturing training costs and implementing corrective measures. We therefore recommended that DHS identify existing challenges that prevent DHS from accurately capturing training costs department-wide and, to the extent that the benefits of addressing those challenges exceed the costs, implement corrective measures to overcome these challenges. As of September 2016, DHS reported that its Office of the Chief Human Capital Officer and Office of the Chief Financial Officer worked together to research the issue and determine the best course of action to standardize training cost reporting. However, this did not require a formal root cause analysis. In order to identify a way for the components to capture training costs in a standardized manner, DHS formed a Tiger Team that included officials from each component which identified 12 common functional areas for training to capture training costs. Components were directed to prepare implementation plans outlining how they will begin capturing cost data within the identified functional training areas and, according to DHS, began capturing the data on September 29, 2016. In January 2017, the DHS Chief Financial Officer provided guidance to the components as to how they are to report their training costs to DHS on a quarterly basis. Components provided their first quarterly submission to DHS in January 2017. These steps are in line with the intent of our recommendation. This recommendation will remain open as we monitor its continued implementation over the next two quarters.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    1 open recommendations
    Recommendation: To assess the progress of the Secure Flight program toward achieving its goals, the Transportation Security Administration's Administrator should develop additional measures to address key performance aspects related to each program goal, and ensure these measures clearly identify the activities necessary to achieve progress toward the goal.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions that DHS TSA has taken in response to this recommendation, we will provide updated information. Status last confirmed on 10/26/15.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    11 open recommendations
    Recommendation: To help ensure that the respective DHS and DOD data systems contain sufficiently complete and accurate information to facilitate effective oversight of the personnel security clearance revocation and appeal process, the Secretary of Defense should direct the Under Secretary of Defense for Intelligence to take steps to ensure that data are recorded and updated in the Joint Personnel Adjudication System (JPAS) and the department's new systems, so that the relevant fields are filled.

    Agency: Department of Defense
    Status: Open

    Comments: According to a July 2016 update to this recommendation from the Undersecretary of Defense (Intelligence) (USD(I)), the department plans to field the Defense Information System for Security (DISS) to replace Joint Personnel Adjudication System (JPAS) by March 2017. According to DOD, on a monthly basis, OUSD(I), DMDC, the Office of Personnel Management, DoD Components and Industry participate in a meeting which addresses actions to improve the accuracy of information in JPAS. These Data Quality Initiatives (DQIs) serve as the most appropriate means available at this time to enhance completeness and accuracy of JPAS data prior to DISS migration, according to DOD. GAO will continue to monitor migration of data from JPAS to DISS, expected to be completed by the March 2017.
    Recommendation: To help ensure independence and the efficient use of resources, the Secretary of Defense should direct the DOD General Counsel to first, resolve the disagreement about the legal authority to consolidate the PSABs (Personnel Security Appeals Board) and, in collaboration with the PSABs and the Under Secretary of Defense for Intelligence, address any other obstacles to consolidating DOD's PSABs.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2016, this recommendation remains open because DOD has not yet addressed any obstacles related to consolidating Personnel Security Appeals Boards. On July 10, 2015, DOD Office of General Counsel issued a memo stating that there is no legal obstacle to co-location or consolidation of the Services' Personnel Security Appeal Boards (PSABs) within the Defense Legal Services Agency. The memo further requested that the Director, Defense Personnel Security and Research Center,to do further assessment, after which the DoD OGC, in coordination with the Under Secretary of Defense for Intelligence, will consider whether any further actions should be taken. DOD estimated this action will be completed by the end of fiscal year 2016. GAO will continue to monitor DOD's response to this recommendation.
    Recommendation: To help ensure that all employees within DOD receive the same rights during the revocation process, the Secretary of Defense should direct the Secretary of the Navy to revise Secretary of the Navy Manual M-5510.30 to specify that any information collected by the Navy PSAB from the employee's command will be shared with the employee, who will also be given the opportunity to respond to any such information provided.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2016, this recommendation remains open. According to a memo from the Undersecretary of Defense (Intelligence), the update of the Navy Manual M-5510.30 has been delayed due to an update in publishing DOD?s personnel security policy. The memo stated that the Navy had instituted procedures to address information provided by the command, sharing the information with the individual and giving the individual an opportunity to respond. The Navy expects to issue its Manual by September 2017.
    Recommendation: To help ensure independence and the efficient use of resources, and, if the General Counsel determines that there are no legal impediments and that other obstacles to consolidation can be addressed, the Secretary of Defense should direct the Defense Legal Services Agency to take steps to implement the Secretary of Defense's direction to consolidate DOD's PSABs.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2016, this recommendation remains open because, as noted in a prior recommendation, DOD has not yet addressed obstacles to consolidating the Personnel Security Appeals Boards, despite having determined that there are no legal obstacles to consolidation. This recommendation will remain open until DOD takes steps to consolidate the PSABs.
    Recommendation: To help ensure that all employees within DOD receive the same rights during the revocation process, the Secretary of Defense should direct the Secretary of the Army to revise Army Regulation 380-67 to specify that any information collected by the Army PSAB from the employee's command or by the Army PSAB itself will be shared with the employee, who will also be given the opportunity to respond to any such information provided.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 16, 2016, this recommendation remains open pending a finalized version of Army Regulation 380-67. According to a DOD update to this recommendation, a major revision to Army Regulation AR 380-67, "Army Personnel Security Program," incorporates Personnel Security Appeal Boards (PSAB's) requirement to provide any documents it obtains, after receipt of a personnel security file, to the subject who will be allowed a reasonable period of time to respond prior to PSAB rendering a final decision. AR 380-67 is undergoing legal sufficiency review. DOD estimated this review will be finalized late in March 2017. GAO will monitor the status of this regulation and assess whether the revised regulation meets the intent of this recommendation.
    Recommendation: To help ensure that all employees are treated fairly and receive the protections established in the executive order, the Secretary of Homeland Security should direct the Commandant, U.S. Coast Guard, to revise the Coast Guard instruction for military personnel to specify that military personnel may be represented by counsel or other representatives at their own expense.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of summer 2016, in response to our recommendation, the Commandant of the Coast Guard issued a policy message stating that individuals may have counsel or other representative present at the service member's own expense. According to a Coast Guard official, this message serves as interim guidance until the personnel security manual can be finalized. This official estimated that the manual will be updated in the latter part of fiscal year 2016. This recommendation will remain open until the Coast Guard finalizes the update to its manual in accordance with our recommendation.
    Recommendation: To facilitate department-wide review and assessment of the quality of the personnel security clearance revocation process, the DNI should, in consultation with the Secretaries of Defense and Homeland Security, develop performance measures to better enable them to identify and resolve problems, and direct the collection of related revocation and appeals information.

    Agency: Office of the Director of National Intelligence
    Status: Open

    Comments: When we confirm what actions DNI has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate coordination between personnel security and human capital offices regarding how a security clearance revocation should affect an employee's employment status, and to help ensure that individuals are treated in a fair and consistent manner, the Secretary of Homeland Security should direct the Under Secretary for Management to review and revise policy regarding coordination between the personnel security and human capital offices to clarify what information can and should be communicated between human capital and personnel security officials at specified decision points in the revocation process, and when that information should be communicated.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate coordination between personnel security and human capital offices regarding how a security clearance revocation should affect an employee's employment status, and to help ensure that individuals are treated in a fair and consistent manner, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in consultation with the Under Secretary of Defense for Intelligence, to review and revise policy regarding coordination between the personnel security and human capital offices to clarify what information can and should be communicated between human capital and personnel security officials at specified decision points in the revocation process, and when that information should be communicated.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 16, 2016, this recommendation remains open pending the department's update to a draft manual. According to an update from DOD, the Office of the Undersecretary of Defense (Intelligence) (OUSD(I)) will replace DoD 5200.2-R, "Personnel Security Program," 01/1987 with DoD Manual5200.02. The draft DoD Manual elaborates on the procedures required during due process to ensure that individuals are treated in a fair and consistent manner, according to DOD's update. The Draft DoD Manual 5200.02 is under legal sufficiency review (LSR). Once LSR has been completed, the Federal Register package will be provided to the Office of Management and Budget for interagency coordination. DOD estimates the manual will be finalized March 30, 2017.
    Recommendation: To help ensure that the DNI report to Congress contains accurate data about the number of current DOD military and federal civilian employees eligible to access classified information, the Secretary of Defense should direct the Under Secretary of Defense for Intelligence and the Under Secretary of Defense for Personnel and Readiness to review and analyze the discrepancies in the total number of employees and the number of employees eligible to access classified information, and take immediate steps to address the problems.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 16, 2016, this recommendation remains open pending the department's fielding of an updated Defense Information System for Security (DISS), scheduled for the March 2017. According to an update provided by DOD, DISS will contain all requisite fields to capture revocation and appeals related data. GAO will monitor fielding of the new system and in the process of validating DOD officials' statements that discrepancies have been substantially resolved.
    Recommendation: To help ensure that similarly situated individuals are treated consistently, and to facilitate oversight and help ensure the quality of the security clearance revocation process, the DNI should review whether the existing security clearance revocation process is the most efficient and effective approach. In this review, the DNI should consider whether there should be a single personnel security clearance revocation process used across all executive-branch agencies and workforces, with consideration of areas such as the timing of the personal appearance in the revocation process, and the ability to cross-examine witnesses. Further, to the extent that a single process or changes to the existing parallel processes are warranted, the DNI should consider whether there is a need to establish any policies and procedures to facilitate a more consistent process, and recommend as needed any revisions to existing executive orders or other executive-branch guidance.

    Agency: Office of the Director of National Intelligence
    Status: Open

    Comments: When we confirm what actions DNI has taken in response to this recommendation, we will provide updated information
    Director: Stephen L. Caldwell
    Phone: (202) 512-9610

    1 open recommendations
    Recommendation: To help ensure that efforts to counter piracy and maritime crime are coordinated and prioritized to effectively address the evolving threat, the Assistant to the President for National Security Affairs, in collaboration with the Secretaries of Defense and State, should work through the Counter-Piracy Steering Group or otherwise collaborate with the Secretaries of Homeland Security, Transportation, and the Treasury, and the Attorney General to determine whether additional actions to address counterpiracy and maritime security, such as developing an action plan that includes elements of a strategic approach, are needed to guide and coordinate activities.

    Agency: Executive Office of the President: Office of the Assistant to the President for National Security Affairs
    Status: Open

    Comments: In June 2014, the Executive Office of the President issued the United States Counter Piracy and Maritime Security Action Plan, which includes an annex specific to activities in and around the Gulf of Guinea. While the plan outlines some of the planned indicators of effectiveness for activities in and around the Gulf of Guinea, the extent to which the agencies have assessed or plan to assess costs and benefits are not explicitly addressed. The plan states that the Counter Piracy Steering Group will coordinate, implement, and monitor the objectives outlined in the plan and will assess methods and agency activities to reduce risk and protect the maritime industry from acts of piracy and related maritime crime. The plan identifies an increase in investigating and prosecuting cases and a reduction in the trend of piracy and related maritime crime as tangible indicators of successful implementation of the plan. However, GAO's past work on piracy off the Horn of Africa recommended that, as part of a strategic approach, agencies (1) identify the costs of U.S. counterpiracy efforts including operational, support, and personnel costs; and (2) assess the benefits, and effectiveness of U.S. counterpiracy activities. The 2014 plan and its Gulf of Guinea annex do not include a discussion of these elements of a strategic approach. In August 2017, neither the Department of Defense nor the Department of State (the co-chairs of the Counter Piracy Steering Group) provided an update on the extent to which they have collectively or individually addressed the assessment of costs and benefits for activities in and around the Gulf of Guinea. Including these elements in the plan can help assess the effectiveness of current efforts, prioritize future efforts, and leverage resources. GAO will continue to monitor progress in this area.
    Director: David C. Trimble
    Phone: (202) 512-3841

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that the security of radiological sources at industrial facilities is reasonably assured, the Chairman of the Nuclear Regulatory Commission should conduct an assessment of the T&R process--by which licensees approve employees for unescorted access--to determine if it provides reasonable assurance against insider threats, including (1) determining why criminal history information concerning convictions for terroristic threats was not provided to a licensee during the T&R process to establish if this represents an isolated case or a systemic weakness in the T&R process; and (2) revising, to the extent permitted by law, the T&R process to provide specific guidance to licensees on how to review a employee's background. NRC should also consider whether certain criminal convictions or other indicators should disqualify an employee from T&R or trigger a greater role for NRC.

    Agency: Nuclear Regulatory Commission
    Status: Open
    Priority recommendation

    Comments: On December 14, 2016, the NRC provided Congress with a report detailing its review of the effectiveness of the requirements in 10 CFR Part 37 to determine whether any additional security measures, guidance updates, rulemaking changes, or licensee outreach efforts are appropriate. The completion of the 10 CFR Part 37 program review included insights into the effectiveness of the T&R process. Specifically, the review generated recommendations for enhancements in the area of T&R, including, among other things, increased controls for protection of information related to individuals having access to Category 1 and 2 quantities of radioactive materials; improved guidance related to information individuals must disclose when applying for unescorted access; development of sample forms or templates for use in T&R evaluations; and improved coordination efforts with the FBI to share potential terrorist threat information involving individuals seeking approval for new or continued unescorted access to Category 1 and 2 quantities of radioactive materials. However, certain aspects of the NRC staff's assessment of the T&R process remain ongoing. Specifically, on November 25, 2016, the staff closed Temporary Instruction (TI) 2800/042, "Evaluation of Trustworthiness and Reliability Determinations," and is using the information gained from the TI to consider additional enhancements to the T&R process. As part of this continuing effort, the NRC will evaluate the potential use of disqualifying criteria in making T&R determinations and the incorporation of additional insider mitigation program features, such as requiring the self-reporting of legal actions, into the T&R process to which the individual has been subject. The NRC expects this evaluation to be completed in December 2017.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    5 open recommendations
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to work with federal and nonfederal partners to ensure that the maritime risk assessment includes cyber-related threats, vulnerabilities, and potential consequences.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, USCG stated that the National Maritime Strategic Risk Assessment (NMSRA) was still being finalized. The agency stated that they expected this to be completed by July 2017. Once completed, we will analyze the results of the NMSRA in order to validate the extent to which its contents implement our recommendation.
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to use the results of the risk assessment to inform how guidance for area maritime security plans, facility security plans, and other securityrelated planning should address cyber-related risk for the maritime sector.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, USCG stated that it had developed a draft Navigation and Vessel Inspection Circular (NVIC) to provide guidance on assessment methods that assist vessel and facility owners and operators identify and address cybersecurity vulnerabilities. USCG stated that the draft NVIC would be published in the Federal Register for 60 days, to enable maritime stakeholders to review and provide comment. Once USCG provides us a final copy of the NVIC, we will analyze it to determine if it provides guidance for addressing cyber-related risk in the maritime sector.
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to work with federal and nonfederal stakeholders to determine if the Maritime Modal Sector Coordinating Council should be reestablished to better facilitate stakeholder coordination and information sharing across the maritime environment at the national level.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, the U.S. Coast Guard (USCG) stated that the tasking for the National Maritime Security Advisory Committee to explore the issue of information sharing mechanisms in regards to cyber information had been completed. However, USCG did not mention any decision related to the reestablishment of the sector coordinating council.
    Recommendation: To help ensure the effective use of Port Security Grant Program funds to support the program's stated mission of addressing vulnerabilities in the maritime port environment, the Secretary of Homeland Security should direct the FEMA Administrator, in coordination with the Coast Guard, to develop procedures for officials at the field review level (i.e., captains of the port) and national review level (i.e., the National Review Panel and FEMA) to consult cybersecurity subject matter experts from the Coast Guard and other relevant DHS components, if applicable, during the review of cybersecurity grant proposals for funding.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, FEMA officials stated they would provide GAO an update on the status of the recommendation by July 2017. Once provided, we will analyze the information we receive and update status of implementation efforts.
    Recommendation: To help ensure the effective use of Port Security Grant Program funds to support the program's stated mission of addressing vulnerabilities in the maritime port environment, the Secretary of Homeland Security should direct the FEMA Administrator, in coordination with the Coast Guard, to use any information on cyberrelated threats, vulnerabilities, and consequences identified in the maritime risk assessment to inform future versions of funding guidance for grant applicants and reviews at the field and national levels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, FEMA officials stated they would provide GAO an update on the status of the recommendation by July 2017. Once provided, we will analyze the information received and update status of implementation efforts.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To help ensure that it receives accurate information on the full effect of funding decisions on acquisition programs, Congress should consider amending the law that governs the 5-year Capital Investment Plan to require the Coast Guard to submit cost and schedule information that reflects the impact of the annual President's budget request on each acquisition across the portfolio--in addition to the current practice of reporting the cost and schedule estimates in current program baselines.

    Agency: Congress
    Status: Open

    Comments: Thus far no congressional action has been taken on this Matter. We will continue to follow up with relevant congressional committees.
    Recommendation: To help the Coast Guard improve the long-term outlook of its portfolio, the Commandant of the Coast Guard should develop a 20-year fleet modernization plan that identifies all acquisitions needed to maintain the current level of service and the fiscal resources necessary to build the identified assets. The plan should also consider trade-offs if the fiscal resources needed to execute the plan are not consistent with annual budgets.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: Based on this recommendation, Congress has requested that the Coast Guard develop a 20-year plan that identifies all acquisitions needed to maintain the Coast Guard's current level of service and the financial commitment necessary to achieve this plan. As a part of a series of testimonies in June and July 2017, we found that Coast Guard officials stated they are developing a 20-year Capital Investment Plan (CIP), but the timeframe for completion is unknown. The Coast Guard does, however, submit a 5-year CIP annually to Congress that projects acquisition funding needs for the upcoming 5 years. GAO found the CIPs do not match budget realities in that tradeoffs are not included. In the 20-year CIP, GAO would expect to see all acquisitions needed to maintain current service levels and the fiscal resources to build the identified assets as well as tradeoffs in light of funding constraints.
    Director: Eileen Larence
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To help ensure that I&A maintains critical skills and competencies, when planning for and implementing current and future workforce actions, the Secretary of Homeland Security should establish mechanisms to monitor and evaluate workforce initiatives and use results to determine any needed changes.

    Agency: Department of Homeland Security
    Status: Open

    Comments: GAO will update the status of this recommendation when the Department of Homeland Security provides documentation and other information on actions it has taken to monitor and evaluate workforce initiatives.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should establish an updated performance target for completing application vetting and a process to modify that target, as needed, based on factors such as changes in the number of trusted traveler program applications and available resources.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the agency is transitioning to a new vetting platform, which will allow them to more fully assess application data. The estimated completion date is December 30, 2015.
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should assess the feasibility of practices to expedite the interview process, which could include assessing the potential trade-offs, costs, and benefits associated with any proposed practices, such as those currently proposed or implemented at specific enrollment centers, and implement those practices CBP determines to be feasible.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the Office of Field Operations, Trusted Traveler Programs (TTP) Division intends to complete the recommendation and provide a summary of findings and recommended best practices by December 30, 2015.
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should develop a mechanism to track enrollment interview appointment availability data over time.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the agency has initiated a redesign of the Global Online Enrollment System (GOES), to include GOES scheduling. A report on this effort, expected to further establish the project deliverables, level of effort, milestones and estimated completion timeline, is scheduled to be completed by December 30, 2015.
    Recommendation: To better ensure that the trusted traveler eligibility criteria and applicant adjudication processes are consistently implemented in accordance with CBP policy at all enrollment centers and by partner countries, the Commissioner of CBP should establish a mechanism or mechanisms in GES to allow CBP officers to efficiently document the types of interview questions asked and the nature of applicant responses, when appropriate, and then use this information to monitor the implementation of the interview process.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information. Status last updated October 16, 2015.
    Director: Dave Wise
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: The Secretary of Transportation and the Secretary of Homeland Security should direct the Administrators of FTA and FEMA to establish specific guidelines to monitor, evaluate, and report the results of collaborative efforts--including their communications program and protocol--for Hurricane Sandy as well as future disasters.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FTA and FEMA concurred with the recommendation and reported they took two actions in response. First, FTA and FEMA executed the communications protocol contemplated in the memorandum of agreement governing and collaboration between the two agencies in future disasters. This protocol established a joint tracking system to prevent duplicative assistance and included provisions for coordinating funding and for collaborating where insurance settlements and share grantees are involved. Second, in May 2017, FTA and FEMA published an after action report on coordination between the agencies in response to Hurricane Sandy. This report described the coordination that occurred during the Hurricane Sandy response, and discussed lessons learned to be applied to future events, such as the need for more frequent regularly scheduled meetings. We are evaluating FTA's and FEMA's responses.
    Recommendation: The Secretary of Transportation and the Secretary of Homeland Security should direct the Administrators of FTA and FEMA to establish specific guidelines to monitor, evaluate, and report the results of collaborative efforts--including their communications program and protocol--for Hurricane Sandy as well as future disasters.

    Agency: Department of Transportation
    Status: Open

    Comments: FTA and FEMA concurred with the recommendation and reported they took two actions in response. First, FTA and FEMA executed the communications protocol contemplated in the memorandum of agreement governing and collaboration between the two agencies in future disasters. This protocol established a joint tracking system to prevent duplicative assistance and included provisions for coordinating funding and for collaborating where insurance settlements and share grantees are involved. Second, in May 2017, FTA and FEMA published an after action report on coordination between the agencies in response to Hurricane Sandy. This report described the coordination that occurred during the Hurricane Sandy response, and discussed lessons learned to be applied to future events, such as the need for more frequent regularly scheduled meetings. We are evaluating FTA's and FEMA's responses.
    Director: Brown Barnes, Cindy S
    Phone: (202) 512-9345

    4 open recommendations
    including 1 priority recommendation
    Recommendation: The Secretary of Labor should direct the Assistant Secretary for Occupational Safety and Health to take steps to identify high risk facilities working with ammonium nitrate and develop options to target them for inspection.

    Agency: Department of Labor
    Status: Open
    Priority recommendation

    Comments: In 2016, OSHA officials reported that implementation of their planned local emphasis programs focused on safe use and storage of ammonium nitrate and anhydrous ammonia at fertilizer facilities was delayed due to litigation regarding process safety management enforcement in the fertilizer industry. As of July 2017, OSHA officials stated that with the recent conclusion of that litigation, OSHA is considering initiation of local emphasis programs focused on the storage and handling of ammonium nitrate and anhydrous ammonia at fertilizer facilities. Once initiated, a local emphasis program requires a focused inspection program with facilities chosen at random from the list of facilities in appropriate industry codes. OSHA previously (December 3, 2014) issued guidance to Regional Administrators to assist OSHA officials in enforcing the ammonium nitrate storage requirements in the Explosives and Blasting Agents Standard. We will close this recommendation when the local emphasis programs are initiated.
    Recommendation: To strengthen federal oversight of facilities with ammonium nitrate, the Secretary of Labor and the Administrator of EPA should direct OSHA and EPA, respectively, to consider revising their related regulations to cover ammonium nitrate and jointly develop a plan to require high risk facilities with ammonium nitrate to assess the risks and implement safeguards to prevent accidents involving this chemical.

    Agency: Department of Labor
    Status: Open

    Comments: On December 9, 2013, OSHA issued a Request for Information seeking, among other things, comments on potential revisions to its Process Safety Management standard and its Explosives and Blasting Agents Standard. The Request for Information specifically invited comments on safe work practices for storing, handling, and managing ammonium nitrate and on regulatory requirements to improve its approach to preventing the hazards associated with ammonium nitrate. As of July 2017, OSHA reports it has completed a Small Business Regulatory Flexibility Review Act panel to gather feedback from small businesses on updating its Process Safety Management (PSM) regulation. During the panel, the agency discussed the option of adding ammonium nitrate to the list of chemicals covered by PSM and collected comments. Currently, the PSM rulemaking is on the regulatory agenda under Long Term Action. According to OSHA officials, the agency will continue to collect comments on the option of adding ammonium nitrate to the list of highly hazardous chemicals covered by the PSM regulations as dictated by the rulemaking process. We will close this recommendation when OSHA decides what action to take as a result of the requests for information.
    Recommendation: To strengthen federal oversight of facilities with ammonium nitrate, the Secretary of Labor and the Administrator of EPA should direct OSHA and EPA, respectively, to consider revising their related regulations to cover ammonium nitrate and jointly develop a plan to require high risk facilities with ammonium nitrate to assess the risks and implement safeguards to prevent accidents involving this chemical.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In January 2017, EPA issued a final rule to modify its Risk Management Program (RMP) regulations. The agency decided not to propose any revisions to the list of regulated substances and therefore, did not address ammonium nitrate in the revised regulations. In a June 2016 update from EPA, EPA stated that OSHA is considering whether ammonium nitrate should be added to the list of chemicals subject to OSHA Process Safety Management regulations. According to the June 2016 update, EPA stated that while the agency is not presently proposing that ammonium nitrate be added to the list of substances subject to the RMP rule, the agency may elect to propose such a listing at a later date.
    Recommendation: The Secretary of Labor should direct the Assistant Secretary for Occupational Safety and Health to consider updating regulations for the storage of ammonium nitrate taking into consideration, as appropriate, other related standards and current practices.

    Agency: Department of Labor
    Status: Open

    Comments: OSHA previously (December 3, 2014) issued guidance to Regional Administrators to assist OSHA officials in enforcing the ammonium nitrate storage requirements in the Explosives and Blasting Agents Standard. In addition, on December 9, 2013, OSHA issued a Request for Information (RFI) seeking, among other things, comments on potential revisions to the Explosives and Blasting Agents Standard, which includes ammonium nitrate storage requirements. The RFI specifically invited comments on safe work practices for storing, handling, and managing ammonium nitrate and on regulatory requirements to improve its approach to preventing the hazards associated with ammonium nitrate. As of July 2017, this rulemaking is on the regulatory agenda under Long Term Action. We will close this recommendation when the agency decides what action to take as a result of the request for information.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To better communicate acquisition funding needs to Congress, the Secretary of Homeland Security should enhance the content of future Future Years Homeland Security Program (FYHSP) reports--for fiscal years 2016-20 and beyond--by presenting acquisition programs' annual cost estimates and any anticipated funding gaps.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that it provides Congress Comprehensive Acquisition Status Reports (CASR) on a quarterly basis that include cost estimates for all major acquisition programs. However, the CASRs do not disaggregate the cost estimates to identify how much the programs are expected to cost each year, and therefore the proposed approach would not allow Congress to identify funding gaps on an annual basis. In April 2016, DHS presented an alternative approach that would incorporate annual funding gaps into future FYHSP reports. DHS stated it plans to initially include these annual funding gaps in the fiscal years 2018-22 FYHSP report, which was expected to be released shortly after the President's fiscal year 2018 budget request in May 2017. However, the transition to a new administration delayed the release of the FYHSP report. Once available, GAO will evaluate the FYHSP report to determine whether DHS has met the intent of this recommendation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    including 3 priority recommendations
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, when updating the schedules for the IFT, Remote Video Surveillance System (RVSS), and Mobile Surveillance Capability programs, the Commissioner of CBP should ensure that scheduling best practices, as outlined in our schedule assessment guide, are applied to the three programs' schedules.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: In March 2014, CBP concurred with our recommendation and in response, stated it planned to ensure that scheduling best practices are applied as far as practical when updating the three program schedules. In May 2016 CBP provided us with complete schedules for the IFT and RVSS programs. In December 2016, we provided CBP our assessment of the updated schedules for the IFT and RVSS programs. In January 2017 CBP provided us with a complete schedule for the MSC program and in March 2017, we provided CBP with our assessment of the MSC schedule. In April 2017, CBP provided additional clarifying information in regards to the MSC schedule. As of May 2017, based on our assessment of the updated schedules for the IFT, RVSS, and MSC programs, CBP has made improvements in the quality of the schedules since our last report, but the program schedules have not met all characteristics of a reliable schedule.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, the Commissioner of CBP should develop and maintain an Integrated Master Schedule for the Plan that is consistent with scheduling best practices.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In March 2014, CBP did not concur with this recommendation and maintained that an integrated master schedule for the Plan in one file undermines the DHS-approved implementation strategy for the individual programs making up the Plan, and that the implementation of this recommendation would essentially create a large, aggregated program, and effectively create an aggregated "system of systems". DHS further stated that a key element of the Plan has been the disaggregation of technology procurements. As of December 2016, CBP continues to non-concur with this recommendation and plans no further action. However, as we noted in the report, collectively these programs are intended to provide CBP with a combination of surveillance capabilities to be used along the Arizona border with Mexico. Moreover, while the programs themselves may be independent of one another, the Plan's resources are being shared among the programs. As such, we continue to believe that developing an integrated master schedule for the Plan is needed. Developing and maintaining an integrated master schedule for the Plan could allow CBP insight into current or programmed allocation of resources for all programs as opposed to attempting to resolve any resource constraints for each program individually.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, when updating Life-cycle Cost Estimates for the IFT and RVSS programs, the Commissioner of CBP should verify the Life-cycle Cost Estimates with independent cost estimates and reconcile any differences.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In March 2014, DHS concurred with this recommendation. In May 2016 CBP provided us with updated life-cycle cost estimates for two of its highest-cost programs under the Plan--the Integrated Fixed Tower (IFT) and the Remote Video Surveillance (RVSS). Further, CBP officials stated that in fiscal year 2016, DHS's Cost Analysis Division started piloting DHS's independent cost estimate capability on the RVSS program. According to CBP officials, the pilot is an opportunity to assist DHS in developing its independent cost estimate capability and that CBP selected the RVSS program for the pilot because the program is at a point in its planning and execution process where it can benefit most from having an independent cost estimate performed as these technologies are being deployed along the southwest border, beyond Arizona. In August 2016, CBP officials provided an update stating that details for an estimated independent cost estimate schedule and analysis plan for the RVSS program had not yet been finalized. As of November 2016, CBP officials stated that the results of the independent cost estimate for the RVSS program are expected to be completed by January 31, 2017. Further, CBP officials have not detailed similar plans for the IFT. We continue to believe that independently verifying the life-cycle cost estimates for the IFT and RVSS programs and reconciling any differences, consistent with best practices, could help CBP better ensure the reliability of the estimates.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, the Commissioner of CBP should revise the IFT Test and Evaluation Master Plan to more fully test the IFT program, before beginning full production, in the various environmental conditions in which IFTs will be used to determine operational effectiveness and suitability, in accordance with DHS acquisition guidance.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: In March 2014, DHS did not concur with this recommendation and stated that the Test and Evaluation Master Plan includes tailored testing and user assessments that will provide much, if not all, of the insight contemplated by the intent of the recommendation. According to CBP officials, acceptance testing was performed on the system in July 2015 and a limited user testing for the IFT system was conducted during October and November 2015. In May 2016, CBP reported that it had conditionally accepted seven out of 53 IFT systems in one area of responsibility. CBP also reported that it is working to deploy and test the remaining IFT unit systems to other areas of responsibility. In November 2016, CBP stated that they continue to non-concur with this recommendation and planned no further action. However, as we reported in March 2014, we continue to believe that revising the Test and Evaluation Master Plan to include more robust testing to determine operational effectiveness and suitability could better position CBP to (1) evaluate IFT capabilities before moving forward to full production for the system, (2) provide CBP with information on the extent to which the towers satisfy Border Patrol's user requirements, and (3) reduce potential program risks. Without conducting operational testing in accordance with DHS guidance, the IFT program may be at increased risk of not meeting Border Patrol operational needs.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, once data on asset assists are required to be recorded and tracked, the Commissioner of CBP should analyze available data on apprehensions and seizures and technological assists, in combination with other relevant performance metrics or indicators, as appropriate, to determine the contribution of surveillance technologies to CBP's border security efforts.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: In February 2015, Border Patrol officials provided documentation stating that the agency has yet to analyze data on asset assists, in combination with other relevant performance metrics and indicators to determine the contributions of surveillance technologies to its mission. However, the Border Patrol plans to address this recommendation using the Capability Gap Analysis Process (CGAP) developed by Johns Hopkins University Applied Physics Lab specifically for the Border Patrol. According to Border Patrol officials, the CGAP will enable the agency to examine the effects of technology and other Border Patrol assets such as agents, infrastructure, in the context of everyday border patrol operations. The data generated by the CGAP along with e3 apprehension and seizure data will better inform the nature of the contributions and impacts of surveillance technology on enforcement efforts. Border Patrol officials explained that capturing data on asset assists within the in e3 Processing database was the first step to determine the contribution of technology to detect, identify, and classify activity along the border. Further, the Border Patrol identified individual types of technology such as Integrated Fixed Towers, Mobile Video Surveillance System, Underground Sensors, etc. and grouped them into classes such as Fixed, Mobile and Relocatable to better distinguish the contribution of each class of technology. As the Border Patrol gains a better understanding through analysis, the agency plans to continue to refine the measures and the collection of the metrics. In November 2014, the Border Patrol proposed a timeline highlighting the agency's future efforts to capture and document the contributions of the different classes of technology to the Border Patrol's mission. In our March 2016 update on the progress made by agencies to address our findings on duplication and cost savings across the federal government, we reported that CBP had modified its time frame for developing baselines for each performance measure and that additional time would be needed to implement and apply key attributes for metrics. In March 2016, according to CBP officials, the actual completion was being adjusted pending test and evaluation results for recently deployed technologies on the southwest border. In addition, Border Patrol officials told us that they planned to have various qualitative and quantitative performance measures of technology completed by the end of fiscal year 2016. These measures would help profile different levels of situational awareness in different areas of the border. In September 2016, Border Patrol provided a case study that assessed CGAP data with technology assist data and other measures to determine contributions of surveillance technologies to its mission. While this is a start to developing performance measures, the case study is limited to one location along the border and the analysis limited to select technologies. As of April 2017, CBP had not conducted assessments of the deployments to determine the contribution of surveillance technologies to the border security mission. Until CBP completes its efforts to fully develop and apply key attributes for performance metrics for all technologies to be deployed under the Plan, it will not be well positioned to fully assess its progress in implementing and determining the Plan and determine when mission benefits have been fully realized.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To better ensure DSOs' and students' compliance with OPT requirements, and strengthen efforts to identify and assess potential risks in OPT, the Director of ICE should direct SEVP to develop and distribute guidance to DSOs on how to determine whether a job is related to a student's area of study and require DSOs to provide information in SEVIS to show that they took steps, based on this guidance, to help ensure that the student's work is related to the area of study.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of April 2015, SEVP has made progress in developing employment guidance to support DSOs in determining whether a job is related to a student's area of study and requiring DSOs to provide such information in SEVIS. SEVP stated that it has drafted such guidance and it is being reviewed by SEVP subject matter experts. In addition, SEVP stated that it is developing information requirements for DSOs to attest that they adhered to the new employment guidance document in SEVIS, which requires system enhancements. In May 2016, the new STEM OPT regulation went into effect and, among other things, SEVP officials stated that it requires much greater detail on the scope of the employment and how it is related to the earned degree. As of October 2016, SEVP expects that non-STEM guidance on field of study will be finalized by the second quarter of fiscal year 2017.
    Director: Dinapoli, Timothy J
    Phone: (202) 512-4841

    7 open recommendations
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Office of the Director of National Intelligence
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. ODNI has held roundtables to discuss OFPP PL 11-01 implementation with other IC agencies. ODNI also revised ICD 612 but has not developed implementing guidance for ODNI MSD.
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Department of Energy
    Status: Open

    Comments: In its letter to OMB and the Congress, the agency concurred with this recommendation. In July 2015, the agency issued interim guidance, but the guidance does not fully address OFPP Policy Letter 11-01. The agency explained that once the Federal Acquisition Regulation is updated, the agency's acquisition regulation will be updated as necessary to reflect the new guidance. Since that time, no further action has occurred.
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Department of Justice
    Status: Open

    Comments: In its letter to OMB and the Congress, the agency concurred with this recommendation but has not yet taken the actions necessary to implement it.
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Department of the Treasury
    Status: Open

    Comments: In its letter to OMB and the Congress, the agency concurred with this recommendation. Treasury issued additional supplemental guidance and is currently updating its procurement and workforce guidance to fully address OFPP Policy Letter 11-01.
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Central Intelligence Agency
    Status: Open

    Comments: The agency did not comment on our recommendation. Please contact Timothy DiNapoli at (202) 512-4841 or dinapolit@gao.gov for additional information on the status of this recommendation.
    Recommendation: To improve congressional oversight and enhance civilian IC elements' insights into their use of core contract personnel, when reporting to congressional committees, the IC CHCO should clearly specify limitations and significant methodological changes and their associated effects.

    Agency: Office of the Director of National Intelligence: IC Chief Human Capital Officer
    Status: Open

    Comments: The IC CHCO described steps it was taking to implement the recommendation. For example, the IC CHCO stated it highlighted limitations to the data and the reasons for data adjustments from year-to-year in its FY 2014-2016 briefings to Congress. We will continue to follow up with the IC CHCO to determine whether these actions meet the intent of the recommendation.
    Recommendation: To improve the ability of the civilian IC elements to strategically plan for their contractors and mitigate associated risks, the IC CHCO should revise the Intelligence Community Directive 612's provisions governing strategic workforce planning to require the IC elements to identify their assessment of the appropriate workforce mix on a function-by-function basis.

    Agency: Office of the Director of National Intelligence: IC Chief Human Capital Officer
    Status: Open

    Comments: In August 2015, IC CHCO revised Intelligence Community Directive 612 and removed the provisions governing strategic workforce planning. We will continue to follow up with IC CHCO to determine whether steps will be taken to require IC elements to identify an appropriate workforce mix.
    Director: Wilshusen, Gregory C
    Phone: (202)512-6244

    1 open recommendations
    Recommendation: The Secretary of Homeland Security, in collaboration with emergency service sector stakeholders, should address the cybersecurity implications of implementing Next Generation 911 and the First Responder Network Authority network in the next iteration of sector plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In December 2015, DHS released an updated sector-specific plan for the emergency services sector that describes the sector's greater dependence on cyber-based infrastructure as a notable trend and emerging issue among the sector's risks. However, the plan does not incorporate steps to address the cybersecurity risk of implementing Next Generation 911 or risks associated with the First Responder Network, the public safety broadband network, currently in development. An update to the sector-specific plan will likely not occur until 2018. When DHS provides evidence regarding additional risk mitigation steps, we will review the evidence provided to update the status of this recommendation.
    Director: Grover, Jennifer A
    Phone: (202) 512-7141

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To help ensure that security-related funding is directed to programs that have demonstrated their effectiveness, the Secretary of Homeland Security should direct the TSA Administrator to limit future funding support for the agency's behavior detection activities until TSA can provide scientifically validated evidence that demonstrates that behavioral indicators can be used to identify passengers who may pose a threat to aviation security.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security (DHS) did not concur with GAO's November 2013 recommendation to the TSA Administrator to limit future funding support for the agency's behavior detection activities until TSA can provide scientifically validated evidence that demonstrates that behavioral indicators can be used to identify passengers who may pose a threat to aviation security. However, as of July 2017, DHS has reduced funding for its behavior detection activities and taken some steps toward identifying additional evidence to support its use of behavioral indicators. TSA officials stated that GAO's recommendation contributed to DHS's decision to reduce the number of behavior detection officers (BDO) from 3,131 full-time equivalents in fiscal year 2013 to 2,393 full-time equivalents employed in fiscal year 2016. Further, in the summer of 2016 and consistent with the Aviation Security Act of 2016, the agency began assigning BDOs to other positions at passenger screening checkpoints where they are able to observe passengers while performing screening duties. According to TSA officials, all BDOs have now been converted into transportation security officers with behavior detection capabilities, which is expected to reduce the cost of the agency's behavior detection activities. As of August 2017, TSA does not yet have an estimate of any associated cost reductions. Since GAO's 2013 report, TSA has revised its list of behavioral indicators and taken some steps to identify evidence that these indicators can be used to identify passengers who may pose a threat to aviation security. Specifically, TSA hired a contractor to search available literature for sources supporting its revised list of 36 behavioral indicators. However, in 2017, GAO reviewed all 178 sources TSA identified and found that 98 percent (175 of 178) did not provide valid evidence for specific behavioral indicators in its revised list and that the remaining 3 sources could be used as valid evidence to support 8 of the 36 indicators. GAO reported that TSA should continue to limit funding for the agency's behavior detection activities until TSA can provide valid evidence demonstrating that behavioral indicators can be used to identify passengers who may pose a threat to aviation security, consistent with the recommendation in its November 2013 report.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    4 open recommendations
    Recommendation: To ensure that the increasing risks of GPS disruptions to the nation's critical infrastructure are effectively managed, the Secretary of Homeland Security should increase the reliability and usefulness of the GPS risk assessment by developing a plan and time frame to collect relevant threat, vulnerability, and consequence data for the various critical infrastructure sectors, and periodically review the readiness of data to conduct a more data-driven risk assessment while ensuring that DHS's assessment approach is more consistent with the National Infrastructure Protection Plan (NIPP).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials had previously indicated that DHS's Office of Infrastructure Protection (IP) and Office of Cyber and Infrastructure Analysis (OCIA) have discussed an update of the GPS risk assessment, noting that such an update may be included in fiscal year 2017 planning documents. However, as of February 2017, no documentation had been provided that demonstrates such plans. Additionally, information from DHS shows that DHS has continued other efforts to collect potentially relevant threat, vulnerability, and consequence data for various GPS equipment in use. For example, according to DHS officials, DHS has conducted visits to major maritime, finance, wireless communications, and electricity firms to gauge their understanding of GPS vulnerabilities and of technology- and strategy-based efforts to improve GPS resilience, and DHS documentation shows that DHS has held events to test GPS receivers as part of assessing vulnerabilities. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To ensure that the increasing risks of GPS disruptions to the nation's critical infrastructure are effectively managed, the Secretary of Homeland Security should, as part of current critical infrastructure protection planning with Sector-Specific Agencys (SSAs) and sector partners, develop and issue a plan and metrics to measure the effectiveness of GPS risk mitigation efforts on critical infrastructure resiliency.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2017, DHS documentation shows that DHS has worked with Sector Specific Agencies (SSAs) and other interagency partners to help manage GPS risks and continues to communicate information on risks to critical infrastructure partners. For example, according to DHS officials, this included briefing field staff and developing questions for infrastructure surveys to gather information on GPS resilience at the facility level. According to DHS officials, at the national level DHS included GPS in discussions with SSAs on topics they could include in their Sector-Specific Plans (each SSA develops a Sector-Specific Plan to detail risk management in its critical infrastructure sector), but DHS has also indicated that sector-oriented metrics are not a viable means of assessing risk management actions. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To improve collaboration and address uncertainties in fulfilling the National Security Presidential Directive 39 (NSPD-39) backup-capabilities requirement, the Secretaries of Transportation and Homeland Security should establish a formal, written agreement that details how the agencies plan to address their shared responsibility. This agreement should address uncertainties, including clarifying and defining DOT's and DHS's respective roles, responsibilities, and authorities; establishing clear, agreed-upon outcomes; establishing how the agencies will monitor and report on progress toward those outcomes; and setting forth the agencies' plans for examining relevant issues, such as the roles of SSAs and industry, how NSPD-39 fits into the NIPP risk management framework, whether an update to the NSPD-39 is needed, or other issues as deemed necessary by the agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2017, the National Executive Committee for Space-Based Positioning, Navigation, and Timing (PNT) Executive Steering group had established an interagency team called the "Complementary PNT Tiger Team" co-chaired by DHS, DOT, and DOD. This team was formed to manage the federal government's efforts to establish a national backup system to GPS. According to DHS officials, this organizational structure obviates the need for a formal, written agreement between DOT and DHS specific to GPS backup responsibilities. They also stated that, in a separate but related effort, DHS, DOT, and DOD are discussing a tri-lateral agreement that covers a broad spectrum of PNT-related responsibilities and activities. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To improve collaboration and address uncertainties in fulfilling the National Security Presidential Directive 39 (NSPD-39) backup-capabilities requirement, the Secretaries of Transportation and Homeland Security should establish a formal, written agreement that details how the agencies plan to address their shared responsibility. This agreement should address uncertainties, including clarifying and defining DOT's and DHS's respective roles, responsibilities, and authorities; establishing clear, agreed-upon outcomes; establishing how the agencies will monitor and report on progress toward those outcomes; and setting forth the agencies' plans for examining relevant issues, such as the roles of SSAs and industry, how NSPD-39 fits into the NIPP risk management framework, whether an update to the NSPD-39 is needed, or other issues as deemed necessary by the agencies.

    Agency: Department of Transportation
    Status: Open

    Comments: As of February 2017, the National Executive Committee for Space-Based Positioning, Navigation, and Timing (PNT) Executive Steering group had established an interagency team--called the "Complementary PNT Tiger Team"--co-chaired by DHS, DOT, and DOD. This team was formed to manage the federal government's efforts to establish a national backup system to GPS. According to DHS officials, this organizational structure obviates the need for a formal, written agreement between DOT and DHS specific to GPS backup responsibilities. They also stated that, in a separate but related effort, DHS, DOT, and DOD are discussing a tri-lateral agreement that covers a broad spectrum of PNT-related responsibilities and activities. We will update the status of this recommendation after we receive additional information from DOT.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To improve the management and oversight of FPS's contract guard program, the Secretary of Homeland Security should direct the Under Secretary of National Protection and Programs Directorate (NPPD) and the Director of FPS to take immediate steps to determine which guards have not had screener or active-shooter scenario training and provide it to them and, as part of developing a national lesson plan, decide how and how often these trainings will be provided in the future.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS has indicated that they plan to implement this recommendation through its implementation of a training management system. FPS anticipates beginning implementation of this system in early 2018 and completing implementation by August 2018. GAO will continue to work with FPS to determine whether this recommendation has been implemented.
    Recommendation: To improve the management and oversight of FPS's contract guard program, the Secretary of Homeland Security should direct the Under Secretary of NPPD and the Director of FPS to require that contract guard companies' instructors be certified to teach basic and refresher training courses to guards and evaluate whether a standardized instructor certification process should be implemented.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS has indicated that they are currently assessing options for implementing a national lesson plan for guard training that addresses this recommendation. GAO will continue to work with FPS to determine whether this recommendation has been implemented.
    Director: Gambler, Rebecca S
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To improve the usefulness of southwest border crossing wait time data for informing public and management decisions, the Commissioner of CBP should identify and carry out steps that can be taken to help CBP port officials overcome challenges to consistent implementation of existing wait time estimation methodologies. Steps for ensuring consistent implementation of these methodologies could include, for example, implementing the fiscal year 2008 Western Hemisphere Travel Initiative report recommendations to use closed-circuit television cameras to measure wait time in real time and provide a standardized measurement and validation tool.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of May 2017, CBP officials report that in order to avoid further investment in a manual wait time methodology, the agency plans to focus resources on developing an enterprise-wide solution for automating the measurement of border delays. CBP estimates that this recommendation will be completed in October 2017.
    Recommendation: To improve the usefulness of southwest border crossing wait time data for informing public and management decisions, the Commissioner of CBP should, in consultation with Federal Highway Administration and state DOTs, assess the feasibility of replacing current methods of manually calculating wait times with automated methods, which could include assessing all of the associated costs and benefits, options for how the agency will use and publicly report the results of automated data collection, the potential trade-offs associated with moving to this new system, and other factors such as those influencing the possible expansion of existing automation efforts to the 34 other locations that currently report wait times but have no automation projects under way.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of May 2017, CBP's Office of Field Operations (OFO) reports working to identify a feasible and cost effective wait time solution to measure commercial vehicle delays along the southern border. Specifically, CBP officials report that they have been partnering with the Federal Highway Administration and the Texas A&M's Transportation Institute on the deployment of an automated radio-frequency identification measurement solution to measure commercial delays at eight crossings. To verify the accuracy of the automated wait time data, CBP officials report that in June 2016 they conducted a ground-truth analysis with mixed results. CBP officials report DHS Science and Technology directorate delivered their final report in February 2017 and by the end of September 2017, pending review and acceptance of the report's findings, CBP will coordinate efforts to develop the required communication protocols and data schematics for near real-time commercial vehicle wait time updates to the CBP Border Wait Time website and Border Wait Time app. CBP estimates that this recommendation will be completed in October 2017.
    Recommendation: To better ensure that CBP's Office of Field Operations' (OFO) staffing processes are transparent and to help ensure CBP can demonstrate that these resource decisions have effectively addressed CBP's mission needs, the Commissioner of CBP should document the methodology and process OFO uses to allocate staff to land ports of entry on the southwest border, including the rationales and factors considered in making these decisions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of May 2017, CBP's Office of Field Operations (OFO) reports that they have adopted a workload staffing model to identify CBP staffing requirements at land ports of entry. CBP officials report that the workload staffing model provides senior leadership with a decision-support tool to identify the number of required resources for each location and accounts for distinct operating environments, unique variables, and major functions and activities. CBP officials report that they use the workload staffing model results in its budget requests and when allocating staff to the ports of entry. However, CBP has not provided GAO with documentation showing how staff are allocated among land ports of entry including how workload staffing model results are used in this process. CBP officials report that in May 2017 OFO began working with contracted experts to synthesize the quantitative and qualitative data available and develop a comprehensive CBP position allocation methodology. CBP estimates that this recommendation will be completed in March 2018.
    Director: Cackley, Alicia P
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To establish full-risk rates for properties with previously subsidized rates that reflect their risk for flooding, the Secretary of the Department of Homeland Security (DHS) should direct the FEMA Administrator to develop and implement a plan, including a timeline, to obtain needed elevation information as soon as practicable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As we reported in February 2016 in GAO-16-190, FEMA has taken limited action to implement this recommendation. For example, FEMA noted that the agency would evaluate the appropriate approach for obtaining or requiring the submittal of information needed to determine full-risk rates for subsidized properties. FEMA also said it would explore technological advancements and engage with industry to determine the availability of technology, building information data, readily available elevation data, and current flood hazard data that could be used to implement the recommendation. However, FEMA officials also said that the agency faced a cost challenge with respect to elevation certificates and that obtaining these certificates could take considerable time and cost. They noted that requiring policyholders to incur the cost of obtaining elevation certificates would not be consistent with NFIP's policy objective to promote affordability. The officials added that the agency encourages subsidized policyholders who seek to ensure the appropriateness of their NFIP rates to voluntarily submit elevation documentation.
    Director: Caldwell, Stephen L
    Phone: (202) 512-9610

    2 open recommendations
    Recommendation: To better assess risk associated with facilities that use, process, or store chemicals of interest consistent with the NIPP and the CFATS rule, the Secretary of Homeland Security should direct the Under Secretary for National Protection and Programs Directorate (NPPD), the Assistant Secretary for NIPP's Office of Infrastructure Protection (IP), and Director of ISCD to develop a plan, with timeframes and milestones, that incorporates the results of the various efforts to fully address each of the components of risk and take associated actions where appropriate to enhance ISCD's risk assessment approach consistent with the NIPP and the CFATS rule.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, they completed development of an updated tiering methodology, which incorporates improvements based on recommendations from both the external peer review of the tiering methodology and a Sandia National Laboratory (Sandia) report on economic consequences, which was submitted to the Department in the first quarter of fiscal year (FY) 2015. Additionally, according to the officials, DHS continued hosting meetings of an external experts panel consisting of representatives from other Federal agencies and the chemical and oil and natural gas industries, who have met repeatedly to review and provide input on the proposed improvements to the Chemical Facility Anti-Terrorism Standards (CFATS) tiering methodology. As noted in the tiering methodology improvement plan previously provided by the Department to GAO, the ISCD is having external entities validate and verify the updated methodology before deployment. To that end, the Homeland Security Studies and Analysis Institute (HSSAI) has reviewed and provided findings and recommendations on all parts of the updated tiering engine. Additionally, Sandia has been conducting component testing of the tiering engine as it is being updated and, beginning in January 2016, Sandia will conduct end-to-end testing of the engine. Concurrent with these efforts, ISCD has been updating the Chemical Security Assessment Tool (CSAT) applications which currently support the collection of the data used by the CFATS tiering methodology (i.e., Top-Screen, Security Vulnerability Assessment). According to the officials, deployment of these new applications cannot occur until the DHS's Information Collection Request (ICR) is approved by the White House's Office of Management and Budget (OMB), which the Department anticipates submitting to OMB in the third quarter of fiscal year 2016. We will update the status of this recommendation after additional information is received from DHS. Status as of January 20, 2016.
    Recommendation: To better assess risk associated with facilities that use, process, or store chemicals of interest consistent with the NIPP and the CFATS rule, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for IP, and Director of ISCD to conduct an independent peer review, after ISCD completes enhancements to its risk assessment approach, that fully validates and verifies ISCD's risk assessment approach consistent with the recommendations of the National Research Council of the National Academies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, the updated CFATS risk-based tiering methodology has been developed and portions of it are undergoing independent review from both HSSAI and Sandia. An independent verification and validation of the updated tiering methodology is scheduled to be conducted by Sandia beginning in January 2016. We will update the status of this recommendation after additional information is received from DHS. Status as of January 20, 2016.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    3 open recommendations
    including 2 priority recommendations
    Recommendation: To promote coordination as a practice to help avoid overlap, the Secretary of Homeland Security, the Attorney General, and the Director of ONDCP should work through the Information Sharing and Access Interagency Policy Committee (ISA IPC) or otherwise collaborate to develop a mechanism, such as performance metrics related to coordination, that will allow them to hold field-based information-sharing entities accountable for coordinating with each other and monitor and evaluate the coordination results achieved.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: The Department of Justice (DOJ), in coordination with the Department of Homeland Security (DHS) and the Office of National Drug Control Policy (ONDCP), has made progress toward addressing GAO's April 2013 recommendation but has not included all of the relevant field-based information sharing entities in its efforts. Through their involvement in an interagency policy committee within the Executive Office of the President, DHS, DOJ, and ONDCP have developed a mechanism to hold state and urban area fusion centers, Regional Information Sharing System (RISS) centers, and High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers accountable for coordinating their analytical and investigative activities. However, the agencies have not fully addressed the action because DOJ's Federal Bureau of Investigation's (FBI) Joint Terrorism Task Forces (JTTF) and Field Intelligence Groups (FIG), two of the five field-based entities included in GAO's April 2013 report, have not participated in the assessment on which the mechanism is based. In December 2015, DHS developed a field-based partners report in which DHS, DOJ and ONDCP reported data for state and urban area fusion centers, RISS centers, and HIDTA Investigative Support Centers. These data were focused on field-based collaboration, including governance, colocation, and other information sharing, analytic, and deconfliction-focused topics. However, the report did not include data for DOJ's JTTFs or FIGs. DOJ has noted that JTTFs and FIGs are different from the other entities because JTTFs are operational law enforcement investigative entities and FIGs provide intelligence support to FBI Field Offices. However, GAO's April 2013 report identified areas in which the missions and activities of JTTFs and FIGs overlapped with those of the other entities and that coordination with other field based entities was important to prevent unnecessary overlap and potential duplication. Considering the exclusion of two of the five entities, the agencies do not have a collective mechanism that can hold FIGS and JTTFs accountable for coordinating with the other field-based information sharing entities and allow the agencies to monitor progress and evaluate results across entities. Such a mechanism can help entities maintain effective relationships when new leadership is assigned and avoid unnecessary overlap in activities, which in turn can help entities to leverage scarce resources. As of March 2017, DOJ had provided no new updates. GAO will continue to monitor DOJ's progress in this area.
    Recommendation: To help identify where agencies and the field-based entities they support could apply coordination mechanisms to enhance information sharing and reduce inefficiencies resulting from overlap, the Secretary of Homeland Security, the Attorney General, and the Director of ONDCP should work through the ISA IPC or otherwise collaborate to identify characteristics of entities and assess specific geographic areas in which practices that could enhance coordination and reduce unnecessary overlap, such as cross-entity participation on governance boards and colocation of entities, could be further applied. The results of this assessment could be used by the agencies to provide recommendations or guidance to the entities to create coordinated governance boards or colocate entities, which can result in increased efficiencies through shared facilities and resources and reduced overlap through coordinated or collaborative products, activities, and services.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: The Department of Justice (DOJ), in coordination with the Department of Homeland Security (DHS) and the Office of National Drug Control Policy (ONDCP), has made progress toward addressing GAO's April 2013 recommendation but has not included all of the relevant field-based information sharing entities in its efforts. The three agencies have taken the necessary steps to assess the extent to which practices that can enhance coordination are being implemented at state and urban area fusion centers, Regional Information Sharing System (RISS) centers, and High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers through their involvement in an interagency policy committee within the Executive Office of the President. However, the assessment did not include DOJ's Federal Bureau of Investigation's (FBI) Joint Terrorism Task Forces (JTTF) or Field Intelligence Groups (FIG), two of the five field-based entities included in GAO's April 2013 report. In December 2015, DHS, DOJ, and ONDCP developed a field-based partners report in which DOJ and ONDCP collected and reported data elements for RISS centers and HIDTA Investigative Support Centers similar to those DHS uses in its annual fusion center assessment. These data were focused on field-based collaboration, including governance, colocation, and other information sharing, analytic, and deconfliction-focused topics. However, the report did not include data for DOJ's FBI JTTFs or FIGs. A collaborative assessment of where practices that enhance coordination can be applied to reduce overlap, collaborate, and leverage resources for all five field-based information-sharing entities would allow the agencies to provide recommendations or guidance to the entities on implementing these practices. As of March 2017, DOJ had provided no new updates. GAO will continue to monitor DOJ's progress in this area.
    Recommendation: To help ensure that an assessment of practices that could enhance coordination and reduce unnecessary overlap is shared and used to further enhance collaboration and efficiencies across agencies, the Program Manager, with input from the ISA IPC collaborating agencies, should report in the Information Sharing Environment (ISE) annual report to Congress the results of the assessment, including any additional coordination practices identified, efficiencies realized, or actions planned.

    Agency: Office of the Director of National Intelligence: Office of the Program Manager--Information Sharing Environment
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information. Status last updated August 31, 2017.
    Director: Crosse, Marcia G
    Phone: (202)512-3407

    2 open recommendations
    Recommendation: To help ensure that HHS is adequately and comprehensively assessing HPP and PHEP awardees' performance and progress in meeting the medical and public health preparedness goals of the cooperative agreements, the Secretary of Health and Human Services should direct ASPR and CDC to develop objective and quantifiable performance targets and incremental milestones that correspond to the new HPP and PHEP performance measures, against which HHS can gauge progress toward the medical and public health preparedness goals of the cooperative agreements and direct technical assistance, as needed.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: Since we examined the HPP and PHEP cooperative agreements in 2012, ASPR had developed few targets for the HPP program measures or their corresponding indicators that were contained in the HPP performance measurement guidance documents issued for Budget Periods (BP) 2-5, ending June 30, 2017. Additionally, the new HPP performance measure implementation guidance for the 5-year project cycle from 2017-2022 introduces 28 performance measures, with few having targets?the guidance notes that corresponding goals or targets may be set at a later date after data from the first budget period of this new project cycle has been reviewed. Regarding PHEP, CDC had developed performance targets for about half of the performance measures as of the PHEP BP5 performance measurement guidance (BP5 ended June 30, 2017). These performance measures generally remain the same, with existing targets, for BP1 (July 1, 2017-June 30, 2018) of the new 5-year budget cycle. GAO recognizes that it may not be appropriate to develop performance targets for every performance measure depending on the desired process or outcome; however, both agencies still have work to do in this area.
    Recommendation: To help ensure that HHS is adequately and comprehensively assessing HPP and PHEP awardees' performance and progress in meeting the medical and public health preparedness goals of the cooperative agreements, the Secretary of Health and Human Services should ensure that performance measures and targets remain consistent across the 5-year project cycle and that any future measures be comparable to determine whether awardees are making progress toward meeting short- and long-term medical and public health preparedness goals of the cooperative agreements.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: Since we first examined the HPP and PHEP cooperative agreements in 2012, ASPR and CDC had made efforts to maintain consistency in their performance measures, particularly in the last 3 years of the prior project cycle which ended June 30, 2017. However, because part of the recommendation includes consistency of performance measures into future project cycles, we also examined whether both cooperative agreements continued to use basically the same performance measures into the current 5-year cycle, which began July 1, 2017. ASPR's HPP has made a significant change in its performance measures, introducing a new set of 28 performance measures for this new 5-year cycle. CDC's PHEP performance measures generally remained consistent in the last two budget periods of the prior 5-year cycle, and remained generally the same for the first year of the new 5-year cycle (some measures were "retired," though key components from a measure may continue to be used by CDC in other types of reviews). As a result of the change to HPP's measures, GAO anticipates keeping this recommendation open at least for the next few budget periods, in order to determine whether HPP maintains consistency with its new performance measures during the new project cycle.
    Director: Rusco, Franklin W
    Phone: (202) 512-3841

    1 open recommendations
    Recommendation: To better inform efforts for nuclear power plant emergency preparedness and planning, NRC Commissioners should obtain information on public awareness of radiological emergency preparedness for communities outside the 10-mile emergency planning zone and the likely response of those communities in the event of a radiological incident at a nuclear facility and consider how these results may affect estimates for shadow evacuations outside the zone.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Caldwell, Stephen L
    Phone: (202)512-9610

    1 open recommendations
    Recommendation: To address long-standing challenges that continue to hinder regional preparedness efforts in the NCR, the FEMA Administrator should require that the Director of NCRC assist regional officials in developing measures to better assess the implementation of the NCR's strategic plan.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In May 2017, FEMA officials reported that (1) efforts to update the NCR Homeland Security Strategic Plan had been delayed o provide more time to determine targets for each core capability, and in light of anticipated changes in the NCR homeland security and emergency management governance structure; (2) FEMA's 's Office of National Capital Region Coordination (ONCRC) held a kick-off meeting of a new NCR Strategic Plan Working Group in February 2017; and (3) the working group will continue development of the new plan with a revised estimated completion date of November 2017.
    Director: Caldwell, Stephen L
    Phone: (202)512-9610

    1 open recommendations
    Recommendation: To better ensure consistent implementation of and accountability for DHS's resilience policy, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to develop an implementation strategy for this new policy that identifies the following characteristics and others that may be deemed appropriate: (1) steps needed to achieve results, by developing priorities, milestones, and performance measures; (2) responsible entities, their roles compared with those of others, and mechanisms needed for successful coordination; and (3) sources and types of resources and investments associated with the strategy, and where those resources and investments should be targeted.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In the 60-day letter provided in January 2013, DHS indicated that the Resilience Integration Team (RIT) was developing a draft implementation plan to be circulated among relevant stakeholders for review. On 10/30/13, we notified DHS that we would like to see a copy of the resilience policy implementation plan (if developed), or any other related documentation if the plan is still in development. We were informed later that day that a draft plan had been developed, and DHS needed to confirm its status. In May of 2015, we were told again that a draft plan had been developed but never finalized. As of August 2015, DHS's Policy Office is looking into the status of plan development. We await their response. DHS response still pending as of 10/4/16.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To strengthen DHS's evaluation and planning process for addressing employee morale, the Secretary of Homeland Security should direct the Office of the Chief Human Capital Officer (OCHCO) and component human capital officials to examine their root cause analysis efforts and, where absent, add the following: comparisons of demographic groups, benchmarking against similar organizations, and linkage of root cause findings to action plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2012, we reviewed and reported on actions DHS took to address the morale of its employees. We reported, among other things, that DHS's Office of the Chief Human Capital Officer and DHS components had not consistently used three survey analysis techniques when analyzing employee survey results--comparisons of demographic groups, benchmarking against similar organizations, and linking root cause findings to action plans. DHS OCHCO officials, and supporting documentation, indicate some actions taken to incorporate these techniques. Specifically, as of June 2017, officials provided copies of the DHS FY 2017 Component Employee Engagement Action Plans. We reviewed the action plans and spoke with DHS OCHCO officials to determine the extent to which DHS's action plans addressed our recommendation. Several action plans we reviewed included evidence of utilizing the three survey analysis techniques we recommended, while other action plans lack some or all of the techniques. For example, components whose action plans fully address the recommendation includes: Customs and Border Protection (CBP), Federal Emergency Management Agency (FEMA), Immigration and Customs Enforcement (ICE), and the Transportation Security Administration (TSA). Components whose action plans partially address the recommendation are: U.S. Citizenship and Immigration Services (USCIS), U.S. Coast Guard (USCG), and U.S. Secret Service (USSS). National Protection and Programs Directorate's (NPPD) action plan did not address any of the three survey analysis techniques. According to DHS OCHCO officials, while OCHCO developed a checklist to consult when creating action plans to address employee survey results, senior management decided not to require that components use the checklist in developing their action plans as it may limit their freedom to develop their goals and planning. To fully address this recommendation, DHS OCHCO officials need to continue to provide documentary evidence of demographic analysis, benchmarking, and root cause linkage efforts completed for components that have not fully addressed the recommendation in their action plans. DHS OCHCO officials agreed with our analysis and reiterated their intent to fully implement this recommendation. We will update the status of this recommendation after additional information is received from DHS. Status as of June 2017.
    Recommendation: To strengthen DHS's evaluation and planning process for addressing employee morale, the Secretary of Homeland Security should direct the OCHCO and component human capital officials to establish metrics of success within the action plans that are clear and measurable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2012, we reviewed and reported on actions DHS took to address the morale of its employees. We reported, among other things, that DHS's Office of the Chief Human Capital Officer and DHS components measures of action plan success related to employee morale could have improved clarity and incorporate measurable targets. DHS officials regularly provided us with copies of annual component employee engagement action plans, most recently as of June 2017. We reviewed the action plans and spoke with DHS OCHCO officials to determine the extent to which DHS's action plans addressed our recommendation. Our review in June 2017 indicated that most components' action plans included clear and measureable targets. For example, components whose action plans fully address the recommendation include CBP, Coast Guard, FEMA, ICE, NPPD, USCIS, and USSS. TSA's action plans partially addressed the recommendation and the component is taking steps to improve its measures. To fully address this recommendation, DHS OCHCO officials need to continue to provide documentary evidence of improved measure clarity and incorporate measurable targets in components' action planning efforts. DHS OCHCO officials agreed with our assessment and told us that they continue to provide feedback to component officials to address action planning improvement. These officials reiterated their efforts to fully implement this recommendation and we will update the status of this recommendation after additional information is received from DHS.
    Director: Mackin, Michele
    Phone: (202) 512-3000

    1 open recommendations
    Recommendation: To help the Coast Guard create stability in the acquisition process and provide decision makers, including DHS, Office of Management and Budget, and Congress, with current information to make decisions about budgets, the Commandant of the Coast Guard should conduct a comprehensive portfolio review to develop revised baselines that reflect acquisition priorities as well as realistic funding scenarios.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. Since 2014, we found efforts are underway to address this issue, but, so far, these efforts have not led to the significant trade-off decisions needed to improve the affordability of the Coast Guard's portfolio. The Coast Guard is currently conducting a fleet-wide analysis, including surface, aviation, and information technology, intended to be a fundamental reassessment of the capabilities and mix of assets the Coast Guard needs to fulfill its missions. The Coast Guard is undertaking this effort consistent with direction from Congress based upon this and other GAO recommendations. Specifically, the Coast Guard has completed its new mission needs statement and plans to release a fleet-wide concept of operations by the end of fiscal 2016. Then, it will use a complex model to develop the full fleet mix study. Based on this, the Coast Guard plans to recommend a set of assets that best meets these needs in terms of capability and cost. The Coast Guard plans to complete the full study in time to inform the fiscal year 2019 budget, though specific dates for these events have not been set forth.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help mitigate the risk of poor acquisition outcomes and strengthen the department's investment management activities, the Secretary of Homeland Security should direct the Under Secretary for Management to, once the department's acquisition programs comply with DHS acquisition policy, prioritize major acquisition programs departmentwide and ensure that the department's acquisition portfolio is consistent with DHS's anticipated resource constraints.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with this recommendation, and stated that its effort to more fully reflect portfolio management practices in its acquisition policy will help DHS prioritize its major acquisition programs departmentwide. DHS also stated that the revised portfolio management approach will help ensure that the department's acquisition portfolio is consistent with anticipated resource constraints. However, it has taken years for some of the department's major acquisition programs to comply with DHS's acquisition policy, which requires getting approval for key acquisition documentation that contains the critical knowledge needed for DHS to make effective portfolio management decisions. In February 2017, we found that DHS had approved the required acquisition documentation for all of its major acquisition programs and planned to continue to ensure that all major acquisition programs have approved documents, such as acquisition program baselines. Now that major acquisition programs are in compliance with DHS's acquisition policy, GAO will evaluate the department's implementation of its revised portfolio management approach to determine whether DHS has met the intent of this recommendation by ensuring that the department's acquisition portfolio is consistent with DHS's anticipated resource constraints.
    Director: Currie, Christopher
    Phone: (404)679-3000

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To increase the efficiency and effectiveness of the process for disaster declarations, the FEMA Administrator should develop and implement a methodology that provides a more comprehensive assessment of a jurisdiction's capability to respond to and recover from a disaster without federal assistance. This should include one or more measures of a jurisdiction's fiscal capacity, such as TTR, and consideration of the jurisdiction's response and recovery capabilities. If FEMA continues to use the PA per capita indicator to assist in identifying a jurisdiction's capabilities to respond to and recover from a disaster, it should adjust the indicator to accurately reflect the annual changes in the U.S. economy since 1986, when the current indicator was first adopted for use. In addition, implementing the adjustment by raising the indicator in steps over several years would give jurisdictions more time to plan for and adjust to the change.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open
    Priority recommendation

    Comments: On January 20, 2016, FEMA published an Advanced Notice of Proposed Rulemaking to solicit comments on an option FEMA is considering to establish a disaster deductible, which would require a predetermined level of financial or other commitment from a recipient, generally the state or territorial government, before FEMA would provide assistance under the Public Assistance Program. According to FEMA, the agency received 150 responses during the 60-day public comment period, which ended on March 21, 2016, and used this input to develop a plan for further engagement on a more detailed proposal for public comment. The Supplemental Advanced Notice of Proposed Rulemaking, published on January 12, 2017, provided another opportunity for stakeholder input prior to any changes to the Public Assistance program. This proposal included an explanation of how deductible amounts might be calculated, identified specific credits that states could apply for, and detailed how the deductible would be applied post-declaration. Comments on the Supplemental Advanced Notice of Proposed Rulemaking must be submitted by April 12, 2017. Until FEMA implements a new methodology, FEMA will not have an accurate assessment of a jurisdiction's capabilities to respond to and recover from a disaster without federal assistance and runs the risk of recommending that the President award Public Assistance to jurisdictions that have the capability to respond and recover on their own.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should develop and implement a new comprehensive and reliable system for contract guard oversight.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FPS officials, as of September 2017, FPS is currently reviewing proposals and preparing to make a decision for the final contract award for a Post Tracking System (PTS). According to FPS, this PTS will allow FPS to comprehensively and reliability mange its contract guards. Once the contract is awarded in late 2017 FPS will begin to implement the PTS system. GAO is keeping this recommendation open pending successful implementation of this system.
    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should verify independently that FPS's contract guards are current on all training and certification requirements.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FPS officials, as of September 2017, FPS plans to address this recommendation through the implementation of FPS?s Training Academy and Management System (TAMS). FPS reported that this system should allow it to verify independently that FPS's contract guards are current on all training and certification requirements. FPS is currently taking various steps to finalize the system and anticipates full implementation of TAMS by August 2018. GAO is leaving this recommendation open pending successful implementation of TAMS.
    Director: Aloise, Eugene E
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: To enhance NNSA's ability to better ensure the validity of its budget submissions, and to decide on resource trade-offs, the Secretary of Energy should direct the DOE Office of Budget to formally evaluate DOE Order 130.1 and revise as necessary, and communicate any revisions to the NNSA Administrator so that the agency will have updated provisions for assessing the quality of its budget estimates.

    Agency: Department of Energy
    Status: Open

    Comments: According to DOE's audit tracking system report, for the period ending 1/28/16, DOE Office of Budget was evaluating and revising DOE Order 130.1 as necessary to include PPBE. The report states that the Office of Budget will communicate revisions to NNSA as appropriate with an estimated completion date of 9/30/16. According to a previous tracking system report, Order 130.1 was updated and placed in the management review process some time between 6/30/13 and 9/30/13. According to DOE, the Office of the Chief Financial Officer implemented a new funding execution system on October 1, 2016. The development and implementation of the new system has delayed revision of DOE Order 130.1. The new system will impact the budget practices, planning, policies and processes content that will be outlined in the revised DOE 130.1. As of June 5, 2017, DOE anticipates issuance of a fully approved DOE Order 130.1 by August 31, 2017.
    Recommendation: To enhance NNSA's ability to better ensure the validity of its budget submissions, and to decide on resource trade-offs, the Secretary of Energy, once this process is developed, should direct the Administrator of NNSA to incorporate a formal mechanism to evaluate the status of recommendations made during previous budget validation reviews so that NNSA can measure M&O contractors' and programs' progress in responding to deficiencies with their budget estimates.

    Agency: Department of Energy
    Status: Open

    Comments: In August 2017, NNSA indicated that it intends to consolidate all PPBE business operating procedures into a single document, which has not been issued. NNSA has not determined whether a separate budget validation process, as outlined in a January 2017 policy letter, will be required and intends to conduct an effectiveness review of the existing process in approximately one year (August 2018). As a result, this recommendation remains open.
    Director: Farrell, Brenda S
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To improve the effectiveness of the implementation of the Joint Duty Program and to help ensure that institutional knowledge about the program transcends the individual tenure of each serving Joint Duty Program Chief, the Director of National Intelligence should develop a comprehensive strategic framework for the Joint Duty Program. This framework could include things such as (1) clearly defining its mission, (2) establishing performance goals, (3) developing quantifiable metrics for measuring progress toward achieving performance goals, (4) determining the financial resources necessary to accomplish the mission of the program, (5) using performance information and metrics to make decisions to improve the program, and (6) communicating results effectively with each of the IC elements.

    Agency: Office of the Director of National Intelligence
    Status: Open

    Comments: As of September 2017, the Office of the Director of National Intelligence has not implemented this recommendation.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To help reduce the risk of duplication by strengthening DHS's administration and oversight of these programs, and to better identify and reduce the risk of duplication through improved data collection and coordination, the FEMA Administrator should take steps, when developing non disaster grant management system (ND Grants) and responding to the May 2011 FEMA report recommendations on data requirements, to ensure that FEMA collects project information with the level of detail needed to better position the agency to identify any potential unnecessary duplication within and across the four grant programs, weighing any additional costs of collecting these data.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: As of March 2017, FEMA had taken steps to address GAO's February 2012 recommendation, but actions were not complete. For example, in fiscal year 2014, FEMA modified its existing grants data system to capture more robust project-level data--such as project budget data--for the Homeland Security Grant Program, which includes the State Homeland Security Grant Program and the Urban Areas Security Initiative. However, FEMA stated that it will not be able to use ND grants to cross-check for redundant projects across all preparedness grant programs until project-based applications are deployed for all preparedness grant programs in the system. For example, Port Security Grant Program and Transit Security Grant Program applications are not housed in the legacy grants data system that was modified to collect more specific project data. To mitigate this issue, FEMA reported that its program officers manually cross-check for redundant projects across all preparedness grant programs. Further, grant program policies call for applicants to coordinate across all preparedness grant stakeholders to help ensure unity of effort and avoid redundant investment proposals. Although future upgrades over several years to ND Grants are planned to eliminate duplication during the application process, FEMA believes the most efficient use of resources is to use current legacy systems to identify duplication in the meantime. Using this interim approach to collect more specific project-level data during the grant application process should help FEMA strengthen the administration and oversight of its grant programs until FEMA implements its long-term solution to upgrade ND Grants. However, implementing ND Grants as previously planned would better position FEMA to identify potentially unnecessary duplication within and across grant programs, as ND Grants was designed to have greater project-level enhancement capability than the legacy system.
    Director: Lepore, Brian J
    Phone: (202) 512-4523

    5 open recommendations
    Recommendation: In order to ensure that the Air Force is taking action that addresses the long-term sustainability of ASA operations, Congress may wish to consider requiring the Secretary of the Air Force to fully implement the remaining actions identified in our 2009 report within a time period that Congress believes most prudent.

    Agency: Congress
    Status: Open

    Comments: The House Armed Services Committee has included an Aerospace Control Alert (Air Sovereignty Alert) related provision in the Fiscal Year 2013 National Defense Authorization bill that passed the House on May 18, 2012. The provision precluded any changes to the alert status of the 18 alert sites throughout the United States until the enactment of the National Defense Authorization Act for Fiscal Year 2014 or September 30, 2013, whichever of the two dates was later. It also required DOD to submit (1) a consolidated budget exhibit detailing all aspects of the aerospace control alert mission and (2) a report on the cost-benefit analysis and risk-based assessment on the aerospace control alert structure. No further action has been taken on this Matter for Congressional Consideration.
    Recommendation: In order to implement a more-complete risk-based management approach that balances risk and costs for ASA operations, the Secretary of Defense should direct the Joint Chiefs of Staff, in coordination with the U.S. element of NORAD and U.S. Pacific Command, to develop performance measures for ASA operations and then use these measures to evaluate the mission and make adjustments, as warranted, on the basis of the performance-measure results.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with the recommendation. DOD stated that it recognized the merit of measures of performance. Though it stated that each Military Department has long-established procedures and measures of performance to certify units as combat ready, DOD did not specify any such efforts related to NORAD and ASA operations.
    Recommendation: In order to implement a more-complete risk-based management approach that balances risk and costs for ASA operations, the Secretary of Defense should direct the Office of the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs, in coordination with the Joint Chiefs of Staff, to issue updated guidance, which includes a prioritized list of metropolitan areas and critical infrastructure that NORAD is supposed to protect.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with this recommendation but has not provided information on what actions it may take to implement it.
    Recommendation: In order to implement a more-complete risk-based management approach that balances risk and costs for ASA operations, the Secretary of Defense should direct the U.S. element of NORAD to document the results of its risk assessments so that NORAD and DOD can identify trends over time.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with the recommendation. DOD identified several NORAD studies or assessments-including a 2009 Collateral Damage Study and the 2010 ASA Basing Study-that are subject to trend analysis. We believe that NORAD's efforts to study or analyze different aspects of its missions are positive actions. However, while NORAD issued a one-time report to Congress in March 2011 that identified the results of its 2010 ASA Basing Study, a one-time study is not a trend analysis and the command has not documented the results of its analyses of the ASA model since that time.
    Recommendation: In order to accurately identify ASA expenditures and address other internal control weaknesses, the Secretary of Defense should direct the Secretary of the Air Force and the Director of the National Guard Bureau to issue guidance that (1) defines ASA programmatic and budgeting roles and responsibilities; (2) defines all expenditures that should be identified as ASA expenditures in financial-management systems; and (3) identifies the proper procedures to track ASA expenditures in their financial-management systems.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with the recommendation. In its response, DOD stated that it believes that programmatic and budgetary roles are clearly understood and well defined in DOD's planning, programming, budgeting, and execution process. It further stated that the Secretary of the Air Force is responsible for ASA programming and budgeting and that the Office of the Secretary of Defense will continue to work with the Secretary of the Air Force to clarify and standardize tracking and ASA expenditures. No further action has been reported.
    Director: Gambler, Rebecca S
    Phone: (202)512-3000

    2 open recommendations
    Recommendation: To increase the likelihood of successful implementation of the Arizona Border Surveillance Technology Plan and maximize the effectiveness of technology already deployed, the Commissioner of CBP should take the following step in planning the agency's new technology approach: determine the mission benefits to be derived from implementation of the plan and develop and apply key attributes for metrics to assess program implementation.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As GAO recommended in November 2011, CBP has identified mission benefits to be derived from implementing the Arizona Border Surveillance Technology Plan (Plan). In April 2013, CBP issued its Multi-Year Investment and Management Plan for Border Security Fencing, Infrastructure, and Technology for Fiscal Years 2014 through 2017, which identifies mission benefits to be achieved by all surveillance technologies (e.g., cameras or sensors) to be deployed under the Plan. According to CBP, the majority of these technologies will provide the mission benefits of improved situational awareness and agent safety. Furthermore, according to CBP's Multi-Year Investment and Management Plan for Border Security Fencing, Infrastructure, and Technology for Fiscal Years 2014 - 2017, the technologies deployed or planned for deployment as part of the Plan are intended to help enhance the ability of Border Patrol agents to detect, identify, deter, and respond to threats along the border. CBP's identification of mission benefits will help position CBP to assess its progress in implementing the Plan and the effectiveness of the Plan's technologies in achieving their intended goals. CBP has made some progress in identifying key attributes for metrics to assess implementation of the Arizona Border Surveillance Technology Plan (Plan), as GAO recommended in November 2011, but it has not yet fully identified and applied attributes for metrics for all technologies under the Plan. Since August 2010, CBP has operated multiple technology systems under the Secure Border Initiative Network (SBInet), which preceded the Plan and is a combination of surveillance technologies aimed at creating a "virtual fence" along the southwest border. Specifically, CBP has operated two surveillance systems under SBInet's initial deployment in high-priority regions of the Arizona border. In October 2012, CBP officials stated that these operations identified examples of key attributes for metrics that can be useful in assessing the implementation for technologies. For example, according to CBP, to help measure whether illegal activity has decreased, examples of key attributes include decreases in arrests, complaints by citizens and ranchers, and destruction of public and private lands and property. In November 2014, CBP identified a set of potential key attributes for performance metrics for all technologies to be deployed under the Plan. While CBP has yet to apply these measures, it established a timeline for developing performance measures for each technology. CBP initially expected baselines for each performance measure to be developed by the end of fiscal year 2015. However, in October 2015, CBP officials stated that CBP had modified its time frame for developing baselines and that additional time would be needed to implement and apply key attributes for metrics. In March 2016, CBP officials stated that CBP had planned to use the baseline data to establish a tool by the end of fiscal year 2016. In addition, CBP officials stated these performance measures would profile levels of situational awareness in various areas of the border. In September 2016, CBP provided GAO a case study that assessed technology assist data along with other measures such as field-based assessments of capability gaps, to determine the contributions of surveillance technologies to its mission. While this is a start to developing and applying performance metrics, the case study was limited to one border location and the analysis was limited to select technologies. Until CBP completes its efforts to fully develop and apply key attributes for performance metrics for all technologies to be deployed under the Plan, it will likely not be able to fully assess its progress in implementing the Plan and determine when mission benefits have been fully realized.
    Recommendation: To increase the reliability of CBP's Cost Estimate for the Arizona Border Surveillance Technology Plan, the Commissioner of CBP should update its cost estimate for the Plan using best practices, so that the estimate is comprehensive, accurate, well-documented, and credible. Specifically, the CBP's Office of Technology Innovation and Acquisition (OTIA) program office should (1) fully document data used in the cost model; (2) conduct a sensitivity analysis and risk and uncertainty analysis to determine a level of confidence in the estimate so that contingency funding can be established relative to quantified risk; and (3) independently verify the new life-cycle cost estimate with an independent cost estimate and reconcile any differences.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As GAO recommended in 2011, CBP provided cost estimates for the IFT and RVSS programs, the two highest cost programs in the Arizona Border Surveillance Technology Plan (Plan), in February and March 2012, respectively, and updated the cost estimate for the Plan in June 2013. However, these estimates do not fully meet cost-estimating best practices. In November 2011, GAO reported that the Plan's original cost estimate met some, but not all, cost-estimating best practices. Specifically, CBP had not conducted a sensitivity analysis and a risk and uncertainty analysis to determine a level of confidence in the original estimate, nor did CBP compare the original cost estimate with an independent estimate. For the cost estimate that CBP provided for the IFT in February 2012 and RVSS in March 2012, CBP partially documented the data used in the cost model for the IFT's LCCE (but needs to provide additional data and document management approval) and fully documented the cost model for the RVSS' LCCE. Developing a well-documented cost estimate is a best practice. CBP also conducted a sensitivity analysis and risk and uncertainty analysis to determine the level of confidence in both LCCEs so that contingency funding could be established relative to quantified risk. In addition, CBP's June 2013, CBP revised the cost estimate for the Plan does not fully address our concerns. For example, the IFT and RVSS compose over 90 percent of the Plan's cost in the June 2013 cost estimate; however, CBP has not independently verified its cost estimates for these two programs with independent cost estimates and reconciled any differences. Such action would help CBP better ensure the reliability of each system's cost estimate. Furthermore, the remainder of the June 2013 cost estimate is not fully documented for the Plan's other five programs, consistent with best practices. For example, the estimates for the other five programs are not fully documented because they are provided as summary program costs without detailed descriptions, such as including back-up documentation for labor hours. In November 2015, CBP had yet to update its LCCEs for two of its highest cost programs under the plan. In May 2016, CBP officials stated that the DHS's Cost Analysis Division had started piloting DHS's Independent Cost Estimate capability on the RVSS program in fiscal year 2016. According to CBP officials, this pilot test within CBP is an opportunity to assist DHS in developing its Independent Cost Estimate capability and that CBP selected the RVSS program for the pilot because the RVSS program is at a point in its planning and execution process where it can benefit most from having an independent cost estimate performed as these technologies are being deployed along the southwest border, beyond Arizona. As of October 2016, CBP officials stated that the RVSS schedule and analysis, as well as the results of the independent program cost estimate pilot is expected to be completed at the end of fiscal year 2017. CBP officials stated that they will provide information on the final reconciliation of the independent cost estimate and the RVSS program cost estimate once the pilot has been completed. Further, CBP officials have yet to detail similar plans for the IFT program. As updated life-cycle cost estimates have yet to be completed and independent cost estimates have not been conducted, GAO cannot determine the extent to which the agency is following best practices when updating the life-cycle cost estimates. Moreover, to fully address our recommendation, a LCCE for the Plan that fully addresses best practices is needed to ensure that the estimate is comprehensive, accurate, well-documented, and credible to help the agency and Congress fully understand the impacts of integrating the Plan's various programs.
    Director: Currie, Christopher
    Phone: (404)679-3000

    1 open recommendations
    Recommendation: In order to help build and maintain a national biosurveillance capability in a manner that accounts for the particular challenges and opportunities of reliance on state and local partnerships, we recommend the Homeland Security Council direct the National Security Staff to take the following action as part of its implementation of our previous recommendation for a national biosurveillance strategy: Ensure that the national biosurveillance strategy (1) incorporates a means to leverage existing efforts that support nonfederal biosurveillance capabilities, (2) considers challenges that nonfederal jurisdictions face in building and maintaining biosurveillance capabilities, and (3) includes a framework to develop a baseline and gap assessment of nonfederal jurisdictions' biosurveillance capabilities.

    Agency: Executive Office of the President: Homeland Security Council
    Status: Open

    Comments: In June 2010, GAO recommended a national biosurveillance strategy to provide a framework for building and maintaining a national biosurveillance capability. In October 2011, building on that recommendation, we called for such a strategy to address key challenges we identified in state and local biosurveillance by accounting for the need to leverage nonfederal resources. In July 2012, the White House released the National Strategy for Biosurveillance. A strategic implementation plan was to be published within 120 days of strategy issuance. The July 2012 strategy did not adequately address the issues we raised related to state and local biosurveillance and acknowledged but did not meaningfully address the need to leverage nonfederal resources. As of March 14, 2013 the implementation plan has not been released.
    Director: Caldwell, Stephen L
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To strengthen the Coast Guard's efforts to ensure the security of OCS facilities and deepwater ports, the Commandant of the Coast Guard should make improvements to the Marine Information for Safety and Law Enforcement (MISLE) database or MISLE guidance to better ensure that all OCS facilities, both fixed and floating, are accurately and consistently identified and that the results of security inspections are consistently recorded to allow for better data analyses and management of the security inspections process.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2015, the Coast Guard updated its Marine Information for Safety and Law Enforcement (MISLE) Facilities User Guide to reflect an added feature to MISLE that allows users to identify if a vessel or facility is an OCS facility regulated under the Maritime Transportation Security Act (MTSA), 33 CFR 106. To ensure that this added feature is used in a consistent manner to accurately classify facilities that are regulated under 33 CFR 106, the Coast Guard is in the process of updating Navigation and Vessel Inspection Circular 05-03. In mid-November 2016, the Coast Guard liaison noted that the Coast Guard expects to issue the updated circular and complete related activities by the end of October 2017. On March 24, 2017, the Coast Guard liaison sent an email to notify GAO that the Coast Guard is still awaiting final decision on deployment of Homeport 2.0, prior to finalizing NVIC 5-03 and that the MISLE User Guide remains under development, with the estimated completion date (ECD) remaining as 10/31/17.
    Director: Goldstein, Mark L
    Phone: (202)512-6670

    2 open recommendations
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Justice
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.
    Director: Wilshusen, Gregory C
    Phone: (202)512-3000

    4 open recommendations
    Recommendation: To ensure that PIV cards do not remain in the possession of staff whose employment or contract with the federal government is over, the Secretary of Commerce should establish controls, in addition to time frames for implementing a new tracking system, to ensure that PIV cards are revoked in a timely fashion.

    Agency: Department of Commerce
    Status: Open

    Comments: As of June 2017, Commerce had not submitted information or plans regarding revoking PIV cards in a timely fashion.
    Recommendation: To meet the HSPD-12 program's objectives of using the electronic capabilities of PIV cards for access to federal facilities, networks, and systems, the Secretary of the Interior should develop specific implementation plans for enabling PIV-based access to the department's major facilities, including identifying necessary infrastructure upgrades and time frames for deployment.

    Agency: Department of the Interior
    Status: Open

    Comments: As of June 2017, Interior had not yet provided specific implementation plans for enabling PIV access to the department's major facilities.
    Recommendation: To meet the HSPD-12 program's objectives of using the electronic capabilities of PIV cards for access to federal facilities, networks, and systems, the Secretary of Labor should ensure that the department's plans for PIV-enabled physical access at major facilities are implemented in a timely manner.

    Agency: Department of Labor
    Status: Open

    Comments: As of June 2017, Labor had not provided any information about whether the department's plans for PIV-enabled physical access at major facilities were being implemented in a timely manner.
    Recommendation: To meet the HSPD-12 program's objectives of using the electronic capabilities of PIV cards for access to federal networks and systems, the Administrator of NASA should develop and implement procedures for PIV-based logical access when using Apple Mac and mobile devices that do not rely on direct interfaces with PIV cards, which may be impractical.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: As of March 2017, NASA reported that it had begun implementing procedures for PIV-based logical access for the Apple Mac computers and mobile devices in its computing environment. NASA procured software to begin the transition of the Apple computers, but due to configuration issues the transition was not scheduled to be completed until December 2017. Further, NASA had begun the transition for mobile devices, which was scheduled to be completed by September 2017.
    Director: Grover, Jennifer A
    Phone: (202) 512-7141

    3 open recommendations
    including 1 priority recommendation
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should perform an internal control assessment of the TWIC program by (1) analyzing existing controls, (2) identifying related weaknesses and risks, and (3) determining cost-effective actions needed to correct or compensate for those weaknesses so that reasonable assurance of meeting TWIC program objectives can be achieved. This assessment should consider weaknesses we identified in this report among other things, and include: (1) strengthening the TWIC program's controls for preventing and detecting identity fraud, such as requiring certain biographic information from applicants and confirming the information to the extent needed to positively identify the individual, or implementing alternative mechanisms to positively identify individuals; (2) defining the term extensive criminal history for use in the adjudication process and ensuring that adjudicators follow a clearly defined and consistently applied process, with clear criteria, in considering the approval or denial of a TWIC for individuals with extensive criminal convictions not defined as permanent or interim disqualifying offenses; and (3) identifying mechanisms for detecting whether TWIC holders continue to meet TWIC disqualifying criminal offense and immigration-related eligibility requirements after TWIC issuance to prevent unqualified individuals from retaining and using authentic TWICs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that internal control weaknesses governing the enrollment, background checking, and use of TWIC potentially limit the program's ability to provide reasonable assurance that access to secure areas of MTSA-regulated facilities is restricted to qualified individuals. We further reported that TSA did not assess the internal controls designed and in place to determine whether they provided reasonable assurance that the program could meet defined mission needs for limiting access to only qualified individuals, and that internal control weaknesses in TWIC enrollment, background checking, and use could have contributed to the breach of selected MTSA-regulated facilities during covert tests conducted by our investigators. We recommended that DHS perform an internal control assessment of the TWIC program by (1) analyzing existing controls, (2) identifying related weaknesses and risks, and (3) determining cost-effective actions needed to correct or compensate for those weaknesses so that reasonable assurance of meeting TWIC program objectives can be achieved. In April 2013, DHS reported that it had taken a number of steps to address our recommendations. For example, it had refreshed and reissued fraudulent document detection training to enrollment personnel; created a mechanism for enrollment personnel to send detailed information of suspected fraud to adjudication personnel; benchmarked TWIC enrollment processes with passport enrollment processes; and defined guidance for adjudicators on the application of discretionary authority. As we reported in May 2013, to determine if the internal control weaknesses identified in our May 2011 report still exist, we conducted limited covert testing in late 2012. Our investigators again acquired an authentic TWIC through fraudulent means and were able to use this card and counterfeit TWIC cards to access areas of ports or port facilities requiring a TWIC for entry at four ports. In February 2014, TSA reported that it, in coordination with Coast Guard and DHS subject matter experts, had established an Executive Steering Committee to address recommendations from the May 2011 report on the TWIC program's internal controls (GAO-11-657). GAO recommended that the internal control assessment be the basis of the effectiveness assessment. In response, the Executive Steering Committee developed an internal control action plan that lists TWIC program control issues GAO identified, along with actions that TSA and the Coast Guard would or would not take to address them. However, based on our review of the internal control action plan and associated documents, and further discussing with TSA officials the methodology used to arrive at the internal control action plan, we determined that the internal control assessment we recommended has not been implemented. Specifically, there is no evidence of a detailed mapping of each policy and process in the program, their interrelationships, and clear linkage to show how actions in one step may enhance or reduce the effectiveness of the TWIC program achieving its stated mission needs. In January 2017 TSA awarded a contract for an internal control assessment of the TWIC program, including the TWIC program?s internal controls of the enrollment, background checking, and credential issuance processes. The assessment, however, is to exclude an assessment of Coast Guard?s role in TWIC enforcement. The project held a kickoff meeting in March of 2017 and is expected to produce final recommendations by August 2017. We believe that this is a positive step towards addressing our recommendation. However, the assessment does not include an evaluation of the use of TWIC, including Coast Guard's role in TWIC enforcement. We continue to believe that the internal control assessment inclusive of TWIC use and the interrelationship between acquiring a TWIC and using it in the maritime environment is needed. For the reasons noted above, this recommendation remains open.
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should conduct an effectiveness assessment that includes addressing internal control weaknesses and, at a minimum, evaluates whether use of TWIC in its present form and planned use with readers would enhance the posture of security beyond efforts already in place given costs and program risks.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: We reported that DHS had not assessed the program's effectiveness at enhancing security. We recommended that DHS conduct an effectiveness assessment that includes addressing internal control weaknesses and, at a minimum, evaluates whether use of TWIC in its present form and planned use with readers would enhance the posture of security beyond efforts already in place given costs and program risks. In March 2012, DHS reported that it agreed that the results and progress of the internal control actions should be used to further evaluate the effectiveness of the TWIC program. They further noted that as the different long term actions progress, DHS will develop specific plans to address this action. In May 2013 (see GAO-13-198), we reported that DHS had not addressed this recommendation. On January 17, 2014, the explanatory statement accompanying the Consolidated Appropriations Act, 2014, directed DHS to complete the assessment that we recommended within 90 days after enactment (April 17, 2014). In February 2014, TSA reported that it, in coordination with Coast Guard and DHS subject matter experts, had established an Executive Steering Committee to address recommendations from the May 2011 report on the TWIC program's internal controls (GAO-11-657). GAO recommended that the internal control assessment be the basis of the effectiveness assessment. In response, the Executive Steering Committee developed an internal control action plan that lists TWIC program control issues GAO identified, along with actions that TSA and the Coast Guard would or would not take to address them. However, based on our review of the internal control action plan and associated documents, and further discussing with TSA officials the methodology used to arrive at the internal control action plan, we determined that the internal control assessment we recommended has not been implemented. Specifically, there is no evidence of a detailed mapping of each policy and process in the program, their interrelationships, and clear linkage to show how actions in one step may enhance or reduce the effectiveness of the TWIC program achieving its stated mission needs. As of March 2017, the internal control assessment we recommended as the basis for initiating the effectiveness assessment had not been completed. However, on January 15, 2016, Coast Guard reported that it had completed its effectiveness assessment. Specifically, DHS completed an effectiveness assessment titled "Security Assessment of the Transportation Worker Identification Credential and Readers." However, the effectiveness assessment did not substantively address the risk concerns identified in our report. For example, the effectiveness assessment lacked the internal control assessment we deem to be the critical first step for fully understanding the TWIC program's controls, costs, and risks. Further, while the effectiveness assessment presented a comparison of alternative credentialing approaches, the assessment did not fully consider, as discussed in our 2011 and 2013 reports, an approach wherein federal security threat assessments could be leveraged in concert with site-specific credentials. The analysis did consider the benefits of updating the TWIC credential to new federal credentialing standards. However, absent from the analysis is a risk-informed basis for disallowing site-specific credentials. While TWIC credentials are developed based on standards aligned with those used by federal entities, each federal entity continues to use site-specific credentials that have varying appearances, rather than a single credential for granting access to all federal entities. This is important, especially because Coast Guard's risk assessment does not include an evaluation of the security benefits and shortfalls that a single credential used nation-wide provide. Absent effectiveness assessment that meets the intent of our recommendation, this recommendation remains open.
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should use the information from the internal control and effectiveness assessments as the basis for evaluating the costs, benefits, security risks, and corrective actions needed to implement the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks as part of conducting the regulatory analysis on implementing a new regulation on the use of TWIC with biometric card readers.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that prior to issuing the regulation on implementing the use of TWIC as a flashpass, DHS conducted a regulatory analysis, which asserted that TWIC would increase security. The analysis included an evaluation of the costs and benefits related to implementing TWIC. We further reported that as a proposed regulation on the use of TWIC with biometric card readers is under development, DHS is to issue a new regulatory analysis. Conducting a regulatory analysis using the information from the internal control and effectiveness assessments as the basis for evaluating the costs, benefits, security risks, and needed corrective actions could better inform and enhance the reliability of the new regulatory analysis. Moreover, these actions could help DHS identify and assess the full costs and benefits of implementing the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks, and help ensure that the TWIC program is more effective and cost-efficient than existing measures or alternatives at enhancing maritime security. We therefore recommended that DHS use the information from the internal control and effectiveness assessments we recommended as the basis for evaluating the costs, benefits, security risks, and corrective actions needed to implement the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks as part of conducting the regulatory analysis on implementing a new regulation on the use of TWIC with biometric card readers. In March 2012, DHS reported that upon completion of the internal control and effectiveness assessments, DHS will evaluate the results to determine any subsequent actions, and that any applicable data or risks will be communicated to the Coast Guard for consideration during their regulatory analysis. However, DHS has not implemented the internal control assessment we recommended, which is to be the basis for the effectiveness assessment and addressing this recommendation. Further, the January 15, 2016 effectiveness assessment titled "Security Assessment of the Transportation Worker Identification Credential and Readers" did not substantively address the risk concerns identified in our report. Given shortfalls that remain in addressing our internal control assessment and effectiveness assessment recommendations, this recommendation remains open pending DHS taking corrective actions. As of March 2017, no further action has been taken.
    Director: Caldwell, Stephen L
    Phone: (202) 512-9610

    1 open recommendations
    Recommendation: To facilitate better agency understanding of the potential need and feasibility of expanding electronic verification of seafarers, to improve data collection and sharing, and to comply with the Inflation Adjustment Act, the Secretary of Homeland Security should direct the Commandant of the Coast Guard and Commissioner of CBP to jointly establish an interagency process for sharing and reconciling records of absconder and deserter incidents occurring at U.S. seaports.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) concurred and stated that U.S. Customs and Border Protection (CBP) and the Coast Guard would begin to assess the appropriate offices within each component involved in the review and to establish a working group to evaluate the current reporting process within each component, and between CBP and Coast Guard. Further, DHS noted that it was working to co-locate the Coast Guard's ICC Coastwatch and CBP's National Targeting Center-Passenger and that this would help to eliminate many of the absconder-and deserter- reporting inconsistencies GAO identified between Coast Guard and CBP. In January 2013, CBP and Coast Guard officials reported that they had studied the CBP and Coast Guard data and found that multiple factors had likely contributed to the data variances, including differences in definitions for absconders/deserters among CBP and Coast Guard field units, and the method in which field units had recorded and reported absconder and deserter incidents. Officials reported that the two agencies were planning to develop an interagency memorandum of agreement (MOA) with field guidance for reporting absconder and deserter incidents. Officials reported that they expected to finalize and implement the MOA and field guidance by November 30, 2013. In July 2014, CBP described a new process in place for interagency data reconciliation, reporting that this action was taken in lieu of previously discussed plans to develop an interagency MOU. In December 2015, CBP reported that it expected to complete the effort by March 2016. In March 2016, CBP report that it expected to complete the effort by September 2016. CBP officials reported that the Coast Guard and CBP determined that the absconder data variances were caused by the agencies using different reporting criteria. Officials reported that the two agencies were preparing a memo and guidance to issue to field units by August 31, 2016. Officials reported that the recommendation would be fully implemented by September 30, 2016. In September 2016, CBP reported that it expected to implement the effort by December 31, 2016. In December 2016, CBP reported that the agency had drafted a memo to coincide with new Coast Guard procedure for conducting asymmetric migration vetting and deconfliction. CBP was also working to require all ports of entry to report all maritime asymmetric migration events directly to Coastwatch or a Targeting Framework event. However, on October 18, 2016, the DHS Deputy Secretary issued Department Policy Regarding Investigative Data and Event Deconfliction Policy Directive 045-04 that sets forth DHS policy for investigative data and event deconfliction and the use of related deconfliction systems in the course of certain law enforcement activity. As a result of the newly published Directive, DHS requires that CBP develop and implement related policy, by January 17, 2017. The policy directive requires DHS components to develop a policy applicable to components having equities in Investigative Data and Event Deconfliction. The policy will focus on more effective coordination of investigative activity to ensure officer safety by identifying links between ongoing criminal investigations. The Policy also requires that CBP components, at a minimum, conduct deconfliction thru the Deconfliction and Information Coordination Endeavor, Regional Information Sharing Systems Officer Safety Event Deconfliction System, Secure Automated Fast Event Tracking Network or Case Explorer systems. CBP and Coast Guard are now looking at a directive which makes it a port responsibility to deconflict case related information. The timeline for drafting and finalizing that directive is January 2017. Because of this change in direction, CBP and Coast Guard are requesting an extension to March 31, 2017 to finalize and disseminate the new policy.
    Director: Gambler, Rebecca
    Phone: (202) 512-6912

    2 open recommendations
    Recommendation: To help ensure DHS is maximizing the benefits of its coordination efforts with northern border partners through interagency forums, documented agreements, and its resource planning process, the Secretary of Homeland Security should provide DHS-level guidance and oversight for interagency forums established or sponsored by its components to ensure that the missions and locations are not duplicative and to consider the downstream burden on northern border partners.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2011, we reviewed and reported the extent to which the Department of Homeland Security (DHS) had improved federal coordination of border security intelligence and enforcement operations with state, local, and Canadian law enforcement partners. We found, among other things, that DHS improved northern border security coordination through interagency forums and joint operations; however, partners raised concerns about the resources needed for the increasing number of interagency forums and that some efforts may be overlapping. In May 2011 and June 2012, DHS reported that it took action to coordinate law enforcement initiatives and advance communications interoperability and information sharing, while reducing duplicative activities. DHS also reported that the DHS Northern Border Strategy, released in June 2012, is intended to align internal DHS operations and provide a unified direction that will also help the department reduce duplicative activities. However, DHS's efforts to coordinate law enforcement initiatives and its Northern Border Strategy do not specifically address possible duplication of efforts and resource constraints that may be imposed by interagency forums. Further, DHS leadership has not yet determined how the strategy will be implemented. In October 2015, DHS officials stated that a statement of cooperation for a Cross-Border Law Enforcement Advisory Committee was signed by all five core members. The intent of the committee is to provide executive-level strategic guidance to cross-border law enforcement initiatives involving partnerships between U.S. and Canadian law enforcement agencies on the northern border. However, DHS officials stated that it will take at least a year to show how this committee will increase coordination and prevent duplication among interagency forums, including the IBET and BEST. Development of this committee is a positive step; however, it is too soon to assess the extent to which this committee helps prevent duplication of effort and strengthen coordination efforts along the northern border. As of August 31, 2017, DHS had not provided updated information to show how the committee increased coordination and prevented duplication among interagency forums. To fully address this recommendation, DHS needs to provide guidance specific to interagency forums established or sponsored by its components and conduct DHS-level oversight for those forums to ensure they are not duplicative and do not burden northern border partners.
    Recommendation: To help ensure DHS is maximizing the benefits of its coordination efforts with northern border partners through interagency forums, documented agreements, and its resource planning process, the Secretary of Homeland Security should provide regular DHS-level oversight of Border Patrol and ICE compliance with the provisions of the interagency memorandum of understanding (MOU), including evaluation of outstanding challenges and planned corrective actions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2011, we reviewed and reported on the extent to which the Department of Homeland Security (DHS) had made progress in addressing past coordination challenges between U.S. Border Patrol, an office within U.S. Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE), and across the Drug Enforcement Administration and Forest Service, according to northern border security partners. We found, among other things, that federal agency coordination to secure the northern border was improved, but partners cited ongoing challenges sharing information and resources for daily border security related to operations and investigations despite the efforts made to establish and update interagency agreements. In June 2012, DHS reported that the DHS Northern Border Strategy emphasizes the importance of partnerships and coordination and discusses the benefits that can be garnered through collaboration and information sharing. DHS also reported that a National Special Agent in Charge/Chief Patrol Agent Advisory Council was established to enhance collaboration between Border Patrol and ICE, which includes addressing historical points of contention between the two components. While the strategy emphasizes and encourages coordination between Border Patrol and ICE, it does not specifically address compliance with the interagency memoranda of agreement, evaluation of longstanding challenges, or any planned corrective actions. In addition, the advisory council established does not provide DHS-level oversight as it is composed of ICE and Border Patrol officials. In October 2015, DHS officials stated that the Cross-Border Law Enforcement Advisory Committee may provide DHS-level oversight because both CBP and ICE officials are members of the committee. However, as of August 31, 2017, DHS has not yet indicated how the committee may provide guidance and oversight to ensure Border Patrol and ICE compliance with the provisions of the interagency memorandum of understanding, and DHS could not provide timeframes for addressing this recommendation. To fully address this recommendation, DHS needs to take action to specifically address long-standing coordination challenges and enforce DHS-level oversight of Border Patrol and ICE compliance with the interagency memoranda of agreement.
    Director: Mackin, Michele
    Phone: (202) 512-7773

    1 open recommendations
    Recommendation: To capitalize on the increase in knowledge gained by creating new baselines for Deepwater assets, and to better manage acquisitions of further assets and capabilities, the Commandant of the Coast Guard should complete, and present to Congress, a comprehensive review of the Deepwater Program that clarifies the overall cost, schedule, quantities, and mix of assets that are needed to meet mission needs and what trade-offs need to be made considering fiscal constraints, given that the currently approved Deepwater baseline is no longer feasible.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken actions necessary to implement it. Since this report, DHS and the Coast Guard have each completed studies examining the mix of assets that composed the Deepwater Program. To date, the Coast Guard has not yet provided the Congress with a comprehensive review that clarifies the program's cost, schedule, quantities, and mix of assets or takes into account the Coast Guard's needs and available resources and makes recommendations about what trade-offs may be necessary. In 2015, we found that the Coast Guard is currently conducting a fleet-wide analysis, including surface, aviation, and information technology, intended to be a fundamental reassessment of the capabilities and mix of assets the Coast Guard needs to fulfill its missions. The Coast Guard is undertaking this effort consistent with direction from Congress. Specifically, the Coast Guard plans first to rewrite its mission needs statement and concept of operations by 2016. Then, it will use a complex model to develop the full fleet mix study. Based on this, the Coast Guard plans to recommend a set of assets that best meets these needs in terms of capability and cost. The Coast Guard plans to complete the full study in time to inform the fiscal year 2019 budget, though specific dates for these events have not been set forth. As of July 2016, the Coast Guard informed GAO that the modeling is complete and the CONOPS report is being developed with a target date of September 30 for completion.
    Director: Currie, Christopher
    Phone: (404)679-3000

    1 open recommendations
    Recommendation: In order to help build and maintain a national biosurveillance capability---an inherently interagency enterprise---the Homeland Security Council should direct the National Security Staff to, in coordination with relevant federal agencies, charge this focal point with the responsibility for developing, in conjunction with relevant federal agencies, a national biosurveillance strategy that: 1) defines the scope and purpose of a national capability; 2) provides goals, objectives and activities, priorities, milestones, and performance measures; 3) assesses the costs and benefits associated with supporting and building the capability and identifies the resource and investment needs, including investment priorities; 4) clarifies roles and responsibilities of leading, partnering, and supporting a national capability; and 5) articulates how the strategy is integrated with and supports other related strategies' goals, objectives, and activities.

    Agency: Executive Office of the President: Homeland Security Council
    Status: Open

    Comments: In July 2012, the White House released the National Strategy for Biosurveillance to describe the U.S. government's approach to strengthening biosurveillance. A strategic implementation plan was to be completed within 120 days of the strategy issuance. As we testified in September 2012, the strategy did not fully meet the intent of our recommendation; however, when the implementation plan is complete, it may meet our recommendation. Specifically, the strategy did not provide the mechanism GAO recommended to identify resource and investment needs, including investment priorities. As of September 2015, GAO has not received a copy of the implementation plan for review and has not been able to confirm that it has been finalized and is considered operational by the White House and the key interagency partners.
    Director: Dagostino, Davi M
    Phone: (202) 512-3000

    1 open recommendations
    Recommendation: To improve DOD's ability to conduct its civil support missions, the Secretary of Defense should direct the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs, in coordination with the Chairman of the Joint Chiefs of Staff, to conduct a review of staffing requirements for the Defense Coordinating Officers, Defense Coordinating Elements, and Emergency Preparedness Liaison Officers in both the NORTHCOM and PACOM areas of responsibility that includes but is not limited to an assessment of staff size, subject-matter expertise, and military service composition by FEMA region.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with the recommendation. DOD indicated several past and ongoing efforts will help address the recommendation. DOD highlighted, in particular, DOD Instruction 3025.16, "Defense Emergency Preparedness Liaison Officer (EPLO) Programs," published on September 8, 2011; and a draft instruction on "Defense Planning and Coordination in Support of Civil Authorities," which is undergoing substantial revision due to recent updates in the DOD initiative for DOD Support to Complex Catastrophes. DOD stated that is plans to issue the instruction in September 2014. In July 2013, U.S. Northern Command (NORTHCOM) stated that as part of the Secretary of Defense's initiative to Improve DOD support in Complex Catastrophes, the Under Secretary of Defense for Personnel and Readiness, in coordination with the Under Secretary of Defense for Policy, and the Chairman of the Joint Chiefs of Staff, based upon the requirements of NORTHCOM and U.S. Pacific Command, are to identify requirements and make recommendations to the Secretary of Defense to support effective DOD coordination and liaison with DOD's Federal, Regional, and State partners on complex catastrophe preparedness and response. As part of this effort, the Under Secretary of Defense for Personnel and Readiness will consider the feasibility of joint billets for DCOs, DCEs, EPLOs, JRMPOs, and Joint Force Headquarters (JFHQ)-States. As of September 2014, NORTHCOM's IG office stated that despite positive initiatives taken to date, a review of DCO/EPLO staffing requirements has not been completed. DOD, the Combatant Commands, and the Services would benefit from such an analysis. They added that despite positive actions taken to date to improve DCO/EPLO operations, multiple efforts are still ongoing that support this action item. DODD 3025.jj remains in development with OSD, the Services, and USNORTHCOM. A USNORTHCOM operational planning team is in the process of coordinating command and control relationships for DCOs and their Defense Coordinating Elements (DCE). Another effort is underway to revive the annual DSCA/IDR Preparedness Workshop, which provided a vehicle for coordination among all DOD DSCA participants to institutionalize these processes. USNORTHCOM and components are still evaluating requirements and potential solutions for providing additional staff support to the DCOs/DCEs.