Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Homeland security"

    197 publications with a total of 715 open recommendations including 59 priority recommendations
    Director: Carol Harris
    Phone: (202) 512-4456

    14 open recommendations
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes and implements specific time frames for determining key strategic implementation details, including how the program will transition from the current state to the final TIM state. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes a schedule that provides planned completion dates based on realistic estimates of how long it will take to deliver capabilities. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes new time frames for implementing the actions identified in the organizational change management strategy and effectively executes against these time frames. (Recommendation 3)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office defines and documents the roles and responsibilities among product owners, the solution team, and any other relevant stakeholders for prioritizing and approving Agile software development work. (Recommendation 4)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes specific prioritization levels for current and future features and user stories. (Recommendation 5)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office implements automated Agile management testing and deployment tools, as soon as possible. (Recommendation 6)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office updates the Systems Engineering Life Cycle Tailoring Plan to reflect the current governance framework and milestone review processes. (Recommendation 7)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes thresholds or targets for acceptable performance-levels. (Recommendation 8)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office begins collecting and reporting on Agile-related cost metrics. (Recommendation 9)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office ensures that program velocity is measured and reported consistently. (Recommendation 10)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The TSA Administrator should ensure that the TIM program management office ensures that unit test coverage for software releases is measured and reported accurately. (Recommendation 11)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that appropriate DHS leadership reaches consensus on needed oversight and governance changes related to the frequency of reviewing Agile programs, and then documents and implements associated changes. (Recommendation 12)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that the Office of the Chief Technology Officer completes guidance for Agile programs to use for collecting and reporting on performance metrics. (Recommendation 13)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that DHS-level oversight bodies review key Agile performance and cost metrics for the TIM program and use them to inform management oversight decisions. (Recommendation 14)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: The Commissioner of CBP should develop and implement a policy and related guidance for documenting arrangements with landowners, as needed, on Border Patrol's maintenance of roads it uses to conduct its operations, and share these documented arrangements with its sectors. (Recommendation 1)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commissioner of CBP should clearly document the process and criteria for making decisions on funding non-owned operational requirements and communicate this process to Border Patrol sectors. (Recommendation 2)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commissioner of CBP should assess the feasibility of options for addressing the maintenance of nonfederal public roads. This should include a review of data needed to determine the extent of its reliance on non-owned roads for border security operations. (Recommendation 3)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Grover, Jennifer A
    Phone: 202-512-7141

    1 open recommendations
    Recommendation: The Commandant of the Coast Guard should complete a comprehensive cost estimate for a limited service life extension of the Polar Star that follows cost estimating best practices before committing to this approach for bridging the potential capability gap. (Recommendation 1)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To ensure that current pilot programs related to electronic advance data provide insights that help in assessing USPS's effectiveness at providing mail targeted by CBP for inspection, the Secretary of Homeland Security should direct the Commissioner of CBP to, in conjunction with USPS, (1) establish measureable performance goals for pilot programs and (2) assess the performance of the pilots in achieving these goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide information on the costs and benefits of collecting electronic advance data for use in targeting inbound international mail for screening, the Secretary of Homeland Security should direct the Commissioner of CBP to, in conjunction with USPS, evaluate the relative costs and benefits of collecting electronic advance data for targeting mail for inspection in comparison to other methods.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    7 open recommendations
    Recommendation: The Secretary of the Interior should direct the Director of the National Park Service to direct the U.S. Park Police to ensure that performance measures linked to program goals are included as part of its updated strategic plan and direct it to develop a timeline for completion of this plan.

    Agency: Department of the Interior
    Status: Open

    Comments: Interior concurred with this recommendation and said it would take steps to implement it. When we confirm what actions Interior has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Interior should direct the Director of the National Park Service to direct the U.S. Park Police to seek additional input from federal entities with expertise regarding ways to enhance testing of its physical security program.

    Agency: Department of the Interior
    Status: Open

    Comments: Interior concurred with this recommendation and said it would take steps to implement it. When we confirm what actions Interior has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Smithsonian Institution should direct the Office of Protection Services to develop program goals and ensure that performance measures linked to those goals are included as part of the strategic plan for security and develop a timeline for completion of this plan.

    Agency: Smithsonian Institution
    Status: Open

    Comments: The Smithsonian concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the Smithsonian has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Smithsonian Institution should direct the Office of Protection Services to seek additional input from federal entities with expertise regarding ways to enhance testing of the physical security program.

    Agency: Smithsonian Institution
    Status: Open

    Comments: The Smithsonian concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the Smithsonian has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to develop a process for documenting risk management decisions.

    Agency: National Gallery of Art
    Status: Open

    Comments: The National Gallery concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the National Gallery has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to ensure that program goals and performance measures linked to those goals are included as part of the master security plan and develop a timeline for completion of this plan.

    Agency: National Gallery of Art
    Status: Open

    Comments: The National Gallery concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the National Gallery has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to seek additional input from federal entities with expertise regarding ways to enhance testing of the physical security program.

    Agency: National Gallery of Art
    Status: Open

    Comments: The National Gallery concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the National Gallery has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    3 open recommendations
    Recommendation: To enhance CBP's identification of high-risk cargo shipments and its enforcement of the ISF rule, the Commissioner of CBP should enforce the ISF rule requirement that carriers provide CSMs to CBP when targeters identify CSM noncompliance.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP's Office of Field Operations is developing an enforcement strategy for container status messages (CSM) that it plans to complete by August 31, 2017. Once the strategy is completed, OFO plans to provide CSM enforcement guidance to the Advance Targeting Units. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Recommendation: To enhance CBP's identification of high-risk cargo shipments and its enforcement of the ISF rule, the Commissioner of CBP should evaluate the ISF enforcement strategies used by ATUs to assess whether particular enforcement methods could be applied to ports with relatively low submission rates.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP plans to discuss enforcement strategies during monthly conference calls held by the National Targeting Center-Cargo with all Advance Targeting Units (ATU) in order to identify the factors that are impacting ports with lower Importer Security Filing (ISF) compliance rates. In addition, CBP plans to leverage the strategies employed by ATUs overseeing ports with higher ISF compliance rates in order to increase the ISF submission rates at the ports with lower compliance rates. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Recommendation: The Commissioner of CBP should identify and collect additional performance information on the impact of the ISF rule data, such as the identification of shipments containing contraband, to better evaluate the effectiveness of the ISF program.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP is developing a plan (by August 31, 2017) to assess additional performance metrics to evaluate the effectiveness of the Importer Security Filing Program. After the plan has been developed, CBP will extract the performance data for analysis and, if needed, take actions to implement changes to the Program. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Director: Chris Currie
    Phone: (404) 679-1875

    6 open recommendations
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to document policies and procedures to address potential Surge Capacity Force misconduct.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to document Reservist disciplinary options and appeals policies and procedures that are currently in practice at the agency.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to communicate the range of penalties for specific misconduct offenses to all employees and supervisors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to better identify and address trends in employee misconduct, the Secretary of Homeland Security should direct the FEMA Administrator to improve the quality and usefulness of the misconduct data it collects by implementing quality control measures, such as adding additional drop-down fields with standardized entries, adding unique case identifier fields, developing documented guidance for data entry, or considering the adoption of database software.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to better identify and address trends in employee misconduct, the Secretary of Homeland Security should direct the FEMA Administrator to, once the quality of the data is improved, conduct routine reporting on employee misconduct trends.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to ensure that all allegations of employee misconduct referred by DHS OIG are reviewed and addressed, the Secretary of Homeland Security should direct the FEMA Administrator to develop reconciliation procedures to consistently track referred cases.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: The Director of OMB should submit or reference agencies' report modification proposals in the President's annual budget as required by GPRAMA.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In August 2017, the Office of Management and Budget stated it would include a list of report modification proposals in the President's fiscal year (FY) 2019 budget as required by GPRAMA. We will close this recommendation when the FY 2019 President's budget is released.
    Director: Kimberly Gianopoulos
    Phone: (202) 512-8612

    2 open recommendations
    Recommendation: To strengthen CBP's trade enforcement efforts, the Commissioner of CBP should direct the Office of Trade to include performance targets, when applicable, in addition to performance measures in its Priority Trade Issue strategic and annual plans.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of September 2017, CBP indicated that CBP's Office of Trade has been performing biweekly reviews of current performance measure results and had scheduled a management planning meeting to closeout FY 2017. CBP indicated that these efforts will help establish the performance target baselines for FY 2018. CBP indicated that it plans to establish the FY 2018 priorities and Priority Trade Issue strategic and annual plans, but as of September 2017 has not provided timeframes for project completion.
    Recommendation: To strengthen CBP's trade enforcement efforts, the Commissioner of CBP should direct the Office of Trade and the Office of Field Operations to develop a long-term hiring plan that articulates how CBP will reach its staffing targets for trade positions set in the Homeland Security Act and the agency's resource optimization model.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of September 2017, CBP indicated that, in order to develop a long-term hiring plan, CBP's Office of Trade (OT), Office of Field Operations (OFO), and Human Resources Management (HRM) established a working group of key stakeholders to define the hiring challenges related to the trade positions. CBP identified the key stakeholders for the working group and was planning its first meeting for the working group. In the interim, CBP indicated that it was actively addressing trade hiring gaps through a variety of mechanisms that includes building recruiting partnerships with universities as well as closely tracking and monitoring the hiring of import specialists from initial announcement through entrance on duty.
    Director: Beryl H. Davis
    Phone: (202) 512-2623

    2 open recommendations
    Recommendation: To help ensure that government-wide compliance under IPERA is consistently determined and reported, the Director of OMB should coordinate with CIGIE to develop and issue guidance, either jointly or independently, to specify what procedures should be conducted as part of the IGs' IPERA compliance determinations.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: OMB had no comments on the report or the recommendation to coordinate with CIGIE to develop guidance. Although this recommendation was not directed to CIGIE, the CIGIE Chairperson stated that CIGIE would coordinate with OMB as needed and provide feedback on any draft OMB guidance.
    Recommendation: To help fulfill USDA's requirements under IPERA and OMB guidance--that agencies submit proposals to Congress when a program reaches 3 or more consecutive years of noncompliance with IPERA criteria--the Secretary of Agriculture should submit a letter to Congress detailing proposals for reauthorization or statutory changes in response to 3 consecutive years of noncompliance as of fiscal year 2015 for its Farm Security and Rural Investment Act Program. To the extent that reauthorization or statutory changes are not considered necessary to bring a program into compliance, the Secretary or designee should state so in the letter.

    Agency: Department of Agriculture
    Status: Open

    Comments: USDA's Acting Deputy Secretary concurred with this recommendation.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    6 open recommendations
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to update the department's IT Acquisition Review governance process to increase the number of contracts and agreements (associated with both major and non-major investments) that are reviewed by the CIO and appropriate delegates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the specific staff or positions currently within the department's IT acquisition cadre; and (2) assessing whether these staff and positions address all of the specialized skills and knowledge needed, as outlined in OMB's Office of Federal Procurement Policy's guidance for developing an IT acquisition cadre.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the department's future IT skillset needs as a result of DHS's new delivery model, (2) conducting a skills gap analysis, and (3) resolving any skills gaps identified.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update the department's acquisition policies and guidance to be consistent in identifying that the DHS CIO is to certify investments' incremental development activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update DHS headquarters', Customs and Border Protection's, and U.S. Coast Guard's processes to track, for all contracts and agreements, the IT investment with which each is associated (as applicable).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update and implement the process DHS uses for assessing the risks of major IT investments to ensure that the CIO rating reported to the Dashboard fully reflects the CIO's assessment of each major IT investment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Director: David Powner
    Phone: (202) 512-9286

    29 open recommendations
    Recommendation: To better ensure that federal data center optimization efforts improve governmental efficiency and achieve cost savings, the Director of OMB should direct the Federal CIO to provide the necessary oversight to ensure that each agency completes their DCOI strategic plan in accordance with OMB's guidance implementing Federal Information Technology Acquisition Reform provisions (FITARA).

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) has not yet taken any actions to implement our recommendation. We will continue to monitor OMB's progress in implementing this recommendation.
    Recommendation: To better ensure that federal data center optimization efforts improve governmental efficiency and achieve cost savings, the Director of OMB should direct the Federal CIO to provide the necessary oversight to ensure that agency reporting of achieved data center consolidation and optimization cost savings and avoidances is consistent across all reporting mechanisms, including quarterly data submissions and agency DCOI strategic plans.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) has not yet taken any actions to implement our recommendation. We will continue to monitor OMB's progress in implementing this recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation and described planned actions to address it. Specifically, the department stated that it will continue to aggregate its data center inventory and update its DCOI strategic plan by OMB's April 17, 2017, submission deadline. We reviewed the updated DCOI strategic plan and found that the department included planned savings figures for fiscal years 2016 through 2018 and achieved figures for 2016. However, Commerce did not include $517 million in historical savings that the department previously reported to the Office of Management and Budget, as was required to be included in the plan. Additionally, the department's chief information officer statement, regarding compliance with Federal Information Technology Acquisition Reform Act reporting requirements, is not yet publicly available, as is required. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense has not yet taken action to implement our recommendation. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy agreed with, but has not yet taken action to implement, our recommendation. We will monitor the department's efforts to address our recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services has not yet taken action to implement our recommendation. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Social Security Administration
    Status: Open

    Comments: The Social Security Administration agreed with our recommendation and described planned actions to address it. Specifically, the agency noted that it will continue to economize and evolve its data center optimization management and will continue to encourage open dialog and information exchange between agencies to achieve efficiencies and enhanced data center operations government-wide. We will continue to monitor the agency's efforts to address our recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of the Interior
    Status: Open

    Comments: The Department of Interior agreed with, but has not yet taken action to implement, our recommendation. We will monitor the department's efforts to address our recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice has not yet taken action to implement our recommendation. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation agreed with, but has not yet taken action to implement, our recommendation. We will monitor the department's efforts to address our recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor has not yet taken action to implement our recommendation. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of Treasury has not yet taken action to implement our recommendation. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department of Veterans Affairs agreed with, but has not yet taken action to implement, our recommendation. We will monitor the department's efforts to address our recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Department of State
    Status: Open

    Comments: The Department of State agreed with our recommendation and described planned actions to address it. Specifically, the department described plans to acquire, subject to funding availability, automated monitoring tools for its enterprise data centers. It also described plans to engage OMB to rebaseline the closure target for its non-tiered data centers located outside the United States, based on the department's mission needs. In addition, the department noted that it is in the process of identifying the number of server rooms in the United States that meet the DCOI definition of a data center. We will continue to monitor the department's efforts to address our recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency described planned actions to address our recommendation. Specifically, the agency stated that it will update its data center optimization initiative strategic plan to include elements not reflected in the 2016 submission and will complete the plan to the extent feasible. We will continue to monitor the agency's progress in taking these actions.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The National Aeronautics and Space Administration agreed with our recommendation and described planned actions to address it. Specifically, the agency stated that it would provide OMB with an update to the agency's DCOI strategic plan that would address missing elements and any identified challenges. We will continue to monitor the department's efforts to address our recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Small Business Administration
    Status: Open

    Comments: The Small Business Administration agreed with, but has not yet taken action to implement, our recommendation. We will monitor the department's efforts to address our recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: The Nuclear Regulatory Commission disagreed with our recommendation. We will continue to monitor the agency's efforts to address the recommendation.
    Recommendation: The following 17 agencies (the Secretaries of the Departments of Commerce, Defense, Energy, Health and Human Services, Interior, Labor, State, Transportation, Treasury, and Veterans Affairs; the Attorney General; and the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration, Small Business Administration, and U.S. Agency for International Development; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration) should each take action to complete the missing elements in their respective DCOI strategic plan, including addressing any identified challenges, and submit their completed strategic plan to OMB.

    Agency: United States Agency for International Development
    Status: Open

    Comments: The U.S. Agency for International Development described planned actions to address our recommendation. Specifically, the agency stated it would take action to complete the missing elements in its DCOI strategic plan, including addressing any identified challenges, and submit the completed strategic plan to OMB. We will continue to monitor the agency's progress in taking these actions.
    Recommendation: Finally, the following 11 agencies (the Secretaries of the Departments of Commerce, Education, Health and Human Services, Interior, Labor, State, Transportation, and Treasury; the Administrators of the Environmental Protection Agency, General Services Administration, and the U.S. Agency for International Development) should also each take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education has not yet taken action to implement our recommendation. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: Finally, the following 11 agencies (the Secretaries of the Departments of Commerce, Education, Health and Human Services, Interior, Labor, State, Transportation, and Treasury; the Administrators of the Environmental Protection Agency, General Services Administration, and the U.S. Agency for International Development) should also each take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation and described planned actions to address it. Specifically, the department stated that it will, through the integrated data collection process, continue to collect and report all initiatives resulting in cost savings and avoidances to ensure IT savings are being captured and realized. We will monitor the department's efforts to address this recommendation.
    Recommendation: Finally, the following 11 agencies (the Secretaries of the Departments of Commerce, Education, Health and Human Services, Interior, Labor, State, Transportation, and Treasury; the Administrators of the Environmental Protection Agency, General Services Administration, and the U.S. Agency for International Development) should also each take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services has not yet taken action to implement our recommendation. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: Finally, the following 11 agencies (the Secretaries of the Departments of Commerce, Education, Health and Human Services, Interior, Labor, State, Transportation, and Treasury; the Administrators of the Environmental Protection Agency, General Services Administration, and the U.S. Agency for International Development) should also each take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans.

    Agency: Department of the Interior
    Status: Open

    Comments: The Department of Interior agreed with, but has not yet taken action to implement, our recommendation. We will monitor the department's efforts to address our recommendation.
    Recommendation: Finally, the following 11 agencies (the Secretaries of the Departments of Commerce, Education, Health and Human Services, Interior, Labor, State, Transportation, and Treasury; the Administrators of the Environmental Protection Agency, General Services Administration, and the U.S. Agency for International Development) should also each take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation agreed with, but has not yet taken action to implement, our recommendation. We will monitor the department's efforts to address our recommendation.
    Recommendation: Finally, the following 11 agencies (the Secretaries of the Departments of Commerce, Education, Health and Human Services, Interior, Labor, State, Transportation, and Treasury; the Administrators of the Environmental Protection Agency, General Services Administration, and the U.S. Agency for International Development) should also each take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor has not yet taken action to implement our recommendation. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: Finally, the following 11 agencies (the Secretaries of the Departments of Commerce, Education, Health and Human Services, Interior, Labor, State, Transportation, and Treasury; the Administrators of the Environmental Protection Agency, General Services Administration, and the U.S. Agency for International Development) should also each take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of Treasury has not yet taken action to implement our recommendation. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: Finally, the following 11 agencies (the Secretaries of the Departments of Commerce, Education, Health and Human Services, Interior, Labor, State, Transportation, and Treasury; the Administrators of the Environmental Protection Agency, General Services Administration, and the U.S. Agency for International Development) should also each take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans.

    Agency: Department of State
    Status: Open

    Comments: The Department of State agreed with our recommendation and described planned actions to address it. Specifically, the department described plans to acquire, subject to funding availability, automated monitoring tools for its enterprise data centers. It also described plans to engage OMB to rebaseline the closure target for its non-tiered data centers located outside the United States, based on the department's mission needs. In addition, the department noted that it is in the process of identifying the number of server rooms in the United States that meet the DCOI definition of a data center. We will continue to monitor the department's efforts to address our recommendation.
    Recommendation: Finally, the following 11 agencies (the Secretaries of the Departments of Commerce, Education, Health and Human Services, Interior, Labor, State, Transportation, and Treasury; the Administrators of the Environmental Protection Agency, General Services Administration, and the U.S. Agency for International Development) should also each take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency described planned actions to address our recommendation. Specifically, the agency stated that it is working toward consistent reporting on cost savings and avoidances in future reporting submissions and is finalizing a cost analysis methodology to be applied to its data center optimization initiative strategy. The agency further stated that it would ensure consistent use of the process for all reporting queries. We will continue to monitor the agency's progress in taking these actions.
    Recommendation: Finally, the following 11 agencies (the Secretaries of the Departments of Commerce, Education, Health and Human Services, Interior, Labor, State, Transportation, and Treasury; the Administrators of the Environmental Protection Agency, General Services Administration, and the U.S. Agency for International Development) should also each take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans.

    Agency: United States Agency for International Development
    Status: Open

    Comments: The U.S. Agency for International Development described planned actions to address our recommendation. Specifically, the agency stated it would, in accordance with OMB, take action to ensure that the amounts of achieved data center cost savings and avoidances are consistent across all reporting mechanisms, including the quarterly data submissions and DCOI strategic plans. We will continue to monitor the agency's progress in taking these actions.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP to assess and document how the alternative technological solutions being considered will fully meet operational needs related to ultralight aircraft.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and stated that it plans to assess and document requirements related to ultralight aircraft threats and how technological solutions will address these requirements as part of U.S. Customs and Border Protection Air and Marine Operations air domain awareness efforts. DHS plans to complete these efforts by July 2018.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP and the Director of ICE to jointly establish and monitor performance measures and targets related to cross-border tunnels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and stated that U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement will review available information and develop performance measures and targets as deemed appropriate by February 2018.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP to establish and monitor performance targets related to ultralight aircraft.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred and stated that within U.S. Customs and Border Protection, Air and Marine Operations and the U.S. Border Patrol are developing a joint performance measure and targets for interdicting ultralight aircraft. DHS plans to complete these efforts by October 2017.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the U.S. Customs and Border Protection (CBP)-U.S. Immigration and Customs Enforcement (ICE) tunnel committee to convene and establish standard operating procedures for addressing cross-border tunnels, including procedures for sharing information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS did not concur with this recommendation. However, CBP and ICE agreed that strengthening operational procedures may be beneficial and stated that they will jointly review procedures and discuss revising and/or consolidating the procedures. We continue to believe that the recommendation is valid and will monitor DHS's efforts to address it.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commandant of the Coast Guard, Commissioner of CBP, and the Director of ICE to establish and monitor Regional Coordinating Mechanisms performance measures and targets related to panga boat and recreational vessel smuggling.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS did not concur with this recommendation. DHS stated that that it believes that by establishing common terminology to address our first recommendation, the RECOMs will have more reliable, usable analyses to inform their maritime interdiction efforts. However, DHS did not believe that performance measures and targets related to smuggling by panga boats would provide the most useful strategic assessment of operations to prevent all illicit trafficking, regardless of area of operations or mode of transportation. DHS also cited the recent creation of the DHS Office of Policy, Strategy, and Plans that is to work with U.S. Coast Guard, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, and other components and offices to better evaluate the effectiveness of all operations that work to prevent the illegal entry of goods and people into the country, as appropriate. We continue to believe that the recommendation is valid and will monitor DHS's efforts to address it.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To facilitate the removal of underutilized vehicles, the Secretary of Homeland Security should direct the Commissioner of Customs and Border Protection to develop a written plan for how CBP will use newly available usage data to improve its utilization assessment processes. Such a plan would define utilization criteria that reflect CBP's mission and describe how CBP will review and individually justify vehicles that do not meet the utilization criteria established by either DHS or CBP.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance awareness of NRCS's utilization assessment process and facilitate the elimination of unnecessary vehicles, the Secretary of the Department of Agriculture should communicate USDA's policy on vehicle utilization to USDA's fleet management staff to ensure staff are aware of USDA policy. This communication could include redistributing the 2012 utilization policy memo.

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Justice
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Justice
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Director: Gambler, Rebecca S
    Phone: (202) 512-6912

    9 open recommendations
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should ensure SAVE guidance, including written materials and instructional videos, clearly and accurately reflects user agencies' responsibilities for completing each step of a SAVE check, as outlined in each agency's memorandum of agreement.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a mechanism to oversee agencies' completion of training on additional verification in accordance with SAVE MOA provisions and program policies.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should provide notifications to user agencies when a case is ready for the user agency to review.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a more effective method for ensuring that individuals are aware of how they can access and correct their immigration records, such as by updating and improving the Fact Sheet for Benefit Applicants.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a documented, risk-based approach to monitoring and compliance, including (1) a risk-based approach to selecting behaviors to monitor; (2) standards for what triggers compliance actions for the selected behaviors; and (3) a risk-based process for how USCIS will prioritize and select agencies for compliance actions.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and communicate a process for user agencies to update contact information.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should ensure that user agencies participate in compliance reviews when selected, in accordance with SAVE MOA provisions and USCIS policy.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should identify the root causes of agencies' noncompliance with SAVE MOA provisions and program policies and tailor agency recommendations to those identified causes.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a process for ensuring user agencies implement corrective actions such as through a system of escalating compliance assistance actions and follow-up.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure Border Patrol has the best available information to inform future investments in TI and resource allocation decisions among TI and other assets Border Patrol deploys in the furtherance of border security operations, and to ensure that key parties within Border Patrol's Requirements Management Process are aware of their roles and responsibilities within the process, the Chief of the Border Patrol should develop metrics to assess the contributions of pedestrian and vehicle fencing to border security along the southwest border using the data Border Patrol already collects and apply this information, as appropriate, when making investment and resource allocation decisions.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open
    Priority recommendation

    Comments: DHS concurred agreed with the this recommendation and stated that it planned to develop and incorporate metrics into Border Patrol's Requirements Management Process.
    Recommendation: To ensure Border Patrol has the best available information to inform future investments in TI and resource allocation decisions among TI and other assets Border Patrol deploys in the furtherance of border security operations, and to ensure that key parties within Border Patrol's Requirements Management Process are aware of their roles and responsibilities within the process, the Chief of the Border Patrol should develop and implement written guidance to include roles and responsibilities for the steps within its requirements process for identifying, funding, and deploying tactical infrastructure assets for border security operations.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open
    Priority recommendation

    Comments: DHS concurred with the recommendation and stated that it plans to update the Requirements Management Process and, as part of that update, plans to add communication and training methods and tools to better implement the Process. DHS plans to complete these efforts by September 2019.
    Director: Joe Kirschbaum
    Phone: (202) 512-9971

    3 open recommendations
    Recommendation: As DOD plans to respond to a pandemic, the Secretary of Defense should direct the Under Secretary of Defense for Policy and other DOD officials, as appropriate, to use DOD's existing coordination mechanisms with HHS and the Federal Emergency Management Agency (FEMA) to explore opportunities to improve their preparedness and response to a pandemic if DOD's capabilities are limited.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As HHS plans to respond to a pandemic, the Secretary of Health and Human Services should direct the Assistant Secretary for Preparedness and Response to use HHS's existing coordination mechanisms with DOD and FEMA to explore opportunities to improve their preparedness and response to a pandemic if DOD's capabilities are limited.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As DHS, through FEMA, plans to respond to a pandemic, the Secretary of Homeland Security should direct the Administrator of FEMA to use FEMA's existing coordination mechanisms with DOD and HHS to explore opportunities to improve their preparedness and response to a pandemic if DOD's capabilities are limited.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To ensure that C-TPAT program managers are provided consistent data from the C-TPAT field offices on security validations, the Commissioner of U.S. Customs and Border Protection should develop standardized guidance for the C-TPAT field offices to use in tracking and reporting information on the number of required and completed security validations.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: On April 28, 2017, CBP officials provided documentation--a common worksheet, instructions, and related standard operating procedures for C-TPAT field offices to use in tracking and reporting information to headquarters staff on security validations required and completed. We reviewed the information and interviewed C-TPAT officials in two field offices and C-TPAT's Plans and Operations Branch, which is responsible for overseeing these efforts, about the new procedures. In early August 2017, we asked for additional evidence that C-TPAT is ensuring one standard approach across its field offices for capturing and reporting security validations required and completed. The BBP liaison informed us that C-TPAT officials are to provide the additional evidence by the end of September 2017.
    Recommendation: To ensure the availability of complete and accurate data for managing the C-TPAT program and establishing and maintaining reliable indicators on the extent to which C-TPAT members receive benefits, the Commissioner of U.S. Customs and Border Protection should determine the specific problems that have led to questionable data contained in the Dashboard and develop an action plan, with milestones and completion dates, for correcting the data so that the C-TPAT program can produce accurate and reliable data for measuring C-TPAT member benefits.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: On July 28, 2017, CBP provided us with documentation, to include: a schedule of completed and planned activities related to refining data reporting system requirements, testing of preliminary results from new data runs, developing a reporting system for tracking security examination rates, and a copy of the results of a preliminary data run identifying shipment examination rates by mode of transportation and C-TPAT member Tier level. CBP staff informed us that the steps being taken to address this recommendation are to continue through the end of the 2017. In the interim, we are reviewing the documents CBP provided to determine what, if any, additional information we may need to assess progress in addressing this recommendation.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    2 open recommendations
    Recommendation: To enhance its ability to fulfill its role as the facilitator of cross-sector collaboration and best-practices sharing, the Secretary of Homeland Security should direct the Assistant Secretary of Infrastructure Protection, Office of Infrastructure Protection, to explore with key critical infrastructure partners, whether and what opportunities exist to harmonize federally-administered screening and credentialing access control efforts across critical infrastructure sectors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure that SCO uses its time and resources to pursue the most efficient and effective screening and credentialing harmonization goals on behalf of the department, the Secretary of Homeland Security should direct the Deputy Assistant Secretary for Screening Coordination, Office of Policy, to establish goals and objectives to support its broader strategic framework for harmonization.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To better ensure the effectiveness of CBP's predeparture programs, the Commissioner of U.S. Customs and Border Protection should develop and implement a system of performance measures and baselines to evaluate the effectiveness of CBP's predeparture programs and assess whether the programs are achieving their stated goals.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: U.S. Customs and Border Protection's (CBP) Office of Field Operations (OFO) reported that it established a working group comprised of designated program officials from CBP's Admissibility and Passenger Programs; National Targeting Center; Planning, Program Analysis, and Evaluation; and, Preclearance offices to develop and implement a system of performance measures and baselines to evaluate the effectiveness of CBP's predeparture programs. As of July 2017, CBP reported that the working group had developed three performance measures for its predeparture programs. According to OFO officials, fiscal year 2018 will be the first complete year that each of these measures is calculated using a standardized and repeatable methodology and will thus be used as a baseline year. The baselines developed during fiscal year 2018 will then be used in future assessments of program effectiveness. To fully address this recommendation to develop and implement performance measures and baselines for evaluating its predeparture programs, GAO will review documentation from CBP, when available, on the fiscal year 2018 baselines and CBP's planned evaluation of fiscal year 2019 data against those baselines.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    6 open recommendations
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should strengthen the methodology for calculating recidivism such as by using an alien's apprehension history beyond one fiscal year and excluding aliens for whom there is no record of removal and who may remain in the United States.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should collect information on reasons agents do not apply the CDS guides' Most Effective and Efficient consequences to assess the extent that agents' application of these consequences can be increased and modify development of CDS guides, as appropriate.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should revise CDS guidance to ensure consistent and accurate methodologies for estimating Border Patrol costs across consequences and to factor in, where appropriate and available, the relative costs of any federal partner resources necessary to implement each consequence.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should ensure that sector management is monitoring progress in meeting their performance targets and communicating performance results to Border Patrol headquarters management.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should provide consistent guidance for alien classification and take steps to ensure CDS Project Management Office and sector management conduct data integrity activities necessary to strengthen control over the classification of aliens.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should direct the Assistant Secretary of Immigration and Customs Enforcement and Commissioner of Customs and Border Protection to collaborate on sharing immigration enforcement and removal data to help Border Patrol account for the removal status of apprehended aliens in its recidivism rate measure.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Tim Persons
    Phone: (202) 512-6412

    1 open recommendations
    Recommendation: The Secretary of Homeland Security--in consultation with the Federal Bureau of Investigation--should conduct a formal bioforensics capability gap analysis to identify scientific and technical gaps and needs in bioforensics capabilities to help guide current and future bioforensics investments and update its analysis periodically.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Kimberly Gianopoulos
    Phone: (202) 512-8612

    3 open recommendations
    Recommendation: To provide a basis for comparing actual results with intended results that can generate more meaningful performance information, the Secretaries of the Interior and State and the Attorney General of the United States should jointly work with the Task Force to develop performance targets related to the National Strategy for Combating Wildlife Trafficking Implementation Plan.

    Agency: Department of the Interior
    Status: Open

    Comments: Agency agreed with recommendation and plans to implement it
    Recommendation: To provide a basis for comparing actual results with intended results that can generate more meaningful performance information, the Secretaries of the Interior and State and the Attorney General of the United States should jointly work with the Task Force to develop performance targets related to the National Strategy for Combating Wildlife Trafficking Implementation Plan.

    Agency: Department of Justice
    Status: Open

    Comments: Agency agreed with recommendation and plans to implement it
    Recommendation: To provide a basis for comparing actual results with intended results that can generate more meaningful performance information, the Secretaries of the Interior and State and the Attorney General of the United States should jointly work with the Task Force to develop performance targets related to the National Strategy for Combating Wildlife Trafficking Implementation Plan.

    Agency: Department of State
    Status: Open

    Comments: Agency agreed with recommendation and plans to implement it
    Director: Currie, Christopher P
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To better assess the impact of the fire grants program, the Secretary of Homeland Security should direct the FEMA Administrator to establish measurable performance targets linked to AFG and SAFER program goals, such as the desired percentage of awardees who used grants to achieve compliance with equipment standards.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to officials, FEMA's Grant Programs Directorate is reviewing the current set of program metrics to determine the feasibility of establishing performance targets. FEMA plans to include approved targets in its annual report to Congress that will be issued for fiscal year 2016; the report was undergoing internal review for approval and release as of November 2016. Pending issuance of the report with measurable performance targets linked to AFG and SAFER program goals, this recommendation will remain open.
    Recommendation: To enhance FEMA's efforts to assess and integrate the fire grant programs' contributions to national preparedness, the Secretary of Homeland Security should direct the FEMA Administrator to use the National Preparedness Goal's definition of critical infrastructure as the basis of collecting information from applicants and using the National Critical Infrastructure Prioritization Program list to measure fire grant programs' performance in addressing national priorities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to officials, FEMA's Grant Programs Directorate plans to incorporate the National Preparedness Goal definition of national critical infrastructure into fire grant performance measures in FEMA's fiscal year 2017 Annual Report to Congress. Specifically, they said FEMA plans to conduct an assessment of data from AFG program application and awards in order to verify recipients are reporting infrastructure that aligns with the National Preparedness Goal definition of critical infrastructure. In addition, FEMA plans to meet as needed with the National Programs and Protection Directorate's Office of Critical Infrastructure Analysis to determine how the Critical Infrastructure Prioritization Program list can be used in the application process. Pending completion of these efforts, this recommendation will remain open.
    Recommendation: To enhance FEMA's efforts to incorporate new National Fire Operations Reporting System (NFORS) and Fire Community Assessment Response Evaluation System (FireCARES) data elements into fire grants program management activities, the Secretary of Homeland Security should direct the FEMA Administrator to develop a project management plan for identifying relevant data elements in the new NFORS and FireCARES systems and determining how they can be used to improve fire grant applications and awards processes and the performance assessment system.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to officials, FEMA's Grant Programs Directorate intends to develop a plan to assess the data collected to determine feasibility for integration of NFORS and FireCARES data into the AFG programs. The plan will incorporate ways to improve the applications, awards processes, and tracking of performance. This plan should be completed by March 2017, and FEMA will continue to collaborate with stakeholders for the improvement of the AFG application, awards processes, and performance management. According to FEMA, the estimated completion of this effort is September 2017.
    Director: Jenny Grover
    Phone: (202) 512-7141

    5 open recommendations
    Recommendation: To ensure effective evaluation of air marshal training, the TSA Administrator should direct OTD to implement a mechanism for regularly collecting and incorporating incumbent air marshals' feedback on the training they receive from field office programs.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure effective evaluation of air marshal training, the TSA Administrator should direct OTD to take additional steps to improve the response rates of the training surveys it conducts.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to specify in policy who at the headquarters level has oversight responsibility for ensuring that field office Supervisory Air Marshals-in-Charge or their designees meet their responsibilities for ensuring that training completion records are entered in a timely manner.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to specify in policy who at the headquarters level is responsible for ensuring that headquarters personnel enter approved air marshals' training exemptions into the Federal Air Marshal Information System, and define the timeframe for doing so.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to develop and implement standardized methods, such as examinations and checklists, for determining whether incumbent air marshals continue to be mission ready in key skills.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Seto Bagdoyan
    Phone: (202) 512-6722

    1 open recommendations
    Recommendation: To strengthen USCIS's EB-5 Program fraud risk management, the Director of USCIS should develop a fraud risk profile that aligns with leading practices identified in GAO's Fraud Risk Framework.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In November 2016, Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS)stated that the program would implement GAO's recommendation to develop a fraud risk profile and anticipated completion by September 30, 2017. In April 2017, USCIS provided an update including supporting documentation which reported that USCIS had contracted with an outside consultant to, among other things, develop a fraud risk profile that aligns with leading practices identified in GAO's Fraud Risk Framework. According to its response, USCIS expected to complete development of the profile by September 30, 2017.
    Director: Joseph W. Kirschbaum
    Phone: (202) 512-9971

    2 open recommendations
    Recommendation: To ensure that decision makers have immediate visibility into all capabilities of the National Guard that could support civil authorities in a cyber incident, the Secretary of Defense should maintain a database that can fully and quickly identify the cyber capabilities that the National Guard in the 50 states, three territories, and the District of Columbia have and could be used--if requested and approved--to support civil authorities in a cyber incident.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better prepare DOD to support civil authorities in a cyber incident, the Secretary of Defense should direct the Deputy Assistant Secretary of Defense for Cyber Policy, the Chief of the National Guard Bureau, the Commander of U.S. Northern Command, and the Commander of U.S. Cyber Command to conduct a tier 1 exercise that will improve DOD's planning efforts to support civil authorities in a cyber incident. Such an exercise should also address challenges from prior exercises, such as limited participant access to exercise environment, inclusion of other federal agencies and private-sector cybersecurity vendors, and incorporation of emergency or disaster scenarios concurrent to cyber incidents.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    12 open recommendations
    Recommendation: In order to improve the accuracy of IT Dashboard incremental development data, the Director of OMB should direct the Federal Chief Information Officer (CIO) to clarify existing guidance regarding what IT investments are and are not subject to requirements on the use of incremental development and how CIOs should report the status of projects that are not subject to these requirements.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) has taken initial steps to implement our recommendation. Specifically, OMB's June 2016 annual capital planning guidance for fiscal year 2018 included instructions on what types of investments were required to adhere to incremental development requirements related to the delivery of usable functionality. The guidance stated that all software development projects are required to produce usable functionality at intervals of no more than six months. Further, all major development projects within investments are required to use modular/agile principles. However, OMB's guidance still lacks direction on how CIOs are to report the status of nonsoftware projects, as we recommended. In the absence of our recommended guidance clarification, OMB is at risk of agencies continuing to be unclear about how nonsoftware development investment data are to be reported on the Dashboard, increasing the risk that data on the IT Dashboard will not always be accurate. We will continue to evaluate OMB's progress in clarifying its guidance and considering a change to provide more detailed guidance related to the reporting of nonsoftware development investment data.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) concurred with our recommendation and stated that the Enterprise Business Management Office within the Office of the Chief Information Officer will validate each investment reported on the Dashboard and work with program officials to ensure they appropriately update the data for the IT Dashboard. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education (Education) concurred with our recommendation and stated that the department will ensure that the data is kept current using their IT portfolio management process. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce (Commerce) concurred with our recommendation and stated that these changes would be incorporated into the department?s Dashboard reporting. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (Defense) partially concurred with our recommendation and stated that the department is taking action to update the Dashboard data as appropriate. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) concurred with our recommendation. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation (Transportation) concurred with our recommendation and stated the department was committed to ensuring the information on the IT Dashboard reflects up to date information. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the quality of the seven departments' information on project incremental delivery reported to the IT Dashboard, the Secretaries of Commerce, Defense, Education, Health and Human Services, Homeland Security, Transportation, and the Treasury should direct their CIOs to review major IT investment project data reported on the IT Dashboard and update the information as appropriate in the following areas: (1) whether the project is in-progress or complete; (2) whether the project is a software development project or not; and (3) the status of the delivery of functionality every 6 months, ensuring that these data are consistent across all reporting channels.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury (Treasury) did not comment on our recommendation. However, after our report was issued in August 2016, the IT Dashboard was not publicly updated from the end of August 2016 until the end of May 2017, during the formulation of the President's budget request. Now that the Dashboard is being publicly updated again, we will continue to analyze and monitor the department's progress in updating investment information on the Dashboard and the implementation of our recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education (Education) concurred with our recommendation to establish a departmentwide certification policy. Education officials reported in March 2017 that the department will complete changes to its guidance by November 2017. However, until this guidance is finalized, Education will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate Education's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (Defense) did not concur with our recommendation, stating that its existing guidance was adequate in this area. However, in August 2016, Defense issued its fiscal year 2018 budget submission guidance which required each component CIO to certify that IT investments were adequately implementing incremental development. The component CIOs were to document the certification in a statement of compliance memorandum, using their agency's letterhead, and submit the memorandum to the Defense CIO. Defense officials report that this same guidance will be added to the Financial Management Regulations during summer 2017. Until this annual guidance has been updated and incorporated into the department's standing policies, Defense is at risk of overlooking this requirement in subsequent years. We will continue to evaluate Defense's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) concurred with our recommendation to establish a departmentwide certification policy. However, HHS officials reported in April 2017 that they did not have a timeframe for when the department's new certification guidance would be completed. Until this guidance is finalized, HHS will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate HHS's progress in implementing this recommendation.
    Recommendation: To improve the certification of adequate incremental development, the Secretaries of Defense, Education, Health and Human Services, and the Treasury should direct their CIOs to establish a department policy and process for the certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of the Federal Information Technology Acquisition Reform Act.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury (Treasury) did not comment on our recommendations. Further, Treasury officials reported in March 2017 that it had no plans to revise its policies, as we recommended. Until the department establishes a CIO certification policy, Treasury will not be able to fully ensure adequate implement of, or benefit from, incremental development practices. We will continue to evaluate Treasury's progress in implementing this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    5 open recommendations
    Recommendation: To effectively measure 18F's performance, the Administrator of GSA should direct the Commissioner for the Technology Transformation Service to ensure that goals and associated performance measures are outcome-oriented and that performance measures have targets, including (1) performance measures and targets tied to fully recovering program costs; and (2) goals, performance measures, and targets for how the program will achieve its mission after September 2016.

    Agency: General Services Administration
    Status: Open

    Comments: The General Services Administration (GSA) agreed with, and has begun to take steps to implement, this recommendation. Specifically, GSA developed a quarterly performance report for fiscal year 2017 that includes an outcome-oriented goal for 18F as well as associated performance measures and targets. According to a Technology Transformation Service official, GSA plans to expand its quarterly performance report for fiscal year 2018 to reflect additional 18F goals and performance measures, including measures tied to fully recovering program costs. We will continue to evaluate GSA's progress in implementing this recommendation.
    Recommendation: To effectively measure 18F's performance, the Administrator of GSA should direct the Commissioner for the Technology Transformation Service to assess actual results for each performance measure.

    Agency: General Services Administration
    Status: Open

    Comments: The General Services Administration (GSA) agreed with, and has begun to take steps to implement, this recommendation. Specifically, GSA developed a quarterly performance report for fiscal year 2017 that includes an outcome-oriented goal for 18F as well as associated performance measures with targets. Additionally, GSA has assessed actual results of the performance measures for the first two quarters of fiscal year 2017. According to a Technology Transformation Service official, GSA plans to expand its quarterly performance report for fiscal year 2018 to include additional 18F goals and performance measures. We will continue to evaluate GSA's progress in implementing this recommendation.
    Recommendation: To effectively measure performance, prioritize USDS's resources, and ensure that CIOs play an integral role in agency digital service teams, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to ensure that all goals and associated performance measures are outcome-oriented and that performance measures have targets.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in its December 2016 report to Congress, OMB developed three goals for U.S. Digital Service (USDS): (1) rethink how the federal government builds and buys digital services; (2) expand the use of common, platforms, services, and tools; and (3) bring top technical talent into public service. In addition, OMB established performance measures with targets for its third goal and for each of the program's major projects. However, OMB has not established performance measures for the first two USDS goals. Further, the program's third goal is not outcome-oriented. We will continue to evaluate OMB's progress in implementing this recommendation.
    Recommendation: To effectively measure performance, prioritize USDS's resources, and ensure that CIOs play an integral role in agency digital service teams, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to assess actual results for each performance measure.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in its December 2016 report to Congress, OMB assessed the results of performance measures for one of the U.S. Digital Service (USDS) program's goals--bring top technical talent into public service--and for each of the program's major projects. However, OMB has not established performance measures for the other two USDS goals--rethink how the federal government builds and buys digital services; and expand the use of common, platforms, services, and tools. We will continue to evaluate OMB's progress in implementing this recommendation.
    Recommendation: To effectively measure performance, prioritize USDS's resources, and ensure that CIOs play an integral role in agency digital service teams, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to update USDS policy to clearly define the responsibilities and authorities governing the relationships between CIOs and the digital service teams and require existing agency digital service teams to address this policy. In doing so, the Federal Chief Information Officer should ensure that this policy is aligned with relevant federal law and OMB guidance on CIO responsibilities and authorities.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with, and has begun to take steps to implement, this recommendation. In particular, OMB updated its digital service team policy to require that teams appropriately inform their chief information officers (CIO) regarding U.S. Digital Service (USDS) projects. However, the policy does not describe the responsibilities or authorities governing the relationships between CIOs and digital service teams. We will continue to evaluate OMB's progress in implementing this recommendation.
    Director: Fennell, Anne-marie Lasowski
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: To help ensure that the Corps and FEMA carry out the national leveesafety- related activities required in the Water Resources Reform and Development Act of 2014, the Secretary of Defense should direct the Secretary of the Army to direct the Chief of Engineers and Commanding General of the U.S. Army Corps of Engineers and that the Secretary of Homeland Security direct the FEMA Administrator to develop a plan, with milestones, for implementing these activities, using existing resources or requesting additional resources as needed. This plan could be posted on the Corps' website and monitored for progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of December 2016, GAO is awaiting action by the agency to implement this recommendation.
    Recommendation: To help ensure that the Corps and FEMA carry out the national leveesafety- related activities required in the Water Resources Reform and Development Act of 2014, the Secretary of Defense should direct the Secretary of the Army to direct the Chief of Engineers and Commanding General of the U.S. Army Corps of Engineers and that the Secretary of Homeland Security direct the FEMA Administrator to develop a plan, with milestones, for implementing these activities, using existing resources or requesting additional resources as needed. This plan could be posted on the Corps' website and monitored for progress.

    Agency: Department of Defense
    Status: Open

    Comments: As of December 2016, GAO is awaiting action by the agency to implement this recommendation.
    Director: Andrew Von Ah
    Phone: (213) 830-1011

    4 open recommendations
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to document the processes and analyses for assessing and, as appropriate, for managing the difference between program costs and collections and document resulting decisions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS's Fee Governance Council, led by the Deputy CFO plans to draft and publish a revised section of the Financial Management Policy Manual devoted to documenting the processes and analyses for assessing and managing the difference between program costs and collections and document resulting decisions. The Council is currently working to establish interim milestones associated with this objective.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to establish processes for managing unobligated carryover balances, to include targets for minimum and maximum balances for programs that lack such processes and targets.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Fee Governance Council will draft and publish a revised section of the Financial Management Policy Manual devoted to managing unobligated carryover balances. The Council is currently working to develop specific milestones associated with this objective.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to conduct reviews to identify any management and operational deficiencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The DHS Fee Governance Council plans to publish a revised section of the Financial Management Policy Manual devoted to how components conduct studies of fee programs to identify any management or operational deficiencies. The Council is currently working to establish specific milestones associated with this objective.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to take action to track and report on management and operational deficiencies--including reasons supporting any decisions to not pursue recommended actions--identified in fee reviews or through other means.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The DHS Fee Governance Council will publish a revised section of the Financial Management Policy Manual devoted to how regular biennial reviews are conducted at DHS and how any findings and recommendations on management and operational deficiencies identified in these fee studies are tracked and reported.
    Director: Sager, Michelle A
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: The Administrator of General Services, in consultation with the STOC, should develop a travel data management approach, including common reporting formats that would provide GSA with more consistent travel cost data allowing GSA to compare travel costs across federal agencies. GSA could also include in this data management approach the planned implementation of the shared services model that would allow agencies to share a wide range of travel services with each other. This process could reduce both administrative costs and burden to the government and enable data-driven decision making.

    Agency: General Services Administration
    Status: Open

    Comments: According to GSA officials, GSA will take the following actions: (1) conduct a rest program to determine the opportunities and barriers for creating a reliable, standardized data repository containing government-wide travel spending data (pending OMB Director approval); (2) develop and test, in coordination with volunteer agencies and the GSA City Pairs Program personnel, an airfare savings dashboard to assimilates data from multiple sources and provides information on savings and opportunities for additional airfare savings by agencies; (3) publish an FTR Bulletin that identifies 5 core travel Key Performance Indicators that all agencies should use to improve travel management via standardized data; and (4) Identify and promote consistent adaptation of standardized default configurations of air and lodging choices within all E-Gove Travel Service 2 systems. As of August 2017, according to agency officials, they expect to implement this recommendation by the end of September 2017.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should clearly document the ECPC's strategic goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should establish a mechanism to track progress by the ECPC's member agencies in implementing the ECPC's recommendations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should clearly define the roles and responsibilities of the ECPC's member agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To help ensure that whistleblower retaliation reports are addressed efficiently and effectively, the Secretary of Homeland Security should direct the Under Secretary of DHS's National Protection and Programs Directorate's (NPPD), the Assistant Secretary for Infrastructure Protection, and the Director of the Infrastructure Security Compliance Division (ISCD) to develop a documented process and procedures to address and investigate whistleblower retaliation reports that could include existing practices, such as the Department of Labor's Occupational Safety and Health Administration's recommended practices, in developing the process and procedures.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, in September 2016 they initiated development of a standard operating procedure for addressing and investigating whistleblower retaliation complaints. ISCD expects to complete a final version of the standard operating procedure by June 2017. According to ISCD officials, the procedure will consider OSHA's guidance, once available, when developing this set of procedures. We will update the status of this recommendation after additional information is received from DHS.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To better position the Coast Guard to effectively plan its Arctic operations, the Commandant of the Coast Guard should develop measures, as appropriate, for gauging how the agency's actions have helped to mitigate the Arctic capability gaps.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2016, we reviewed and reported on the U.S. Coast Guard's efforts in the Arctic. We found that the Coast Guard had taken actions to implement its Arctic strategy and conduct Arctic operations, which may help the Coast Guard to better understand and mitigate identified Arctic capability gaps. Further, we found that the Coast Guard was tracking, or had plans to track, its various activities in the Arctic, but that it had not developed measures to systematically assess how its actions have helped to mitigate Arctic capability gaps. We recommended that the Coast Guard develop measures, as appropriate, for gauging how the agency's actions have helped to mitigate the Arctic capability gaps. In response to our recommendation, in August 2016, the Coast Guard reported that specific measures for some activities would be developed and included as part of the Coast Guard's update to its implementation plan for its Arctic strategy. In March 2017, the Coast Guard reported that it completed an annual review of its implementation plan in January 2017. However, officials stated that technology updates and modifications to its tracking tool are required to better represent the completion percentage. To fully address this recommendation, the Coast Guard will need to finalize the development of its measures to gauge how its actions have helped to mitigate Arctic capability gaps.
    Recommendation: To better position the Coast Guard to effectively plan its Arctic operations, the Commandant of the Coast Guard should design and implement a process to systematically assess the extent to which actions taken agency-wide have helped mitigate the Arctic capability gaps for which it has responsibility.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2016, we reviewed and reported on the U.S. Coast Guard's efforts in the Arctic. We found that the Coast Guard had taken actions to implement its Arctic strategy and conduct Arctic operations, which may help the Coast Guard to better understand and mitigate identified Arctic capability gaps. Further, we found that the Coast Guard was tracking, or had plans to track, its various activities in the Arctic, but that it had not systematically assessed how its actions have helped to mitigate Arctic capability gaps. We recommended that the Coast Guard design and implement a process to systematically assess the extent to which actions taken agency-wide have helped mitigate the Arctic capability gaps for which it has responsibility, so that it will better understand the status of these gaps and be better positioned to effectively plan its Arctic operations. In August 2016, the Coast Guard reported that through its annual review of its implementation plan for its Arctic Strategy, that it will systematically assess how its actions have mitigated capability gaps for which it is the lead agency under the Implementation Framework for the National Strategy for the Arctic Region. In March 2017, the Coast Guard reported that it completed an annual review of its implementation plan in January 2017 which resulted in the consolidation, removal, and addition of Arctic initiatives. Further, officials stated that the Coast Guard will continue to work with the Arctic Executive Steering Committee to provide information for the tracking and measurement of national capabilities, needs and gaps, and impacts in the Arctic Region. To fully address this recommendation, the Coast Guard will need to assess how its actions have helped to mitigate Arctic capability gaps, and provide documentation that identifies the progress it has made in helping to mitigate Arctic capability gaps.
    Director: Diana C. Maurer
    Phone: (202) 512-9627

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To allow for more efficient use of data on missing and unidentified persons contained in the NCIC's Missing Persons and Unidentified Persons files and NamUs, the Directors of the FBI and NIJ should evaluate the feasibility of sharing certain information among authorized users, document the results of this evaluation, and incorporate, as appropriate, legally and technically feasible options for sharing the information.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In commenting on GAO's June 2016 report, DOJ disagreed with our recommendation, because DOJ believes it does not have the legal authority to fulfill the corrective action as described in the proposed recommendation. Specifically, DOJ stated that the National Missing and Unidentified Persons System (NamUs) does not qualify, under federal law, for access to the National Crime Information Center (NCIC) and is not an authorized user to receive NCIC data. Therefore, DOJ does not believe there is value in evaluating the technical feasibility of integrating these two databases. In March 2017, DOJ reiterated its position that any such sharing was prohibited by law. We understand the legal framework placed on NCIC and that it may be restricted from fully integrating with a public database. However, this statutory restriction does not preclude DOJ from exploring options to more efficiently share information within the confines of the current legal framework. Until DOJ studies whether such feasible mechanisms exist, it will be unable to make this determination, risking continued inefficiencies through fragmentation and overlap.
    Recommendation: To allow for more efficient use of data on missing and unidentified persons contained in the NCIC's Missing Persons and Unidentified Persons files and NamUs, the Directors of the FBI and NIJ should evaluate the feasibility of sharing certain information among authorized users, document the results of this evaluation, and incorporate, as appropriate, legally and technically feasible options for sharing the information.

    Agency: Department of Justice: Office of Justice Programs: National Institute of Justice
    Status: Open
    Priority recommendation

    Comments: In commenting on GAO's June 2016 report, DOJ disagreed with our recommendation, because DOJ believes it does not have the legal authority to fulfill the corrective action as described in the proposed recommendation. Specifically, DOJ stated that the National Missing and Unidentified Persons System (NamUs) does not qualify, under federal law, for access to the National Crime Information Center (NCIC) and is not an authorized user to receive NCIC data. Therefore, DOJ does not believe there is value in evaluating the technical feasibility of integrating these two databases. In March 2017, DOJ reiterated its position that any such sharing was prohibited by law. We understand the legal framework placed on NCIC and that it may be restricted from fully integrating with a public database. However, this statutory restriction does not preclude DOJ from exploring options to more efficiently share information within the confines of the current legal framework. Until DOJ studies whether such feasible mechanisms exist, it will be unable to make this determination, risking continued inefficiencies through fragmentation and overlap.
    Director: David A. Powner
    Phone: (202) 512-9286

    22 open recommendations
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Education
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address it. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Energy
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that the Office of the CIO will update the CIO's OMB IT Dashboard Standard Operating Procedure to include the evaluation and assessment of active risks. This effort is to be completed by the end of December 2016. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it updated its CIO evaluation methodology to measure active risks in areas such as budget variance, performance, policy and governance compliance, risk management, and contract risk. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of the Interior
    Status: Open

    Comments: The Department agreed with this recommendation and, in a written response, stated that it plans to address this recommendation with the following actions: (1) developing a method to review and assign ratings for active risks that will be incorporated into CIO ratings and (2) integrating the risk rating methodology into a new process for all major investments' CIO ratings. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it is amending its current monthly review process to ensure that risks are factored into its IT Dashboard CIO ratings. VA expects to complete this effort during the first quarter of 2017. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Department of State
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address the recommendation. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Education, Energy, Health and Human Services, the Interior, State, and Veterans Affairs; and the Director of the Office of Personnel Management should direct their CIOs to factor active risks into their IT Dashboard CIO ratings.

    Agency: Office of Personnel Management
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Defense, Education, and Homeland Security; and the Commissioner of the Social Security Administration should direct their CIOs to update their CIO ratings at least as frequently as required in OMB's guidance.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) disagreed with this recommendation. In its written response, the Department noted that its semi-annual reporting is consistent with FITARA requirements and is documented in its OMB-approved FITARA Implementation Plan. After the publication of our report in June 2016, OMB issued its "Fiscal Year 2018 IT Budget-Capital Planning Guidance." This guidance removes the mandatory reporting frequency, but states that OMB expects that the CIOs would evaluate and rate their investments at specific times, including when the investment business cases are submitted to OMB in the agency budget request and when the business cases are prepared for the President's Budget release. In light of this new guidance, we analyzed the Department's update frequency for its 34 major investments (as listed on the IT Dashboard in June 2017). From June 2016 through May 2017, we found that 26 of the investments' ratings were updated once: in May 2017. The other 8 investments were not updated during this timeframe. Prior to this, the last DOD rating updates were made in March 2016, over a year beforehand. This analysis shows that DOD is not adhering to either its own semi-annual reporting requirements or to OMB's expectations. As such, we are not closing the recommendation at this time. We will continue to monitor the IT Dashboard for changes to DOD's update frequency. We maintain that frequent rating updates help ensure that the information on the Dashboard is timely and accurately reflects recent changes. Without such updates, the CIO ratings on the IT Dashboard may not reflect the current level of investment risk.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that the Office of the CIO Enterprise Business Management Office is updating its program assessment guideline. The updated guideline will include risk-based scores as the basis for its investment ratings. The Department expects to release this new guideline by the end of December 2016. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Education
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address it. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department agreed with our recommendation and, in a written response, stated that the CIO has revised the IT Dashboard assessment criteria to directly incorporate the degree of risk represented in the investments' Business Case documents. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Energy
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that the Office of the CIO will update its IT Dashboard Standard Operating Procedure to include an active risk sub-criteria comprised of probability and impact scores. This effort is to be completed by the end of December 2016. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it updated its CIO evaluation methodology to measure active risks in areas such as budget variance, performance, policy and governance compliance, risk management, and contract risk. According to HHS, these risk areas reflect both internal and external risks that affect an investment's ability to accomplish its goals. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Social Security Administration
    Status: Open

    Comments: The agency partially agreed with our recommendation and, in a written response, stated that its CIO rating criteria includes a review of the level of risk facing an investment relative to that investment's ability to accomplish its goals. The written statement also notes that the CIO receives regular updates from key stakeholders on investment risks and mitigation plans. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of the Treasury
    Status: Open

    Comments: When we confirm what actions have been taken, we will update the recommendation status.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department agreed with the recommendation and, in a written response, stated that it plans to require investment managers to assess operational risks detailing the probability and impact of pending threats to success. VA expects to complete this effort during the first quarter of 2017. We will continue to monitor the implementation of this recommendation.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Department of State
    Status: Open

    Comments: The Department agreed with the recommendation, but has not provided an update on its actions to address the recommendation. When we confirm what actions have been taken, we will update.
    Recommendation: To better ensure that the Dashboard ratings more accurately reflect risk, the Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, State, Transportation, the Treasury, Veterans Affairs; the Administrator of the Environmental Protection Agency; and the Commissioner of the Social Security Administration should direct their CIOs to ensure that their CIO ratings reflect the level of risk facing an investment relative to that investment's ability to accomplish its goals.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The agency disagreed with the recommendation and has not provided an update on its actions to address the recommendation. We will continue to monitor the implementation of this recommendation.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To better ensure that FAMS uses its resources to cover the highest-risk flights, in addition to considering risk when determining how to divide FAMS's international flight coverage resources among international destinations, the Director of FAMS should incorporate risk into FAMS's method for initially setting its annual target numbers of average daily international and domestic flights to cover.

    Agency: Department of Homeland Security: Transportation Security Administration: Office of Law Enforcement - Federal Air Marshal Service
    Status: Open

    Comments: In May 2016, we found that FAMS officials considered risk when selecting specific domestic and international flights to cover, but they did not consider risk when deciding how to initially divide their annual resources between domestic and international flights. Rather, each year FAMS considered two variables--travel budget and number of air marshals--to identify the most efficient way to divide the agency's resources between domestic and international flights. As a result, we recommended that FAMS incorporate risk into FAMS's method for initially setting its annual target numbers of average daily international and domestic flights to cover. In March 2017, TSA officials reported that FAMS was continuing to identify ways to refine the methodology FAMS uses to allocate resources between international and domestic flights. Specifically, TSA officials noted that FAMS was considering ways to incorporate information on the travel patterns of known or suspected terrorists, trends in TSA PreCheck passenger data, airport screening capabilities, and other factors. FAMS officials also reported that, as part of this effort, they were reviewing their International Concept of Operations. It is unclear how these steps will address the recommendation. To fully address this recommendation, FAMS should incorporate risk into its method for initially setting its annual target numbers of average daily international and domestic flights to cover.
    Recommendation: To better ensure that FAMS uses its resources to cover the highest-risk flights, the Director of FAMS should conduct and document a risk assessment--systematically collecting information on and assigning value to current risks--to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas.

    Agency: Department of Homeland Security: Transportation Security Administration: Office of Law Enforcement - Federal Air Marshal Service
    Status: Open

    Comments: In May 2016, we reported that FAMS's choice of domestic geographic focus areas and resource allocation levels were based on professional judgment, not risk assessment. With regard to the geographic focus areas, for example, FAMS officials explained that they did not conduct a risk assessment to inform this decision, but rather selected these areas in consultation with 30 subject matter experts from various offices within TSA based on their intuitive, qualitative perceptions of threats, vulnerabilities, potential impacts, history, and the demographics of the areas. Without fully incorporating risk when determining such priorities, FAMS cannot reasonably ensure it is targeting its resources to the highest-risk flights. As a result, we recommended that FAMS conduct and document a risk assessment--systematically collecting information on and assigning value to current risks--to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas. In March 2017, TSA officials explained that they were continuing to develop their "risk-by-flight" initiative--a long-term effort to develop a method of assigning each domestic flight a relative risk score to assist in identifying high-risk flights. At the time of our report in 2016, FAMS officials estimated that the risk-by-flight tool would probably be ready for use within 7 to 10 years. In March 2017, TSA officials stated that they had developed a prototype Risk-Based Resource Deployment Decision Aid, which they refer to as R2D2. TSA officials further reported that the DHS Science and Technology Directorate had contracted for the development of a risk engine--based on the R2D2 data--to assign risk values to all U.S.-carrier domestic and international flights. TSA officials reported that this contract runs through early 2018. To fully address this recommendation, FAMS should conduct and document a risk assessment to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To enhance the monitoring of holding facilities, the Secretary of Homeland Security should direct Border Patrol and ICE to develop and implement a process to assess their time in custody data for all individuals in holding facilities, including: (1) identifying and addressing potential data quality issues; and (2) identifying cases where time in custody exceeded guidelines and assessing the factors impacting time in custody.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To strengthen the transparency of the complaints process, the Secretary of Homeland Security should direct CBP and ICE to develop and issue guidance on how and which complaint mechanisms should be communicated to individuals in custody at holding facilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate the tracking of holding facility complaints, the Secretary of Homeland Security should include a classification code in all complaint tracking systems related to DHS holding facilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide useful information for compliance monitoring, the Secretary of Homeland Security should direct CBP and ICE to develop and implement a process for analyzing trends related to holding facility complaints across their respective component.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michelle Sager
    Phone: (202) 512-6806

    4 open recommendations
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to conduct a systematic analysis of the information generated from FEMA's readiness assessments to determine the extent of regional office efforts to help states implement the NDRF, including conducting education and outreach.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, its Office of Readiness Assessment (ORA) launched the 2016 bi-annual FEMA Readiness Assessment Program in April 2016, which includes NDRF related assessment discussions in five FEMA regions. We met with officials in April 2017, who told us that ORA plans to incorporate into this year's assessments, a retrospective review of NDRF findings and progress made in implementing the NDRF since 2013. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to develop best practices and lessons learned with regard to conducting NDRF education and outreach to states based on the analysis of readiness assessments and create a mechanism to disseminate and share those best practices and lessons learned to FEMA regional offices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, its Recovery Support Function Leadership Group initiated an information management workgroup, which shares best practices information as one of its objectives. The workgroup has piloted the use of an existing interagency portal as a potential platform for improved information sharing. We met with officials in April 2017, who told us that FEMA will incorporate its 2016 readiness review findings and best practices from regional Federal Disaster Recovery Coordinators for stakeholder outreach and education into the final platform build-out. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to clarify with regional offices and Federal Disaster Recovery Coordinators (FDRCs) the role of the regional implementation plans in FDRC performance plans and how they will be used to assess NDRF regional implementation efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, to achieve greater integration of FEMA's field leadership components, FEMA's Field Operations Directorate (FOD) convened a Field Leadership Working Group of senior subject matter experts to conduct a mission analysis of FEMA's Field Leadership function (which includes Federal Disaster Recovery Coordinators as well as Federal Coordinating Officers and Incident Management Assistance Teams team leads). According to FEMA, one of the assigned tasks of the group involves developing performance metrics to define a steady state and operational performance framework for field leaders, to include Federal Disaster Recovery Coordinators. According to FEMA, the Working Group is currently underway and is preparing a Field Leader Manual for review by FOD leadership. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to align the annual FDRC performance expectations with clearly defined organizational goals and priorities, consistent with key management practices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, the Field Leadership Working Group will implement the elements of this recommendation alongside efforts to clarify the role of the regional National Disaster Recovery Framework implementation plans. FEMA also provided documentation to GAO noting that the Working Group is progressing in its work on its Field Leadership Professional Development Plan. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    2 open recommendations
    Recommendation: To ensure that costs savings estimates are reliable, the Director of the USMS should direct its Prisoner Operations Division to develop reliable methods for estimating cost savings and validating reported savings achieved.

    Agency: Department of Justice: United States Marshals Service
    Status: Open

    Comments: In May 2016, we reported on United States Marshals Service's (USMS) actions to reduce prisoner-related costs from fiscal years 2010 through 2015. During the course of our review, we found that while USMS implemented actions that it reports have continued to save prisoner-related costs, USMS's methods to determine savings for certain actions were not reliable. For example, USMS identified $375 million in savings from the alternatives to pre-trial detention program for fiscal years 2010 through 2015, but did not verify the data or methodology used to develop the estimate or provide documentation supporting its reported savings for fiscal years 2012 onward. Consequently, we recommended that USMS direct its prisoner operations division to develop reliable methods for estimating cost savings and validating reports savings achieved. USMS concurred with our recommendation. In July 2016, USMS provided more information about how it would address the recommendation by confirming that its future cost savings estimates would be consistent with OMB guidelines for conducting benefit-cost analyses and GAO-identified practices for assessing the reliability of computer-processed data. Aligning USMS estimates with these identified practices would better position the agency to assess the effectiveness of its cost savings efforts. As USMS develops such mechanisms, we will request and consider documentation and other evidence to determine that USMS has implemented this recommendation.
    Recommendation: To enable USMS to more consistently identify deficiencies and monitor corrective actions, the Director of the USMS should establish a mechanism to aggregate and analyze the results of annual district self-assessments.

    Agency: Department of Justice: United States Marshals Service
    Status: Open

    Comments: In May 2016, we reported on United States Marshals Service's (USMS) actions to design systems to help identify cost savings opportunities. During the course of our review, we found that USMS has designed several systems for identifying cost savings, including, for example, developing a strategic plan and guidance for district officials that reinforce policies to provide for the safe, secure, and cost-effective containment of its prisoners. In addition, USMS requires districts to conduct annual self-assessments of their procedures to identify any deficiencies which could lead to cost savings. However, USMS cannot aggregate and analyze the results of the assessments across districts. As a result, we recommended that USMS establish a mechanism to aggregate and analyze the results of annual district self-assessments. USMS concurred with our recommendation. In July 2016, USMS informed us that the agency will develop a method to aggregate and analyze the results of the annual district self-assessments. However, it has not provided information on its plans or timelines to implement the recommendation. As USMS develops such mechanisms, we will consider documentation and other evidence to determine that USMS has implemented this recommendation.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: To improve the transparency of public reporting on CAP goal progress, the Director of OMB should, working with the PIC, report on Performance.gov the actions that CAP goal teams are taking, or plan to take, to develop performance measures and quarterly targets.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We reviewed selected CAP goals quarterly performance information on the Performance.Gov website as of Q4 of FY 2016, which updates the status of the CAP goals through September 2016. Some of the selected CAP goals have updated and new performance measures, but it was not clear the extent to which CAP goal teams included information on the actions they are taking to develop such measures, consistent with our recommendation. We contacted OMB in June 2017 on the current status of this recommendation. We will provide an update to its status once OMB responds to our request.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    8 open recommendations
    Recommendation: To help identify opportunities for cost savings, the Secretary of the Department of Defense should direct the Office of Defense Procurement and Acquisition Policy to issue guidance or instruction to help ensure that components make reasonable efforts to analyze component-level purchase card spend patterns to identify areas for possible savings.

    Agency: Department of Defense
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation and stated that the department will issue guidance to help ensure that components make reasonable efforts to analyze component-level purchase card spend patterns to identify areas of potential savings. In September 2016, DOD issued guidance asking its components to analyze purchase card spend for potential cost savings and to consider broader application of cost savings opportunities across the department. We will continue to follow up with DOD to determine what steps have been taken to communicate findings.
    Recommendation: To help identify opportunities for cost savings, the Secretary of the Department of Energy should take reasonable steps to regularly analyze agency-wide purchase card spend patterns to identify areas such as high-use vendors or frequently purchased commodities for further analysis.

    Agency: Department of Energy
    Status: Open

    Comments: The agency concurred with this recommendation and has begun implementation of a Spend Analytics Database to support capture and analysis of data on agency-wide spending patterns. The department has compiled data and begun testing the new databases to determine if useful reports can be generated to assist agency-wide purchase card spending analysis.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The department concurred with this recommendation and updated its purchase card manual November 2016 to encourage components to perform additional spend analysis for the identification of strategic sourcing opportunities, but it is unclear how results of analysis will be communicated for broader application across the agency. The department is also working with industry partners to increase the level of shared data for purchase card transactions and will develop a plan to communicate these data across the agency to support information sharing and increases strategic sourcing opportunities.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of Defense
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation and stated that guidance that encourages local examination of purchase card spend patterns to identify opportunities for cost savings will be developed. In September 2016, DOD issued guidance asking its components to analyze purchase card spend for potential cost savings and to consider broader application of cost savings opportunities across the department. The guidance also asked components and services to report the results of these analysis to purchase card management officials. We will continue to follow up with DOD to determine what steps have been taken to communicate findings.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of Energy
    Status: Open

    Comments: The agency concurred with this recommendation and will update its guidance, policy, and procedures to encourage local officials to examine purchase card spend patterns to identify opportunities to obtains savings and to share information on such efforts. Revisions were under review by the department in August 2017.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of the Interior
    Status: Open

    Comments: The department partially concurred with this recommendation, agreeing that it would be useful to perform analysis of purchase card spend patterns to identify opportunities for savings. However, rather than issue guidance, it will encourage its bureau charge card leads to use available tools to extract and share data with buyers and program managers. The department will also encourage bureau program and acquisition managers to share spend data across regional boundaries to identify potential opportunities to negotiate lower costs for commonly used items.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The department concurred with our recommendation and plans to develop guidance and implement strategic sourcing for all purchasing requirements to include purchase cards. Additionally the department will update purchase card policy to encourage agency officials to analyze spend patterns to identify opportunities to obtain savings and share information on these efforts. Further, the agency has developed a quarterly report to identify the top merchants receiving payment through the purchase card program in order to assist officials in identifying opportunities for strategic sourcing.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The agency provided comments indicating its concurrence with this recommendation, noting that it looks forward to opportunities to benchmark with other agencies and share information on approaches taken to identify opportunities which led to positive strategic sourcing outcomes.
    Director: Michael J. Courts
    Phone: (202) 512-8980

    2 open recommendations
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should specify time frames for working with VWP countries to institute the additional VWP security requirements, including the requirement that the countries fully implement agreements to share information about known or suspected terrorists through the countries' Homeland Security Presidential Directive 6 arrangements and Preventing and Combating Serious Crime agreements with the United States.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS reported that nearly all VWP countries have begun sharing information on known or suspected terrorists through Homeland Security Presidential Directive 6 arrangements and that DHS also made progress in fully implementing Preventing and Combating Serious Crime agreements. According to DHS, all VWP countries were informed of the new VWP requirements in July 2016. In its initial response, DHS stated that it planned to conduct a comprehensive assessment of VWP countries' compliance with the new VWP requirements and establish a time frame for each VWP country to reach full compliance as part of each country's next formal review. However, as of April 2017, DHS needs to provide documentation to GAO to support all of these actions. GAO will continue to monitor DHS efforts to fully address this recommendation.
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should take steps to improve DHS's timeliness in reporting to Congress, within the statutory time frame, the department's determination of whether each VWP country should continue participating in the program and any effects of the country's participation on U.S. law enforcement and security interests.

    Agency: Department of Homeland Security
    Status: Open

    Comments: Since 2016, DHS has issued several reports on VWP countries to Congress that have addressed several of the overdue reports identified in 2016, but some gaps remain. As of April 2017, DHS reported plans to deliver additional reports in 2017 to address these gaps. In its initial response, DHS reported that the department had taken steps to ensure timely reporting to Congress and committed to providing Congress with advance notification of any delays in delivering future reports. To fully address this recommendation, DHS needs to issue reports to Congress on VWP countries that have not been covered within the last two years. GAO will continue to monitor DHS efforts.
    Director: Andrew Von Ah
    Phone: (213) 830-1011

    4 open recommendations
    Recommendation: To ensure the quality of the risk assessments used to inform its future QHSR processes, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to ensure future QHSR risk assessment methodologies reflect key elements of successful risk assessment methodologies, such as being: (1) Documented, which includes documenting how risk information was integrated to arrive at the assessment results, (2) Reproducible, which includes producing comparable, repeatable results, and (3) Defensible, which includes communicating any implications of uncertainty to users of the risk results.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis and Risks completed initial meetings in April 2016 with government and non-government subject matter experts to refine risk analyses for the upcoming 2018 QHSR. Representatives from the department's component and headquarters staff are to take part in the Department's Risk Modeling and Analysis Steering Committee by reviewing, documenting and approving proposed new methodologies planned to help identify and prioritize threats and hazards. This effort is intended to lead to a documented, reproducible, and defensible assessment, according to the DHS officials. This recommendation will remain open until we verify that the risk analysis contains these elements.
    Recommendation: To enable the use of risk information in supporting resource allocation decisions, guiding investments, and highlighting the measures that offer the greatest return on investment, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to refine its risk assessment methodology so that in future QHSRs it can compare and prioritize homeland security risks and risk mitigation strategies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk, with support from the RAND Corporation, has proposed a methodology to assess threats, hazards, and vulnerabilities impacting U.S. homeland security. In addition, the department's Risk Modeling and Analysis Executive Steering Committee is to review and approve the proposed methodology. The methodology is intended to enable the Department of Homeland Security to compare and prioritize homeland security risks and risk mitigation strategies, according to DHS officials. The recommendation will remain open until we verify that the methodology allows such comparisons.
    Recommendation: To ensure proper management of the QHSR stakeholder consultation process, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to identify and implement stakeholder meeting processes to ensure that communication is interactive when project planning for the next QHSR.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk finalized a draft stakeholder outreach plan to include use of the Office of Management and Budget's Max electronic collaboration website to engage with federal, state, and local stakeholders. The OMB-MAX website is available to government and non-government offices and allows the posting of documents, articles, and links, as well as facilitating collaborative editing of documents and participant interaction threads, according to DHS officials. In addition, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk is exploring the use of different tools to facilitate more interactive stakeholder engagement. For example, DHS's Office of Partnerships and Engagement is to facilitate additional engagement with external subject matter experts, arrange interagency coordination, and organize review and approval with parties of the homeland security enterprise in order to coordinate and approve the development of the 2018 QHSR. This recommendation will remain open until we verify that interactive communication approaches are implemented.
    Recommendation: To ensure proper management of the internal QHSR stakeholder consultation process, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to clarify component detailee roles and responsibilities when project planning for the next QHSR.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk (SPAR) drafted a memorandum for the Deputy Secretary to solicit Component subject matter experts. The memorandum specifies component detailee roles and responsibilities, to include serving in an advisory, consultation, and coordination role, according to DHS officials. SPAR is to lead an integrated group of analysts and strategic planners that are to be supported and augmented by the subject matter experts. The experts and detailees are to serve as members of study teams analyzing key threats, trends, and strategy and policy alternatives associated with issues and challenges relating to DHS's mission and objectives. A second memorandum requesting additional detailee support is to be issued in November 2016, prior to the formal review phase of the new QHSR which is to begin in January 2017. This recommendation will remain open until we verify that clarified detailee roles and responsibilities are finalized and implemented.
    Director: David A. Powner
    Phone: (202) 512-9286

    6 open recommendations
    Recommendation: To ensure that agencies are provided with more complete guidance for contracts for cloud computing services, the Director of OMB should include all ten key practices in future guidance to agencies.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We are following up with OMB on its service level agreement (SLA) guidance to agencies.
    Recommendation: To help ensure continued progress in the implementation of effective cloud computing SLAs, the Secretary of Defense should direct the appropriate officials to ensure key practices are fully incorporated for cloud services as the contracts and associated SLAs expire. These efforts should include updating the Department of Defense memorandum on acquiring cloud services and current Defense Acquisition Regulations System to more completely include the key practices.

    Agency: Department of Defense
    Status: Open

    Comments: We are following up with DOD on updating their service level agreement (SLA) guidance.
    Recommendation: To help ensure continued progress in the implementation of effective cloud computing SLAs, the Secretaries of Health and Human Services, Homeland Security, Treasury, and Veterans Affairs should direct appropriate officials to develop SLA guidance and ensure key practices are fully incorporated as the contract and associated SLAs expire.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We are following up with DHS on the finalization of its service level agreement (SLA) guidance.
    Recommendation: To help ensure continued progress in the implementation of effective cloud computing SLAs, the Secretaries of Health and Human Services, Homeland Security, Treasury, and Veterans Affairs should direct appropriate officials to develop SLA guidance and ensure key practices are fully incorporated as the contract and associated SLAs expire.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We are following up with HHS on their service level agreement (SLA) guidance.
    Recommendation: To help ensure continued progress in the implementation of effective cloud computing SLAs, the Secretaries of Health and Human Services, Homeland Security, Treasury, and Veterans Affairs should direct appropriate officials to develop SLA guidance and ensure key practices are fully incorporated as the contract and associated SLAs expire.

    Agency: Department of the Treasury
    Status: Open

    Comments: We are following up with Treasury on their service level agreement (SLA) guidance.
    Recommendation: To help ensure continued progress in the implementation of effective cloud computing SLAs, the Secretaries of Health and Human Services, Homeland Security, Treasury, and Veterans Affairs should direct appropriate officials to develop SLA guidance and ensure key practices are fully incorporated as the contract and associated SLAs expire.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: We are following up with VA on their service level agreement (SLA) guidance.
    Director: Joseph W. Kirschbaum
    Phone: (202) 512-9971

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To help improve DOD's planning and processes for supporting civil authorities in a cyber incident, the Secretary of Defense should direct the Under Secretary of Defense for Policy in coordination with the Chairman of the Joint Chiefs of Staff to issue or update guidance that clarifies roles and responsibilities for relevant entities and officials--including the DOD components, supported and supporting commands, and dual-status commander--to support civil authorities as needed in a cyber incident.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: The Department of Defense concurred with the recommendation and indicated that, in response, it would update existing agency guidance (e.g., doctrine, directives, instructions) or develop new guidance as appropriate. As of October 2016, DOD has not provided additional information concerning the status of this recommendation.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To enhance DHS leadership's ongoing efforts to improve the affordability of the department's major acquisition portfolio, and to ensure adequate communication with Congress, the Secretary of the Department of Homeland Security should ensure that the fiscal year 2017 Future Years Homeland Security Program report, which DHS must submit to Congress at or about the same time as the President's fiscal year 2018 budget request, reflects the results of any tradeoffs stemming from the acquisition affordability reviews recommended above.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the fiscal year 2017 Future Years Homeland Security Program (FYHSP) report would reflect decisions made in response to our second recommendation. DHS expected to release the FYHSP report shortly after the President's fiscal year 2018 budget request in May 2017. However, the transition to a new administration delayed the release of the FYHSP report. Once available, GAO will evaluate the FYHSP report to determine whether DHS has met the intent of this recommendation.
    Recommendation: To enhance DHS leadership's ongoing efforts to improve the affordability of the department's major acquisition portfolio, and to help ensure programs secure stable funding that matches resources to requirements, the Secretary of the Department of Homeland Security should require components to establish formal, repeatable processes for addressing major acquisition affordability issues, similar to the process the Transportation Security Administration has established.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that DHS headquarters would ensure all components are updating their cost estimates each year to inform the annual resource allocation process by March 31, 2017. However, DHS did not establish a requirement that components do so through formal, repeatable processes for addressing major acquisition affordability issues, similar to the process the Transportation Security Administration has established. As of August 2017, seven of DHS's components were in the process of establishing formal, repeatable processes for addressing affordability issues, but had not completed these efforts. GAO will continue to review the components' progress to determine whether the components' actions meet the intent of this recommendation.
    Director: Chris Currie
    Phone: (404) 679-1875

    5 open recommendations
    Recommendation: To enhance accountability for key risk-management activities and facilitate coordination with federal and industry stakeholders regarding electromagnetic risks, the Secretary of Homeland Security should designate roles and responsibilities within the department for addressing electromagnetic risks and communicate these to federal and industry partners.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a June 2016 update to our proposed recommendation, DHS reported that the Cyber, Infrastructure and Resilience (CIR) Policy Office within the DHS Office of Policy is working with DHS components to identify and articulate the roles of the National Protection and Programs Directorate, Federal Emergency Management Agency, Science and Technology Directorate, and others regarding to address electromagnetic risks. As part of this effort, CIR is to coordinate the development of a joint roles and responsibilities document to be communicated through existing partnership structures with internal and external entities.
    Recommendation: To more fully leverage critical infrastructure expertise and address responsibilities to identify critical electrical infrastructure assets as called for in the National Infrastructure Protection Plan, the Secretary of Homeland Security and the Secretary of Energy direct responsible officials to review FERC's electrical infrastructure analysis and collaborate to determine whether further assessment is needed to adequately identify critical electric infrastructure assets, potentially to include additional elements of criticality that might be considered.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a June 2016 update to our proposed recommendation, DHS reported that the National Protection and Programs Directorate (NPPD) will increase collaborative outreach activities with FERC staff that will include a review of identified critical substations developed by FERC. The intended outcome of this review is to inform DHS activities regarding identification and prioritization of critical infrastructure assets for use during steady state and response activities. NPPD is also to inform FERC of its criticality modeling capabilities through the National Infrastructure Simulation and Analysis Center (NISAC) to enhance engagement with FERC's electric power subject matter expertise and inform future capability developments regarding response to and recovery from events such as electromagnetic pulse.
    Recommendation: To more fully leverage critical infrastructure expertise and address responsibilities to identify critical electrical infrastructure assets as called for in the National Infrastructure Protection Plan, the Secretary of Homeland Security and the Secretary of Energy direct responsible officials to review FERC's electrical infrastructure analysis and collaborate to determine whether further assessment is needed to adequately identify critical electric infrastructure assets, potentially to include additional elements of criticality that might be considered.

    Agency: Department of Energy
    Status: Open

    Comments: In June 2016, DOE provided an update (60-day letter) reiterating their intent to continue with actions identified previously to address the GAO recommendation, namely that the Office of Electricity Delivery and Energy Reliability was to review the Federal Energy Regulatory Commission's electrical infrastructure analysis, and subsequently engage with FERC and DHS to identify if any additional elements of criticality should be considered.
    Recommendation: To enhance federal efforts to assess electromagnetic risks and help determine protection priorities, the Secretary of Homeland Security should direct the Under Secretary for National Protection and Programs Directorate and the Assistant Secretary for the IP to work with other federal and industry partners to collect and analyze key inputs on threat, vulnerability, and consequence related to electromagnetic risks--potentially to include collecting additional information from DOD sources and leveraging existing assessment programs such as the Infrastructure Survey Tool, Regional Resiliency Assessment Program, and DCIP.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a June 2016 update, DHS reported that the department had completed the planned refresh of the Strategic National Risk Assessment, which was intended to incorporate potential impacts to the power system from electromagnetic events. In addition, DHS reported that the Electricity Sub-sector Coordinating Council created an Electromagnetic pulse (EMP) task force, which met in April 2016 and is currently working to develop a joint industry and government approach to address EMP. It was further noted that DHS and DOE initiated a joint study on the effects of EMP on the electric power sector - led by Los Alamos National Laboratory and the National Infrastructure Simulation and Analysis Center (NISAC) - to analyze the hazard environments, impacts, and consequences of EMP and GMD on U.S. electric power infrastructure. In addition, DHS noted their support of a new effort by the Electric Power Research Institute and 39 industry partners to further study EMP vulnerabilities.
    Recommendation: To facilitate federal and industry efforts to coordinate risk-management activities to address an EMP attack, the Secretary of Homeland Security and the Secretary of Energy should direct responsible officials to engage with federal partners and industry stakeholders to identify and implement key EMP research and development priorities, including opportunities for further testing and evaluation of potential EMP protection and mitigation options.

    Agency: Department of Energy
    Status: Open

    Comments: On March 9, 2016 DOE provided agency comments on GAO-16-243 concurring with the recommendation and identifying related actions. Specifically, DOE reported collaboration with the Electric Power Research Institute to develop a joint DOE/Industry EMP Strategy to include key goals and objectives and identification of R&D priorities. The Strategy is expected to be completed by August 31, 2016 to be followed by more detailed action plans. DOE reported that they will collaborate with DHS and DOD in development of the Strategy and action plans. DOE further noted that a report by the Idaho National Laboratory report also identifies potential technology gaps and includes recommendations for further R&D efforts, which will be incorporated when developing the forthcoming action plans.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To further build on the efforts to improve emergency communications interoperability in the NCR, as part of its efforts to restructure the JFC, the Federal Emergency Management Agency Administrator should direct the Director of ONCRC to clearly articulate in a written agreement the roles and responsibilities of the participating agencies and specify how these agencies are to work together across agency boundaries.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jacqueline M. Nowicki
    Phone: (202) 512-7215

    1 open recommendations
    including 1 priority recommendation
    Recommendation: Using its general authority to collaborate with other federal agencies, the Secretary of Education should convene its federal interagency partners to develop a strategic approach to interagency collaboration on school emergency preparedness. This group could include designees or delegates from the Secretaries of DHS, HHS, and the Attorney General, including representatives from relevant agency components, such as the Federal Emergency Management Agency, Transportation Security Administration, and the Federal Bureau of Investigation, and others as appropriate, and should incorporate leading federal interagency collaboration practices, for example, by: (1) identifying leadership, (2) defining outcomes and assigning accountability, (3) including all relevant participants, and (4) identifying necessary resources.

    Agency: Department of Education
    Status: Open
    Priority recommendation

    Comments: The Department of Education agrees that improved federal coordination will better assist K-12 schools in preparing for emergencies, and noted that other federal agencies, including especially FEMA, play a significant role in school emergency preparedness. Additionally, Education cited the importance of involving other relevant agencies in obtaining agreement on the assignment of roles and responsibilities, including selecting a lead agency charged with primary responsibility for coordinating federal emergency preparedness assistance to K-12 schools. In August 2016, Education convened a committee of Assistant Secretary-level representatives from relevant agencies, including DHS, FEMA, and TSA, among others, to develop a strategic approach to interagency collaboration on school emergency management efforts. Subsequently, in October 2016, it convened a task force consisting of program staff from the relevant agencies to draft a plan for organizational structure, goals, and objectives for the next five years, which it expects will be approved for implementation beginning in January 2017. We are encouraged by these actions and will monitor the group's progress towards developing a strategic approach to school emergency preparedness. Education stated that it expects to complete these efforts very soon. At that time, we will await documentation showing that it has finalized and implemented its strategic approach for interagency collaboration around school emergency management.
    Director: David Powner
    Phone: (202) 512-9286

    26 open recommendations
    including 1 priority recommendation
    Recommendation: To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings, the Secretaries of the Departments of the Interior, State, Transportation, and the Treasury; the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration and Small Business Administration; the Directors of the National Science Foundation and Office of Personnel Management; and the Chairman of the Nuclear Regulatory Commission should take action to address challenges in establishing, and to complete, planned data center cost savings and avoidance targets for fiscal years 2016 through 2018.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation (Transportation) agreed with our recommendation, and has taken initial steps to implement it. In April 2016, the department stated in correspondence to GAO that it's Office of the Chief Information Officer (OCIO) was actively engaging with the department's Operating Administrations and was reconciling its original cost savings and avoidance targets to develop and update a yearly calculation as part of Transportation's multi-year strategy to consolidate and optimize its data centers. The department added that periodic updates would be provided to OCIO leadership and the CIO Council, with reconciled cost savings and avoidance targets for fiscal years 2017 and 2018 expected to be updated by September 30, 2016. However, as of July 2017, Transportation has not updated its Data Center Optimization Strategic Plan to include planned cost savings and avoidances targets for fiscal years 2016 through 2018. We will continue to monitor and evaluate the department's progress in implementing this recommendation and update accordingly.
    Recommendation: To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings, the Secretaries of the Departments of the Interior, State, Transportation, and the Treasury; the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration and Small Business Administration; the Directors of the National Science Foundation and Office of Personnel Management; and the Chairman of the Nuclear Regulatory Commission should take action to address challenges in establishing, and to complete, planned data center cost savings and avoidance targets for fiscal years 2016 through 2018.

    Agency: Department of State
    Status: Open

    Comments: The Department of State agreed with our recommendation, and has taken initial steps to implement it. In June 2016, the department stated in correspondence to GAO that it was in the process of reviewing pending guidance on the Office of Management and Budget's Data Center Optimization Initiative (DCOI). The department further stated that once the DCOI guidance was issued, the department would update its targets and finalize a plan to more adequately address cost savings and avoidance targets for fiscal years 2016 through 2018. However, as of July 2017, the department has not updated its Data Center Optimization Strategic Plan to include planned cost savings and avoidances targets for fiscal years 2016 through 2018. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings, the Secretaries of the Departments of the Interior, State, Transportation, and the Treasury; the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration and Small Business Administration; the Directors of the National Science Foundation and Office of Personnel Management; and the Chairman of the Nuclear Regulatory Commission should take action to address challenges in establishing, and to complete, planned data center cost savings and avoidance targets for fiscal years 2016 through 2018.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency (EPA) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, EPA stated in correspondence to GAO that it planned to establish a single data center within each of several specific geographical areas. For each data center selected for retention, the agency stated that it planned to make upgrades to address any potential capacity or performance issues, but noted that the specific plans for each data center slated for consolidation were under development. EPA stated that the resulting total cost savings were under assessment and had not yet been determined. However, as of July 2017, EPA has not updated its Data Center Optimization Strategic plan to include planned cost and savings and avoidances targets for fiscal years 2016 through 2018. We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings, the Secretaries of the Departments of the Interior, State, Transportation, and the Treasury; the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration and Small Business Administration; the Directors of the National Science Foundation and Office of Personnel Management; and the Chairman of the Nuclear Regulatory Commission should take action to address challenges in establishing, and to complete, planned data center cost savings and avoidance targets for fiscal years 2016 through 2018.

    Agency: National Science Foundation
    Status: Open

    Comments: The National Science Foundation has not yet taken steps to implement our recommendation. As of July 2017, National Science Foundation has not updated its Data Center Optimization Strategic plan to included planned cost and savings and avoidances targets for fiscal years 2016 through 2018. We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: To better ensure that federal data center consolidation and optimization efforts improve governmental efficiency and achieve cost savings, the Secretaries of the Departments of the Interior, State, Transportation, and the Treasury; the Administrators of the Environmental Protection Agency, National Aeronautics and Space Administration and Small Business Administration; the Directors of the National Science Foundation and Office of Personnel Management; and the Chairman of the Nuclear Regulatory Commission should take action to address challenges in establishing, and to complete, planned data center cost savings and avoidance targets for fiscal years 2016 through 2018.

    Agency: Small Business Administration
    Status: Open

    Comments: The Small Business Administration agreed with our recommendation, but has not yet taken steps to implement it. As of July 2017, the Small Business Administration has not updated its Data Center Optimization Strategic plan to included planned cost and savings and avoidances targets for fiscal years 2016 through 2018. We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with our recommendation, and has taken initial steps to implement it. In April 2016, the department stated in correspondence to GAO that its Office of the Chief Information Officer (OCIO) developed a scorecard to track progress for each of the data center optimization areas. According the department's scorecard, the department reported meeting 3 of 10 optimization targets, but did not meet the remaining 7 targets. DHS's OCIO noted that they would update this scorecard quarterly in alignment with Federal Data Center Consolidation Initiative data collection. DHS's OCIO expected to complete implementation of this recommendation by November 30, 2016. However, as of July 2017, DHS reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not yet meet any of the five data center optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Department of Agriculture generally agreed with our recommendation, and has taken initial steps to implement it. Specifically, as of July 2017, the department reports on the Office of Management and Budget's (OMB) IT Dashboard that it meets one (server virtualization) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, the department also reports that it does not yet meet the remaining four targets (server utilization and monitoring, energy metering, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation, and has taken initial steps to implement it. In May 2016, the department stated in correspondence to GAO that it will work with its bureaus to develop and publish an annual strategic plan. The strategic plan will, among other things, describe a list of specific planned actions to improve data center optimization progress. For example, the department stated that, to increase facility utilization, the Bureau of Economic Analysis is co-locating computing resources within the Census Bureau's Bowie Computer Center. Further, Census planned to market the Bowie Computer Center as an opportunity for government-wide co-location. In addition, the department stated that the National Oceanic and Atmospheric Administration is building greater network capacity to National Weather Service forecast offices and will aim to reduce the number of local systems at forecast offices that are currently considered data centers (122 in total). However, as of July 2017, the Department of Commerce reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not yet meet any of the five data center optimization metric targets that OMB currently requires agencies to report against. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) agreed with our recommendation, and has taken initial steps to implement it. In June 2016, the department stated in correspondence to GAO that it is considering several actions to improve optimization progress in the areas that we reported as not meeting the Office of Management and Budget's (OMB) established targets. For example, DOD stated that it is moving toward on-premises and off-premises commercial cloud hosting services to enable migration of workloads to more efficient environments intended to improve the virtualization and density metrics. Further, the department stated that its Chief Information Officer is working directly with the services to reconcile the instances of multiple Installation Processing Nodes on individual bases, posts, camps, and stations. DOD also stated that all of these actions will enable the closure of additional data centers, increase efficiencies in all categories, and drive greater savings. However, as of July 2017, the Department of Defense reports on the OMB IT Dashboard that it does not yet meet any of the five data center optimization metric targets that OMB currently requires agencies to report against. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy (Energy) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, Energy stated in correspondence to GAO that it had established an enterprise-wide Data Center Working Group that is chartered to identify best practices in data center metering, optimization, consolidation and cloud migration (and to support these practices throughout the department). According to Energy, this working group is intended to serve as a focus group for communicating information related to the Federal Information Technology Acquisition Reform Act (FITARA), departmental strategy and implementation, and the Office of Management and Budget (OMB) requirements for data centers, as well as to provide summary data center performance status to all members. However, as of July 2017, Energy reports on OMB's IT Dashboard that it does not yet met any of the five data center optimization metric targets that OMB currently requires agencies to report against. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: The Department of Housing and Urban Development (HUD) agreed with our recommendation, and has taken steps to implement it. In May 2016, the department stated in correspondence to GAO that its ability to attain the Office of Management and Budget's (OMB) established target value for the three remaining optimization metrics would require the department to further consolidate data center resources and migrate from contractor-owned and operated data centers to multi-tenant, shared data centers. The department further stated that this effort would be accomplished under the HUD Enterprise and Architecture Transition initiative that was restructuring infrastructure services and was targeting data center migrations to be completed by July 2017. The department also stated that it expected to be able to provide fiscal year 2017 optimization metrics data that met or exceeded OMB's target values by February 2018. However, as of July 2017, the department states that, due to data center migration dependencies on two smaller infrastructure transition projects, the data center migration project schedule is delayed until the first quarter of fiscal year 2018. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services agreed with our recommendation, and has taken initial steps to implement it. In May 2016, the department stated in correspondence to GAO that it would work to improve the data center optimization metrics that did not meet the Office of Management and Budget's (OMB) established targets. The department further stated that it expected to have a more detailed approach available through a Data Center Strategy, which was expected before the end of fiscal year 2016 . However, as of July 2017, the department reports on OMB's IT Dashboard that it meets only one (power usage efficiency) of the five data center optimization metric targets OMB currently requires agencies to report against. The department further reports that it does not meet the remaining four targets (related to server utilization and monitoring, energy metering, server virtualization, and data center facility space). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Social Security Administration
    Status: Open

    Comments: The Social Security Administration agreed with our recommendation, and has taken initial steps to implement it. In April 2016, the agency stated in correspondence to GAO that it was in the process of transitioning to a new data center. While undergoing this transition, the agency stated that it was working to optimize its new data center and will have the capability to report on the Office of Management and Budget's optimization targets once the transition is complete. The agency expected to complete these steps by September 2016. As of July 2017, SSA reports on the Office of Management and Budget's (OMB) IT Dashboard that it meets three (energy metering, data center facility space and power usage efficiency) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, SSA reports that it does not meet the remaining two targets (related to server utilization and monitoring, and server virtualization). We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of the Interior
    Status: Open

    Comments: The Department of the Interior (Interior) agreed with our recommendation, and has taken initial steps to implement it. In April 2016, the department stated in correspondence to GAO that its Office of the Chief Information Officer (OCIO) was developing data center optimization metrics to measure bureau and office progress in meeting optimization targets. The department added that these metrics would become part of the 2016 OCIO Organizational Assessment, a scorecard used to measure bureau and office progress against predefined targets. However, as of July 2017, Interior reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not yet meet any of the five data center optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice (Justice) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, Justice stated in correspondence to GAO that it was developing plans to migrate the remaining non-core data centers to the department's three Core Enterprise Facilities (CEFs) and/or commercial cloud services by the end of fiscal year 2019. The department added that, as these migrations occur, its data center footprint and facility utilization should continue to improve and the percentage of servers and operating systems residing in the CEFs should significantly exceed federal data center consolidation targets. Justice also stated that it engaged with external representatives to perform an energy efficiency assessment at its core enterprise facility in Virginia, which resulted in significant improvements at the data center and improved the overall power usage efficiency across the department's core data centers. However, as of July 2017, Justice reported on the Office of Management and Budget's (OMB) IT Dashboard that it does not meet any of the five data optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation (Transportation) agreed with our recommendation, and has taken initial steps to implement it. In April 2016, Transportation stated in correspondence to GAO that it centralized its data center consolidation efforts in fiscal year 2015 and, in early fiscal year 2016, completed reconciliation of its actual and planned data centers closures, as well as related performance data. The department also stated that it planned to continue towards measuring and making improvements to meet the Office of Management and Budget's (OMB) data center optimization performance metric targets. Transportation noted that periodic updates provided to its Office of the Chief Information Officer leadership and the Chief Information Officer Council would identify challenges in meeting the Office of Management and Budget's optimization metric targets. However, as of July 2017, Transportation reports on OMB's IT Dashboard that it does not meet any of the five data optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor (Labor) agreed with this recommendation, and has taken initial steps to implement it. In April 2016, the department stated in correspondence to GAO that it had closed 23 percent of its data centers and, by the end of 2019, the department plans to close 61 percent of its data centers. Further, Labor stated that it has made significant progress in the development of a fully virtualized common operating environment. According to the department, these efforts are designed to improve optimization metrics performance. However, as of July 2017, the department reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not yet met any of the five data center optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of the Treasury
    Status: Open

    Comments: The Department of the Treasury (Treasury) generally agreed with our recommendation, and has taken initial steps to implement it. However, as of July 2017, Treasury reports on the Office of Management and Budget's (OMB's) IT Dashboard that it does not met any of the five data optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Veterans Affairs
    Status: Open
    Priority recommendation

    Comments: The Department of Veterans Affairs (VA) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, the department stated in correspondence to GAO that it had not yet taken action to improve optimization progress in the areas that we reported as having weaknesses. Specifically, the department stated that the Office of Management and Budget (OMB) was in the process of changing the fiscal year 2016 through 2018 closure targets and data center optimization metrics under the Federal Information Technology Acquisition Reform Act, which it planned to complete by the end of July 2016. Upon receipt of the targets, VA stated that it needed to assess the impact on strategies already under way, which it planned to complete by mid-fiscal year 2017. As of July 2017, the department reports on OMB's IT Dashboard that it meets only one (power usage efficiency) of the five data center optimization metric targets that OMB currently requires agencies to report against. In addition, the department reports that it does not meet the remaining four targets (related to server utilization and monitoring, energy metering, server virtualization, and data center facility space). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of State
    Status: Open

    Comments: The Department of State agreed with our recommendation, and has taken initial steps to implement it. In June 2016, the department stated in correspondence to GAO that it planned to follow the Office of Management and Budget's (OMB) guidance on optimizing data centers and would take action to improve the defined areas that Data Center Optimization Initiative identifies. Specifically, as of July 2017, the department reports on OMB's IT Dashboard that it meets only one (power usage efficiency) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, the department reported that it does not meet the remaining four targets (related to server utilization and monitoring, energy metering, server virtualization, and data center facility space). We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency agreed with our recommendation, and has taken initial steps to implement it. In May 2016, the agency stated in correspondence to GAO that it had directed data center stakeholders to place an emphasis on virtualizing physical servers and moving server-based applications to the cloud or a core data center. The agency added that the estimated increase for each optimization metric would be determined after data consolidation plans were finalized. As of July 2017, EPA reports on the Office of Management and Budget's (OMB) IT Dashboard that it meets three (energy metering, server virtualization, and power usage efficiency) of the five data center optimization metric targets OMB currently requires agencies to report against. However, EPA reports that it does not yet met the remaining two targets (related to server utilization and monitoring, and data center facility space). We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: General Services Administration
    Status: Open

    Comments: The General Services Administration (GSA) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, the agency stated in correspondence to GAO that it had developed an action plan to improve optimization progress. For example, GSA's action plan stated that the agency planned to create a new inventory of their data centers in order to establish a baseline to help in planning for data center closures, as well as collecting more accurate data for cost saving calculations. The agency also planned to create a new and better cost saving model and noted that it planned to refresh the cost model semi-annually. Finally, GSA intended to improve the required metrics set forth by the Office of Management and Budget (OMB) by eliminating physical machines and increasing virtualization whenever possible. As of July 2017, GSA reports on OMB's IT Dashboard that it meets one (server utilization and monitoring) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, GSA reports that it does not meet the remaining four targets (related to energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, NASA stated in correspondence to GAO that it planned to develop improvement strategies for each deficient metric and hold meetings with all of the data center owners to explain the improvement strategies and further educate the data center owners on how to create efficiencies. NASA added that the anticipated completion for this is July 2017. However, as of July 2017, NASA reports on the Office of Management and Budget's (OMB) IT Dashboard that it does not meet any of the five data optimization metric targets that OMB currently requires agencies to report against (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: The Nuclear Regulatory Commission (NRC) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, NRC stated in correspondence to GAO that it was pursuing development of a hybrid data center that will allow many data center functions to be performed in the cloud, allowing for more optimization, including the ability to better meet optimization targets (including those related to both cost savings and optimization) established by the Office of Management and Budget (OMB) through the Data Center Optimization Initiative. As of July 2017, NRC reports on OMB's IT Dashboard that it meets one (server virtualization) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, the agency reports that it does not meet the remaining four targets (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the agency's progress in implementing this recommendation.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Office of Personnel Management
    Status: Open

    Comments: The Office of Personnel Management (OPM) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, OPM stated in correspondence to GAO that it was committed to meeting the targets associated with the agency's data center optimization efforts. The agency added that challenges would be addressed as plans evolved to meet current targets and within current funding. As of July 2017, OPM reports on the Office of Management and Budget's (OMB) IT Dashboard that it meets only one (server virtualization) of the five data center optimization metric targets that OMB currently requires agencies to report against. However, the agency reports that it does not meet the remaining four targets (related to server utilization and monitoring, energy metering, server virtualization, data center facility space, and power usage efficiency). We will continue to monitor and evaluate the agency's progress in implementing this recommendation and update accordingly.
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: United States Agency for International Development
    Status: Open

    Comments: The U.S. Agency for International Development (USAID) agreed with our recommendation, and has taken initial steps to implement it. In May 2016, USAID stated in correspondence to GAO that it was planning to take action to improve progress in the remaining two areas that we reported as not meeting the Office of Management and Budget's (OMB) optimization targets, including addressing any identifying challenges. The agency noted that its target completion date for implementing our recommendation was February 2017. However, as of July 2017, USAID reports on OMB's IT Dashboard that it does not yet meet the server utilization and monitoring metric target, which is the only metric applicable to USAID. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To enhance Department of Homeland Security's (DHS) U.S. Immigration and Customs Enforcement's (ICE) ability to make more effective business decisions across immigration detention facilities with respect to the provision of medical care, the Secretary of Homeland Security should direct ICE to track inspection results and conduct analyses of oversight data over time, by standards, and by facility type.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, ICE has not provided a status update regarding the implementation of this recommendation. We will provide updated information after confirming any agency actions.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    11 open recommendations
    Recommendation: To ensure that the HRIT investment receives necessary oversight and attention, the Secretary of Homeland Security should direct the Under Secretary of Management to ensure that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT, including approving key program management documents, such as HRIT's operational plan, schedule, and planned cost estimate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS provided documentation demonstrating that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT in response to our recommendation. DHS also provided documentation demonstrating that the Executive Steering Committee approved HRIT's operational plan for fiscal years 2016-2018. However, DHS still needs to demonstrate that the HRIT ESC has approved the schedule and cost estimate for HRIT.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to update and maintain a schedule estimate for when DHS plans to implement each of the strategic improvement opportunities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to HRIT officials, in response to our recommendation, DHS has developed an implementation plan, including a schedule estimate, for addressing HRIT's strategic improvement opportunities. We will continue to follow-up with them for documentation of this implementation plan.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to develop a complete life-cycle cost estimate for the implementation of HRIT.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS prepared an independent cost estimate for the HRIT investment. When developing this estimate, the cost estimators made many assumptions about HRIT's strategic improvement opportunities that had not yet been defined, such as the scope and the preliminary acquisition strategies for each. We will continue to follow-up with DHS for supporting documentation for this estimate in order to better understand it.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to document and track all costs, including components' costs, associated with HRIT.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with the recommendation and is working to implement it. While DHS provided certain cost tracking information for HRIT, this information was incomplete and did not demonstrate ongoing tracking of all costs. We will continue to follow-up with DHS to obtain additional documentation.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to update and maintain the department's human resources system inventory.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS provided its updated human resources systems inventory that it developed in response to our recommendation. According to officials, the list is reviewed and updated on an annual basis or as-needed when a system is deployed or retired. We will continue to monitor this recommendation to ensure that DHS is maintaining this inventory.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to establish a time frame for deciding whether PALMS will be fully deployed at the Federal Emergency Management Agency (FEMA) and the U.S. Coast Guard (USCG), and determine an alternative approach if the learning and/or performance management capabilities of PALMS are deemed not feasible for the U.S. Immigration and Customs Enforcement, FEMA, the Transportation Security Administration, or USCG.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials stated that PALMS will not be fully deployed at FEMA, USCG, ICE, or TSA. The officials stated that future Human Resources Information Technology (HRIT) programs will include enhancing learning management and performance management capabilities. Officials stated that the details related to these efforts are to be discussed in the HRIT strategic improvement opportunity implementation plan. We will continue to follow-up with DHS for documentation of this plan.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to develop a comprehensive life-cycle cost estimate, including all government and contractor costs, for the PALMS program.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials stated that the PALMS program will move into an operations and maintenance phase once the PALMS learning management capabilities are deployed to U.S. Secret Service. As such, DHS does not plan to develop an updated life-cycle cost estimate (LCCE) for PALMS. We will continue to follow-up with DHS for documentation of PALMS's actual costs, including government costs.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to develop and maintain a single comprehensive schedule that includes all government and contractor activities, and includes all planned deployment milestones related to performance management.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, the PALMS program office updated its integrated master schedule. However, this schedule has not been appropriately maintained. We will continue to follow-up with DHS officials on this recommendation.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to track and monitor all costs associated with the PALMS program.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with the recommendation and is working to implement it. DHS provided certain cost tracking information for PALMS, but this information did not include government costs or certain past PALMS costs, such as 2017 costs for the Federal Law Enforcement Training Centers' ongoing use of PALMS. We will continue to follow-up with DHS officials on this recommendation.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to document PALMS's progress and milestone reviews, including all issues and corrective actions discussed.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS is documenting certain PALMS progress reviews. We have requested documentation related to U.S. Secret Service's deployment of PALMS, to determine whether the Service conducted and documented a milestone review prior to deploying the system.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to establish a comprehensive risk log that maintains an aggregation of all up-to-date risks (including both government- and vendor-identified)and associated mitigation plans. Additionally, within the comprehensive risk log, the PALMS program office should (1) identify and document planned completion dates for each risk mitigation step (where appropriate), and (2) prioritize the risks by determining each risk's relative priority and overall risk level.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS updated its PALMS risk register. However, this register was not comprehensive. We will continue to follow-up with DHS officials on this recommendation.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    12 open recommendations
    Recommendation: To enhance and to promote more consistent oversight of efforts within the department to address the incidence of hazing, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to regularly monitor the implementation of DOD's hazing policy by the military services.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance and to promote more consistent oversight of efforts within the department to address the incidence of hazing, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to require that the Secretaries of the military departments regularly monitor implementation of the hazing policies within each military service.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the ability of servicemembers to implement DOD and service hazing policies, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to establish a requirement for the Secretaries of the military departments to provide additional clarification to servicemembers to better inform them as to how to determine what is or is not hazing. This could take the form of revised training or additional communications to provide further guidance on hazing policies.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the military services' collection of data on reported hazing incidents and the methods used to track them, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in coordination with the Secretaries of the military departments, to issue DOD-level guidance on the prevention of hazing that specifies data collection and tracking requirements, including the scope of data to be collected and maintained by the military services on reported incidents of hazing.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the military services' collection of data on reported hazing incidents and the methods used to track them, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in coordination with the Secretaries of the military departments, to issue DOD-level guidance on the prevention of hazing that specifies data collection and tracking requirements, including a standard list of data elements that each service should collect on reported hazing incidents.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the military services' collection of data on reported hazing incidents and the methods used to track them, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in coordination with the Secretaries of the military departments, to issue DOD-level guidance on the prevention of hazing that specifies data collection and tracking requirements, including definitions of the data elements to be collected to help ensure that incidents are tracked consistently within and across the services.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater visibility over the extent of hazing in DOD to better inform DOD and military service actions to address hazing, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in collaboration with the Secretaries of the Military Departments, to evaluate prevalence of hazing in the military services.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To enhance and to promote more consistent oversight of the Coast Guard's efforts to address the incidence of hazing, the Commandant of the Coast Guard should regularly monitor hazing policy implementation.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including the scope of the data to be collected and maintained on reported incidents of hazing.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including a standard list of data elements to be collected on reported hazing incidents.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater consistency in and visibility over the Coast Guard's collection of data on reported hazing incidents and the methods used to track them, the Commandant of the Coast Guard should issue guidance on the prevention of hazing that specifies data collection and tracking requirements, including definitions of the data elements to be collected to help ensure that incidents are tracked consistently within the Coast Guard.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To promote greater visibility over the extent of hazing in the Coast Guard to better inform actions to address hazing, the Commandant of the Coast Guard should evaluate the prevalence of hazing in the Coast Guard.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To enable FEMA to and more effectively respond to disasters, the Secretary of Homeland Security should direct the FEMA Administrator to develop a workforce strategy to manage and improve retention that includes a process for systematically gathering attrition data and a plan to retain IMAT Cadre-of On-Call Response Employees.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, FEMA provided an update on the status of actions taken in response to our report. In the update, FEMA officials said they had issued a new FEMA Human Capital Strategic Plan for fiscal years 2016-2020 that includes an objective to build a scalable and skilled workforce with associated measures including a decrease in attrition rate for permanent full time employees, and an increase in disaster workforce through improvements in the recruitment and retention of incident management employees. FEMA also stated that pay issues and work-life balance have been identified as contributing to retention on National Type I and Regional Type II IMATs. FEMA is actively addressing the pay issues. FEMA provided a brief summary of the actions being taken--which includes development of a policy that provides information on establishing base pay under the new pay system, movement within the pay bands, and merit-based increases is in development. Until completion of the action items, this recommendation will remain open. FEMA officials plan to provide a status update in October 2017.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    2 open recommendations
    Recommendation: To promote more effective grant management coordination, the Secretary of Homeland Security should direct the FEMA Administrator to develop a plan with time frames, goals, metrics and milestones detailing how Grant Programs Directorate intends to resolve longstanding challenges associated with its existing hybrid grants management model, which divides responsibilities between regional and headquarters staff.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of March 2017, FEMA did not believe a plan was warranted to address long-standing coordination issues associated with its existing hybrid grants management model, as recommended in GAO's February 2016 report. According to the Department of Homeland Security, FEMA believes strongly in the importance of close and collaborative relationships between headquarters and regional grants staff. Further, FEMA stated the Grant Programs Directorate at headquarters already has in place numerous steps to ensure coordination and collaboration with regional grants staff. However, these steps by FEMA were already in place when GAO conducted its review in 2015 and early 2016, yet GAO identified continuing challenges related to coordination between headquarters and regions in conducting monitoring visits and providing consistent guidance to state grantees. As a result, GAO continues to believe that without a plan with time frames, goals, metrics, and milestones detailing how officials intend to resolve long-standing challenges associated with FEMA's existing hybrid grants management model, these challenges will continue to hamper the effectiveness of interactions between FEMA and state and local stakeholders in implementing the grant programs.
    Recommendation: To enable more sophisticated and comprehensive awareness of states' NIMS implementation, the Secretary of Homeland Security should direct the FEMA Administrator to develop policies and procedures for regional staff to review after-action reports from preparedness exercises within their region, and headquarters staff to review these evaluations in order to have a better understanding of NIMS implementation.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In March 2017, FEMA officials provided an update on the status of actions taken in response to our report. In the update, FEMA officials said the National Integration Center (NIC) is holding consultative sessions with state and local emergency managers to ensure the revised National Incident Management System (NIMS) doctrine and implementation objectives is operationally sound from the perspective of FEMA's stakeholders. They expect to complete this effort by September 30, 2017. Pending completion of this effort, the recommendation will remain open.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    9 open recommendations
    Recommendation: The Secretary of Homeland Security should direct Network Security Deployment (NSD) to determine the feasibility of enhancing NCPS's current intrusion detection approach to include functionality that would detect deviations from normal network behavior baselines.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 Update: In Feb. 2017, DHS officials stated that they have continued pilot activities that will enable DHS to identify suspicious network activity based on anomalous behavior and reputation and have collected lessons learned that are being tracked by the NCPS Program Management Office. Officials added that DHS had identified a contractor to support the transition of the pilot, including drafting an implementation plan; however, it had yet to award a contract due to lack of resources. As such, the agency did not have an estimated date on the completion of a draft plan for how the transition would be implemented. We requested that DHS provide a copy of the draft implementation plan for our review, when it became available. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct NSD to determine the feasibility of developing enhancements to current intrusion detection capabilities to facilitate the scanning of traffic not currently scanned by NCPS.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the NCPS Program Management Office is working with participating Internet Service Providers (ISP) to develop plans to support IPv6 for Traffic Aggregation, DNS redirection, and SMTP quarantining capabilities. Officials stated that an implementation plan that would include all ISP schedules for all planned intrusion prevention services would be available in the third quarter of fiscal year 2017. Additionally, regarding encrypted traffic, officials stated that it is conducting an analysis of Security on Encrypted Traffic (SonET) to better understand options for addressing the challenges, viability of options, and how the issue is being addressed at a broader industry level. The study is scheduled to continue through the fourth quarter of fiscal year 2017. We asked DHS to provide the ISP implementation plans (when finalized) and any findings from the ongoing SCADA and Encrypted traffic studies. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct United States Computer Emergency Readiness Team (US-CERT) to update the tool it uses to manage and deploy intrusion detection signatures to include the ability to more clearly link signatures to publicly available, open-source data repositories.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS stated that the NCPS PMO is working with participating Internet Service Providers (ISP) to develop plans to support IPv6 for Traffic Aggregation, DNS redirection, and SMTP quarantining capabilities. Officials stated that an implementation plan that would include all ISP schedules for all planned intrusion prevention services would be available in the third quarter of fiscal year 17. Additionally, officials stated that NSD is conducting an analysis on Security on Encrypted Traffic (SonET) to better understand options for addressing the challenges, viability of options, how the issue is being addressed at a broader industry level. The study will continue through the fourth quarter of fiscal year 2017. We asked DHS to provide the ISP implementation plans (when finalized) and any output/results (findings) from the ongoing studies DHS has related to SCADA and Encrypted traffic. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to consider the viability of using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, as an input into the development and management of intrusion detection signatures.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that enhancements were made so that Continuous Diagnostics and Mitigation program (CDM) data can be viewed with the Cyber Indicators Analysis Program (CIAP). Officials stated that the CDM data now may be combined with known vulnerability findings from NCATS and known threats collected from the CIAP system to further prioritize signature development as necessary. We have requested a meeting with DHS to observe the described enhancements. We believe that we will be able to close this recommendation, once we observe the claimed enhancements.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to develop a timetable for finalizing the incident notification process, to ensure that customer agencies are being sent notifications of potential incidents, which clearly solicit feedback on the usefulness and timeliness of the notification.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 Update: In Feb. 2017, DHS stated that US-CERT is in the process of developing a targeted survey of EINSTEIN customers (based off of a prior survey). Additionally, US-CERT has updated the Incident Reporting Guidelines to address previously mentioned process concerns. We have requested a copy of these guidelines and will review the modifications made within. Additionally, DHS stated that modifications to the Remedy ticketing system are underway that would allow for the inclusion of user feedback. These changes are anticipated to be implemented by October 2017. We likely would not be able to close this recommendation until we could review the results of the modifications.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop metrics that clearly measure the effectiveness of NCPS's efforts, including the quality, efficiency, and accuracy of supporting actions related to detecting and preventing intrusions, providing analytic services, and sharing cyber-related information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the Office of Cyber Security and Communications (CS&C) had developed, refined, and were baselining a first set of measures that relate to the Einstein 3A program. Further, they are considering adding one of these measures as an addition to the measures tracked in support of the yearly Government Performance and Results Act (GPRA) required reporting in FY 2018. Additionally, DHS officials stated they are developing information sharing related measures, including exploring how its public and private sector recipients of information measure the value cyber threat indicators and defensive measures. In March 2017, we requested a copy of the developed measures, when they became available. This recommendation will remain open until we are able to review the developed metrics and the subsequent data they are to measure.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop clearly defined requirements for detecting threats on agency internal networks and at cloud service providers to help better ensure effective support of information security activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS provided memos that gave an overview of the planned enhancements to the Continuous Diagnostics and Mitigation (CDM) program that included references to cloud providers. However, DHS did not provide any specific requirements for us to review. We have requested a follow-up meeting to review the specific requirements developed in support of the planned enhancements described in the provided memos. We will not be able to close this recommendation until we can review the developed requirements and determine that cloud providers are appropriately covered.
    Recommendation: The Secretary of Homeland Security should direct NSD to develop processes and procedures for using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, to help ensure DHS is using a risk-based approach for the selection/development of future NCPS intrusion prevention capabilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS stated that the NCPS Program Management Office has made enhancements to the Continuous Diagnostics and Mitigation (CDM) dashboard, but had yet to fully develop the CDM/NCPS data correlation. In March 2017, we asked for update on the status of data correlation, once available. In order to close this recommendation, we would need to review this model and determine how, if at all, the vulnerability information was used as part of a risk-based approach to intrusion prevention.
    Recommendation: The Secretary of Homeland Security should direct NSD to work with their customer agencies and the Internet service providers to document secure routing requirements in order to better ensure the complete, safe, and effective routing of information to NCPS sensors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the agency worked with the Office of Management and Budget to develop a draft Trusted Internet Connections Reference Architecture. This architecture is to serve as the new guidance for agencies on perimeter security capabilities as well as alternative routing strategies. In March 2017, we requested a copy of the guidance to review the alternative routing guidance. This recommendation will remain open until we have been able to review the information above.
    Director: John Neumann
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: The Secretaries of Energy, Defense, and Health and Human Services should develop detailed guidance to ensure that ORISE program coordinators, mentors, and research participants are fully informed of the prohibition on nonfederal employees performing inherently governmental functions.

    Agency: Department of Defense
    Status: Open

    Comments: In 2017 DOD developed a terms of agreement to be signed by each mentor and research participant, in which they acknowledge that they fully understand the restrictions on performing inherently governmental functions. However, DOD intended the terms of agreement to be used by a subset of the ORISE research participants at DOD (those participating in the Science and Technology Policy Fellowships program). To fully address this recommendation, DOD needs to take similar action for ORISE research participants not participating in this program.
    Recommendation: The Secretaries of Energy, Defense, and Health and Human Services should develop detailed guidance to ensure that ORISE program coordinators, mentors, and research participants are fully informed of the prohibition on nonfederal employees performing inherently governmental functions.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: HHS had not provided information as of July 2017 on steps it has taken to address the recommendation.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To address different interpretations of cutter boat requirements, the Commandant of the Coast Guard should direct the NSC program office to clarify the NSC's key performance parameters for the cutter boat operations (specifically the launch and recovery of cutter boats).

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Coast Guard is in the process of updating the operator's handbook for the Long Range Interceptor II cutter boat to clarify that it is capable of operating through sea state 5, which will meet the National Security Cutter's key performance parameter related to cutter boat operations. According to Coast Guard officials, the updated operator's handbook should be signed and approved between August and November 2017.
    Director: Jessica Farb
    Phone: (202) 512-6991

    1 open recommendations
    Recommendation: To ensure effective implementation of the strategic objective of the Weapons Chapter of the Strategy, the ONDCP Director should establish a more comprehensive indicator, or set of indicators, that more accurately reflects progress made by ATF and ICE in meeting the strategic objective.

    Agency: Office of National Drug Control Policy
    Status: Open

    Comments: As part of ONDCP's comments on our draft report, the agency concurred with our recommendation to establish a more comprehensive set of indicators for the Weapons Chapter of the National Southwest Border Counternarcotic Strategy. ONDCP indicated that it would work with ICE and ATF to develop additional indicators to evaluate their progress. ONDCP agreed that the indicators developed through this collaborative process would be used in future iterations of the Strategy. However, in its July 26, 2017 letter to the relevant congressional committees leadership ONDCP explained that a decision has not been made on whether a new iteration of Strategy will be released, or if the current Administration will take different approach to address this issue. We will need to wait until an update of the Strategy is available for us to review to determine if our recommendation has been implemented.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    1 open recommendations
    Recommendation: To better facilitate adoption of the NIST Framework for Improving Critical Infrastructure Cybersecurity, the Secretary of Homeland Security should direct officials responsible for the Critical Infrastructure Cyber Community Voluntary Program to develop metrics for measuring the effectiveness of efforts to promote and support the framework.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In December 2016, DHS officials stated that they will continue to work with sector-specific agency partners and NIST to determine how to develop measurement activities and collect information on C3VP outreach and its effectiveness in promoting and supporting the Cybersecurity Framework. We will continue to monitor their efforts and verify whether implementation of metrics has occurred.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help ensure that actions taken to improve the test and evaluation process address identified challenges, the Administrator of TSA should finalize all aspects of the third party testing strategy before implementing further third party testing requirements for vendors to enter testing.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In its response to this recommendation, the Department of Homeland Security concurred and identified initial planned actions to implement the finalize third party strategy. Subsequently, in the Spring of 2016, the TSA Office of Security Capabilities finalized its third party tester application and approval process; established quality conformance standards for potential third party testers; and gathered and considered industry feedback on potential third party test strategy consequences among other actions. Collectively, TSA established and published program requirements and procedures for the third party test strategy. In late 2016, TSA formally delayed its planned implementation of the third-party testing program by a calendar year to now be completed by December 31, 2017. TSA cited a need to conduct additional assessments, coordination challenges, and larger TSA security equipment related initiatives as the reasons for the delay. As part of its regular recommendation status reporting to GAO, TSA in the Spring 2017, noted that it is on track to meet the intent of the recommendation by the later revised date. TSA noted it had recently updated its qualification process by which qualified product lists will be populated and has already incorporated various aspects of third party testing for legacy security equipment qualification.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    8 open recommendations
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on a joint strategy and finalizing it in order to define and articulate a common understanding of expected outcomes and align the two agencies' activities and core processes to achieve their related missions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for completing a joint strategy for federal security once its memorandum of agreement with the General Services Administration is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on a joint strategy and finalizing it in order to define and articulate a common understanding of expected outcomes and align the two agencies' activities and core processes to achieve their related missions.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported that until FPS works with GSA specifically on the joint strategy, no final document will be released.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on the two agencies' respective roles and responsibilities for federal facility security, and update and finalize the two agencies' MOA accordingly.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it is working internally to prepare the memorandum of agreement for review and signature by the FPS Director, pending no additional changes are required to the document.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on the two agencies' respective roles and responsibilities for federal facility security, and update and finalize the two agencies' MOA accordingly.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported sending a final MOA draft to FPS in December 2015 and stated that it hopes to have a signed MOA by both agencies when leadership is in place.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop a process to ensure that compatible policies and procedures, including those for information sharing, are communicated at the regional level so that regional officials at both agencies have common information on how to operationalize the two agencies' collaborative efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for the issuance of a joint field guidance for working with the General Services Administration (GSA) once its memorandum of agreement with GSA is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop a process to ensure that compatible policies and procedures, including those for information sharing, are communicated at the regional level so that regional officials at both agencies have common information on how to operationalize the two agencies' collaborative efforts.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported developing and releasing "GSA Order 1000.1 Document Security for Handling Facility Security Assessments" to ensure that when GSA receives a Facility Security Assessment from FPS, it will be handled in a consistent, appropriate manner.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop mechanisms to monitor, evaluate, and report on their collaborative efforts to protect federal facilities in order to identify possible areas for improvement and to reinforce accountability.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for the appointment of an FPS-GSA Liaison once its memorandum of agreement with GSA is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop mechanisms to monitor, evaluate, and report on their collaborative efforts to protect federal facilities in order to identify possible areas for improvement and to reinforce accountability.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported that the updated MOA will cover this recommendation once signed.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    7 open recommendations
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretary of Homeland Security should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear sectors' cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has released updated sector-specific plans for the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear reactors sectors. The plans include a section on measuring effectiveness based on the plan development guidance. The plans provide expected metrics to track the progress of sector activities and state that the outcomes will be reported through the National Annual Reporting process as well as through the quadrennial plan update. Because the metrics are new and annual reporting has not yet occurred, DHS has not provided evidence of metrics data collected and reported to address the challenges. We will continue to follow-up to determine how performance measures have been implemented and what reporting is available based on those measures.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretary of the Treasury should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the financial services sector's cybersecurity progress.

    Agency: Department of the Treasury
    Status: Open

    Comments: The 2015 sector-specific plan for the financial services sector includes a section on measuring the effectiveness of sector activities; however, the plan does not include specific metrics. The plan refers to working groups and meetings of sector stakeholders as mechanisms to track sector progress. No specific metrics and associated reports of outcomes have been provided to address overcoming the challenges of monitoring the sector's cybersecurity progress. We will continue to monitor financial services sector activities and determine any specific metrics and related reports developed and implemented to track and report on the sector's cybersecurity progress.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Agriculture and Health and Human Services (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the food and agriculture sector's cybersecurity progress.

    Agency: Department of Agriculture
    Status: Open

    Comments: The Departments of Agriculture and Health and Human Services released an update to the food and agriculture sector-specific plan for 2015. The plan states the sector's lack of an overarching mechanism to measure and evaluate risk mitigation activities and the challenge of obtaining performance measurement data from non-federal partners. However, the plan notes a goal of evaluating the progress of individual protective programs and strategies. No metrics or reports of outcomes have been provided to address the challenge of monitoring the sector's cybersecurity progress. We will continue to follow up to determine whether USDA and HHS have developed and implemented mechanisms to measure the outcomes of their sector cybersecurity-related activities.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Agriculture and Health and Human Services (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the food and agriculture sector's cybersecurity progress.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Departments of Agriculture and Health and Human Services released an update to the food and agriculture sector-specific plan for 2015. The plan states the sector's lack of an overarching mechanism to measure and evaluate risk mitigation activities and the challenge of obtaining performance measurement data from non-federal partners. However, the plan notes a goal of evaluating the progress of individual protective programs and strategies. No metrics or reports of outcomes have been provided to address the challenge of monitoring the sector's cybersecurity progress. We will continue to follow up to determine whether HHS has developed and implemented mechanisms to measure the outcomes of its sector cybersecurity-related activities.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Homeland Security and Transportation (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the transportation systems sector's cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The co-Sector-Specific Agencies (SSAs) for the Transportation Systems Sector, DHS (TSA and Coast Guard) and the Department of Transportation, provided an update on efforts to develop sector cybersecurity metrics. The update described measures under consideration such as tracking the number of sector stakeholders receiving cybersecurity products, monitoring the usefulness of products through satisfaction surveys, and tracking attendance at sector events and seminars encompassing cybersecurity. The co-SSAs plan to report sector cyber activities, progress, and relevant metrics annually through the Critical Infrastructure National Annual Report and through quadrennial updates to the sector-specific plan. The latest sector-specific plan was released in 2015. The proposed metrics have not been formalized in a strategy or plan. We will continue to monitor and evaluate efforts to formalize and implement the proposed metrics to determine whether they address the intent of the recommendation.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Homeland Security and Transportation (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the transportation systems sector's cybersecurity progress.

    Agency: Department of Transportation
    Status: Open

    Comments: The co-Sector-Specific Agencies (SSAs) for the Transportation Systems Sector, DHS (TSA and Coast Guard) and the Department of Transportation, provided an update on efforts to develop sector cybersecurity metrics. The update described measures under consideration such as tracking the number of sector stakeholders receiving cybersecurity products, monitoring the usefulness of products through satisfaction surveys, and tracking attendance at sector events and seminars encompassing cybersecurity. The co-SSAs plan to report sector cyber activities, progress, and relevant metrics annually through the Critical Infrastructure National Annual Report and through quadrennial updates to the sector-specific plan. The latest sector-specific plan was released in 2015. The proposed metrics have not been formalized in a strategy or plan. We will continue to monitor and evaluate efforts to formalize and implement the proposed metrics to determine whether they address the intent of the recommendation.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Administrator of the Environmental Protection Agency should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the water and wastewater systems sector's cybersecurity progress.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The 2015 water and wastewater sector-specific plan includes a segment on measuring the effectiveness of sector activities that describes the overall principles for collecting data and using the National Annual Report data calls as a tool for assessing performance and reporting on progress within the sector. However, the plan does not state specific measures and the agency acknowledged in its response to our report that it does not collect performance metrics on the effectiveness of its cybersecurity programs for the sector. According to agency officials, the development of performance metrics in collaboration with sector partners is underway. We will continue to follow up to identify any specific metrics developed and implemented and resulting outcome-based reports.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    2 open recommendations
    Recommendation: To provide greater assurance that the Interagency Rotation Program for national security personnel will be implemented as provided in section 1107 of the National Defense Authorization Act for Fiscal Year 2013, the Director of the Office of Personnel Management, in collaboration with the Committee on National Security Personnel, should establish a clear leadership and oversight structure to guide future implementation efforts.

    Agency: Office of Personnel Management
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide greater assurance that the Interagency Rotation Program for national security personnel will be implemented as provided in section 1107 of the National Defense Authorization Act for Fiscal Year 2013, the Director of the Office of Personnel Management, in collaboration with the Committee on National Security Personnel, should work with the departments and agencies to identify and take action on necessary next steps to proceed with the program's implementation, including developing and issuing required guidance for implementation within identified timeframes.

    Agency: Office of Personnel Management
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    4 open recommendations
    Recommendation: To improve DOD's management of initiatives directed at increasing the recruitment and accessions of women into the officer corps, the Secretary of Defense should direct the Under Secretary of Defense, Personnel and Readiness, in collaboration with the service Secretaries, to develop an oversight framework that includes or incorporates (consistent with applicable law): (1) Service-wide program goals for initiatives directed at female officers' recruitment, such as goals related to the composition of the applicant pool; (2) Performance measures linked to program goals; and (3) Resource allocations linked to program goals.

    Agency: Department of Defense
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Recommendation: To improve DOD's management of initiatives directed at increasing the recruitment and accessions of women into the officer corps, the Secretary of Defense should direct the Under Secretary of Defense, Personnel and Readiness, in collaboration with the service Secretaries, to conduct evaluations for key recruitment initiatives to help ensure these initiatives are achieving their intended purpose.

    Agency: Department of Defense
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Recommendation: To improve the Coast Guard's management of initiatives to increase the recruitment and accessions of women into the officer corps, the Commandant of the Coast Guard should develop an oversight framework that includes or incorporates (consistent with applicable law): (1) Service-wide program goals for initiatives directed at female officers' recruitment, such as goals related to the composition of the applicant pool; (2) Performance measures linked to program goals; and (3) Resource allocations linked to program goals.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Recommendation: To improve the Coast Guard's management of initiatives to increase the recruitment and accessions of women into the officer corps, the Commandant of the Coast Guard should conduct evaluations for key recruitment initiatives to help ensure these initiatives are achieving their intended purpose.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To provide more reliable information for assessing the progress of its cost containment efforts and for informing judiciary and congressional oversight and decision making, the Director of AOUSC should develop a reliable method for estimating cost savings achieved (i.e., that ensures that cost savings are calculated in an accurate and complete manner) for major cost containment initiatives (as determined by the judiciary).

    Agency: Administrative Office of the United States Courts
    Status: Open

    Comments: In September 2016, the AOUSC reported that the Judicial Conference Budget Committee (Committee) discussed the GAO report and its two recommendations relating to major cost containment initiatives in January 2016. Among other things, the Budget Committee asked AOUSC staff to lead a working group to examine major cost containment efforts and develop recommendations on how to proceed on improvements to the calculation and reporting of associated cost savings. According to the AOUSC, work is currently underway to address the Budget Committee's recommendations. To fully address this recommendation, the AOUSC should provide the working group's recommendations on how to proceed on improvements to the calculation of cost savings associated with major cost containment efforts and evidence that the improvements have been implemented.
    Recommendation: To provide more reliable information for assessing the progress of its cost containment efforts and for informing judiciary and congressional oversight and decision making, the Director of AOUSC should regularly report estimated cost savings achieved for major cost containment initiatives (as determined by the judiciary).

    Agency: Administrative Office of the United States Courts
    Status: Open

    Comments: In September 2016, the AOUSC reported that the Judicial Conference Budget Committee (Committee) discussed the GAO report and its two recommendations relating to major cost containment initiatives in January 2016. Among other things, the Committee asked AOUSC staff to lead a working group to examine major cost containment efforts and develop recommendations on how to proceed on improvements to the calculation and reporting of associated cost savings. The AOUSC stated that the Committee believes that reporting on the Judiciary's cost containment initiatives should be included in the Judiciary's annual budget justification materials, as appropriate, to support the annual budget request. To fully address this recommendation, the AOUSC should provide the working group's recommendations on how to proceed on improvements to the reporting of cost savings associated with major cost containment efforts and evidence that the improvements have been implemented.
    Director: Timothy M. Persons
    Phone: (202) 512-6412

    2 open recommendations
    Recommendation: To help ensure that biosurveillance-related funding is directed to programs that can demonstrate their intended capabilities, and to help ensure sufficient information is known about the current Gen-2 system to make informed cost-benefit decisions about possible upgrades and enhancements to the system, the Secretary of Homeland Security should direct the Assistant Secretary for Health Affairs and other relevant officials within the Department to not pursue upgrades or enhancements to the current BioWatch system until the Office of Health Affairs (OHA): (1) establishes technical performance requirements, including limits of detection, necessary for a biodetection system to meet a clearly defined operational objective for the BioWatch program by detecting attacks of defined types and sizes with specified probabilities; (2) assesses the Gen-2 system against these performance requirements to reliably establish its capabilities; and (3) produces a full accounting of statistical and other uncertainties and limitations in what is known about the system's capability to meet its operational objectives.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help reduce the risk of acquiring immature detection technologies, the Secretary of Homeland Security should direct the Assistant Secretary for Health Affairs, in coordination with the Under Secretary for Science and Technology, to use the best practices outlined in this report to inform test and evaluation actions for any future upgrades or changes to technology for BioWatch.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David J. Wise
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To demonstrate the effects of GSA's ongoing efforts to better manage lease holdovers and extensions, the Administrator of GSA should identify performance goals and targets for existing or other measures related to the use of holdovers and extensions for expiring leases within GSA's strategic plan or in another agency planning document. GSA should ensure such goals, targets, and associated measures fully reflect progress, by taking into account the frequency with which holdovers and extensions occur for expiring leases within its portfolio and GSA's expected outcomes for expiring leases.

    Agency: General Services Administration
    Status: Open

    Comments: GSA provided information to GAO in March 2017 to show that this recommendation had been implemented. Specifically, GSA updated its strategic planning process related to lease holdovers and extensions and created an up-front planning measure for expiring leases. GAO had follow up questions seeking more assurance from GSA that these actions would have the intended effect of reducing lease holdovers and extensions. As of June 2017, GAO was awaiting a response from GSA.
    Director: Michele Mackin
    Phone: (202) 512-4841

    3 open recommendations
    Recommendation: To improve coordination and communication between FEMA OCPO and region mission support officials region mission support officials, the FEMA Administrator should establish a plan to ensure that the agreement is reviewed on an annual basis as intended.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In commenting on this report, DHS concurred with this recommendation. According to FEMA officials, the Office of Procurement Operations has since formed a team that will address this recommendation. We will provide updated information as it becomes available.
    Recommendation: To improve coordination and communication between FEMA Office of the Chief Procurement Officer (OCPO) and region mission support officials region mission support officials, the FEMA Administrator should direct OCPO and the regional administrators to revisit the 2011 service level agreement to: add details about the extent of operational control headquarters and regional supervisors should exercise to minimize potential competing interests experienced by regional contracting officers; further detail headquarters and regional supervisors' roles and responsibilities for managing regional contracting officers to improve coordination and communication; and ensure that the agreement reflects any new requirements, including recent changes in training that may require travel funds.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In commenting on this report, DHS concurred with this recommendation. According to FEMA officials, the Office of Procurement Operations has since formed a team that will address this recommendation. We will provide updated information as it becomes available.
    Recommendation: To address PKEMRA, the Secretary of Homeland Security should take action to address the requirements of Section 692 to implement subcontractor limitations or request that Congress amend the law to delete Section 692.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In 2016, DHS took steps to ask Congress to repeal PKEMRA Section 692, which prohibits the use of subcontracts for more than 65 percent of the cost of cost-reimbursement type contracts that exceed the simplified acquisition threshold. DHS submitted a legislative change proposal to the Office of Management and Budget (OMB), who approves such proposals before they are submitted to Congress. OMB approved the proposed change for PKEMRA Section 692 in April 2016. We will provide additional updates as information becomes available.
    Director: Timothy J. DiNapoli
    Phone: (202) 512-4841

    13 open recommendations
    including 6 priority recommendations
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to conduct a comprehensive analysis of Army IT services spending to determine the extent to which requirements can be addressed by Computer Hardware, Enterprise Software and Solutions (CHESS) or other strategic sourcing approaches, and based on this analysis, consider opportunities to reduce duplicative contracts.

    Agency: Department of Defense: Department of the Army
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to implement utilization metrics and mandatory use or consideration policies.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to develop guidance and overarching goals and metrics for savings.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Army, the Secretary of the Army should direct its strategic sourcing accountable official to conduct a review of the benefits and disadvantages of standardized labor categories for CHESS or future contracts.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Navy, the Secretary of the Navy should direct its strategic sourcing accountable official to conduct a comprehensive analysis of IT services spending to determine the extent to which requirements can be addressed by the existing contracts or other strategic sourcing approaches and based on this analysis, reduce duplicative contracts.

    Agency: Department of Defense: Department of the Navy
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Navy, the Secretary of the Navy should direct its strategic sourcing accountable official to implement utilization metrics and monitor agency efforts to comply with the Navy's existing use policies for IT services.

    Agency: Department of Defense: Department of the Navy
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to conduct a comprehensive analysis of IT services spending to determine the extent to which requirements can be addressed by Network-Centric Solutions (NETCENTS) or other strategic sourcing approaches, and based on this analysis, reduce duplicative contracts.

    Agency: Department of Defense: Department of the Air Force
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our three recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to implement utilization metrics.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to develop guidance and overarching goals and metrics for savings.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within the Air Force, the Secretary of the Air Force should direct its strategic sourcing accountable to conduct a review of the benefits and disadvantages of standardized labor categories for primary strategic sourcing vehicles such as NETCENTS.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: DOD concurred with our recommendations. To fully implement these recommendations, DOD should complete analyses of information technology services spending, reduce duplicative contracts where appropriate, and establish metrics to monitor progress and assess compliance with existing IT services use policies.
    Recommendation: To improve efforts to strategically source IT services within NASA, the Administrator of NASA should direct its strategic sourcing accountable official to use its 2014 spend analysis to determine the extent to which requirements can be addressed by the IT Infrastructure Integration Program or other strategic sourcing approaches, and based on this analysis, reduce duplicative contracts.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA agreed with this recommendation. To fully implement it, NASA needs to successfully implement its planned actions, including (1) implement new strategic sourcing policies in the NASA federal acquisition regulation supplement, (2) revise the 2014 spend analysis by December 14, 2017, and (3) require strategic sourcing of IT services by December 2018 for services such as mobile communications, telecommunications, cloud computing, and seat management.
    Recommendation: To improve efforts to strategically source IT services within NASA, the Administrator of NASA should direct its strategic sourcing accountable official to implement utilization metrics and mandatory use policies.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA partially agreed with this recommendation. Specifically, NASA agreed to establish metrics, but sought to employ mandatory consideration policies, where applicable, instead of mandatory use policies. We agreed that the proposed approach would meet the intent of our recommendation. To fully implement this recommendation, NASA needs to successfully implement its planned actions, including (1) revising the NASA strategic sourcing guide to include establishment of utilization metrics, and (2) issuing updated strategic sourcing policies in the NASA federal acquisition regulation supplement to include mandatory use policies.
    Recommendation: To improve efforts to strategically source IT services within NASA, the Administrator of NASA should direct its strategic sourcing accountable official to develop guidance and overarching goals and metrics for savings.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA agreed with this recommendation. To fully implement this recommendation, NASA needs to successfully implement its planned actions, including (1) issuing updated strategic sourcing policies in the NASA federal acquisition regulation supplement, (2) updating its strategic sourcing website, and (3) updating the NASA strategic sourcing guide to include the setting of goals or baselines as a method of evaluating the strategic sourcing approach.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To help ensure that agencies' policies and oversight are fully consistent with The Attorney General's Guidelines Regarding the Use of Confidential Informants, the Assistant Secretary of ICE and the Commandant of USCG should update their respective agencies' informant policies and corresponding monitoring processes to explicitly address the Guidelines' provisions on oversight of informants' illegal activities.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: In December 2016, ICE issued a memo regarding changes to its policies for the registration and suitability of confidential informants. The memo included updated forms to oversee those aspects of confidential informant oversight. In April 2017, ICE officials informed GAO that a working group is in the process of updating the Informants Handbook and the Undercover Operations Handbook. ICE expects to finalize drafts of the handbooks in September 2017 and implement them by December 2017. When the updated handbooks are available for GAO's review, we will assess the extent to which they address our recommendation.
    Director: Beryl H. Davis
    Phone: (202) 512-2623

    1 open recommendations
    Recommendation: Congress should consider the options for sustaining the Oil Spill Liability Trust Fund as well as the optimal level of funding to be maintained in the Fund, in light of the expiration of the Fund's per-barrel tax funding source in 2017.

    Agency: Congress
    Status: Open

    Comments: We will continue to monitor the funding status.
    Director: Gambler, Rebecca S
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should plan and conduct regular future fraud risk assessments of the EB-5 Program.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: The Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS) is responsible for administering the Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program). In 2015, we reviewed the EB-5 program to determine if USCIS assesses fraud and other related risks facing the program. We found that USCIS had collaborated with its interagency partners to assess fraud and national security risks in the program in fiscal years 2012 and 2015 but that these assessments were onetime efforts that did not have documented plans to conduct regular future risk assessments, in accordance with fraud prevention practices, which could help inform efforts to identify and address evolving program risks. To strengthen the program's fraud prevention, detection, and mitigation capabilities, we recommended that USCIS plan and conduct regular future fraud risk assessments. USCIS concurred with the recommendation, stating that it will continue to conduct at least one fraud, national security, or intelligence assessment on an aspect of the program annually. In September 2015, USCIS stated that the Fraud Detection and National Security Directorate unit of its Immigrant Investor Program (IPO) will conduct its next fraud, national security, and intelligence assessment in FY 2016 and one assessment annually thereafter. In an August 2016 update, USCIS stated that it had conducted a national security assessment, the draft of which was under review by management, to be finalized by September 30, 2016. We will continue to monitor USCIS's efforts to ensure that the agency finalizes this assessment and documents plans to conduct future fraud assessments on a regular basis.
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should develop a strategy to expand information collection, including considering the increased use of interviews at the I-829 phase as well as requiring the additional reporting of information in applicant and petitioner forms.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In 2015, we evaluated the Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS) Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program) to determine the extent to which the agency had addressed any identified fraud risks in the program. We found that USCIS had identified unique fraud risks in the program and had taken certain steps to address and enhance its fraud risk management efforts, including establishing a dedicated entity to oversee these efforts. However, we found that USCIS's information systems and processes limited its ability to collect and use data on EB-5 Program participants to comprehensively address fraud risks in the program. To strengthen the program's fraud mitigation capabilities, we recommended that USCIS develop a strategy to expand information collection, including considering the increased use of interviews at the application for permanent residency (form I-829) phase as well as requiring the additional reporting of information in applicant and petitioner forms. USCIS concurred with the recommendation, stating that IPO will develop a strategy to enhance and expand information collection, including publishing revised EB-5 application and petition forms, and considering the use of interviews. In a September 2015 update to this recommendation, USCIS stated that it had begun internal discussions for developing a comprehensive strategy to incorporate interviews into various stages of the EB-5 process, including the I-829 phase. In addition, USCIS was implementing a comprehensive approach for revising all EB-5 specific forms (I-526, I-924, and I-924A) to improve program integrity and data collection. USCIS expects the revised forms to be available after December 31, 2015. In an August 2016 update, USCIS stated that it has revised Forms I-924, I-924A, and I-526, and anticipated revising Forms I-924 and I-924A by November 2016 and Form I-829 by March 2017. USCIS also stated that IPO had initiated a new process to allow interview of Form I-829 petitioners by video conference, and planned to develop a comprehensive interview strategy based on the results of initial and future interviews as well as other relevant information. We will continue to monitor USCIS's efforts to develop and implement this more comprehensive EB-5 data collection strategy.
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should track and report data that immigrant investors report, and the agency verifies on its program forms for total investments and jobs created through the EB-5 Program.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In 2015, we evaluated the Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS)'s capacity to verify job creation and to use a valid and reliable methodology to report the economic benefits of its Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program). We found that over time USCIS had increased its capacity to verify job creation by increasing the size and expertise of its workforce and by providing clarifying guidance and training, among other actions. However, we found that USCIS's methodology for reporting program outcomes and overall economic benefits of the EB-5 Program was not valid and reliable because it may understate or overstate program benefits in certain instances as it was based on the minimum program requirements of 10 jobs and a $500,000 investment per investor, instead of the number of jobs and investment amounts collected by USCIS on individual EB-5 Program forms. To more accurately and comprehensively assess and report the overall economic benefits of the program, we recommended that USCIS track and report data that immigrant investors report, and the agency verifies on its program forms for total investments and jobs created. USCIS concurred with this recommendation, stating that IPO will develop a plan to collect and aggregate additional data regarding EB-5 investment amounts and job creation, including revising USCIS data systems and processes, as appropriate. In a September 2015 update, USCIS further stated that IPO officials had already met with officials from the USCIS Office of information Technology (OIT) on August 25, 2015, to discuss EB-5 data requirements, and that IPO is reviewing the fields in the Intranet Computer Linked Application Information Management System (iCLAIMS) database used for maintaining EB-5 and other immigration program data, to define data entry requirements. Once that is completed, USCIS stated that IPO will work with OIT to discuss any system changes needed to reliably aggregate data regarding EB-5 program investment amounts and job creation. In an August 2016 update, USCIS stated that through regular meetings with OIT, IPO has identified the assets needed to develop a case management system to meet the complex data needs of the EB-5 program. This system, which will be compatible with USCIS's electronic immigration system, is tentatively projected to be completed in FY 2017. We will continue to monitor USCIS's efforts to develop a system that will enable it to accurately and comprehensively assess and report the overall economic benefits of the program.
    Director: Chris Currie
    Phone: (404) 679-1875

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To increase states' abilities to improve disaster resilience and mitigate future damage when using federal funding in the wake of disasters, the FEMA Administrator should, consistent with the goals of the NDRF to integrate hazard mitigation and risk reduction opportunities into all major decisions and reinvestments during the recovery process, assess the challenges state and local officials reported, including the extent to which the challenges can be addressed and implement corrective actions, as needed.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open
    Priority recommendation

    Comments: In April 2017, FEMA officials provided a corrective action plan that included interim actions and milestones leading to the establishment of procedures and training to assist in implementing policy changes through the end of calendar year 2016. In September 2016, FEMA issued new policies to establish minimum standards for Public Assistance projects that are intended to promote resilience and achieve risk reduction. The April 2017 update indicates that FEMA plans to complete actions to implement this recommendation by May 2017. GAO will assess the actions taken when they are complete.
    Recommendation: To help the federal, state, and local governments plan for and invest in hazard mitigation opportunities to enhance resilience against future disasters, the Director of the Mitigation Framework Leadership Group, in coordination with other departments and agencies that are MitFLG members, should supplement the National Mitigation Framework by establishing an investment strategy to identify, prioritize, and guide federal investments in disaster resilience and hazard mitigation-related activities and make recommendations to the President and Congress on how the nation should prioritize future disaster resilience investments. Such a strategy could address, among other things, (1) the extent to which current hazard mitigation and disaster resilience programs are adequately addressing critical lifelines and critical infrastructure, (2) an approach to identifying information on what disaster resilience and hazard mitigation efforts are most effective against known risks and their potential impacts on the nation's fiscal exposure, (3) the balance of federal and nonfederal investments, and (4) the balance of pre- and postdisaster resilience investments.

    Agency: Mitigation Framework Leadership Group
    Status: Open
    Priority recommendation

    Comments: In March 2016, officials from FEMA's Federal Insurance and Mitigation Administration told us they are working with the Office of Management and Budget to implement this recommendation and shared a high-level work plan designed to guide MitFLG through the creation of a disaster resilience investment strategy. According to this plan, the strategy is to be complete in October 2017.
    Director: Kimberly Gianopoulos
    Phone: (202)512-8612

    1 open recommendations
    Recommendation: To strengthen agency performance measurement related to deterring child smuggling, the Secretary of Homeland Security should instruct DHS's U.S. Immigration and Customs Enforcement to establish annual performance targets associated with the performance measures it has established for its Transnational Criminal Investigative Units.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In its comments on the report in July 2015, the Department of Homeland Security stated that it concurred with this recommendation, and that it would work with host nation partners to establish goals to measure these units' investigative activities and capacity development. In September 2015, DHS noted that it planned to use law enforcement data to measure TCIU success rates and inform efforts going forward. GAO has followed up with DHS--most recently in June 2017--on the status of its efforts to establish performance targets, but has not yet received a response.
    Director: Chris Currie
    Phone: (404) 679-1875

    2 open recommendations
    Recommendation: To ensure the accuracy of the data submitted by chemical facilities, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for the Office of Infrastructure Protection, and the Director of ISCD, in the interim, to identify potentially miscategorized facilities with the potential to cause the greatest harm and verify the Distance of Concern these facilities report is accurate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, as of November 2016 ISCD completed its assessment of all Top-Screens which reported threshold quantities of release-toxic chemicals of interest and identified 158 facilities with the potential to cause the greatest harm. ISCD contacted all 158 facilities and received revised Top-Screens from 101, according to ISCD officials. ISCD halted pursuit of revised Top-Screens from the remaining facilities during summer 2016 in anticipation of the pending release of CSAT 2.0, the Top-Screen application, which both eliminates the Distance of Concern question and will result in all remaining facilities being required to submit a new Top-Screen upon the activation of CSAT 2.0. CSAT 2.0 was activated October 1, 2016, and DHS sent a letter to each of the remaining facilities informing them of their obligation to submit a new top-screen, according to ISCD officials. ISCD is continuing to monitor the resolution of the remaining cases and expects to have assessed updated Top-Screens for all of them within the first or second quarter of 2017. We will update the status of this recommendation after additional information is received from DHS.
    Recommendation: In addition, to better manage compliance among high-risk chemical facilities and demonstrate program results, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for the Office of Infrastructure Protection, and the Director of ISCD to develop documented processes and procedures to track noncompliant facilities and ensure they implement planned measures as outlined in their approved site security plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, ISCD is nearing finalization of the updated CFATS Inspection Standard Operating Procedure (SOP) and has made progress on the new CFATS Enforcement SOP. Once completed, expected in mid-2017, these two documents collectively will formally document the processes and procedures currently being used to track noncompliant facilities and ensure they implement planned measures as outlined in their approved site security plans, according to ISCD officials. We will update the status of this recommendation after additional information is received from DHS.
    Director: Charles Michael Johnson, Jr.,
    Phone: (202) 512-7331

    2 open recommendations
    Recommendation: Given that countering violent extremism is a priority for the U.S. government in general and State's Bureau of Counterterrorism (CT Bureau), the Secretary of State should take steps to ensure that CVE program efforts abroad are evaluated.

    Agency: Department of State
    Status: Open

    Comments: In June 2017, the CT Bureau indicated that a third-party evaluation of the CVE program has been completed. The evaluation focused on process and programming, including all CVE projects funded between fiscal years 2012 and 2016 and resulted in two related but disparate sets of recommendations and findings. The CT Bureau indicated that it has begun incorporating the recommendations made in the evaluation into its overall CVE efforts.
    Recommendation: To improve State's CT Bureau's program management efforts, the Secretary of State should take steps to ensure the Bureau of Counterterrorism establishes specific time frames for addressing recommendations from program evaluations.

    Agency: Department of State
    Status: Open

    Comments: In June 2017, the CT Bureau indicated it is in the process of reviewing recommendations from the CVE evaluation, and will soon be assigning timelines to those recommendations that the bureau deems relevant and achievable. For other evaluations, the CT Bureau indicated that it has already acknowledged the need to assign specific timelines to evaluation recommendations and has adjusted accordingly.
    Director: Cristina Chaplain
    Phone: (202) 512-4841

    3 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that the SLS cost and schedule estimates better conform with best practices and are useful to support management decisions, the NASA Administrator should direct SLS officials to update the SLS cost and schedule estimates, at least annually, to reflect actual costs and schedule and record any reasons for variances before preparing their budget requests for the ensuing fiscal year. To the extent practicable, these updates should also incorporate additional best practices including thoroughly documenting how data were adjusted for use in the update and cross-checking results to ensure they are credible.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA agreed with this recommendation and reported taking steps to address it through its annual assessment of the SLS's current cost and schedule estimates against its Agency Baseline Commitment. The agency provided the results of this assessment but did not address the deficiencies we identified in NASA's original estimate, including thoroughly documenting how data were adjusted for the update and cross-checking the results to ensure credibility. In order to close this recommendation, NASA's estimate of its current costs would ideally include documentation of how data were adjusted for use in the updated estimate as well as an explanation of any estimating methodology crosschecks. At a minimum, the estimate documentation should include an explanation of variances between the original estimate and the current estimate.
    Recommendation: To provide more comprehensive information on program performance, the NASA administrator should direct the SLS program to expedite implementation of the program-level EVM system.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The SLS program concurred with our recommendation and has taken steps to implement a program-level earned value management (EVM) system. In May 2016, NASA and Boeing finalized its contract with Boeing for the SLS core stage, the largest development effort in the program. According to NASA officials, the SLS program began receiving contractor earned value management data derived from the new core stage performance measurement baseline in fall 2016. At that time the program implemented a program-level EVM system tracking both in-house and contractor effort.
    Recommendation: To ensure that decisionmakers are able to track progress toward the agency's committed launch readiness date, the NASA administrator should direct the SLS program to include as part of the program's quarterly reports to NASA headquarters a reporting mechanism that tracks and reports program progress relative to the agency's external committed cost and schedule baselines.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The SLS program concurred with our recommendation. According to NASA officials, the program has taken steps to track and report progress relative to the agency's external committed cost and schedule baselines within the program's quarterly reports to NASA headquarters. The program, however, has not yet provided documentation of these actions to GAO.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    9 open recommendations
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to develop and implement TVPRA training for OFO officers at airports who have substantive contact with UAC.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Office of Field Operations (OFO) within U.S. Customs and Border Protection (CBP), in collaboration with U.S. Immigration and Customs Enforcement, conducted a "Train-the-Trainer" conference in August 2015 that focused on juvenile and unaccompanied alien children (UAC). The conference, among other things, addressed screening requirements for UAC consistent with Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA). CBP officers who received this additional training were then responsible for training other officers who process UAC at the ports of entry. According to CBP, while the conference was comprehensive, it did not fully encompass CBP's needs. In June 2016, CBP reported that OFO, Office of Chief Counsel, and a headquarters-level working group on UAC issues are finalizing a revised Form CBP-93 and with that are developing a detailed, relevant Train-the-Trainer course for officers responsible for TVPRA at all CBP ports of entry. In December 2016, CBP notified GAO that OFO, in coordination with CBP's Office of Training and Development, was concluding the design and embarking on the development phase of a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." This course will be an annual requirement for all OFO officers. In April 2017, CBP reported that OFO was no longer pursuing a separate Train-the-Trainer course for CBP officers at air ports of entry. However, CBP continues to develop a new UAC training course. The new course is a collaborative effort between OFO and USBP, in consultation with CBP's Office of Chief Counsel, and in partnership with CBP's Office of Training and Development (OTD) to develop, deconflict, and revise training consistent with requirements under TVPRA, specifically outlining rules to identify and screen UAC, among other things. As of September 2017, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP needs to ensure that OFO officers at airports who have substantive contact with UAC complete this training.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to revise the Form 93 to include indicators or questions that agents and officers should ask UAC to better assess (1) a child's ability to make an independent decision to withdraw his or her application for admission to the United States and (2) credible evidence of the child's risk of being trafficked if returned to his or her country of nationality or last habitual residence.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2015, CBP officials stated that CBP formed a working group in headquarters with representatives from the department's Office of Policy and Office for Civil Rights and Civil Liberties to examine the screening process for UAC. In addition, CBP officials noted that CBP is in the process of convening a similar group in the field. According to CBP officials, the working group meets weekly and is coordinating with nongovernmental organizations and the United Nations High Commissioner for Refugees, among others. As of June 30, 2016, CBP reported that CBP's Office of Field Operations (OFO) and U.S. Border Patrol (BP) have finalized and routed the Form CBP-93 to the OFO Executive Assistant Commissioner and United States Border Patrol Chief for final approval. As of June 2017, the revised CBP Form 93 is still under review and CBP officials estimate that the review process will be completed by December 31, 2017. To fully address this recommendation, CBP should revise the Form 93 to include indicators or questions that CBP officers and Border Patrol agents should ask UAC relative to their ability to make an independent decision and regarding the potential risk of the UAC being trafficked if returned to their country of nationality or last habitual residence.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to provide guidance to Border Patrol agents and OFO officers that clarifies how they are to implement the TVPRA requirement to transfer to HHS all Mexican UAC who have fear of returning to Mexico owing to a credible fear of persecution.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In commenting on a draft of our report, DHS indicated that CBP's U.S. Border Patrol (USBP) and Office of Field Operations (OFO) would issue further guidance to agents and officers emphasizing TVPRA transfer procedures for UAC who are nationals or habitual residents of Canada or Mexico and who are victims of a severe form of trafficking in persons. In September 2015, CBP reported that USBP and OFO estimated implementing this additional guidance by the end of calendar year 2015. In January 2016, CBP reported to GAO that, since June 2015, a headquarters level working group had been reviewing CBP's screening process for UAC. According to CBP officials, the activities of this working group will influence the guidance that will be deployed to Border Patrol agents and OFO officers and that USBP and OFO will be working together to develop additional guidance to the field by September 2016. In December 2016, CBP notified GAO that Border Patrol and OFO have partnered with CBP's Office of Training and Development, as well as the Office of Chief Counsel, to develop a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." According to CBP, this course will be an annual requirement for all CBP agents and officers. As of September 2017, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP should ensure that this distance learning training module on how to implement the Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA) criteria is developed and implemented, as required by CBP policy, to all Border Patrol agents and OFO officers.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to develop and implement guidance on how Border Patrol agents and OFO officers are to implement the TVPRA requirement to transfer to HHS all Canadian and Mexican UAC who are victims of a severe form of trafficking in persons.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In commenting on a draft of our report, DHS indicated that CBP's U.S. Border Patrol (USBP) and Office of Field Operations (OFO) would issue further guidance to agents and officers emphasizing TVPRA transfer procedures for UAC who are nationals or habitual residents of Canada or Mexico and who are victims of a severe form of trafficking in persons. In September 2015, CBP reported that USBP and OFO estimated implementing this additional guidance by the end of calendar year 2015. In January 2016, CBP reported to GAO that, since June 2015, a headquarters level working group has been reviewing CBP's screening process for UAC. According to CBP officials, the activities of this working group will influence the guidance that will be deployed to Border Patrol agents and OFO officers and that USBP and OFO will be working together to develop additional guidance to the field by September 2016. In December 2016, CBP notified GAO that Border Patrol and OFO have partnered with CBP's Office of Training and Development as well as the Office of Chief Counsel to develop a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." According to CBP, this course will be an annual requirement for all CBP agents and officers. As of September 2017, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP should ensure that this distance learning training module on how to implement the Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA) criteria is developed and implemented, as required by CBP policy, to all Border Patrol agents and OFO officers.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to ensure that Border Patrol agents document the basis for their decisions when assessing screening criteria related to (1) an unaccompanied alien child's ability to make an independent decision to withdraw his or her application for admission to the United States, and (2) whether UAC are victims of a severe form of trafficking in persons.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of December 2015, CBP officials reported that an internal working group charged with assessing UAC screening procedures was considering issues related to independent decision-making and appropriate documentation as it develops a revised screening tool. As of June 30, 2016, CBP reported that CBP's Office of Field Operations (OFO) and U.S. Border Patrol (BP) had finalized and routed a revised CBP Form 93 to the OFO Executive Assistant Commissioner and United States Border Patrol Chief for final approval. As of August 31, 2016, the revised CBP Form 93 was still under review and CBP officials estimated that the review process would be completed by December 31, 2016. In January 2017, CBP notified GAO that the expected completion date for the revised form is April 2017, and that direction to Border Patrol agents on the new form would be delivered by June 2017. In June 2017, CBP told GAO that Border Patrol and other CBP partners were continuing to determine which changes are necessary to the CBP Form 93 and estimated that these efforts would not be completed until December 31, 2017. As of September 2017, CBP reported that these efforts would not be completed until June 2018. To fully address this recommendation, CBP should ensure that Border Patrol agents document the basis for their decisions when assessing screening criteria related to (1) an unaccompanied alien child's ability to make an independent decision to withdraw his or her application for admission to the United States, and (2) whether UAC are victims of a severe form of trafficking in persons.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to determine which agents and officers who have substantive contact with UAC, complete the annual UAC training, and ensure that they do so, as required.

    Agency: Department of Homeland Security
    Status: Open

    Comments: On July 1, 2015, the Assistant Commissioner for Field Operations (OFO) disseminated a memorandum to all OFO Field Office Directors regarding the mandatory annual UAC training requirement. The Assistant Commissioner directed all Field Offices to ensure that officers completed the required training by December 31, 2015 (the memo also specified which officers are required to complete the training). On July 31, 2015, the Chief of the U.S. Border Patrol disseminated a memorandum to all Chief Patrol Agents and Directorate Chiefs for dissemination to all uniformed personnel, including supervisors, regarding the mandatory annual UAC training requirement. CBP documentation indicates that CBP implemented a new learning management system mandated by DHS on July 13, 2015, through which online training courses are offered to all CBP employees. Further, in 2016 DHS added a feature to this system that provided the capability to produce reports on courses completed by CBP employees. In April 2017, CBP provided 2016 data on the OFO officers and Border Patrol agents that had completed the required UAC training course. According to the data, 23 percent of OFO officers and 7 percent of Border Patrol agents required to complete the training had not done so. CBP officials stated that they plan to take steps to increase the percent of agents and officers who complete the required training in 2017 and will provide new data to GAO in early 2018. To fully address this recommendation, Border Patrol and OFO should ensure that all required personnel have completed the annual training, as required.
    Recommendation: To help ensure that DHS has complete and reliable data needed to ensure compliance with the UAC time-in-custody requirement under TVPRA and for required reports on UAC time in custody under the Flores Agreement, the Secretary of Homeland Security should require ICE officers to record accurate and reliable data in their automated system when UAC leave ICE custody in order to track the length of time UAC are in ICE custody.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a July 23, 2015 memo, ICE's Assistant Director for Custody Management, with concurrence from the Acting Assistant Director for Field Operations, provided instructions to all ICE Field Office Directors, Deputy Field Office Directors, and Field Office Juvenile Coordinators (FOJCs) with instructions for processing juveniles, including unaccompanied alien children (UAC). The memo stated that FOJCs or assigned officers must immediately book UAC into ICE's automated system upon the UAC's transfer into ICE's custody (including ICE transportation contractors). The instructions state that no more than 4 hours may elapse without recording the UAC's time in ICE custody. Further, the instructions stated that when ICE transfers UAC to a new location, that FOJCs, or other assigned officers, must also ensure that ICE's automated system is updated to reflect the exact location of the transfer. According to ICE, these instructions are to be included in a juvenile processing handbook that will provide detailed instructions for officers in processing and managing juvenile cases. ICE expects to complete this handbook by June 30, 2016. As of October 2016, the handbook was still being cleared within ICE. To fully implement our recommendation, ICE should require that officers record accurate and reliable data (date and time) in their automated system when UAC leave ICE custody.
    Recommendation: To increase the efficiency and improve the accuracy of the interagency UAC referral and placement process, the Secretaries of Homeland Security and Health and Human Services should jointly develop and implement a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2015, DHS stated that the department was collaborating with HHS on finalizing a Memorandum of Agreement (MOA) regarding UAC procedures. According to DHS, the MOA is meant to provide a framework for interagency coordination on the responsibilities of the parties in coordinating and establishing procedures, shared goals, and interagency cooperation with respect to UAC. In February 2016, DHS and HHS finalized the MOA. The MOA states that DHS and HHS agree to establish a Joint Concept of Operations (JCO) that should be completed no later than one year following the signing of the MOA. According to the MOA, the JCO should include, among other things, standard protocols for consistent interagency cooperation on the care, processing, and transport of UAC during both steady state operations, as well as in the event the number of UAC exceeds the standard capabilities of the departments to process, transport, and/or shelter with existing resources. As of February 2017, HHS told GAO that HHS and DHS are still in the process of drafting the JCO. To fully address the recommendation, DHS and HHS will need to ensure that the JCO, once finalized and implemented, includes a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.
    Recommendation: To increase the efficiency and improve the accuracy of the interagency UAC referral and placement process, the Secretaries of Homeland Security and Health and Human Services should jointly develop and implement a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In September 2015, DHS stated that the department was collaborating with HHS on finalizing a Memorandum of Agreement (MOA) regarding UAC procedures. According to DHS, the MOA is meant to provide a framework for interagency coordination on the responsibilities of the parties in coordinating and establishing procedures, shared goals, and interagency cooperation with respect to UAC. In February 2016, DHS and HHS finalized the MOA. The MOA states that DHS and HHS agree to establish a Joint Concept of Operations (JCO) that should be completed no later than one year following the signing of the MOA. According to the MOA, the JCO should include, among other things, standard protocols for consistent interagency cooperation on the care, processing, and transport of UAC during both steady state operations, as well as in the event the number of UAC exceeds the standard capabilities of the departments to process, transport, and/or shelter with existing resources. As of August 2017, HHS told GAO that HHS and DHS are still in the process of drafting the JCO. To fully address the recommendation, DHS and HHS will need to ensure that the JCO, once finalized and implemented, includes a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    5 open recommendations
    Recommendation: To help ensure that agency review processes provide frequent, regular opportunities to assess progress on agency priority goals (APG), and are conducted in a manner consistent with GPRA Modernization Act of 2010 (GPRAMA) requirements, OMB guidance, and leading practices, the Secretary of Defense should work with the COO and PIO to modify the Department's review processes to ensure that review meetings are led by the agency head or COO.

    Agency: Department of Defense
    Status: Open

    Comments: In March 2016, the DCMO and DOD Chief Information Officer released a memorandum stating that DOD would no longer hold in-person quarterly reviews of progress on APGs, and that the only issues that would be reviewed are those "requiring specific visibility." This approach is not consistent with the requirements of GPRAMA or OMB guidance, which require agencies to hold in-person, leadership-driven reviews of progress on all APGs at least once each quarter. We will continue to monitor the status of agency actions to address this recommendation.
    Recommendation: To help ensure that agency review processes provide frequent, regular opportunities to assess progress on agency priority goals (APG), and are conducted in a manner consistent with GPRA Modernization Act of 2010 (GPRAMA) requirements, OMB guidance, and leading practices, the Secretary of Defense should work with the COO and PIO to modify the Department's review processes to ensure that review meetings are used to review progress on all APGs at least once a quarter, discuss at-risk goals and improvement strategies, and assess whether specific program activities, policies, or other activities are contributing to goals as planned.

    Agency: Department of Defense
    Status: Open

    Comments: In March 2016 the Deputy Chief Management Officer (DCMO) and DOD Chief Information Officer released a memorandum stating that DOD would no longer hold in-person quarterly reviews of progress on APGs, and that the only issues that would be reviewed are those "requiring specific visibility." This approach is not consistent with the requirements of GPRAMA or OMB guidance, which require that agencies hold in-person reviews of progress on all APGs and identify any necessary improvement strategies at least once each quarter. We will continue to monitor the status of agency actions to address this recommendation.
    Recommendation: To help ensure that agency review processes provide frequent, regular opportunities to assess progress on agency priority goals (APG), and are conducted in a manner consistent with GPRA Modernization Act of 2010 (GPRAMA) requirements, OMB guidance, and leading practices, the Secretary of Defense should work with the COO and PIO to modify the Department's review processes to ensure that review meetings are used by participants to identify, agree upon, document and track follow-up actions.

    Agency: Department of Defense
    Status: Open

    Comments: In March 2016, the DCMO and DOD Chief Information Officer released a memorandum stating that DOD would no longer hold in-person quarterly reviews of progress on agency priority goals (APGs), and that the only issues that would be reviewed are those "requiring specific visibility." This approach is not consistent with OMB guidance or leading practices, which state that agencies should identify follow-up actions and responsible parties for implementing them, and subsequently track their status at in-person reviews at least once each quarter. We will continue to monitor the status of agency actions to address this recommendation.
    Recommendation: To help ensure that agency review processes provide frequent, regular opportunities to assess progress on agency priority goals (APG), and are conducted in a manner consistent with GPRA Modernization Act of 2010 (GPRAMA) requirements, OMB guidance, and leading practices, the Secretary of State should work with the COO and PIO to modify the Department's review processes to ensure that progress on each APG is reviewed in an in-person review meeting at least quarterly.

    Agency: Department of State
    Status: Open

    Comments: According to State Department staff, as of June 2016, the department continues to hold in-person review meetings for APGs involving agency leaders, goal leaders, and other stakeholders only once a year. We will continue to monitor the status of agency actions to address this recommendation.
    Recommendation: To help ensure that agency review processes provide frequent, regular opportunities to assess progress on agency priority goals (APG), and are conducted in a manner consistent with GPRA Modernization Act of 2010 (GPRAMA) requirements, OMB guidance, and leading practices, the Secretary of State should work with the COO and PIO to modify the Department's review processes to ensure that the reviews are led by the agency head or COO.

    Agency: Department of State
    Status: Open

    Comments: According to information provided by State Department officials in June 2016, the department's in-person review meetings continue to be led by the PIO. Although the Deputy Secretary for Management and Resources, who serves as the State Department's COO, receives a quarterly written summary of progress on State's APGs, this approach is not consistent with the requirements of the GPRA Modernization Act (GPRAMA) or Office of Management and Budget (OMB) guidance that the agency head and/or the COO conduct quarterly, in-person reviews. We will continue to monitor the status of agency actions to address this recommendation.
    Director: Lawrance Evans
    Phone: (202) 512-8678

    4 open recommendations
    Recommendation: To ensure that NCUA has adequate authority to determine the safety and soundness of credit unions, Congress should consider modifying the Federal Credit Union Act to grant NCUA authority to examine technology service providers of credit unions.

    Agency: Congress
    Status: Open

    Comments: In July 2015, we suggested that Congress modify the Federal Credit Union Act to grant NCUA authority to examine technology service providers of credit unions. As of October 2016, Congress had not granted NCUA such authority.
    Recommendation: To improve their ability to assess the adequacy of the information security practices at medium and small institutions, the heads of Federal Deposit Insurance Corporation, the Federal Reserve, Office of the Comptroller of the Currency, and NCUA should routinely categorize IT examination findings and analyze this information to identify trends that can guide areas of review across institutions.

    Agency: Department of the Treasury: Office of the Comptroller of the Currency
    Status: Open

    Comments: In July 2015, we recommended that the Office of the Comptroller of the Currency (OCC) and other federal financial institution regulators conduct trend analysis of their IT examination findings to improve their ability to assess the adequacy of information security practices at medium and small institutions. In September 2015, OCC stated that it is taking two actions to respond to our recommendation. First, the agency is integrating the Cybersecurity Assessment Tool (Tool), developed by OCC and other federal financial institution regulators, into OCC's ongoing IT examinations of national banks and federal savings associations. Officials believe that the Tool will provide OCC with a repeatable and measurable process for assessing both the level of risk and the maturity of risk management processes within and across OCC-supervised institutions. Also, officials believe that data gathered in this process will allow OCC to monitor industry trends and identify new or emerging weaknesses where additional guidance or supervisory actions may be needed. Furthermore, the Tool will help OCC allocate examiner resources and better target examiner training. OCC began integrating the Tool in selected examinations in December 2015. Second, OCC stated that it enhanced its guidance and procedures for examiners to identify and aggregate supervisory concerns into matters requiring attention (MRAs), which are the mechanism OCC uses to communicate supervisory concerns to bank management and directors. OCC believes that the enhancements will facilitate systemic categorization of supervisory concerns that strengthen recording, monitoring, and analyzing of volumes and trends across bank portfolios. Also, the enhanced guidance discusses the relationship between MRAs, interagency ratings, OCC's risk assessment system, and enforcement actions. OCC believes that these process enhancements combined with the integration of the Tool, will improve its ability to assess information security practices at medium and small institutions. We will continue to monitor OCC's progress in implementing the Tool and the resulting trend analyses that the Tool is intended to facilitate.
    Recommendation: To improve their ability to assess the adequacy of the information security practices at medium and small institutions, the heads of Federal Deposit Insurance Corporation, the Federal Reserve, Office of the Comptroller of the Currency, and NCUA should routinely categorize IT examination findings and analyze this information to identify trends that can guide areas of review across institutions.

    Agency: Federal Reserve System
    Status: Open

    Comments: In July 2015, we recommended that the Board of Governors of the Federal Reserve System (Board) and other federal financial institution regulators conduct trend analysis of their IT examination findings to improve their ability to assess the adequacy of information security practices at medium and small institutions. As of October 2016, the Board had not provided an update on its efforts to address this recommendation.
    Recommendation: To improve their ability to assess the adequacy of the information security practices at medium and small institutions, the heads of Federal Deposit Insurance Corporation, the Federal Reserve, Office of the Comptroller of the Currency, and NCUA should routinely categorize IT examination findings and analyze this information to identify trends that can guide areas of review across institutions.

    Agency: National Credit Union Administration
    Status: Open

    Comments: In July 2015, we recommended that the National Credit Union Administration (NCUA) and other federal financial institution regulators conduct trend analysis of their IT examination findings to improve their ability to assess the adequacy of information security practices at medium and small institutions. In July 2016, NCUA told us that it and the other federal financial institution regulators issued the Cybersecurity Assessment Tool (Tool) in June 2015 to provide a comprehensive method for institutions to benchmark their cybersecurity programs. Officials believe that the Tool will allow examiners to consistently and methodically look at credit union risks and trends, as well as collect detailed information on the risks and mitigating controls employed by credit unions. When the Tool is fully implemented, officials expect to be able to aggregate risk indicators and program gaps across the credit union industry to improve resource deployment and enhance cybersecurity supervisory oversight. NCUA plans to begin pilot testing the Tool in late 2016 with program integration targeted for July 2017. We will continue to monitor NCUA's progress with this program and revisit our recommendation in July 2017.
    Director: Joseph Kirschbaum
    Phone: (202) 512-9971

    3 open recommendations
    Recommendation: To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to fully institutionalize the use of risk assessments to support future investment decisions, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to update the roles and responsibilities guidance in DOD Directive 5160.05E to identify which organizations are responsible for conducting and participating in CBDP Enterprise risk assessments.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation but has not yet completed actions to implement it. As of August 2017, DOD was still waiting to release the final version of DOO Directive 5160.05E.
    Recommendation: To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to fully institutionalize the use of risk assessments to support future investment decisions, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to update the CBDP Enterprise's portfolio planning process, to include when risk assessments will be conducted.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation but has not yet completed actions to implement it. On 6/8/16, DOD reported that the risk assessment process was initially piloted in 2014 to determine its utility for informing CBDP Enterprise portfolio planning and guidance. Moving forward, the CBDP Enterprise plans to conduct risk assessments annually to support portfolio planning and guidance. As of August 2017, DOD reported that the department was beginning an approximately 12-month process to revise the CBDP Business Plan, which would likely be published as a DOD Instruction. This plan should address the risk assessment recommendation.
    Recommendation: To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to enhance PAIO's ongoing analysis of potential infrastructure duplication in the CBDP Enterprise and gain potential efficiencies, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to identify, request, and consider any information from existing infrastructure studies from other federal agencies with chemical and biological research and development and test and evaluation infrastructure.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation but has not yet completed actions to implement it. As of July 2017, DOD has requested, but not received, such studies from other federal agencies. However, DOD is currently engaged in phase two of a three-phase effort regarding its chemical and biological defense infrastructure program (CBDP), which includes a review of the department's interagency roles and responsibilities for its chemical and biological defense Infrastructure Manager. Targeted completion for this phase is December 2017, at which time, DOD may have obtained relevant information from other federal agencies.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure that the Department of Justice effectively measures its efforts to address incarceration challenges, the Attorney General should explore additional data collection opportunities and modify its Smart on Crime indicators to incorporate key elements of successful performance measurement systems.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: In August 2015, DOJ reported that it has taken steps to obtain new, more granular data elements that it hoped to incorporate into its indicators. However, DOJ also stated that it did not believe that measureable targets were appropriate for its Smart on Crime indicators because prosecutors need to make case by case decisions without regard to targets or concerns for any other incentive. As of October 2016, DOJ had not provided any updates on its progress addressing this recommendation to enhance performance measurement. Until DOJ provides this information, we cannot determine whether its efforts resulted in indicators that incorporate key elements of successful performance measurement systems. In March, 2017, DOJ noted that, due to a change in administration, the consequences of the Smart on Crime initiative are uncertain, and did not provide any further updates on its progress addressing our recommendation.
    Recommendation: To ensure that the Department of Justice effectively measures its efforts to address incarceration challenges, the Attorney General should direct the Office of the Pardon Attorney, in conjunction with the Office of the Deputy Attorney General, to (1) track how long it takes, on average, for commutation of sentence petitions to clear each step in the review process under DOJ's control, and (2) identify and address, to the extent possible, any processes that may contribute to unnecessary delays.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: In August 2015, DOJ reported that tracking the steps of its review would not provide meaningful data because the Department prioritizes those cases for review that appear likely to meet the Clemency Initiative factors announced in April 2014. Nevertheless, DOJ stated that it agreed that identifying and addressing unnecessary delays in the review process is important, and that it has been regularly working to identify and address such delays. As of October 2016, DOJ had not provided any updates on its progress addressing this recommendation to better track and address any unnecessary delays. Until it does so, we cannot determine whether it is meeting the key goal of the new Clemency Initiative--to expeditiously identify and review especially meritorious petitions. In March 2017, DOJ noted that due to the accelerated clemency review process implemented in 2015, it currently has no standard process to evaluate, and did not provide any further updates on its progress in addressing our recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    3 open recommendations
    Recommendation: To improve Transformation Program governance, the Secretary of DHS should direct the Under Secretary for Management to ensure that the Acquisition Review Board is effectively monitoring the Transformation Program's performance and progress toward a predefined cost and schedule; ensuring that corrective actions are tracked until the desired outcomes are achieved; and relying on complete and accurate program data to review the performance of the Transformation Program against stated expectations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of August 2017, the Department of Homeland Security (DHS) had demonstrated that it had taken steps to address this recommendation, but additional steps were needed. Since we issued this recommendation in May 2015, the Office of Program Accountability and Risk Management (PARM), which serves as the Acquisition Review Board (ARB) executive secretariat and is to oversee DHS's acquisition portfolio, in coordination with the Office of the Chief Information Officer, has actively increased program oversight. For example, beginning in May 2015, the U.S. Citizenship and Immigration Services (USCIS) demonstrated that it submitted data supporting cost, schedule, and technical performance metrics to DHS on a monthly basis. The ARB has also held a number of meetings to discuss the Transformation Program and issued associated Acquisition Decision Memoranda with related action items. In addition, in February 2016, PARM demonstrated that DHS developed a procedure to help ensure acquisition decision memorandum actions, including corrective actions, are tracked until the desired outcomes are achieved. However, as of August 2017, the USCIS Transformation Program was in breach of its previously approved schedule expectations and was taking a strategic pause in developing new software while working to re-baseline cost and schedule expectations. During this strategic pause, the program is working to complete various action items assigned by the Acquisition Review Board, including completing an updated Release Roadmap and submitting it to PARM no later than December 29, 2017; updated Lifecycle Cost Estimate and providing it to the Cost Analysis Division no later than December 29, 2017; updated Test and Evaluation Master Plan and submitting it to the Office of Test and Evaluation no later than January 31, 2018; and an updated Acquisition Program Baseline and providing it to PARM no later than December 29, 2017. We will continue to monitor DHS?s efforts to re-baseline the USCIS Transformation Program and the Acquisition Review Board's efforts to monitor the Transformation Program's performance and progress toward a predefined cost and schedule; ensure that corrective actions are tracked until the desired outcomes are achieved; and rely on complete and accurate program data to review the performance of the Transformation Program against stated expectations until and after a new baseline is established.
    Recommendation: To improve Transformation Program governance, the Secretary of DHS should direct the DHS Under Secretary for Management, in coordination with the Director of US Citizenship and Immigration Services, to ensure that the Executive Steering Committee is effectively monitoring the Transformation Program's performance and progress toward a predefined cost and schedule and relying on complete and accurate program data to review the performance of the Transformation Program against stated expectations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of August 2017, the Department of Homeland Security (DHS) had demonstrated that it had taken steps to address this recommendation, but additional steps were needed. More specifically, as of July 2016, the U.S. Citizenship and Immigration Services (USCIS) Transformation program office provided evidence that the Executive Steering Committee (ESC) continued to discuss cost, schedule, and operational performance metrics as part of the program's ESC meetings. However, as of August 2017, the USCIS Transformation Program was in breach of its previously approved schedule expectations and was taking a strategic pause in developing new software while working to re-baseline its cost and schedule expectations. During this strategic pause, the program is working to complete various action items assigned by the Acquisition Review Board, including completing an updated Release Roadmap and submitting it to the Office of Program Accountability and Risk Management (PARM) no later than December 29, 2017; updated Lifecycle Cost Estimate and providing it to the Cost Analysis Division no later than December 29, 2017; updated Test and Evaluation Master Plan and submitting it to the Office of Test and Evaluation no later than January 31, 2018; and an updated Acquisition Program Baseline and providing it to PARM no later than December 29, 2017. In addition, according to the program?s August 2017 Acquisition Decision Memorandum, the ESC has been transformed into a component-only body with no headquarters involvement, and the program was to establish a Program Management Integrated Product Team, which was to meet bi-weekly beginning in September 2017. We will continue to monitor DHS's efforts to re-baseline the USCIS Transformation Program, the impact of changes to the ESC, and the ESC?s efforts to effectively monitor the Transformation Program's performance and progress toward a predefined cost and schedule and rely on complete and accurate program data to review the performance of the Transformation Program against stated expectations until and after a new program baseline is established.
    Recommendation: To help ensure that assessments prepared by the Office of the Chief Information Officer in support of the department's updates to the federal IT Dashboard more fully reflect the current status of the Transformation Program, the Secretary of DHS should direct the department's Chief Information Officer to use accurate and reliable information, such as operational assessments of the new architecture and cost and schedule parameters approved by the Under Secretary of Management.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, the Department of Homeland Security (DHS) had demonstrated that it had taken steps to address this recommendation, but additional steps were needed. In particular, in February 2016, the DHS Office of the Chief Information Officer (OCIO), in coordination with the Office of Program Accountability and Risk Management (PARM), had consolidated the department's Investment Management System and Next Generation Periodic Reporting System tools into a single enterprise information management and repository system named Investment Evaluation, Submission, and Tracking (INVEST). According to the department, this effort should improve the reliability of the metrics used by OCIO's Enterprise Business Management Office (EBMO), as well as the other line of business and component program offices, and ensure data integrity. The data reported in INVEST include cost, schedule, and operational performance metrics that are to align with the OMB's Information Technology (IT) Dashboard reporting requirements. In addition, as of September 2017, the program was listed as a high-risk program on the federal IT dashboard, in contrast to its April 2015 rating of medium risk. However, as of August 2017, the program was in breach of its previously approved schedule expectations and was taking a strategic pause in developing new software while working to re-baseline its cost and schedule expectations. We will continue to monitor DHS?s efforts to re-baseline the USCIS Transformation Program and the Office of the Chief Information Officer's efforts to use accurate and reliable information to update the federal IT dashboard until and after a new program baseline is established.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    1 open recommendations
    Recommendation: To improve the military whistleblower reprisal investigation process and oversight of such investigations, the Secretary of Defense should work in coordination with the Department of Defense Inspector General (DODIG) to direct the services to follow standardized investigation stages and issue guidance clarifying how the stages are defined.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2016, this recommendation remains open. Officials from DOD Inspector General, Whistleblower Reprisal Investigations Directorate provided GAO with an update to this recommendation August 11, 2016. Although DOD concurred with this recommendation in the draft and final report, they stated that DODIG is not empowered in its oversight capacity to direct the services to follow standardized stages. However, these same officials noted that they are currently working with the military services through an established working group to standardize investigation stages and develop guidance for its implementation across the services by the end of 2016. If completed, we believe that these actions will meet the intent of our recommendation by helping to DODIG to better ensure consistent program implementation and equal treatment of all servicemember complaints.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To ensure the timely expenditure of VOCA grant funds and thereby limit the carryover of unexpended grant balances, minimize the need for multiple grant extensions, and strengthen OJJDP's capacity to collect and assess grantee performance information, the Assistant Attorney General for OJP should work with the Administrator of OJJDP to conduct a study to examine whether any of its administrative processes contribute to unnecessary delays in grantees' ability to expend VOCA funds within the established 12-month project period and make modifications to these processes as appropriate.

    Agency: Department of Justice: Office of Justice Programs: Office of the Assistant Attorney General
    Status: Open

    Comments: In April 2015, we found that OJJDP had several administrative review and approval processes in place that had contributed to delays in grantees' ability to begin spending their award funds. For instance, grantees could not access their funds until OJJDP had completed its internal review of grantees' budgets--a step that had taken more than 2 months, on average, after the grantees' project period had begun. We recommended that OJP examine its processes and, if appropriate, make modifications to prevent unnecessary delays in grantees' ability to expend VOCA funds within the established project period. In March 2017, OJP reported that its Office of Audit, Assessment and Management (OAAM), worked with OJJDP to complete an assessment to determine the impact of administrative processes on VOCA awards. Focusing on VOCA grants awarded in fiscal years 2010 through 2015, OAAM assessed a number of factors, including (1) the average timeframe for approval of budget reviews; (2) the average timeframe for approval of conference cost requests, and (3) the number of no-cost extensions granted. OJP reported that OAAM continues to work with OJJDP to review documentation to support implementation of process improvements to address the issues the assessment identified. OAAM anticipates issuing a report by March 31, 2017 to OJP's Acting Assistant Attorney General to summarize the results of the assessment and provide updates on the process improvements OJJDP has begun to implement. Examining the delays associated with its administrative review processes and making modifications as necessary will help OJP ensure the effective administration and timely use of grant funds.
    Recommendation: To ensure the timely expenditure of VOCA grant funds and thereby limit the carryover of unexpended grant balances, minimize the need for multiple grant extensions, and strengthen OJJDP's capacity to collect and assess grantee performance information, the Assistant Attorney General for OJP should work with the Administrator of OJJDP to, considering the results of this study, examine whether the current 12-month project period is realistic in light of any administrative processes that cause delay but cannot be modified and extend the project period if necessary.

    Agency: Department of Justice: Office of Justice Programs: Office of the Assistant Attorney General
    Status: Open

    Comments: In April 2015, we found that VOCA grant activities were not being completed within the time parameters OJJDP established for the grant program, and that this may affect the ability of grantees to complete their grant goals and objectives. Specifically, we found that for the 28 VOCA grants that OJJDP awarded from fiscal years 2010 through 2013, grantees had expended less than 20 percent, on average, of each grant they received during the original 12-month project period. In particular, we found that OJJDP's processes for reviewing grantees' budgets and conference planning requests were contributing to delays in grantees' ability to begin spending their funds. We recommended that OJP examine whether 12 months is an appropriate project period length to ensure that VOCA grantees are well positioned to fully expend their grant funds. In March 2017, OJP reported that its Office of Audit, Assessment and Management (OAAM), worked with OJJDP to complete an assessment to determine the impact of administrative processes on VOCA awards. Focusing on VOCA grants awarded in fiscal years 2010 through 2015, OAAM assessed a number of factors, including (1) the average timeframe for approval of budget reviews; (2) the average timeframe for approval of conference cost requests, and (3) the number of no-cost extensions granted. OJP reported that OAAM continues to work with OJJDP to review documentation to support implementation of process improvements to address the issues the assessment identified. OAAM anticipates issuing a report by March 31, 2017 to OJP's Acting Assistant Attorney General to summarize the results of the assessment and provide updates on the process improvements OJJDP has begun to implement. Once OJJDP examines its administrative delays, makes any necessary changes, and reviews the original project period length, OJP will be better positioned to ensure that grantees have an appropriate period in which to expend VOCA grant awards.
    Director: Charles Michael Johnson, Jr.
    Phone: (202) 512-7331

    1 open recommendations
    Recommendation: To further improve the ability of U.S. government agencies and others to assess the timeliness of U.S. security assistance to Yemen, the Secretary of Defense should take steps to improve the accuracy of data used to track when Section 1206 projects are congressionally cleared for implementation.

    Agency: Department of Defense
    Status: Open

    Comments: DOD officials indicated that they will correct the historical congressional notification clearance data for Yemen and ensure it is correct going forward, with the goal of having correct data by May, 2015. They also noted there is a policy in place requiring the congressional notification clearance date entered into the database to be drawn from the e-mail from the DOD Comptroller's office indicating the clearance date. In order to correct the historical data, DOD will try to find documents showing the actual clearance dates, but when those are unavailable, DOD will add fifteen days to the date of the congressional notification. As of June 2017, DOD had not provided documentation in response to our requests for a status update regarding this recommendation. We will monitor these efforts to determine when they have been completed.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To better understand attributable costs for individual Parcel Select NSAs, the Postmaster General should direct the appropriate staff to identify and implement cost-effective methods, such as using a sample, to collect and study information on the costs of delivering Parcel Select packages of varying characteristics in order to develop contract-specific attributable cost estimates.

    Agency: United States Postal Service
    Status: Open

    Comments: USPS developed analysis in response to this recommendation by using a proxy for package dimension rather than a sample of customer-specific dimension data, as GAO recommended. The assumptions used in the methodology by USPS result in only minor cost differences regardless of the dimension or weight of packages shipped under individual Parcel Select NSAs. As of June 13, 2017, this recommendation remains open pending additional discussions with USPS about its methodology and results.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To improve DHS's management of major acquisition programs, the Secretary of Homeland Security should ensure future baselines for all of TSA's major acquisition programs capture the overall historical record of change.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the Transportation Security Administration (TSA) will begin to incorporate an addendum to future Acquisition Program Baselines (APB) that will provide a single source to show the changes to cost, schedule, and performance metrics, beginning with the initial program baseline and showing traceability of all interim approved versions to the current APB. DHS estimated it would complete this effort April 30, 2016. As of August 2017, DHS leadership had approved updated versions of the two APBs that were the basis for this recommendation. Both included addendums with metrics from prior APBs, but raised questions about traceability to the current cost, schedule, and performance metrics. GAO will assess the updated APBs as a part of its annual review of select DHS major acquisition programs to determine whether the department has addressed the recommendation.
    Recommendation: To more accurately communicate DHS's funding plans for USCG's major acquisition programs, the Secretary of Homeland Security should ensure the funding plans presented to Congress in fiscal year 2015 are comprehensive and clearly account for all operations and maintenance funding DHS plans to allocate to each of the USCG's major acquisition programs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the U.S. Coast Guard and the DHS Chief Financial Officer will develop a plan to address this recommendation by September 30, 2015, then work together to fully implement the plan. DHS estimated it would complete this effort March 31, 2016. However, the USCG encountered technical challenges during this process and was unable to implement the plan by that time. The U.S. Coast Guard has revised the estimated completion date, and now anticipates it will be able to address this recommendation in fiscal year 2020.
    Director: David Powner
    Phone: (202) 512-9286

    5 open recommendations
    Recommendation: To better ensure that the PortfolioStat initiative improves governmental efficiency and achieves cost savings, the Director of OMB should direct the Federal CIO to ensure that its reports to Congress about the results of IT reform efforts accurately reflect savings generated from all PortfolioStat initiatives, including those associated with FDCCI.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2016, we followed up with OMB on its efforts to address this recommendation. As of September 1, 2016, we were still waiting for the agency's response.
    Recommendation: To better ensure that the PortfolioStat initiative improves governmental efficiency and achieves cost savings, the Director of OMB should direct the Federal CIO to track agencies' planned savings and use them as a baseline for measuring reported actual savings.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2016, we followed up with OMB on its efforts to address this recommendation. As of September 1, 2016, we were still waiting for the agency's response.
    Recommendation: To better ensure that the PortfolioStat initiative improves governmental efficiency and achieves cost savings, the Director of OMB should direct the Federal CIO to require agencies to document specifically how the cost savings achieved from PortfolioStat have been reinvested.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2016, we followed up with OMB on its efforts to address this recommendation. As of September 1, 2016, we were still waiting for the agency's response.
    Recommendation: To better ensure that the PortfolioStat initiative improves governmental efficiency and achieves cost savings, the Director of OMB should direct the Federal CIO to establish time frames for completing assigned PortfolioStat action items and hold agencies accountable for meeting those time frames.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In July 2016, we followed up with OMB on its efforts to address this recommendation. As of September 1, 2016, we were still waiting for the agency's response.
    Recommendation: The Secretary of Defense should direct the Chief Information Officer to revisit the 25 cost initiatives GAO reported in GAO-14-65 to identify those that have achieved savings and cost avoidances and report those savings and avoidances to OMB.

    Agency: Department of Defense
    Status: Open

    Comments: In March 2016, during our review of federal agencies' efforts to rationalize their portfolio of software applications, the department reported that it does not collect data specifically on savings and cost avoidance associated with the business and enterprise IT applications that comprise most of the 25 cost initiatives reported in GAO-14-65. We will continue to follow up with the department on this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To improve the effectiveness of OMB streamlining efforts and ensure agency CIOs are better able to carry out their responsibilities in managing IT, including implementing OMB's IT reform initiatives, the Director of OMB should direct the Federal CIO, in collaboration with agency CIOs, to ensure there is a common understanding with agency CIOs on the priority of the current reporting requirements and related IT reform initiatives. This should include addressing underlying reasons cited by CIOs regarding the usefulness of requirements, including when department priorities are reportedly different than OMB's and the burdensome and duplicative nature of requirements.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) neither agreed or disagreed with our recommendation. Subsequently, OMB has taken steps to address some aspects of our recommendation. Specifically, in January 2017, OMB worked with the Chief Information Officer (CIO) Council to issue a report entitled "State of Federal Information Technology (SOFIT)" which outlined current IT trends and their key challenges, and made recommendations to improve implementation efforts. Notably, the report also identified differences in priorities between OMB and agency CIOs on key IT reform initiatives and the need for improved reporting requirements. In addition, in June 2017, OMB staff reported that they met the CIO and head of each agency this past spring regarding their priorities and challenges. While these are positive steps toward ensuring a common understanding of these initiatives and reporting requirements, OMB still needs to take action to address the underlying reasons for these differences in priorities and reduce burdensome and duplicative requirements. Until OMB takes action in these areas, there is a risk that key IT reform initiatives may not fully succeed. We will continue to evaluate OMB's progress in addressing our recommendation.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of the Department of Homeland Security should direct FPS to develop and implement a strategy for using covert-testing data and data on prohibited items to improve FPS's security-screening efforts. The strategy should, at a minimum, aim to ensure that: (1) covert-testing data are used to systematically monitor, review, and improve performance nationwide; (2) covert-testing data are used to determine which testing scenarios will be implemented or reinstated; and (3) data on prohibited items are analyzed to determine the reasons for wide variations in the number of reported prohibited-items detected across buildings and to assist with managing the screening process and informing policy.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, implementation of this recommendation was in process, according to the Federal Protective Service (FPS). FPS provided no additional information, but plans to update GAO in the coming weeks on the status of this and other open recommendations.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    6 open recommendations
    Recommendation: To ensure that CBP's land mobile radio systems are functioning as intended in each location and are meeting user needs, the CBP Commissioner should develop a plan to monitor the performance of its deployed radio systems.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure the ICE TACCOM program is effectively managed, the Assistant Secretary of ICE should develop a program plan to ensure that the agency establishes the appropriate documentation of resource needs, program goals, and measures to monitor the performance of its deployed radio systems.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve CBP training efforts, CBP Commissioner should develop and implement a plan to address any skills gaps for CBP agents and officers related to understanding the new digital radio systems and interagency radio use protocols.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve CBP training efforts, CBP Commissioner should develop a mechanism to verify that all Border Patrol and OFO radio users receive radio training.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve ICE training efforts, the Assistant Secretary of ICE should develop and implement a plan to address any skills gaps for ICE agents related to understanding the new digital radio systems and interagency radio use protocols.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve ICE training efforts, the Assistant Secretary of ICE should develop a mechanism to verify that all ICE radio users receive radio training.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: In order to help ensure consistent, effective oversight of DHS's acquisition programs, and to make the CASR more useful, starting with the report reflecting fiscal year 2015 program data, the Secretary of DHS should adjust the CASR to do the following: (1) report an individual rating for each program's cost, schedule, and technical risks; (2) report a best estimate of procurement quantities or indicate why this is not applicable, as appropriate; (3) report all programs' significant changes in acquisition cost, quantity, or schedule from the previous CASR report by determining a means to account for programs that lack acquisition program baselines; (4) report major program events that are included in acquisition program baselines, such as scheduled acquisition decision events; and (5) report the level at which the program's life-cycle cost estimate was approved.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation, and took some actions to address it. The Office of Program Accountability and Risk Management (PARM) updated its template for the Comprehensive Acquisition Status Report (CASR) to reflect the following changes: individual ratings for each program's cost, schedule, and technical risks; significant changes in programs' acquisition cost, quantity, or schedule; and major events included in the acquisition program baselines. In addition, PARM intended to revise the reporting information for the level at which a program's life-cycle cost estimate was approved and its estimate of procurement quantities. However, the 2017 Consolidated Appropriations Act discontinued the requirement to submit the CASR with future budget requests and DHS did not submit one for 2017. Recently introduced legislation would reestablish the CASR requirement and we will revisit this recommendation pending the outcome of that legislation.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    7 open recommendations
    including 4 priority recommendations
    Recommendation: To ensure that the NSCs can be operated and maintained in the most demanding environments based on mission and maintenance requirements prior to implementation of the CRC, the Coast Guard should, as expeditiously as possible under its capacity limits and fiscal constraints, fulfill the staffing requirements recommended in the 2011 manpower requirements analysis, including ensuring that while implementing the interim 210 Plan, the NSCs operate with sufficient numbers of crew members who possess the recommended mix of skills and abilities.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In August 2015, the Coast Guard stated that funding to fulfill the staffing requirements recommended in the 2011 manpower requirements analysis for the National Security Cutter is under review and is expected to be determined by February 2016. On January 24, 2017, the Coast Guard noted that it expects the crew increase to be reflected in the FY 2017 Appropriation.
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including determining the appropriate number of NSC crew and shoreside-based support personnel with the right mix of skills and abilities and having them in place when the Coast Guard tests the CRC.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In July 2015, the Coast Guard provided documentation of a manpower requirements analysis and manpower requirements determination, which specify the number of shoreside-based support personnel, such as engineering and maintenance, that are needed to support 4 National Security Cutters (NSC) based in Alameda, CA (i.e., three of the four NSCs using the crew rotational concept). In March 2016, the Coast Guard stated that it would request resources, as appropriate, to ensure that these personnel are in place prior to testing and expects to close this recommendation by November 2017. On January 24, 2017, the Coast Guard noted that it is continuing to develop the final test plan.
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including addressing the misalignment of the crewing concept to be used in the planned CRC test, as compared to the NSC homeporting plan, so that the CRC test is conducted in an operationally realistic environment and that the test results can be used to determine the optimal schedules for rotating crews and performing maintenance.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that it continues to analyze and develop various testing plans to reach 225 DAFHP onboard NSCs. The test will be performed by Coast Guard Pacific Area during normal operations over an extended period to ensure it is operationally realistic; lessons learned will be used to inform future crewing models. The Coast Guard will submit a final test plan to Congress prior to the deadline set forth by the 2012 Coast Guard Authorization Bill (end of 2017).
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including addressing the potential impacts of wide variations between alternative CRC deployment schedules.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that it continues to analyze and develop various testing plans to reach 225 DAFHP onboard NSCs. The test will be performed by Coast Guard Pacific Area during normal operations over an extended period to ensure it is operationally realistic; lessons learned will be used to inform future crewing models. The Coast Guard will submit a final test plan to Congress prior to the deadline (end of 2017) set forth by the 2012 Coast Guard Authorization Bill.
    Recommendation: To improve the Coast Guard's ability to make informed decisions about the overall feasibility of its goal to achieve 230 DAFHP using the CRC, and to ensure the effectiveness of the scheduled CRC feasibility test, the Coast Guard's CRC plan, scheduled to be completed by December 2017, should specify mitigation actions to effectively address the risk factors identified in this report, including expanding the Coast Guard's training infrastructure capacity to provide crew members with the necessary training for off-cycle rotating NSC crew members under the CRC.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open
    Priority recommendation

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that it continues to analyze and develop various testing plans to reach 225 DAFHP onboard NSCs. The test will be performed by Coast Guard Pacific Area during normal operations over an extended period to ensure it is operationally realistic; lessons learned will be used to inform future crewing models. The Coast Guard will submit a final test plan to Congress prior to the deadline set forth by the 2012 Coast Guard Authorization Bill (the end of 2017).
    Recommendation: To ensure that the Coast Guard is making progress in a timely manner to address and effectively mitigate the risk factors identified above, the Coast Guard should develop interim milestones for the various actions to be taken on each of the risk factors as the Coast Guard completes the CRC Plan.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In March 2016, the Coast Guard stated it continues to analyze and develop various testing plans and will submit a final plan to increase the NSCs' days away from homeport to Congress by December 2017. On January 24, 2017, the Coast Guard noted that the analysis is ongoing, and will be addressed in the test plan submitted to Congress in accordance with the 2012 Coast Guard Authorization Bill (end of 2017).
    Recommendation: Finally, to ensure that the Coast Guard is making progress in developing alternative measures that provide more accurate indicators of operational performance in a timely manner, the Coast Guard should establish time frames and interim milestones for developing and implementing these alternative measures for use prior to CRC testing. These measures could then be used for both the NSCs, as well as for other cutters, such as the Offshore Patrol Cutter, that currently use or plan to use the traditional DAFHP performance measure.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In August 2015, the Coast Guard stated that its analysis of alternative measures for use prior to testing the NSCs to use the crew rotational concept was ongoing and did not provide a date for completion. On January 24, 2017, the Coast Guard noted that, in the process of analyzing an alternative to DAFHP, it found that while its enterprise data management system collects the necessary data; the system didn't have an efficient way of aggregating the data for analysis. The first step to develop an appropriate enterprise measure is to improve the data management system through a software change. Once the change is complete, the system will be evaluated and tested to ensure that an aggregated report of discrete Coast Guard Cutter activity is accurate and reliable. The change will include the functionality to separate underway from in-port activity. After examining the results from the software change, the Coast Guard will evaluate an alternative to DAFHP. However, all analyses to date indicate DAFHP remains an important measure for personnel operations tempo and cutter scheduling and will not be eliminated as an available measure. The Coast Guard updated the estimated completion date for this recommendation to July 2018.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To improve disposition reporting that would help states update and complete criminal history records, the Director of the FBI should task the FBI Advisory Policy Board to establish a plan with time frames and milestones for achieving its Disposition Task Force's stated goals.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better equip states to meet the regulatory requirement to notify individuals of their rights to challenge and update information in their criminal history records, and to ensure that audit findings are resolved, the Director of the FBI--in coordination with the Compact Council-- should determine why states do not comply with the requirement to notify applicants and use this information to revise its state educational programs accordingly.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    6 open recommendations
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. Relevant efforts by DHS to finalize memoranda of understanding with other agencies and by the Export Enforcement Coordination Center to share information and data across the export control enforcement community are ongoing. As of Sept 2017, DHS did not identify relevant actions to coordinate on critical technologies among other agencies.
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of Commerce
    Status: Open

    Comments: Commerce has identified various efforts to collaborate across multiple agencies within individual critical technologies programs, but has not taken steps to promote collaboration on critical technologies through a larger group discussion.
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has identified numerous activities within DOD to coordinate across the critical technologies portfolio, in particular the Arms Transfer and Technology Release Senior Steering Group. In some cases, these activities include other departments, most commonly State. However, officials have stated that they are not aware of any high-level coordination on critical technologies among the larger group of agencies. On Sept. 5, 2017, DOD provided an update on multiple DOD efforts, including CFIUS, but none are collaborating among all of the agencies cited in the recommendation.
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of Justice: Office of the Attorney General
    Status: Open

    Comments: In August 2016, the agency identified coordination actions being taken across the agencies with export control responsibilities--including through the Export Control Enforcement Center--and through the Committee on Foreign Investment in the United States. However, it is not clear how, or if, these coordination efforts are tied to the larger, government-wide portfolio of critical technologies programs. As of Sept. 2017, Justice has no additional updates.
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of the Treasury
    Status: Open

    Comments: In September 2016, a Treasury official identified coordination actions being taken across the agencies with export control responsibilities and through the Committee on Foreign Investment in the United States. However, coordination efforts are not tied to larger, government-wide collaboration on critical technologies. In March 2017, Treasury provided an update on actions taken, but did not address the recommendation for coordination among the critical technologies programs.
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of State
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken any actions necessary to implement it. In Sept. 2017, State provided updates on actions taken within the department, but none across affected agencies.
    Director: Morris, Steve D
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: To better inform Congress in the future about crop insurance program costs, reduce present costs, and ensure greater actuarial soundness, the Administrator of the U.S. Department of Agriculture's Risk Management Agency should monitor and report on crop insurance costs in areas that have higher crop production risks.

    Agency: Department of Agriculture: Risk Management Agency
    Status: Open

    Comments: As of December 2016, the Department of Agriculture has not taken action to implement this recommendation.
    Recommendation: To better inform Congress in the future about crop insurance program costs, reduce present costs, and ensure greater actuarial soundness, the Administrator of the U.S. Department of Agriculture's Risk Management Agency should, as appropriate, increase its adjustments of premium rates in areas with higher crop production risks by as much as the full 20 percent annually that is allowed by law.

    Agency: Department of Agriculture: Risk Management Agency
    Status: Open

    Comments: As of December 2016, the Department of Agriculture has not taken action to implement this recommendation.
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    8 open recommendations
    including 8 priority recommendations
    Recommendation: To better ensure that FBI whistleblowers have access to recourse under DOJ's regulations should the individuals experience retaliation, and to minimize the possibility of discouraging future potential whistleblowers, the Attorney General should clarify in all current relevant DOJ guidance and communications, including FBI guidance and communications, to whom FBI employees may make protected disclosures and, further, explicitly state that employees will not have access to recourse if they experience retaliation for reporting alleged wrongdoing to someone not designated in DOJ's regulations.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: As of March 1, 2017, the Department of Justice (DOJ) has not responded to GAO requests for information on any efforts DOJ has taken to address this recommendation.
    Recommendation: To ensure that complainants receive the periodic updates that they are entitled to and need to determine next steps for their complaint, such as whether or not to seek corrective action from OARM, Counsel, DOJ-OPR should tailor its new case management system or otherwise develop an oversight mechanism to capture information on the office's compliance with regulatory requirements and, further, use that information to monitor and identify opportunities to improve DOJ-OPR's compliance with regulatory requirements.

    Agency: Department of Justice: Office of Professional Responsibility
    Status: Open
    Priority recommendation

    Comments: As of March 1, 2017, the Department of Justice (DOJ) has not responded to GAO requests for information on any efforts DOJ has taken to address this recommendation.
    Recommendation: To better ensure that DOJ is fulfilling its commitment to improving efficiency in handling these complaints, Office of Attorney Recruitment and Management (OARM) and Office of the Deputy Attorney General (ODAG) should provide parties with an estimated time frame for returning each decision, including whether the complaint meets threshold regulatory requirements, merits, and appeals. If the time frame shifts, OARM and ODAG should timely communicate a revised estimate to the parties.

    Agency: Department of Justice: Office of the Deputy Attorney General
    Status: Open
    Priority recommendation

    Comments: As of March 1, 2017, the Department of Justice (DOJ) has not responded to GAO requests for information on any efforts DOJ has taken to address this recommendation.
    Recommendation: To better ensure that DOJ is fulfilling its commitment to improving efficiency in handling these complaints, Office of Attorney Recruitment and Management (OARM) and Office of the Deputy Attorney General (ODAG) should provide parties with an estimated time frame for returning each decision, including whether the complaint meets threshold regulatory requirements, merits, and appeals. If the time frame shifts, OARM and ODAG should timely communicate a revised estimate to the parties.

    Agency: Department of Justice: Justice Management Division: Human Resources and Administration: Office of Attorney Recruitment and Management
    Status: Open
    Priority recommendation

    Comments: As of March 1, 2017, the Department of Justice (DOJ) has not responded to GAO requests for information on any efforts DOJ has taken to address this recommendation.
    Recommendation: To better ensure that DOJ is fulfilling its commitment to improving efficiency in handling these complaints, DOJ Office of Professional Responsibility (DOJ-OPR), Office of the Inspector General, OARM, and ODAG should jointly assess the impact of ongoing and planned efforts to reduce the duration of FBI whistleblower retaliation complaints throughout the entire investigation, adjudication, and appeal process to ensure that these changes are in fact shortening total complaint length, without sacrificing quality.

    Agency: Department of Justice: Office of the Deputy Attorney General
    Status: Open
    Priority recommendation

    Comments: As of March 1, 2017, the Department of Justice (DOJ) has not responded to GAO requests for information on any efforts DOJ has taken to address this recommendation.
    Recommendation: To better ensure that DOJ is fulfilling its commitment to improving efficiency in handling these complaints, DOJ Office of Professional Responsibility (DOJ-OPR), Office of the Inspector General, OARM, and ODAG should jointly assess the impact of ongoing and planned efforts to reduce the duration of FBI whistleblower retaliation complaints throughout the entire investigation, adjudication, and appeal process to ensure that these changes are in fact shortening total complaint length, without sacrificing quality.

    Agency: Department of Justice: Justice Management Division: Human Resources and Administration: Office of Attorney Recruitment and Management
    Status: Open
    Priority recommendation

    Comments: As of March 1, 2017, the Department of Justice (DOJ) has not responded to GAO requests for information on any efforts DOJ has taken to address this recommendation.
    Recommendation: To better ensure that DOJ is fulfilling its commitment to improving efficiency in handling these complaints, DOJ Office of Professional Responsibility (DOJ-OPR), Office of the Inspector General, OARM, and ODAG should jointly assess the impact of ongoing and planned efforts to reduce the duration of FBI whistleblower retaliation complaints throughout the entire investigation, adjudication, and appeal process to ensure that these changes are in fact shortening total complaint length, without sacrificing quality.

    Agency: Department of Justice: Office of Professional Responsibility
    Status: Open
    Priority recommendation

    Comments: As of March 1, 2017, the Department of Justice (DOJ) has not responded to GAO requests for information on any efforts DOJ has taken to address this recommendation.
    Recommendation: To better ensure that DOJ is fulfilling its commitment to improving efficiency in handling these complaints, DOJ Office of Professional Responsibility (DOJ-OPR), Office of the Inspector General, OARM, and ODAG should jointly assess the impact of ongoing and planned efforts to reduce the duration of FBI whistleblower retaliation complaints throughout the entire investigation, adjudication, and appeal process to ensure that these changes are in fact shortening total complaint length, without sacrificing quality.

    Agency: Department of Justice: Office of Inspector General
    Status: Open
    Priority recommendation

    Comments: As of March 1, 2017, GAO has not received information from the Department of Justice about any steps taken to address this recommendation.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    2 open recommendations
    including 1 priority recommendation
    Recommendation: The Secretary of Homeland Security, in consultation with GSA, should develop and implement a strategy to address cyber risk to building and access control systems that, among other things: (1) defines the problem; (2) identifies roles and responsibilities; (3) analyzes the resources needed; and (4) identifies a methodology for assessing this cyber risk.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the Department has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of the General Services Administration should assess the building and access control systems that it owns in FPS-protected facilities in a manner that is fully consistent with FISMA and its implementation guidelines.

    Agency: General Services Administration
    Status: Open
    Priority recommendation

    Comments: As of October 2016, GSA recently provided documentation about its assessments of the control systems that the agency owns in FPS-protected facilities. We are reviewing this information to determine whether GSA has implemented the recommendation.
    Director: Grover, Jennifer A
    Phone: (202)512-7141

    1 open recommendations
    Recommendation: To ensure that TSA's planned testing yields reliable results, the TSA Administrator should take steps to ensure that TSA's planned effectiveness testing of the Managed Inclusion process adheres to established evaluation design practices.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: TSA continues to make progress on implementing this recommendation. In March 2017, TSA reported that an evaluation of the security effectiveness of the managed inclusion process is to be completed over the next few weeks. Once documentation for the evaluation is available, TSA will provide it for review and analysis.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To enhance the Secretary of Homeland Security's ability to assess national preparedness and provide management oversight of federal interagency efforts to close previously identified capability gaps, the Secretary of Homeland Security should direct the Administrator of FEMA--in coordination and collaboration with the National Security Council Staff and other federal departments and agencies--to collect information on and regularly report to the Secretary the status of federal interagency implementation of corrective actions identified (1) through prior national-level exercises and (2) following real-world incidents, specifically major disasters.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In November 2016, FEMA officials reported that the agency had developed an approach for collecting and reporting on the status of federal interagency corrective actions from Level I disasters to add to the current practice of reporting on national level exercises. According to officials, the proposed approach was under review and the agency plans to coordinate with the other federal departments and agencies before submitting their proposal to DHS for final approval. In August 2017, FEMA's National Preparedness Directorate reported an expected completion date of December 29, 2017. Pending completion of this effort, this recommendation remains open.
    Director: Alicia Puente Cackley
    Phone: (202) 512-8678

    2 open recommendations
    Recommendation: To achieve greater efficiency and effectiveness, Congress should consider transferring the oversight of the markings of toy and imitation firearms in 15 U.S.C. 5001 from the National Institute of Standards and Technology (within the Department of Commerce) to the Consumer Product Safety Commission.

    Agency: Congress
    Status: Open

    Comments: This matter is an action identified in GAO's annual Duplication and Cost Savings reports. There has been no legislative action identified. The Gun Look-Alike Case Act, H.R. 3224, which was introduced on July 27, 2015, in the 114th Congress, would transfer the authority to regulate the markings of toy, look-alike, and imitation firearms in section 5001 of title 15 of the U.S. Code from NIST to CPSC, as GAO suggested in November 2014. This bill was referred to the Subcommittee on Commerce, Manufacturing, and Trade of the Committee on Energy and Commerce in the United States House of Representatives, and did not pass out of committee. As of March 1, 2017, the bill has not been reintroduced in the 115th Congress.
    Recommendation: To improve existing coordination of oversight for consumer product safety, Congress should consider establishing a formal comprehensive oversight mechanism for consumer product safety agencies to address crosscutting issues as well as inefficiencies related to fragmentation and overlap such as communication and coordination challenges and jurisdictional questions between agencies. Different types of formal mechanisms could include, for example, creating a memorandum of understanding to formalize relationships and agreements or establishing a task force or interagency work group. As a starting point, Congress may wish to obtain agency input on options for establishing more formal coordination.

    Agency: Congress
    Status: Open

    Comments: This matter is an action identified in GAO's annual Duplication and Cost Savings reports. There has been no legislative action identified. No legislation was introduced as of March 1, 2017, that would establish a collaborative mechanism to facilitate communication across the relevant agencies and to help enable them to collectively address crosscutting issues, as GAO suggested in November 2014. Some of the agencies with direct regulatory oversight responsibilities for consumer product safety reported that they continue to collaborate to address specific consumer product safety topics. However, without a formal comprehensive oversight mechanism, the agencies risk missing opportunities to better leverage resources and address challenges, including those related to fragmentation and overlap.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should assess the extent to which ICE has appropriate internal controls for tracking and managing detention facility costs and develop additional controls as necessary.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of December 2016, no additional information had been provided on the status of ICE efforts to address this recommendation. In February 2015, the Department of Homeland Security (DHS) reported that Immigration and Customs Enforcement (ICE) had created a spend plan tool to help track costs for each detention facility. In addition, DHS reported that ICE headquarters and field offices were coordinating to determine the resources needed to track and manage detention facilities costs. To fully address this recommendation, ICE should assess the extent to which the spend plan tool is an appropriate internal control for tracking and managing detention facilities costs and whether additional controls are necessary.
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should document the reasons facilities cannot be transitioned to the most recent standards.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: The Department of Homeland Security (DHS) did not concur with this recommendation. As of December 2016, no additional information had been provided on the status of Immigration and Customs Enforcement (ICE) efforts to address this recommendation. To fully address this recommendation, ICE should document the reasons detention facilities cannot be transition to the most recent national detention standards.
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should take additional steps to help ensure that personnel responsible for reviewing and paying facility detention invoices follow internal control procedures to ensure proper payments.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of December 2016, no additional information had been provided on the status of ICE efforts to address this recommendation. In October 2014, the Department of Homeland Security (DHS) reported that Immigration and Customs Enforcement (ICE) had issued a new "Receipt & Acceptance" policy applicable to all program offices and would assess if additional internal controls are required and implement any needed ones, as appropriate. In February 2015, DHS reported that ICE had not finalized an impact assessment of the new policy for fiscal year 2014 to determine if additional controls would be required. To fully address this recommendation, ICE should complete an impact assessment of the new policy to determine if additional controls are needed to ensure proper payment of facility detention invoices.
    Director: Charles Michael Johnson, Jr.
    Phone: (202) 512-7331

    1 open recommendations
    Recommendation: For elements identified in the Countering Iran in the Western Hemisphere Act of 2012 that were not fully addressed in the strategy, the Secretary of State should provide the relevant congressional committees with information that would fully address these elements. In the absence of such information, State should explain to the congressional committees why it was not included in the strategy.

    Agency: Department of State
    Status: Open

    Comments: In a letter dated December 23, 2014, the Department of State (State) noted that the elements identified in the GAO report as not being adequately addressed by State were matters where the consensus of the intelligence community was that there was not an identifiable threat to counter. GAO's report assessed that State did not address four specific elements identified in the Countering Iran in the Western Hemisphere Act of 2012. State's December 2014 letter provided explanations for these four elements, including the availability of information on existing agency websites, briefings provided to Congress, and State's lack of finding that foreign governments showed clear threats. We continue to maintain that the strategy did not include all of the elements that the law stated should be included, and State did not demonstrate that it provided relevant congressional committees with information that would fully address these elements. In December 2015, State noted that it remains in close contact with the relevant congressional committees across a range of security, economic and political with regard to the Western Hemisphere on a regular and continuing basis. State further noted that it provided an oral briefing along with its original submission of the report to Congress and answered questions posed by Congress. State officials said that they stand ready to provide further information in the appropriate setting should it be requested. However, State did not provide GAO with information about whether it had provided information to Congress specifically for the elements identified in the Countering Iran in the Western Hemisphere Act of 2012 that were not fully addressed in the strategy, nor provide additional information about whether State explained to the congressional committees why any absence of such information was not included in the strategy. Furthermore, GAO learned from the House Foreign Affairs Committee staff that State and the Office of the Director for National Intelligence provided a briefing to the committee regarding Iranian activities in Latin America on February 25, 2016. As of August 2016, GAO did not receive any documents related to the briefings because, according to State, the talking points document was considered deliberative and therefore could not be shared. According to State officials, they continue to monitor the issue and brief Congress as appropriate. As of June 2017, State noted that its position regarding this recommendation and the deliberative nature of the talking points document remains unchanged.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    6 open recommendations
    including 5 priority recommendations
    Recommendation: The Secretary of Homeland Security should designate the headquarters consolidation program a major acquisition, consistent with DHS acquisition policy, and apply DHS acquisition policy requirements.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: In alignment with GAO's recommendation, on September 16, 2014, DHS issued an Acquisition Decision Memorandum designating the DHS-funded portions of the headquarters consolidation program as a Major Acquisition Program to be overseen by the departmental Acquisition Review Board (ARB). DHS made further progress implementing this recommendation by conducting and documenting an ARB of the program on November 15, 2016. The ARB process provided DHS greater oversight of headquarters consolidation, and provided a forum for officials to consider a wide range of issues affecting consolidation efforts, such as funding and project scope. However, DHS and General Services Administration (GSA) were required to revise their cost and schedule estimates subsequent to the ARB's review. In addition, as of March 2017, DHS, in coordination with GSA, had not submitted the report to Congress on DHS Headquarters Consolidation mandated by Pub. L. No. 114-150. GAO will reassess the status of this recommendation after cost and schedule estimates are finalized and DHS and GSA submit the required report to Congress, i.e., when there is more certainty about the future direction of the project overall and DHS's funded portion in particular.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to conduct the following assessments and use the results to inform updated DHS headquarters consolidation plans: (1) a comprehensive needs assessment and gap analysis of current and needed capabilities that take into consideration changing conditions, and (2) an alternatives analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the project and prioritizes options to account for funding instability.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes a comprehensive assessment of property and facilities utilized by DHS in the National Capital Region, and an analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the consolidation project. DHS and GSA have made significant progress in developing a revised plan for headquarters consolidation since 2014, including the completion of a business case analysis to support the new plan. GAO will review the latest information on DHS headquarters consolidation efforts when it is provided to Congress, and will assess the materials in the context of this recommendation at that time. Continued DHS and GSA attention to following leading capital planning practices is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to conduct the following assessments and use the results to inform updated DHS headquarters consolidation plans: (1) a comprehensive needs assessment and gap analysis of current and needed capabilities that take into consideration changing conditions, and (2) an alternatives analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the project and prioritizes options to account for funding instability.

    Agency: General Services Administration
    Status: Open
    Priority recommendation

    Comments: GSA agreed with both recommendations to conduct a comprehensive needs assessment and gap analysis and to update cost and schedule estimates. The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150), enacted on April 29, 2016, mirrors GAO recommendations in this area. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS's headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes a comprehensive needs assessment, a costs and benefits analysis, and updated cost and schedule estimates. Furthermore, the act requires the Comptroller General to evaluate the cost and schedule estimates not later than 90 days after their submittal to Congress. DHS and GSA have made significant progress in developing an Enhanced Plan for headquarters consolidation since 2014, including the completion of a business case analysis to support the new plan. In addition, GSA is leading efforts to revise the project's cost and schedule estimates, and according to GSA officials, the revised figures will take into account GAO's leading cost-estimation practices. We will review the latest information on DHS's headquarters consolidation efforts when it is provided to Congress, and will assess the materials in the context of these recommendations at that time. Continued DHS and GSA attention to following leading practices for capital planning and cost and schedule estimation is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, after revising the DHS headquarters consolidation plans, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to develop revised cost and schedule estimates for the remaining portions of the consolidation project that conform to GSA guidance and leading practices for cost and schedule estimation, including an independent evaluation of the estimates.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes updated cost and schedule estimates for the consolidation project that are consistent with GAO's recommendations in GAO-14-648. Furthermore, the act requires the Comptroller General to evaluate the cost and schedule estimates not later than 90 days after their submittal to Congress. GSA is leading efforts to revise project cost and schedule estimates, and according to GSA officials, the revised figures will take into account GAO's leading estimation practices. GAO will review the latest DHS headquarters consolidation cost and schedule estimates when they are provided to Congress, and will assess the materials in the context of this recommendation at that time. Continued DHS and GSA attention to following leading cost and schedule estimation practices is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, after revising the DHS headquarters consolidation plans, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to develop revised cost and schedule estimates for the remaining portions of the consolidation project that conform to GSA guidance and leading practices for cost and schedule estimation, including an independent evaluation of the estimates.

    Agency: General Services Administration
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes updated cost and schedule estimates for the consolidation project that are consistent with GAO's recommendations in GAO-14-648. Furthermore, the act requires the Comptroller General to evaluate the cost and schedule estimates not later than 90 days after their submittal to Congress. GSA is leading efforts to revise project cost and schedule estimates, and according to GSA officials, the revised figures will take into account GAO's leading estimation practices. GAO will review the latest DHS headquarters consolidation cost and schedule estimates when they are provided to Congress, and will assess the materials in the context of this recommendation at that time. Continued DHS and GSA attention to following leading cost and schedule estimation practices is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Recommendation: Congress should consider making future funding for the St. Elizabeths project contingent upon DHS and GSA developing a revised headquarters consolidation plan, for the remainder of the project, that conforms with leading practices and that (1) recognizes changes in workplace standards, (2) identifies which components are to be colocated at St. Elizabeths and in leased and owned space throughout the National Capital Region, and (3) develops and provides reliable cost and schedule estimates.

    Agency: Congress
    Status: Open

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of March 2017, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Officials stated that the information would be submitted as soon as possible, but exact timeframes were uncertain given ongoing project deliberations and internal reviews. Required information includes: a comprehensive assessment of property and facilities utilized by DHS in the National Capital Region; an analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the consolidation project; and updated cost and schedule estimates for the project that are consistent with GAO's recommendations in GAO-14-648. Furthermore, the act requires the Comptroller General to evaluate the cost and schedule estimates not later than 90 days after their submittal to Congress. A comprehensive report to Congress on DHS headquarters consolidation, along with reliable project cost and schedule estimates, could inform Congress's funding decisions.
    Director: Stephen Caldwell
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: Within DHS, to promote efficiency and harmonize the various assessments to advance security and resilience across the spectrum of CI in a manner consistent with the Homeland Security Act of 2002, PPD-21, and the NIPP, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate work with other DHS offices and components to develop and implement ways that DHS can facilitate data sharing and coordination of vulnerability assessments to minimize the risk of potential duplication or gaps in coverage.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has taken action in response to GAO's September 2014 recommendation to develop a department-wide process to facilitate data sharing and coordination among the various DHS components that conduct or require vulnerability assessments, but has not fully implemented the recommendation. DHS first reported to GAO in August 2015 that its Office of Infrastructure Protection (IP) and the Sector Outreach and Programs Division Innovation Center had formed a vulnerability assessment working group comprised of a variety of federal stakeholders, both within and outside DHS, to enhance overall integration and coordination of vulnerability assessment efforts. In December 2015, DHS stated that IP was conducting pilot projects to expand access to its IPGateway portal--IP's system that houses infrastructure data and identifies facilities that have been assessed by IP. In a July 2016 update, DHS reported that IP had reached agreement with DHS components to expand access to its IP Gateway portal to those partners as a means to share IP's vulnerability assessment information and help coordinate assessment visits and related activities. DHS also noted in its update that IP had begun providing access to IP Gateway to components within DHS but did not provide a date as to when that step would be complete. These are positive steps toward implementing a systematic and integrated approach for facilitating data sharing and coordination of vulnerability assessments throughout the department. However, developing a department-wide process to facilitate data sharing and coordination among the DHS offices and components that conduct or require vulnerability assessments would better enable DHS to minimize the risk of potential duplication and gaps by its offices and components in the vulnerability assessments they conduct. Because DHS is still in the process of completing these steps, the recommendation has not yet been fully implemented.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to identify key CI security-related assessment tools and methods used or offered by SSAs and other federal agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to analyze the key CI security-related assessment tools and methods offered by sector-specific agencies (SSA) and other federal agencies to determine the areas they capture.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to develop and provide guidance for what areas should be included in vulnerability assessments of CI that can be used by DHS, SSAs, and other CI partners in an integrated and coordinated manner, among and across sectors, where appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To ensure effective evaluation of federal training programs and enhance DHS's stewardship of resources for federal training programs, the Secretary of Homeland Security should direct DHS components to ensure that their documented training evaluation processes fully address attributes for effective training evaluation processes as they are drafted, updated, or revised.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2014, we reported on the Department of Homeland Security's (DHS) training efforts, including the extent to which DHS has a documented process to evaluate training and development programs. We found that all five DHS components in GAO's review--U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, the U.S. Coast Guard, the Transportation Security Administration, and the Federal Law Enforcement Training Center--have a documented process to evaluate their training programs. Their documented processes fully included three of six attributes of effective training evaluation processes identifying goals, programs to evaluate, and how results are to be used. However, the documented processes did not consistently include the other three attributes: methodology, timeframes, and roles and responsibilities. We concluded that by updating documentation to address these attributes, DHS components would have more complete information to guide its efforts in conducting effective evaluations. We therefore recommended that DHS direct its components to ensure that their documented training evaluation processes fully address attributes for effective training evaluation processes as they are drafted, updated, or revised. In September 2016, DHS officials reported that a DHS-wide self-audit of training evaluation processes was completed on March 31, 2016 and found that DHS has current documentation addressing effective learning evaluation programs and that there are commonalities in evaluation procedures across the components. As a part of the self-audit, components provided policy and procedures documents related to their training evaluation processes and found that they adhere to sound instructional systems design models. However, the self-audit focused on identifying the specific training evaluation practices for a sample of courses at each component and not whether the component-level guidance included the attributes for effective training evaluation processes we identified in our report. Further, although DHS updated its department-wide guidance on training evaluation in April 2016 to incorporate the attributes for effective training evaluation processes and some components have followed suit, other components have not. For example, we found that some components, such as Customs and Border Protection and the U.S. Coast Guard, had updated their training evaluation guidance to include the attributes we identified in our report. Others, such as U.S. Immigration and Customs Enforcement were in the process of updating their guidance. However, as of April 2017, the guidance from the Transportation Security Administration remained in draft and the guidance from the Federal Law Enforcement Training Center had not been updated since our review. Therefore, this recommendation remains open pending action on the above noted items.
    Recommendation: To ensure effective evaluation of federal training programs and enhance DHS's stewardship of resources for federal training programs, the Secretary of Homeland Security should identify existing challenges that prevent DHS from accurately capturing training costs department-wide and, to the extent that the benefits of addressing those challenges exceed the costs, implement corrective measures to overcome these challenges..

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2014, we reported on the Department of Homeland Security's (DHS) training efforts, including the extent to which DHS has a documented process to reliably capture costs. We found that DHS identified efficiencies and cost savings for delivering a number of training programs. However, different methods are used for capturing training costs across the department, which poses challenges for reliably capturing these costs across DHS. Components capture training costs differently, contributing to inconsistencies in training costs captured across DHS. Variation in methods used to collect data can affect the reliability and quality of DHS-wide training program costs. However, DHS has not identified all challenges that contribute to these inconsistencies. We concluded that DHS could improve its awareness about the costs of training programs DHS-wide and thereby enhance its resource stewardship by identifying existing challenges that prevent DHS from accurately capturing training costs and implementing corrective measures. We therefore recommended that DHS identify existing challenges that prevent DHS from accurately capturing training costs department-wide and, to the extent that the benefits of addressing those challenges exceed the costs, implement corrective measures to overcome these challenges. As of September 2016, DHS reported that its Office of the Chief Human Capital Officer and Office of the Chief Financial Officer worked together to research the issue and determine the best course of action to standardize training cost reporting. However, this did not require a formal root cause analysis. In order to identify a way for the components to capture training costs in a standardized manner, DHS formed a Tiger Team that included officials from each component which identified 12 common functional areas for training to capture training costs. Components were directed to prepare implementation plans outlining how they will begin capturing cost data within the identified functional training areas and, according to DHS, began capturing the data on September 29, 2016. In January 2017, the DHS Chief Financial Officer provided guidance to the components as to how they are to report their training costs to DHS on a quarterly basis. Components provided their first quarterly submission to DHS in January 2017. These steps are in line with the intent of our recommendation. This recommendation will remain open as we monitor its continued implementation over the next two quarters.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    1 open recommendations
    Recommendation: To assess the progress of the Secure Flight program toward achieving its goals, the Transportation Security Administration's Administrator should develop additional measures to address key performance aspects related to each program goal, and ensure these measures clearly identify the activities necessary to achieve progress toward the goal.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions that DHS TSA has taken in response to this recommendation, we will provide updated information. Status last confirmed on 10/26/15.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    11 open recommendations
    Recommendation: To help ensure that the respective DHS and DOD data systems contain sufficiently complete and accurate information to facilitate effective oversight of the personnel security clearance revocation and appeal process, the Secretary of Defense should direct the Under Secretary of Defense for Intelligence to take steps to ensure that data are recorded and updated in the Joint Personnel Adjudication System (JPAS) and the department's new systems, so that the relevant fields are filled.

    Agency: Department of Defense
    Status: Open

    Comments: According to a July 2016 update to this recommendation from the Undersecretary of Defense (Intelligence) (USD(I)), the department plans to field the Defense Information System for Security (DISS) to replace Joint Personnel Adjudication System (JPAS) by March 2017. According to DOD, on a monthly basis, OUSD(I), DMDC, the Office of Personnel Management, DoD Components and Industry participate in a meeting which addresses actions to improve the accuracy of information in JPAS. These Data Quality Initiatives (DQIs) serve as the most appropriate means available at this time to enhance completeness and accuracy of JPAS data prior to DISS migration, according to DOD. GAO will continue to monitor migration of data from JPAS to DISS, expected to be completed by the March 2017.
    Recommendation: To help ensure independence and the efficient use of resources, the Secretary of Defense should direct the DOD General Counsel to first, resolve the disagreement about the legal authority to consolidate the PSABs (Personnel Security Appeals Board) and, in collaboration with the PSABs and the Under Secretary of Defense for Intelligence, address any other obstacles to consolidating DOD's PSABs.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2016, this recommendation remains open because DOD has not yet addressed any obstacles related to consolidating Personnel Security Appeals Boards. On July 10, 2015, DOD Office of General Counsel issued a memo stating that there is no legal obstacle to co-location or consolidation of the Services' Personnel Security Appeal Boards (PSABs) within the Defense Legal Services Agency. The memo further requested that the Director, Defense Personnel Security and Research Center,to do further assessment, after which the DoD OGC, in coordination with the Under Secretary of Defense for Intelligence, will consider whether any further actions should be taken. DOD estimated this action will be completed by the end of fiscal year 2016. GAO will continue to monitor DOD's response to this recommendation.
    Recommendation: To help ensure that all employees within DOD receive the same rights during the revocation process, the Secretary of Defense should direct the Secretary of the Navy to revise Secretary of the Navy Manual M-5510.30 to specify that any information collected by the Navy PSAB from the employee's command will be shared with the employee, who will also be given the opportunity to respond to any such information provided.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2016, this recommendation remains open. According to a memo from the Undersecretary of Defense (Intelligence), the update of the Navy Manual M-5510.30 has been delayed due to an update in publishing DOD?s personnel security policy. The memo stated that the Navy had instituted procedures to address information provided by the command, sharing the information with the individual and giving the individual an opportunity to respond. The Navy expects to issue its Manual by September 2017.
    Recommendation: To help ensure independence and the efficient use of resources, and, if the General Counsel determines that there are no legal impediments and that other obstacles to consolidation can be addressed, the Secretary of Defense should direct the Defense Legal Services Agency to take steps to implement the Secretary of Defense's direction to consolidate DOD's PSABs.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2016, this recommendation remains open because, as noted in a prior recommendation, DOD has not yet addressed obstacles to consolidating the Personnel Security Appeals Boards, despite having determined that there are no legal obstacles to consolidation. This recommendation will remain open until DOD takes steps to consolidate the PSABs.
    Recommendation: To help ensure that all employees within DOD receive the same rights during the revocation process, the Secretary of Defense should direct the Secretary of the Army to revise Army Regulation 380-67 to specify that any information collected by the Army PSAB from the employee's command or by the Army PSAB itself will be shared with the employee, who will also be given the opportunity to respond to any such information provided.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 16, 2016, this recommendation remains open pending a finalized version of Army Regulation 380-67. According to a DOD update to this recommendation, a major revision to Army Regulation AR 380-67, "Army Personnel Security Program," incorporates Personnel Security Appeal Boards (PSAB's) requirement to provide any documents it obtains, after receipt of a personnel security file, to the subject who will be allowed a reasonable period of time to respond prior to PSAB rendering a final decision. AR 380-67 is undergoing legal sufficiency review. DOD estimated this review will be finalized late in March 2017. GAO will monitor the status of this regulation and assess whether the revised regulation meets the intent of this recommendation.
    Recommendation: To help ensure that all employees are treated fairly and receive the protections established in the executive order, the Secretary of Homeland Security should direct the Commandant, U.S. Coast Guard, to revise the Coast Guard instruction for military personnel to specify that military personnel may be represented by counsel or other representatives at their own expense.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of summer 2016, in response to our recommendation, the Commandant of the Coast Guard issued a policy message stating that individuals may have counsel or other representative present at the service member's own expense. According to a Coast Guard official, this message serves as interim guidance until the personnel security manual can be finalized. This official estimated that the manual will be updated in the latter part of fiscal year 2016. This recommendation will remain open until the Coast Guard finalizes the update to its manual in accordance with our recommendation.
    Recommendation: To facilitate department-wide review and assessment of the quality of the personnel security clearance revocation process, the DNI should, in consultation with the Secretaries of Defense and Homeland Security, develop performance measures to better enable them to identify and resolve problems, and direct the collection of related revocation and appeals information.

    Agency: Office of the Director of National Intelligence
    Status: Open

    Comments: When we confirm what actions DNI has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate coordination between personnel security and human capital offices regarding how a security clearance revocation should affect an employee's employment status, and to help ensure that individuals are treated in a fair and consistent manner, the Secretary of Homeland Security should direct the Under Secretary for Management to review and revise policy regarding coordination between the personnel security and human capital offices to clarify what information can and should be communicated between human capital and personnel security officials at specified decision points in the revocation process, and when that information should be communicated.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate coordination between personnel security and human capital offices regarding how a security clearance revocation should affect an employee's employment status, and to help ensure that individuals are treated in a fair and consistent manner, the Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in consultation with the Under Secretary of Defense for Intelligence, to review and revise policy regarding coordination between the personnel security and human capital offices to clarify what information can and should be communicated between human capital and personnel security officials at specified decision points in the revocation process, and when that information should be communicated.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 16, 2016, this recommendation remains open pending the department's update to a draft manual. According to an update from DOD, the Office of the Undersecretary of Defense (Intelligence) (OUSD(I)) will replace DoD 5200.2-R, "Personnel Security Program," 01/1987 with DoD Manual5200.02. The draft DoD Manual elaborates on the procedures required during due process to ensure that individuals are treated in a fair and consistent manner, according to DOD's update. The Draft DoD Manual 5200.02 is under legal sufficiency review (LSR). Once LSR has been completed, the Federal Register package will be provided to the Office of Management and Budget for interagency coordination. DOD estimates the manual will be finalized March 30, 2017.
    Recommendation: To help ensure that the DNI report to Congress contains accurate data about the number of current DOD military and federal civilian employees eligible to access classified information, the Secretary of Defense should direct the Under Secretary of Defense for Intelligence and the Under Secretary of Defense for Personnel and Readiness to review and analyze the discrepancies in the total number of employees and the number of employees eligible to access classified information, and take immediate steps to address the problems.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 16, 2016, this recommendation remains open pending the department's fielding of an updated Defense Information System for Security (DISS), scheduled for the March 2017. According to an update provided by DOD, DISS will contain all requisite fields to capture revocation and appeals related data. GAO will monitor fielding of the new system and in the process of validating DOD officials' statements that discrepancies have been substantially resolved.
    Recommendation: To help ensure that similarly situated individuals are treated consistently, and to facilitate oversight and help ensure the quality of the security clearance revocation process, the DNI should review whether the existing security clearance revocation process is the most efficient and effective approach. In this review, the DNI should consider whether there should be a single personnel security clearance revocation process used across all executive-branch agencies and workforces, with consideration of areas such as the timing of the personal appearance in the revocation process, and the ability to cross-examine witnesses. Further, to the extent that a single process or changes to the existing parallel processes are warranted, the DNI should consider whether there is a need to establish any policies and procedures to facilitate a more consistent process, and recommend as needed any revisions to existing executive orders or other executive-branch guidance.

    Agency: Office of the Director of National Intelligence
    Status: Open

    Comments: When we confirm what actions DNI has taken in response to this recommendation, we will provide updated information
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To better address obstacles that occur during the activation process and to help ensure that institutions are activated within estimated timeframes, including those institutions that do not currently have inmates, such as Administrative USP Thomson and USP Yazoo City, the Director of the Bureau of Prisons should develop and implement an activation schedule that incorporates the four characteristics of scheduling best practices.

    Agency: Department of Justice: Bureau of Prisons
    Status: Open

    Comments: On November 25, 2014, DOJ provided a written response to GAO-14-709 that stated that BOP was in the process of developing a new activation handbook and comprehensive schedule and that BOP would establish a multi-disciplinary working group of BOP subject-matter experts to work on this project. On June 3, 2015, BOP reported that it had assembled a multidisciplinary workgroup as planned, and based on BOP's March 16, 2016 status update, the workgroup's efforts were ongoing at the time. On September 20, 2016, BOP provided the schedule to us, as part of its newly developed activation handbook. While the Activation Handbook's schedule addresses in detail what needs to be done and who should do the work, it is not fully inclusive of the best practices related to scheduling that we outlined in our report. To fully address this recommendation, BOP would need to fully incorporate best practices. This includes creating a baseline schedule that incorporates all of the tasks identified in the responsibility matrix, determining the duration for each effort, and incorporating the appropriate predecessor and successor logic. Per scheduling best practices, BOP would also need to determine which activities make up the critical path and develop procedures for conducting a schedule risk analysis, ensuring that the schedule can be traced both horizontally and vertically, and that mechanisms are in place for maintaining the baseline schedule and an updated schedule as projects progress.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    16 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Energy should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test plan is developed.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. However, DOE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when DOE informs us that it has satisfactorily implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Energy should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. However, DOE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when DOE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Energy should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, test results are reviewed by agency officials.

    Agency: Department of Energy
    Status: Open

    Comments: DOE concurred with the recommendation. However, DOE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when DOE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, security and privacy requirements are communicated to contractors.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has satisfactorily implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, an independent assessor is selected to assess the system.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, test results are reviewed by agency officials.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of State should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, plans of action and milestones with estimated completion dates and resources assigned for resolution are maintained.

    Agency: Department of State
    Status: Open

    Comments: The Department of State concurred with our recommendation and is planning to develop, document, and implement oversight procedures for each contractor-operated, contractor-owned system. However, STATE has not yet provided sufficient evidence that it has implemented the recommendation. We plan to validate the department's actions when STATE informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, security and privacy requirements are communicated to contractors.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has satisfactorily implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, test results are reviewed by agency officials.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Secretary of Transportation should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, plans of action and milestones with estimated completion dates and resources assigned to resolution are maintained.

    Agency: Department of Transportation
    Status: Open

    Comments: In written comments on a draft of this report, the department agreed to consider our recommendations. We continue to believe that the department needs to develop, document, and implement oversight procedures for each contractor-operated system. DOT has not yet provided sufficient evidence that it has taken these actions. We plan to validate the department's actions when DOT informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Administrator of the Environmental Protection Agency should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, a system test is fully executed.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: EPA concurred with our recommendation. However, EPA has not yet provided evidence that it has implemented the recommendation. We plan to validate the department's actions when EPA informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Administrator of the Environmental Protection Agency should develop, document, and implement oversight procedures for ensuring that, for each contractor-operated system, plans of action and milestones with estimated completion dates and resources assigned for resolution are maintained.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: EPA concurred with our recommendation. However, EPA has not yet provided evidence that it has implemented the recommendation. We plan to validate the department's actions when EPA informs us that it has implemented the recommendation.
    Recommendation: To ensure that the privacy and security controls of contractor-operated systems are being properly overseen, the Director of the Office of Personnel Management should develop, document, and implement oversight procedures for ensuring that a system test is fully executed for each contractor-operated system.

    Agency: Office of Personnel Management
    Status: Open
    Priority recommendation

    Comments: OPM concurred with our recommendation. However, as of April 2017, OPM had not implemented the recommendation to develop, document and implement oversight procedures to ensure that a system test is fully executed for each contractor-operated system. We will monitor OPM's efforts and validate OPM actions when evidence discloses that the recommendation has been implemented.
    Recommendation: To be able to effectively assist agencies with their contractor oversight programs, the Director of the Office of Management and Budget, in collaboration with the Secretary of Homeland Security, should develop and clarify reporting guidance to agencies for annually reporting the number of contractor-operated systems.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We requested comments on a draft of this report from the Office of Management and Budget, but none were provided. In June 2017, OMB stated that its and DHS's annual reporting requirements now contain an expanded list of criteria for contractor-operated systems, including definitions in related guidance from the National Institute of Standards and Technology. However, although the reporting requirements call for agencies to report on their total number of contractor-operated systems, neither the requirements or related guidance clarify which agency systems that have contractor relationships should be categorized as contractor-operated. The lack of clear instructions may continue to result in incomplete information regarding the number of contractor-operated systems within the government.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    5 open recommendations
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to work with federal and nonfederal partners to ensure that the maritime risk assessment includes cyber-related threats, vulnerabilities, and potential consequences.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, USCG stated that the National Maritime Strategic Risk Assessment (NMSRA) was still being finalized. The agency stated that they expected this to be completed by July 2017. Once completed, we will analyze the results of the NMSRA in order to validate the extent to which its contents implement our recommendation.
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to use the results of the risk assessment to inform how guidance for area maritime security plans, facility security plans, and other securityrelated planning should address cyber-related risk for the maritime sector.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, USCG stated that it had developed a draft Navigation and Vessel Inspection Circular (NVIC) to provide guidance on assessment methods that assist vessel and facility owners and operators identify and address cybersecurity vulnerabilities. USCG stated that the draft NVIC would be published in the Federal Register for 60 days, to enable maritime stakeholders to review and provide comment. Once USCG provides us a final copy of the NVIC, we will analyze it to determine if it provides guidance for addressing cyber-related risk in the maritime sector.
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to work with federal and nonfederal stakeholders to determine if the Maritime Modal Sector Coordinating Council should be reestablished to better facilitate stakeholder coordination and information sharing across the maritime environment at the national level.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, the U.S. Coast Guard (USCG) stated that the tasking for the National Maritime Security Advisory Committee to explore the issue of information sharing mechanisms in regards to cyber information had been completed. However, USCG did not mention any decision related to the reestablishment of the sector coordinating council.
    Recommendation: To help ensure the effective use of Port Security Grant Program funds to support the program's stated mission of addressing vulnerabilities in the maritime port environment, the Secretary of Homeland Security should direct the FEMA Administrator, in coordination with the Coast Guard, to develop procedures for officials at the field review level (i.e., captains of the port) and national review level (i.e., the National Review Panel and FEMA) to consult cybersecurity subject matter experts from the Coast Guard and other relevant DHS components, if applicable, during the review of cybersecurity grant proposals for funding.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, FEMA officials stated they would provide GAO an update on the status of the recommendation by July 2017. Once provided, we will analyze the information we receive and update status of implementation efforts.
    Recommendation: To help ensure the effective use of Port Security Grant Program funds to support the program's stated mission of addressing vulnerabilities in the maritime port environment, the Secretary of Homeland Security should direct the FEMA Administrator, in coordination with the Coast Guard, to use any information on cyberrelated threats, vulnerabilities, and consequences identified in the maritime risk assessment to inform future versions of funding guidance for grant applicants and reviews at the field and national levels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, FEMA officials stated they would provide GAO an update on the status of the recommendation by July 2017. Once provided, we will analyze the information received and update status of implementation efforts.
    Director: Eileen Larence
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To help ensure that I&A maintains critical skills and competencies, when planning for and implementing current and future workforce actions, the Secretary of Homeland Security should establish mechanisms to monitor and evaluate workforce initiatives and use results to determine any needed changes.

    Agency: Department of Homeland Security
    Status: Open

    Comments: GAO will update the status of this recommendation when the Department of Homeland Security provides documentation and other information on actions it has taken to monitor and evaluate workforce initiatives.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should establish an updated performance target for completing application vetting and a process to modify that target, as needed, based on factors such as changes in the number of trusted traveler program applications and available resources.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the agency is transitioning to a new vetting platform, which will allow them to more fully assess application data. The estimated completion date is December 30, 2015.
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should assess the feasibility of practices to expedite the interview process, which could include assessing the potential trade-offs, costs, and benefits associated with any proposed practices, such as those currently proposed or implemented at specific enrollment centers, and implement those practices CBP determines to be feasible.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the Office of Field Operations, Trusted Traveler Programs (TTP) Division intends to complete the recommendation and provide a summary of findings and recommended best practices by December 30, 2015.
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should develop a mechanism to track enrollment interview appointment availability data over time.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the agency has initiated a redesign of the Global Online Enrollment System (GOES), to include GOES scheduling. A report on this effort, expected to further establish the project deliverables, level of effort, milestones and estimated completion timeline, is scheduled to be completed by December 30, 2015.
    Recommendation: To better ensure that the trusted traveler eligibility criteria and applicant adjudication processes are consistently implemented in accordance with CBP policy at all enrollment centers and by partner countries, the Commissioner of CBP should establish a mechanism or mechanisms in GES to allow CBP officers to efficiently document the types of interview questions asked and the nature of applicant responses, when appropriate, and then use this information to monitor the implementation of the interview process.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information. Status last updated October 16, 2015.
    Director: Joseph Kirschbaum
    Phone: (202) 512-9971

    1 open recommendations
    Recommendation: To help ensure that DOD's investments are being applied toward developing medical countermeasures to respond to the most serious and likely biological threat agents, the Secretary of Defense should direct the appropriate DOD officials to develop and implement a process to update and validate DOD's list of biological threats, as required by DOD Directives 5160.05E and 6205.3, or implement a process that aligns with the department's current policies, practices, and priorities as reflected in the 2001 and 2010 Quadrennial Defense Reviews .

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with the recommendation. DOD has been reviewing directives addressing biological warfare threats and is in the process of revising DOD Directive 5160.05E to ensure that the directive appropriately captures and institutionalizes the use of risk assessments to support research, development, and acquisition of chemical and biological defense capabilities. The Chemical and Biological Defense Program (CBDP) piloted the risk assessment process in 2014 and will continue to conduct annual risk assessments to support portfolio planning and guidance. In addition to this revision, the CBDP continues to improve stakeholder awareness and discussions on threats through the utilization of an annual threat day review and on-going Joint Service discussions on chemical and biological threats and capabilities to address those threats. Alignment of the threat information and medical countermeasure capabilities are discussed through the CBDP Medical Prime/Non-Prime Working Group, which was established in February 2015 to ensure the CBDP medical portfolio is addressing the highest priority threats considering available candidates and resources. The group meets quarterly to address key programmatic changes, discuss program strategic guidance, and to address information presented and discussed at the annual threat review sessions. In total, these efforts have improved the Department's ability to ensure biological threats are aligned and considered through holistic, threat-informed, risk-based assessments. DOD is also taking actions to improve the development of medical countermeasures against priority threats through a number of actions such as developing a process guide, holding threat days, and performing in-depth analyses on medical science and technology solutions. Once DOD completes and issues Directive 5160.05E, we will assess the extent to which DOD's combined actions address the recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    3 open recommendations
    Recommendation: The Director of the Office of Management and Budget should direct the Federal Chief Information Officer to update, and clearly and explicitly issue incremental development guidance that addresses the following three components: (1) requires projects associated with major IT investments to deliver incremental functionality at least every 12 months, with the exception of the three types of investments identified in this report; (2) specifies how agencies are to define the project functionality that is to be delivered; and (3) requires agencies to define a process for enforcing compliance with incremental functionality delivery, such as the use of TechStat sessions.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) agreed with our recommendation to update and issue incremental guidance, but disagreed that the time frame for incremental delivery should be changed to every 12 months. Subsequently, OMB began to take steps to address aspects of our recommendation. Specifically, in June 2014, OMB updated its information technology (IT) budget guidance to, among other things, define project functionality as any changes to an IT system that primarily provides new or improved capability to the end user. Additionally, in June 2015, OMB issued its guidance on how agencies are to implement December 2014 federal IT acquisition reform legislation. As part of that guidance, OMB required CIOs to ensure that all acquisition strategies and acquisition plans that include IT apply adequate incremental development principles. However, as of June 2017, OMB's annually updated IT budget capital planning guidance still requires that projects associated with major IT investments deliver functionality every 6 months, rather than every 12 months, as we recommended. In the absence of our recommended delivery time frame change, OMB is at risk of continuing to require functionality to be delivered in a time frame that we found to be unrealistic for many IT investments based on their current levels of performance. We will continue to evaluate OMB's progress in implementing the recently issued guidance and in considering a change in how often projects are to deliver functionality.
    Recommendation: The Secretaries of Defense, Health and Human Services, Homeland Security, and Transportation should modify, finalize, and implement their agencies' policies governing incremental development to ensure that those policies comply with OMB's guidance, once that guidance is made available.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) has begun to take steps to address this recommendation. Specifically, in January 2015, HHS established a working group on incremental development in order to define a methodology for more rapid development. Further, HHS officials reported in April 2017 that the department was working to finalize its new guidance on incremental development and CIO certification as required by OMB guidance but could not provide a time frame for when the policy would be finalized. Until HHS finalizes and implements its incremental development policy, its information technology expenditures are more likely to produce sub-optimal results. We will continue to evaluate HHS's progress in implementing this recommendation.
    Recommendation: When updating their policies, the Secretaries of Defense, Health and Human Services, Homeland Security, and Transportation should consider the factors identified in this report as enabling and inhibiting incremental development.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services (HHS) has begun to take steps to address this recommendation. Specifically, in January 2015, HHS established a working group on incremental development in order to define a methodology for incremental development that would address the factors identified in the report. Further, HHS officials reported in April 2017 that the department was working to finalize its new guidance on incremental development and CIO certification as required by OMB guidance but could not provide a time frame for when the policy would be finalized. Until HHS updates and implements its incremental development policy, its information technology expenditures are more likely to produce sub-optimal results. We will continue to evaluate HHS's progress in implementing this recommendation.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To better communicate acquisition funding needs to Congress, the Secretary of Homeland Security should enhance the content of future Future Years Homeland Security Program (FYHSP) reports--for fiscal years 2016-20 and beyond--by presenting acquisition programs' annual cost estimates and any anticipated funding gaps.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that it provides Congress Comprehensive Acquisition Status Reports (CASR) on a quarterly basis that include cost estimates for all major acquisition programs. However, the CASRs do not disaggregate the cost estimates to identify how much the programs are expected to cost each year, and therefore the proposed approach would not allow Congress to identify funding gaps on an annual basis. In April 2016, DHS presented an alternative approach that would incorporate annual funding gaps into future FYHSP reports. DHS stated it plans to initially include these annual funding gaps in the fiscal years 2018-22 FYHSP report, which was expected to be released shortly after the President's fiscal year 2018 budget request in May 2017. However, the transition to a new administration delayed the release of the FYHSP report. Once available, GAO will evaluate the FYHSP report to determine whether DHS has met the intent of this recommendation.
    Director: Mihm, J Christopher
    Phone: (202) 512-3236

    2 open recommendations
    Recommendation: To improve agencies' retrospective regulatory review processes and reporting, and strengthen linkages between retrospective reviews and agency performance management, the Director of the Office of Management and Budget should direct the Administrator of the Office of Information and Regulatory Affairs to work with regulatory agencies to implement existing guidance, and update guidance where needed, to improve the reporting of outcomes in their retrospective regulatory review plans by taking actions such as: (1) publishing a link to updated plans, which list recent results and anticipated outcomes, on the White House website; (2) submitting evidence that agencies listed updates of their plans on their "Open Government" web pages; (3) providing more comprehensive information on completed reviews in agencies' most recent plans and progress reports by (a) ensuring the most recent published plan contains a complete accounting of all completed reviews rather than expecting readers to review multiple plans, and (b) including the supporting analysis and data for results by listing a link or citation to the related documentation.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In comments on the draft report, OMB staff generally agreed with the recommendation. In responses to questions for the record following a July 2015 Senate hearing on OMB's Office of Information and Regulatory Affairs (OIRA), the OIRA Administrator noted that OIRA has adopted several of the recommendations in GAO-14-268. Regarding this recommendation, the Administrator stated that OIRA posted agencies' retrospective review plans on a central OMB site. As of August 2017, these plans and progress updates are now publicly available, by agency, on the archived OMB website for President Obama's administration (see https://obamawhitehouse.archives.gov/omb/oira/regulation-reform).
    Recommendation: To improve agencies' retrospective regulatory review processes and reporting, and strengthen linkages between retrospective reviews and agency performance management, the Director of the Office of Management and Budget should direct the Administrator of the Office of Information and Regulatory Affairs to ensure that the Office of Information and Regulatory Affairs, as part of its oversight role, monitor the extent to which agencies have implemented the guidance on retrospective regulatory review requirements outlined in the related executive orders and confirm that agencies have identified how they will assess the performance of regulations in the future.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In comments on the draft report, OMB staff generally agreed with the recommendation. In responses to questions for the record following a July 2015 Senate hearing on the Office of Information and Regulatory Affairs' (OIRA) role in the regulatory process, the OIRA Administrator noted that OIRA has adopted several of the recommendations in GAO-14-268. Specifically regarding this recommendation, the Administrator stated that OIRA regularly asks agencies to consider the incorporation of a retrospective review planning component in forward-looking regulations, but as of August 2017 OMB has not responded to GAO's requests to provide additional details.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    including 3 priority recommendations
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, when updating the schedules for the IFT, Remote Video Surveillance System (RVSS), and Mobile Surveillance Capability programs, the Commissioner of CBP should ensure that scheduling best practices, as outlined in our schedule assessment guide, are applied to the three programs' schedules.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: In March 2014, CBP concurred with our recommendation and in response, stated it planned to ensure that scheduling best practices are applied as far as practical when updating the three program schedules. In May 2016 CBP provided us with complete schedules for the IFT and RVSS programs. In December 2016, we provided CBP our assessment of the updated schedules for the IFT and RVSS programs. In January 2017 CBP provided us with a complete schedule for the MSC program and in March 2017, we provided CBP with our assessment of the MSC schedule. In April 2017, CBP provided additional clarifying information in regards to the MSC schedule. As of May 2017, based on our assessment of the updated schedules for the IFT, RVSS, and MSC programs, CBP has made improvements in the quality of the schedules since our last report, but the program schedules have not met all characteristics of a reliable schedule.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, the Commissioner of CBP should develop and maintain an Integrated Master Schedule for the Plan that is consistent with scheduling best practices.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In March 2014, CBP did not concur with this recommendation and maintained that an integrated master schedule for the Plan in one file undermines the DHS-approved implementation strategy for the individual programs making up the Plan, and that the implementation of this recommendation would essentially create a large, aggregated program, and effectively create an aggregated "system of systems". DHS further stated that a key element of the Plan has been the disaggregation of technology procurements. As of December 2016, CBP continues to non-concur with this recommendation and plans no further action. However, as we noted in the report, collectively these programs are intended to provide CBP with a combination of surveillance capabilities to be used along the Arizona border with Mexico. Moreover, while the programs themselves may be independent of one another, the Plan's resources are being shared among the programs. As such, we continue to believe that developing an integrated master schedule for the Plan is needed. Developing and maintaining an integrated master schedule for the Plan could allow CBP insight into current or programmed allocation of resources for all programs as opposed to attempting to resolve any resource constraints for each program individually.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, when updating Life-cycle Cost Estimates for the IFT and RVSS programs, the Commissioner of CBP should verify the Life-cycle Cost Estimates with independent cost estimates and reconcile any differences.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In March 2014, DHS concurred with this recommendation. In May 2016 CBP provided us with updated life-cycle cost estimates for two of its highest-cost programs under the Plan--the Integrated Fixed Tower (IFT) and the Remote Video Surveillance (RVSS). Further, CBP officials stated that in fiscal year 2016, DHS's Cost Analysis Division started piloting DHS's independent cost estimate capability on the RVSS program. According to CBP officials, the pilot is an opportunity to assist DHS in developing its independent cost estimate capability and that CBP selected the RVSS program for the pilot because the program is at a point in its planning and execution process where it can benefit most from having an independent cost estimate performed as these technologies are being deployed along the southwest border, beyond Arizona. In August 2016, CBP officials provided an update stating that details for an estimated independent cost estimate schedule and analysis plan for the RVSS program had not yet been finalized. As of November 2016, CBP officials stated that the results of the independent cost estimate for the RVSS program are expected to be completed by January 31, 2017. Further, CBP officials have not detailed similar plans for the IFT. We continue to believe that independently verifying the life-cycle cost estimates for the IFT and RVSS programs and reconciling any differences, consistent with best practices, could help CBP better ensure the reliability of the estimates.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, the Commissioner of CBP should revise the IFT Test and Evaluation Master Plan to more fully test the IFT program, before beginning full production, in the various environmental conditions in which IFTs will be used to determine operational effectiveness and suitability, in accordance with DHS acquisition guidance.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: In March 2014, DHS did not concur with this recommendation and stated that the Test and Evaluation Master Plan includes tailored testing and user assessments that will provide much, if not all, of the insight contemplated by the intent of the recommendation. According to CBP officials, acceptance testing was performed on the system in July 2015 and a limited user testing for the IFT system was conducted during October and November 2015. In May 2016, CBP reported that it had conditionally accepted seven out of 53 IFT systems in one area of responsibility. CBP also reported that it is working to deploy and test the remaining IFT unit systems to other areas of responsibility. In November 2016, CBP stated that they continue to non-concur with this recommendation and planned no further action. However, as we reported in March 2014, we continue to believe that revising the Test and Evaluation Master Plan to include more robust testing to determine operational effectiveness and suitability could better position CBP to (1) evaluate IFT capabilities before moving forward to full production for the system, (2) provide CBP with information on the extent to which the towers satisfy Border Patrol's user requirements, and (3) reduce potential program risks. Without conducting operational testing in accordance with DHS guidance, the IFT program may be at increased risk of not meeting Border Patrol operational needs.
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, once data on asset assists are required to be recorded and tracked, the Commissioner of CBP should analyze available data on apprehensions and seizures and technological assists, in combination with other relevant performance metrics or indicators, as appropriate, to determine the contribution of surveillance technologies to CBP's border security efforts.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: In February 2015, Border Patrol officials provided documentation stating that the agency has yet to analyze data on asset assists, in combination with other relevant performance metrics and indicators to determine the contributions of surveillance technologies to its mission. However, the Border Patrol plans to address this recommendation using the Capability Gap Analysis Process (CGAP) developed by Johns Hopkins University Applied Physics Lab specifically for the Border Patrol. According to Border Patrol officials, the CGAP will enable the agency to examine the effects of technology and other Border Patrol assets such as agents, infrastructure, in the context of everyday border patrol operations. The data generated by the CGAP along with e3 apprehension and seizure data will better inform the nature of the contributions and impacts of surveillance technology on enforcement efforts. Border Patrol officials explained that capturing data on asset assists within the in e3 Processing database was the first step to determine the contribution of technology to detect, identify, and classify activity along the border. Further, the Border Patrol identified individual types of technology such as Integrated Fixed Towers, Mobile Video Surveillance System, Underground Sensors, etc. and grouped them into classes such as Fixed, Mobile and Relocatable to better distinguish the contribution of each class of technology. As the Border Patrol gains a better understanding through analysis, the agency plans to continue to refine the measures and the collection of the metrics. In November 2014, the Border Patrol proposed a timeline highlighting the agency's future efforts to capture and document the contributions of the different classes of technology to the Border Patrol's mission. In our March 2016 update on the progress made by agencies to address our findings on duplication and cost savings across the federal government, we reported that CBP had modified its time frame for developing baselines for each performance measure and that additional time would be needed to implement and apply key attributes for metrics. In March 2016, according to CBP officials, the actual completion was being adjusted pending test and evaluation results for recently deployed technologies on the southwest border. In addition, Border Patrol officials told us that they planned to have various qualitative and quantitative performance measures of technology completed by the end of fiscal year 2016. These measures would help profile different levels of situational awareness in different areas of the border. In September 2016, Border Patrol provided a case study that assessed CGAP data with technology assist data and other measures to determine contributions of surveillance technologies to its mission. While this is a start to developing performance measures, the case study is limited to one location along the border and the analysis limited to select technologies. As of April 2017, CBP had not conducted assessments of the deployments to determine the contribution of surveillance technologies to the border security mission. Until CBP completes its efforts to fully develop and apply key attributes for performance metrics for all technologies to be deployed under the Plan, it will not be well positioned to fully assess its progress in implementing and determining the Plan and determine when mission benefits have been fully realized.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To help ensure the accuracy of its Senior Federal Official Travel Reports, the Administrator of GSA should collect additional information from agencies on instances where travel is not being reported because of an exemption for intelligence agencies, as opposed to some other reason, and include such information in its reports where departmental data do not include trips pursuant to an agency's exercise of a reporting exemption.

    Agency: General Services Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To better ensure DSOs' and students' compliance with OPT requirements, and strengthen efforts to identify and assess potential risks in OPT, the Director of ICE should direct SEVP to develop and distribute guidance to DSOs on how to determine whether a job is related to a student's area of study and require DSOs to provide information in SEVIS to show that they took steps, based on this guidance, to help ensure that the student's work is related to the area of study.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of April 2015, SEVP has made progress in developing employment guidance to support DSOs in determining whether a job is related to a student's area of study and requiring DSOs to provide such information in SEVIS. SEVP stated that it has drafted such guidance and it is being reviewed by SEVP subject matter experts. In addition, SEVP stated that it is developing information requirements for DSOs to attest that they adhered to the new employment guidance document in SEVIS, which requires system enhancements. In May 2016, the new STEM OPT regulation went into effect and, among other things, SEVP officials stated that it requires much greater detail on the scope of the employment and how it is related to the earned degree. As of October 2016, SEVP expects that non-STEM guidance on field of study will be finalized by the second quarter of fiscal year 2017.
    Director: Dinapoli, Timothy J
    Phone: (202) 512-4841

    7 open recommendations
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Office of the Director of National Intelligence
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. ODNI has held roundtables to discuss OFPP PL 11-01 implementation with other IC agencies. ODNI also revised ICD 612 but has not developed implementing guidance for ODNI MSD.
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Department of Energy
    Status: Open

    Comments: In its letter to OMB and the Congress, the agency concurred with this recommendation. In July 2015, the agency issued interim guidance, but the guidance does not fully address OFPP Policy Letter 11-01. The agency explained that once the Federal Acquisition Regulation is updated, the agency's acquisition regulation will be updated as necessary to reflect the new guidance. Since that time, no further action has occurred.
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Department of Justice
    Status: Open

    Comments: In its letter to OMB and the Congress, the agency concurred with this recommendation but has not yet taken the actions necessary to implement it.
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Department of the Treasury
    Status: Open

    Comments: In its letter to OMB and the Congress, the agency concurred with this recommendation. Treasury issued additional supplemental guidance and is currently updating its procurement and workforce guidance to fully address OFPP Policy Letter 11-01.
    Recommendation: To improve civilian IC elements' or their respective departments' ability to mitigate risks associated with the use of contractors, the Director of National Intelligence, Director of the Central Intelligence Agency, Attorney General of the United States, and Secretaries of Energy and the Treasury should direct responsible agency officials to set time frames to develop guidance that fully addresses the Office of Federal Procurement Policy, Policy Letter 11-01's requirements related to closely supporting inherently governmental functions.

    Agency: Central Intelligence Agency
    Status: Open

    Comments: The agency did not comment on our recommendation. Please contact Timothy DiNapoli at (202) 512-4841 or dinapolit@gao.gov for additional information on the status of this recommendation.
    Recommendation: To improve congressional oversight and enhance civilian IC elements' insights into their use of core contract personnel, when reporting to congressional committees, the IC CHCO should clearly specify limitations and significant methodological changes and their associated effects.

    Agency: Office of the Director of National Intelligence: IC Chief Human Capital Officer
    Status: Open

    Comments: The IC CHCO described steps it was taking to implement the recommendation. For example, the IC CHCO stated it highlighted limitations to the data and the reasons for data adjustments from year-to-year in its FY 2014-2016 briefings to Congress. We will continue to follow up with the IC CHCO to determine whether these actions meet the intent of the recommendation.
    Recommendation: To improve the ability of the civilian IC elements to strategically plan for their contractors and mitigate associated risks, the IC CHCO should revise the Intelligence Community Directive 612's provisions governing strategic workforce planning to require the IC elements to identify their assessment of the appropriate workforce mix on a function-by-function basis.

    Agency: Office of the Director of National Intelligence: IC Chief Human Capital Officer
    Status: Open

    Comments: In August 2015, IC CHCO revised Intelligence Community Directive 612 and removed the provisions governing strategic workforce planning. We will continue to follow up with IC CHCO to determine whether steps will be taken to require IC elements to identify an appropriate workforce mix.
    Director: Wilshusen, Gregory C
    Phone: (202)512-6244

    1 open recommendations
    Recommendation: The Secretary of Homeland Security, in collaboration with emergency service sector stakeholders, should address the cybersecurity implications of implementing Next Generation 911 and the First Responder Network Authority network in the next iteration of sector plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In December 2015, DHS released an updated sector-specific plan for the emergency services sector that describes the sector's greater dependence on cyber-based infrastructure as a notable trend and emerging issue among the sector's risks. However, the plan does not incorporate steps to address the cybersecurity risk of implementing Next Generation 911 or risks associated with the First Responder Network, the public safety broadband network, currently in development. An update to the sector-specific plan will likely not occur until 2018. When DHS provides evidence regarding additional risk mitigation steps, we will review the evidence provided to update the status of this recommendation.
    Director: Shear, William B
    Phone: (202) 512-8678

    4 open recommendations
    Recommendation: To help ensure that agencies are tracking the effect of strategic sourcing on small businesses, OMB's Administrator for Federal Procurement Policys should monitor agencies' compliance with the requirement to maintain baseline data and performance measures on small business participation in strategic sourcing initiatives.

    Agency: Executive Office of the President: Office of Management and Budget: Office of Federal Procurement Policy
    Status: Open

    Comments: OMB officials have stated that they are in the process of addressing this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: Consistent with OMB guidance and to track the effect of strategic sourcing on small businesses, the Secretaries of DOD, DHS, HUD, and the Interior, and the Administrator of NASA should collect baseline data and establish performance measures on the inclusion of small businesses in strategic sourcing initiatives.

    Agency: Department of Defense
    Status: Open

    Comments: DOD officials have stated that they are in the process of addressing this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: Consistent with OMB guidance and to track the effect of strategic sourcing on small businesses, the Secretaries of DOD, DHS, HUD, and the Interior, and the Administrator of NASA should collect baseline data and establish performance measures on the inclusion of small businesses in strategic sourcing initiatives.

    Agency: Department of the Interior
    Status: Open

    Comments: Interior officials have stated that they are in the process of addressing this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: Consistent with OMB guidance and to track the effect of strategic sourcing on small businesses, the Secretaries of DOD, DHS, HUD, and the Interior, and the Administrator of NASA should collect baseline data and establish performance measures on the inclusion of small businesses in strategic sourcing initiatives.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: NASA officials provided an update in March 2017. They stated that they consider the inclusion of small businesses and small disadvantaged businesses throughout the strategic sourcing process and that they track performance on their small business goals at the agency and buying office level. However, they stated they had no plans to track baseline data and performance measures on small business inclusion for individual strategic sourcing efforts or strategic sourcing efforts grouped by categories because they did not see the benefit of doing so. As we stated in our report, OMB memorandums require baseline data and a measure of the change in small business spending for each individual initiative. Therefore, we continue to believe this recommendation has merit and should be fully implemented.
    Director: Wise, David J
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To provide increased transparency about the funding amounts agencies are spending to maintain their assets and manage their backlogs, the Director of OMB should require the OMB Deputy Director for Management, as chair of the FRPC, in collaboration and consultation with FRPC member agencies, to collect information--through FRPP or other mechanisms--on funding agencies annually spent to address existing deferred maintenance and repair deficiencies and report summary level information in the FRPC's fiscal year report.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: As of December 2015, OMB had worked with the FRPC to develop a method to collect annual recurring maintenance and repair data in the FRPP. This effort includes (1) developing separate definitions for "operations" and "maintenance" costs, which are currently reported in the FRPP as a combined cost number, and (2) defining a methodology that agencies can use to consistently collect and report annual deferred maintenance and repair expenditures. OMB expects these actions to be completed by the fiscal year 2018 FRPP reporting cycle. As of March 28, 2017, OMB had not provided GAO with any additional updates regarding the status of this recommendation..
    Director: Wilshusen, Gregory C
    Phone: (202) 512-6244

    17 open recommendations
    Recommendation: To make government-wide computer matching program planning efforts more consistent, the Director of OMB should revise guidance on computer matching to clarify whether front-end verification queries are covered by the Computer Matching Act.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We have not yet received information to validate the agency's actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To make government-wide computer matching program planning efforts more consistent, the Director of OMB should direct agencies to address all key elements when preparing cost-benefit analyses.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To make government-wide computer matching program planning efforts more consistent, the Director of OMB should ensure that agencies receive assistance in implementing computer matching programs as envisioned by the act.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Agriculture should develop and implement policies and procedures for cost-benefit analyses related to computer matching agreements to include key elements such as personnel and computer costs, as well as avoidance of future improper payments and recovery of improper payments and debts.

    Agency: Department of Agriculture
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Agriculture should ensure the DIB reviews cost-benefit analyses to make certain cost savings information for the computer matching program is included before approving CMAs.

    Agency: Department of Agriculture
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Agriculture should ensure the DIB performs annual reviews and submits annual reports on the agency's computer matching activities, as required by the act.

    Agency: Department of Agriculture
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Education should develop and implement policies and procedures for cost-benefit analyses related to computer matching agreements to include key elements such as personnel and computer costs, as well as avoidance of future improper payments and recovery of improper payments and debts.

    Agency: Department of Education
    Status: Open

    Comments: We have not yet received sufficient information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Health and Human Services should ensure the DIB reviews cost-benefit analyses to make certain cost savings information for the computer matching program is included before approving CMAs.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We have not yet received information to validate the agency's actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Health and Human Services should ensure the DIB performs annual reviews and submits annual reports on agency computer matching activities, as required by the act.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We have not yet received information needed to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Homeland Security should develop and implement policies and procedures for cost-benefit analyses related to computer matching agreements to include key elements such as personnel and computer costs, as well as avoidance of future improper payments and recovery of improper payments and debts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Homeland Security should ensure the DIB reviews cost-benefit analyses to make certain cost savings information for the computer matching program is included before approving CMAs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Homeland Security should ensure the DIB performs annual reviews and submits annual reports on agency computer matching activities, as required by the act.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Labor should develop and implement policies and procedures for cost-benefit analyses related to computer matching agreements to include key elements such as personnel and computer costs, as well as avoidance of future improper payments and recovery of improper payments and debts.

    Agency: Department of Labor
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Labor should ensure the DIB reviews cost-benefit analyses to make certain cost savings information for the computer matching program is included before approving CMAs.

    Agency: Department of Labor
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Labor should ensure the DIB performs annual reviews and submits annual reports on agency computer matching activities, as required by the act.

    Agency: Department of Labor
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Secretary of Veterans Affairs should ensure the DIB reviews cost-benefit analyses to make certain cost savings information for the computer matching program is included before approving CMAs.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: We have not yet received information to validate the agency's actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve the implementation of the act, the Administrator of Social Security should ensure the DIB performs annual reviews and submits annual reports on agency computer matching activities, as required by the act.

    Agency: Social Security Administration
    Status: Open

    Comments: We have not yet received information to validate agency actions on this recommendation. Subsequent to the agency stating that is has taken action, we plan to verify whether implementation has occurred.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To help mitigate confusion about the use of reverse auctions in federal acquisitions, the Director of the Office of Management and Budget should take steps to amend the FAR to address agencies' use of reverse auctions.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: In providing comments on this report, OMB generally concurred with this recommendation but, as of July 2017, had not yet publicly released a draft of any related proposed FAR rule(s). In July 2017, OMB staff stated that a FAR team had drafted proposed regulatory changes to address the use of reverse auctions in response to GAO's recommendation. OMB staff said that the draft changes were undergoing review and they expected they would be published for public comment before the end of the calendar year.
    Director: Wilshusen, Gregory C
    Phone: (202) 512-6244

    8 open recommendations
    Recommendation: To improve their response to data breaches involving PII, the Secretary of Defense should direct the Secretary of the Army to require documentation of the reasoning behind risk determinations for breaches involving PII.

    Agency: Department of Defense
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the department stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Secretary of Defense should direct the Secretary of the Army to require an evaluation of the agency's response to data breaches involving PII to identify lessons learned that could be incorporated into agency security and privacy policies and practices.

    Agency: Department of Defense
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the department stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Secretary of Health and Human Services should direct the Administrator for the Centers for Medicare & Medicaid Services to require documentation of the risk assessment performed for breaches involving PII, including the reasoning behind risk determinations.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the department stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Secretary of Health and Human Services should direct the Administrator for the Centers for Medicare & Medicaid Services to document the number of affected individuals associated with each incident involving PII.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the department stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Secretary of Health and Human Services should direct the Administrator for the Centers for Medicare & Medicaid Services to require an evaluation of the agency's response to data breaches involving PII to identify lessons learned that could be incorporated into agency security and privacy policies and practices.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the department stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Chairman of the Federal Reserve Board should require documentation of the risk assessment performed for breaches involving PII, including the reasoning behind risk determinations.

    Agency: Federal Reserve System
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the agency stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Chairman of the Federal Reserve Board should document the number of affected individuals associated with each incident involving PII.

    Agency: Federal Reserve System
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the agency stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Chairman of the Federal Reserve Board should require an evaluation of the agency's response to data breaches involving PII to identify lessons learned that could be incorporated into agency security and privacy policies and practices.

    Agency: Federal Reserve System
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the agency stating that it has taken action, we plan to verify whether implementation has occurred.
    Director: Cha, Carol R
    Phone: (202) 512-4456

    2 open recommendations
    Recommendation: To improve planning and execution of the next telecommunications transition, the Administrator of General Services, in coordination with the Office of Personnel Management, should examine potential government-wide telecommunications expertise shortfalls and use the study to shape the NS2020 strategic approach.

    Agency: General Services Administration
    Status: Open

    Comments: The General Services Administration (GSA) has not addressed this recommendation. In June 2014, the agency reported that it had coordinated with OPM to incorporate key objectives in its NS2020 strategy to address and mitigate challenges with regards to government-wide expertise needed to execute the NS2020 program. However, as of May 2017, GSA had not demonstrated that it had studied potential government-wide telecommunications expertise shortfalls or used the study to shape the NS2020 strategic approach.
    Recommendation: To improve planning and execution of the next telecommunications transition, the Administrator of General Services should ensure that the lessons are applied, based on priority and available resources, to the next transition strategy.

    Agency: General Services Administration
    Status: Open

    Comments: The General Services Administration has not implemented this recommendation but has taken steps to address it. In April 2014, the agency developed a strategy for transitioning to the next telecommunications contract vehicle. The strategy described the lessons learned that contributed to the delay in the prior transition and identified approaches the agency planned to take to apply the lessons learned. For example, it identified high level plans for addressing the need for improved management of the complex acquisition process and the need for technical and contracting telecommunications expertise across the government. As of August 2016, GSA had prioritized the lessons learned and considered the resources needed to apply them. However, as of May 2017, the agency had not demonstrated that it had ensured that the lessons were applied, based on priority and available resources, to the next transition strategy. We will continue to monitor GSA's efforts to implement the recommendation.
    Director: Bertoni, Daniel
    Phone: (202) 512-7215

    2 open recommendations
    Recommendation: In order to enhance the accuracy of and ensure appropriate agency access to SSA's death data, and to clarify how SSA applies the eligibility requirements of the Social Security Act and enhance agencies' awareness of how to obtain access, the Social Security Administration's Acting Commissioner should direct the Deputy Commissioner of Operations to develop and publicize guidance it will use to determine whether agencies are eligible to receive SSA's full death file.

    Agency: Social Security Administration
    Status: Open

    Comments: The Social Security Administration (SSA) disagreed with this recommendation, stating that each request to obtain the full death file is unique, and that officials must review them on a case-by-case basis to ensure compliance with various legal requirements. It also expressed concern that developing this guidance as we recommended would require agency expenditures unrelated to its mission in an already fiscally constrained environment. SSA noted that any federal agency that would like to explore accessing the full death master file (which includes state death records) should submit a request to SSA. SSA will review the file and, if satisfactory, enter into an Information Exchange Agreement covering terms, conditions and reimbursement for the exchange. As of April 2017, SSA reports that it is continuing its efforts and there is no change in status. GAO appreciates that agencies may base their request for the full death file on different intended uses, and supports SSA's efforts to ensure compliance with all applicable legal requirements. However, developing such guidance could help to ensure consistency in SSA's future decision making by the new Office of Data Exchange, and enhance agencies' ability to obtain the data in a timely and efficient manner.
    Recommendation: In order to enhance the accuracy of and ensure appropriate agency access to SSA's death data, and to increase transparency among recipient agencies, the Social Security Administration's Acting Commissioner should direct the Deputy Commissioner of Operations to share a more detailed explanation of how it determines reimbursement amounts for providing agencies with death information.

    Agency: Social Security Administration
    Status: Open

    Comments: The Social Security Administration (SSA) reported that it has implemented improvements in its estimating procedures for future reimbursable agreements to ensure consistent estimates for all customers. It reviews all reimbursable requests on a case-by-case basis to determine full costs (including direct and indirect expenses) to provide goods, resources, or services. However, the agency stated that it is not a typical government business practice to share these detailed costs for reimbursable agreements. As of April 2017, SSA reports that it is continuing its efforts and there is no change in status. We are encouraged that SSA has made efforts to standardize the estimates it shares with its federal partners. While we recognize that there may be limitations on the type of cost details SSA can provide to recipient agencies, we continue to believe that more transparency in conveying the factors that lead to the estimated and final reimbursement amounts recipient agencies are charged could help them make more informed decisions.
    Director: Goldenkoff, Robert N
    Phone: (202) 512-2757

    4 open recommendations
    including 3 priority recommendations
    Recommendation: To help maintain a more thorough and insightful 2020 Census development schedule in order to better manage risks to a successful 2020 Census, the Secretary of Commerce and Undersecretary of Economic Affairs should direct the U.S. Census Bureau to improve the comprehensiveness of schedules, including ensuring that all relevant activities are included in the schedule.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: The Bureau agreed with this recommendation and stated that it is reviewing and refining project schedules to ensure that they include the full scope of work needed to reach operational decision points for the 2020 Census. The 2020 Research and Planning Office currently has 55 decennial project schedules, consisting of more than 3,700 activities. Several project schedules were re-baselined and pushed into production in January 2014. Focused integration sessions occurred in late January and February 2014, resulting in revised schedules. The Bureau released its operational plan and other documentation in November 2015, and announced in June 2016 that it would finalize and release its 2020 Census schedule in July 2016. To fully implement this recommendation, the Bureau needs to include within its integrated master activity schedule at lower levels the activities and milestones it has already identified as needed throughout the 2020 Census lifecycle. We are beginning an audit of the Bureau's scheduling practices this summer and will review actions the Bureau may have taken to address this recommendation.
    Recommendation: To help maintain a more thorough and insightful 2020 Census development schedule in order to better manage risks to a successful 2020 Census, the Secretary of Commerce and Undersecretary of Economic Affairs should direct the U.S. Census Bureau to improve the construction of schedules, including ensuring complete logic is in place to identify the preceding and subsequent activities as well as a critical path that can be used to make decisions.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: The Bureau agreed with this recommendation and stated that it has already begun maturing project schedules to ensure that the logical relationships between discrete schedules are put into place. Schedule integration sessions across projects and programs were held in late January 2014 and into February 2014 and periodically since then, where work is deconstructed into detailed schedules. As the Bureau continues to mature its schedule and scheduling process for the 2020 Census and related tests, its officials say they are taking care to ensure that logical linkages are in place within the schedule and that they are adding additional activities on a rolling basis. Bureau officials believe this ongoing work with the 2020 schedule will ensure they have a robust tool to help manage the 2020 program and make key decisions. The Bureau released its operational plan and other documentation in November 2015 and announced in June 2016 that it would finalize and release its 2020 Census schedule in July 2016. To fully implement this recommendation, the Bureau needs to ensure linkage between activities and the estimated resources needed to complete them. We are beginning an audit of the Bureau's scheduling practices this summer and will review actions the Bureau may have taken to address this recommendation.
    Recommendation: To help maintain a more thorough and insightful 2020 Census development schedule in order to better manage risks to a successful 2020 Census, the Secretary of Commerce and Undersecretary of Economic Affairs should direct the U.S. Census Bureau to improve the credibility of schedules, including conducting a quantitative risk assessment.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: The Bureau agreed with this recommendation and stated that it has already begun maturing project schedules to ensure that the logical relationships between discrete schedules are put into place. Schedule integration sessions across projects and programs were held in late January 2014 and into February 2014 and periodically since then, where work is deconstructed into detailed schedules. As the Bureau continues to mature its schedule and scheduling process for the 2020 Census and related tests, its officials say they are taking care to ensure that logical linkages are in place within the schedule and that they are adding additional activities on a rolling basis. Bureau officials believe this ongoing work with the 2020 schedule will ensure they have a robust tool to help manage the 2020 program and make key decisions. The Bureau released its operational plan and other documentation in November 2015 and announced in June 2016 that it would finalize and release its 2020 Census schedule in July 2016. As part of the maturation process, the Bureau expects to conduct a quantitative risk assessment of decennial project schedules. In 2015, the Bureau provided us with a preliminary output from its risk analysis software as a demonstration of the type of analysis it is committed to, but more recently its officials said that they may not be able to take all the steps needed to satisfy this recommendation. To fully implement this recommendation, the Bureau needs to conduct quantitative schedule risk analyses with the resulting schedule. We are beginning an audit of the Bureau's scheduling practices this summer and will review actions the Bureau may have taken to address this recommendation.
    Recommendation: The Director of the U.S. Census Bureau should initiate a robust workforce planning process for those working on schedules related to the Master Address File, including actions such as an analysis of skills needed, to identify and address gaps in scheduling skills.

    Agency: Department of Commerce: Bureau of the Census
    Status: Open

    Comments: The Census Bureau agreed with this recommendation and states it is taking steps to improve its scheduling practices and to initiate a comprehensive workforce planning process for those working on decennial project schedules. Bureau officials state they are currently evaluating the skills needed for scheduling support of the 2020 Census and will take the appropriate steps to acquire and develop the appropriate mix of skill sets, including but not limited to developing certified scheduling staff, hiring expert contractors to assist with periodic training, and scheduling standards implementation. They also state that the Bureau is committed to continuing to strengthen the schedule management plan, practices, and methods in place for the 2020 Census. The Bureau has experienced turnover in the leadership of the team responsible for 2020 scheduling, and, as of July 2017, Bureau officials have said they are working to collect artifacts that may demonstrate how this recommendation was addressed.
    Director: Powner, David A
    Phone: (202)512-9286

    48 open recommendations
    including 1 priority recommendation
    Recommendation: To help ensure the success of PortfolioStat, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to disclose the limitations of any data reported (or disclose the parameters and assumptions of these data) on the agencies' consolidation efforts and associated savings and cost avoidance.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In its comments on GAO's November 2013 report, OMB disagreed with this recommended action, stating that it had disclosed limitations on data reported and cited three instances of these efforts. However, GAO maintained that, while OMB reported limitations of data regarding commodity information technology (IT) consolidation efforts in these cases, the information reported did not provide stakeholders and the public with a complete understanding of the data presented. For example, OMB did not disclose that information from the Departments of Defense (DOD) and Justice was not included in the consolidation estimates reported, which, considering the scope of DOD's efforts in this area (at least $3.2 billion), was a major gap. As of March 2017, OMB still had not addressed this recommendation. During that month, the agency told GAO that improving the quality of the data agencies submit through the integrated data collections (which include data on agencies' consolidation efforts and associated savings and cost avoidance) is a priority and that Office of the Federal Chief Information Officer staff follow up with agencies when they detect anomalies in the data reported. OMB, however, did not address actions to disclose the limitations of data reported or disclose the parameters and assumptions of these data. Such disclosure would provide the public and other stakeholders with crucial information needed to understand the status of PortfolioStat and agency progress in meeting the goals of the initiative.
    Recommendation: To help ensure the success of PortfolioStat, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to require that agencies report on efforts to address action plan items as part of future PortfolioStat reporting.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: OMB's June 2015 memorandum on the management and oversight of federal information technology (M-15-14) established quarterly PortfolioStat sessions between OMB and agency Chief Information Officers. This represented a change from the previously required annual action item memos. In November 2016, OMB stated that it informally tracks action items resulting from PortfolioStat but no formal documentation is kept. We will continue to follow up on how OMB ensures that agencies report on efforts to address action items as part of future PortfolioStat reporting.
    Recommendation: To help ensure the success of PortfolioStat, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to improve transparency of and accountability for PortfolioStat by publicly disclosing planned and actual data consolidation efforts and related cost savings by agency.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In October 2015, OMB started displaying actual data consolidation savings data on the federal information technology (IT) dashboard, consistent with provisions of the IT reform legislation commonly referred to as the Federal Information Technology Acquisition Reform Act. However, in November 2016, and again in March 2017, OMB stated that it does not track planned cost savings and cost avoidance figures and did not provide any plans to do so. Improving the transparency and accountability for PortfolioStat by publicly disclosing both planned and actual data consolidation efforts and related cost savings by agency would provide stakeholders, including Congress and the public, a means to monitor agencies' progress and hold them accountable for reducing duplication and achieving cost savings.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Agriculture should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture (USDA) provided information on its efforts to ensure the quality of its commodity IT baseline data. Specifically, USDA reported having (1) developed a central repository for agencies and staff offices to populate commodity IT data and (2) provided training on the use of the repository, and (3)established an addtional level of oversight to monitor data quality. We are reviewing supporting documentation obtained from the department to determine whether the recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Agriculture should direct the CIO to fully describe the following PortfolioStat Action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for wasteful, low-value, or duplicative investments.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture provided information on the elements identified in the recommendation. We are reviewing additional supporting documentation obtained from the department to determine whether the recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, as the department finalizes and matures its valuation methodology, the Secretary of Agriculture should direct the CIO to utilize this process to identify whether there are additional opportunities to reduce duplicative, low-value, or wasteful investments.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture stated that its Chief Information Officer will formalize and implement a value-based measurement model to help determine which IT investments should be included in the USDA IT portfolio. We are reviewing supporting documentation obtained from the department to determine whether this recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Agriculture should direct the CIO to develop support for the estimated savings for fiscal years 2013 through 2015 for the Cellular Phone Contract Consolidation, IT Infrastructure Consolidation/Enterprise Data Center Consolidation, and Geospatial Consolidation initiatives.

    Agency: Department of Agriculture
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Agriculture stated that its CIO has developed supporting documentation for the cost savings/avoidance associated with the efforts identified in the recommendation. We are reviewing supporting documentation obtained from the department to determine whether this recommendation has been fully addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Commerce should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

    Agency: Department of Commerce
    Status: Open

    Comments: In its January 2014 statement of actions to address our recommendations, the Department of Commerce stated that the majority of its IT investments were made at the operating unit level and it was therefore planning on issuing policy to require consistency between the operating units' enterprise architecture and the totality of IT investments as reflected in the annual capital asset plan and business case summary submission. The department noted it would also require that consistency between the department's enterprise architecture and the IT investment portfolio is confirmed before submission of either of these artifacts. We are following up with the department to determine the status of these planned actions.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Commerce should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of Commerce
    Status: Open

    Comments: In its January 2014 statement of actions to address our recommendations, the Department of Commerce stated it had submitted two iterations of its commodity IT baseline to OMB since we made our recommendation. The department noted the PortfolioStat process and requirement to submit the baseline through the integrated data collection tool helped ensure the baseline was complete. We plan to follow up with Commerce officials.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Defense should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of Defense
    Status: Open

    Comments: In its December 2013 statement of actions to address our recommendations, the Department of Defense stated that it had efforts underway, including an initiative known as the Joint Information Environment, to further refine the Department's commodity IT baseline. As of August 2016, we found that the department's DOD IT Portfolio Repository included business and enterprise IT systems--two of three commodity IT areas defined by OMB--as part of an ongoing engagement. We are following up with the department to find out about actions to develop an inventory of assets associated with IT infrastructure--the third category of commodity IT defined by OMB.
    Recommendation: To improve the department's implementation of PortfolioStat, in the future reporting to OMB, the Secretary of Defense should direct the CIO to fully describe the following PortfolioStat action plan element: consolidate commodity IT spending under the agency CIO.

    Agency: Department of Defense
    Status: Open

    Comments: As of December 2013, the department did not concur with this recommendation stating that the commodity IT construct implemented in the PortfolioStat initiative did not work well within the department's federated processes. The department agreed, however, that a strategy, consistent with the intent of achieving better buying power and control of commodity IT items, should be developed and implemented within the department using existing authorities, and noted that it was in the process of implementing such a strategy. In August 2016, we followed up with the department to obtain an update on the status of this strategy and determine the associated reporting to OMB. As of the end of October, we were still waiting for a response.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Defense should direct the CIO to obtain support from the relevant component agencies for the estimated savings for fiscal years 2013 to 2015 for the data center consolidation, enterprise software purchasing, and General Fund Enterprise Business System initiatives.

    Agency: Department of Defense
    Status: Open

    Comments: In its statement of actions to address our recommendations, the Department of Defense stated that it already reports data center consolidation savings to both OMB and Congress and will continue to realize savings from the Enterprise Software Initiative, other strategic sourcing efforts, and the continuing implementation of General Fund Enterprise Business System initiatives. As of August 2016, we had collected support for data center consolidation as part of our ongoing data center consolidation work, and were waiting to receive support for the Enterprise Software Initiative savings for fiscal years 2013 to 2015 through recommendation follow-up for a prior software licensing review (GAO-14-413). We are following up with the department to obtain support for savings for the General Fund Enterprise Business System.
    Recommendation: To improve the U.S. Army Corps of Engineers' implementation of PortfolioStat, in future reporting to OMB, the Secretary of Defense should direct the Secretary of the Army to the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) target duplicative systems or contracts that support common business functions for consolidation; (3) establish criteria for identifying wasteful, low-value, or duplicative investments; and (4) establish a process to identify these potential investments and a schedule for eliminating them from the portfolio.

    Agency: Department of Defense
    Status: Open

    Comments: In its statement of actions to address our recommendations, the Department of Defense stated that the U.S. Army Corps of Engineers would fully describe the four action plan elements identified in this recommendation in future OMB reporting. We are following up with the department to determine the status of these efforts and obtain the associated supporting documentation.
    Recommendation: To improve the U.S. Army Corps of Engineers' implementation of PortfolioStat, the Secretary of Defense should direct the Secretary of the Army to report on the agency's progress in consolidating eCPIC to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Defense
    Status: Open

    Comments: In October 2016, the Department of Defense provided a report stating it had completed the consolidation of eCPIC to a shared service in August 2014. We are following up with the department to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Energy should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Department of Energy
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Department of Energy stated that it will update its policy orders as necessary to implement the OMB policy for consolidating commodity IT under the Chief Information Officer and include a description in future OMB reporting. The department also noted that it will work to establish additional value criteria to idenitfy low-value or duplicative federal commodity IT investments, and these criteria will be described in future OMB reporting. We are reviewing the department's reporting to OMB to determine the extent to which this recommendation has been addressed.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Environmental Protection Agency should direct the CIO to develop a complete commodity IT baseline.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In August 2014, the Environmental Protection Agency reported that it uses OMB's quarterly integrated data collection submission process to continually update the information in its baseline. We are following up with the agency to determine whether it has any process to ensure the completeness of the information that is submitted.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Administrator of the Environmental Protection Agency should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets; and (3) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In August 2014, the Environmental Protection Agency stated that, in its August 2014 PortfolioStat update, it had reported to OMB on the status of actions to consolidate commodity IT spending under the agency CIO and to establish targets for commodity IT spending reductions. The agency also stated that it was working to develop criteria for identifying wasteful, low-value, and duplicative investments. We are reviewing the August 2014 PortfolioStat update to verify the agency's claims. We plan to also follow up on efforts to develop the aforementioned criteria and any associated reporting to OMB.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Environmental Protection Agency should direct the CIO to report on the agency's progress in consolidating the managed print services and strategic sourcing of end user computing to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In its March 2014 statement of actions to address our recommendations, the Environmental Protection Agency stated that it expected its print services to take on additional devices and locations beginning in April 2014 and that a contract vehicle for the purchasing and leasing of end user computing equipment was expected to be awarded by the end of the month. We are reviewing the agency's quarterly reporting to OMB to determine whether progress on the two initiatives was reported to OMB as we recommended.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of the Interior should direct the CIO to develop a complete commodity IT baseline.

    Agency: Department of the Interior
    Status: Open

    Comments: In August 2014, the Department reported that it was planning to undertake a series of activities spanning a 15-month timeframe to create a complete commodity IT baseline, including embarking upon a statistical analysis and cost projection initiative that is intended to identify the degree of confidence in the commodity IT baseline, and develop mechanisms that will enable validation and verification in the future. We will follow up with the department on the results of its activities.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of the Interior should direct the CIO to fully describe the following PortfolioStat action plan element: establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Department of the Interior
    Status: Open

    Comments: In its January 2014 comments on our report, the Department of the Interior stated that it was undertaking a business-driven approach that will involve working wtih its governance boards to establish criteria for identifying wasteful, low-value, or duplicative investments. The department stated it would establish the criteria by December 2014. However, the department did not address whether it would be reporting its plans to OMB, which was the focus of our recomnendation. We will follow up with officials on this.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of the Interior should direct the CIO to report on the department's progress in consolidating the Electronic Forms System component of the eMail Enterprise Records & Document Management System deployment 8 to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of the Interior
    Status: Open

    Comments: In its January 2014 comments on our report, the Department of the Interior provided information on the status of its efforts to consolidate the Enterprise Forms System to a shared service and established a December 2014 target date for completion. In addition, the department stated that it would report on the status of the initiative quarterly until completion. We will follow up with the department to monitor its progress in completing the initiative and reporting on it to OMB.
    Recommendation: To improve the department's implementation of PortfolioStat, the Attorney General should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

    Agency: Department of Justice
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Justice stated that it had updated its enterprise architecture to include 100 percent of the information technology investments. However, it did not provide evidence of this action.We will follow up with the department to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Attorney General should direct the CIO to fully describe the following PortfolioStat action plan element: establish targets for commodity IT spending reductions and deadlines for meeting those targets.

    Agency: Department of Justice
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Justice (DOJ) stated that its Email and Collaboration Working Group established consolidation targets, and began Phase One of its email consolidation effort. In addition, DOJ provided information on the status of its efforts to establish additional targets. We are reviewing the information provided, as well as DOJ's reporting to OMB, to determine the extent to which this recommendation has been addressed.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Labor should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets.

    Agency: Department of Labor
    Status: Open

    Comments: In its December 2013 response to this recommendation, the Department of Labor stated that the Chief Information Officer participates in discussions to identify and eliminate duplication and facilitate the use of commodity IT and shared services through the IT governance committees. We are reviewing documentation we recently obtained from the department to determine the current status of action to address this recommendation.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Labor should direct the CIO to report on the department's progress in consolidating the cloud e-mail services to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Labor
    Status: Open

    Comments: The Department of Labor completed the consolidation of DOL agency e-mail systems into a shared cloud-based e-mail service in September 2014. In July 2015, the department provided evidence of a status report on the Office of Management and Budget IT dashboard showing completion of the initiative.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the National Aeronautics and Space Administration should direct the CIO to reflect 100 percent of information technology investments in the agency's enterprise architecture.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: in July 2015, NASA reported that it had initiated an effort referred to as Business Service Assessment (BSA) for IT to establish a more efficient IT operating model that maintains a minimum set of capabilities and meets current and future mission needs. The agency stated that one objective of the BSA is to guide technical, services, and investment decisions, create enterprise architecture and enterprise services methodologies for each IT domain that feeds into the overarching enterprise architecture for the full IT portfolio. In March 2016, the agency reported that final recommendations regarding the BSA were expected to be submitted to the Agency Mission Support Council at the end of the month. We are following up with NASA on the status of this recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Administrator of the National Aeronautics and Space Administration should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) target duplicative systems or contracts that support common business functions for consolidation; (3) establish criteria for identifying wasteful, low-value, or duplicative investments; and (4) establish a process to identify these potential investments and a schedule for eliminating them from the portfolio.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: In May 2015, NASA reported that OMB published new action items that resulted in a shift in tracking of the previous action items identified in our recommendation. In July 2015, the agency provided evidence of a July 2015 report updating OMB of the status of these items.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Archivist of the United States should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) target duplicative systems or contracts that support common business functions for consolidation; (3) establish criteria for identifying wasteful, low-value, or duplicative investments; and (4) establish a process to identify these potential investments and a schedule for eliminating them from the portfolio.

    Agency: National Archives and Records Administration
    Status: Open

    Comments: In its February 2014 statement of actions to address our recommendations, the National Archives and Records Administration reported that the four action plan elements identified in the recommendation had been included in the latest information resources management strategic plan submitted to OMB. We will review the plan to confirm whether the elements were included.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Director of the National Science Foundation should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: National Science Foundation
    Status: Open

    Comments: The National Science Foundation (NSF) reported that while OMB had not requested that the agency provide updates to the 2012 PortfolioStat action plan, NSF had provided different, OMB-requested documentation in support of annual PortfolioStat activities. We plan to follow up with the agency to determine the extent to which the documentation provided to OMB addresses our recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Director of the Office of Personnel Management should direct the CIO to develop a complete commodity IT baseline.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In August 2014, the Office of Personnel Management stated that it would be generating a policy requiring the baselines to be updated quarterly and established a target of May 2015 for fully implementing this recommendation. In March 2015, the agency stated that it was continuing to make progress toward the completion of its commodity IT baseline.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Director of the Office of Personnel Management should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) move at least two commodity IT areas to shared services and (2) target duplicative systems or contracts that support common business functions for consolidation.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In August 2014, the Office of Personnel Management stated that the initial program office responses to our recommendation represented the vision of the former Chief Information Officer (CIO). The agency stated that the new CIO's strategic plan would address duplicative systems and contracts as part of the CIO re-organization project that was underway, with the intent of bringing the different job functions under one group in order to utilize resources and common business functions more effectively. The agency established May 2015 as a target for fully implementing the recommendation. However, we have not yet received evidence of this action. We plan to follow up on the status of actions taken.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Director of the Office of Personnel Management should direct the CIO to report on the agency's progress in consolidating the help desk consolidation and IT asset inventory to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In August 2014, the Office of Personal Management (OPM) stated that a project initiated under the former Chief Information Officer's guidance deals specifically with help desk consolidation. OPM also stated it had leveraged the Remedy tool to integrate the IT asset inventory function as part of the help desk and that many of the IT asset inventory functions were now automated as part of this effort. The agency established May 2015 as a target for fully implementing the recommendation. We plan to follow up with OPM to find out about the status of actions taken to address this recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the Small Business Administration should direct the CIO to develop a complete commodity IT baseline.

    Agency: Small Business Administration
    Status: Open
    Priority recommendation

    Comments: In a recent GAO review examining whether agencies have complete inventories of business and enterprise IT systems (which represent 2 of the 3 categories of assets called for in the commodity IT baseline), SBA provided an inventory which it acknowledged did not include all systems or represent all offices. (Note: the review was summarized in GAO-16-511 issued in September 2016.) The agency noted that it was working with its offices to complete the inventory and hoped to finalize it and establish processes for updating the inventory, including possibly automating its data gathering abilities. In May 2017, SBA provided an update on the status of actions to address the recommendation. We are currently reviewing the documentation provided to determine whether SBA has fully addressed the recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, in future reporting to OMB, the Administrator of the Small Business Administration should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets; (3) target duplicative systems or contracts that support common business functions for consolidation; and (4) establish a process to identify those potential investments and a schedule for eliminating them from the portfolio.

    Agency: Small Business Administration
    Status: Open

    Comments: In June 2015, SBA stated it believed the action items would be addressed as part of its actions to implement the provisions of the Federal Information Technology Acquisition Reform Act. We reviewed the agency's December 2015 plan for implementing the law and an April 2016 update but did not find evidence of actions to address the items in the recommendation. In May 2017, SBA provided an update on the status of actions to address the recommendation. We are currently reviewing the documentation provided to determine whether SBA has fully addressed the recommendation.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Commissioner of the Social Security Administration should direct the CIO to develop a complete commodity IT baseline.

    Agency: Social Security Administration
    Status: Open

    Comments: In September 2014, the Social Security Administration (SSA) reported that the instruction set for its Special Expense Item process through which all non-labor IT dollars go now includes the definition of commodity IT baseline, and the requirement to identify all commodity IT baseline funds requested. SSA also stated it will report the commodity IT baseline results for fiscal year 2015 in its November integrated data collection report. We are reviewing the instruction set for the Special Expense Item process and SSA's November integrated data collection report to verify SSA's reported actions.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Commissioner of the Social Security Administration should direct the CIO to report on the agency's progress in consolidating the geospatial architecture to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Social Security Administration
    Status: Open

    Comments: In August 2015, the Social Security Administration (SSA) reported that it had migrated its geospatial architecture to a shared service in September 2014 and was complying with OMB reporting requirements. In July 2016, the agency provided e-mail messages and meeting minutes documenting various stages of the migration as evidence that it was completed as planned. However, SSA did not provide evidence of reporting to OMB. We are following up with SSA to obtain this evidence.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of State should direct the CIO to reflect 100 percent of information technology investments in the department's enterprise architecture.

    Agency: Department of State
    Status: Open

    Comments: According to the Department of State, since August 2014 all major and non-major IT investments and corresponding assets have been captured in enterprise architecture artifacts. We will follow up with the department to obtain documentation supporting this claim.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of State should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO; (2) establish targets for commodity IT spending reductions and deadlines for meeting those targets; (3) move at least two commodity IT areas to shared services; (4) target duplicative systems or contracts that support common business functions for consolidation; and (5) establish a process to identify those potential investments and a schedule for eliminating them from the portfolio.

    Agency: Department of State
    Status: Open

    Comments: In August 2014, the Department of State reported taking several actions to address the action plan elements we determined had not been fully described in our review. For example, it provided the Integrated Logistics Management System and the Global IT Modernization program as examples of two commodity IT investments it had moved to shared services and reported that it instituted review processes to identify duplicative efforts within the IT portfolio. The department, however, did not state whether it had reported these actions to OMB, which was the focus of our recommendation. We will follow up with the department on this.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of State should direct the CIO to report on the department's progress in consolidating the Foreign Affairs Network and content publishing and delivery services to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of State
    Status: Open

    Comments: In August 2014, the Department of State reported that it had completed the content publishing and delivery services initiative and was reporting on its progress in consolidating the Foreign Affairs Network initiative to shared services through the OMB budget process. We plan to follow up with the agency to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Transportation should direct the CIO to report on the department's progress in consolidating the Enterprise Messaging to shared services as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Transportation
    Status: Open

    Comments: In September 2015, the department reported that it had discontinued its effort to migrate the Enterprise Messaging program to shared services because it was no longer cost-effective. We plan to follow up with the department on this matter.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of the Treasury should direct the CIO to fully describe the following PortfolioStat action plan elements: (1) consolidate commodity IT spending under the agency CIO and (2) establish criteria for identifying wasteful, low-value, or duplicative investments.

    Agency: Department of the Treasury
    Status: Open

    Comments: In September 2014, the Departmnent of the Treasury provided information on its efforts to address its action plan elements, including (1) establishing a general approach to reviewing new investment requests that considers risk, value, and cost; and (2) driving Treasury's IT investment portfolio toward common platforms whenever possible. However, the department did not address whether it was reporting on these efforts to OMB, which was the focus of our recommendation. We will follow up with the department on this.
    Recommendation: To improve the department's implementation of PortfolioStat, as the department finalizes and matures its enterprise architecture and valuation methodology, the Secretary of the Treasury should direct the CIO to utilize these processes to identify whether there are additional opportunities to reduce duplicative, low-value, or wasteful investments.

    Agency: Department of the Treasury
    Status: Open

    Comments: The department described several examples of processes it had in place to identify opportunities to reduce duplicative, low-value or wasteful investments, including annual reviews of each major IT investment and monthly portfolio reviews. We plan to follow up with the department to obtain supporting documentation.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of the Treasury should direct the CIO to develop support for the estimated savings for fiscal years 2013 to 2015 for the DoNotPay Business Center, Fiscal IT Data Center Consolidation and Business Process Management Status initiatives.

    Agency: Department of the Treasury
    Status: Open

    Comments: The department provided documentation related to its DoNotPay Business Center, Fiscal IT Data Center Consolidation, and Business Process Management Status initiatives. We are reviewing the information provided and plan to follow up with the department as appropriate.
    Recommendation: To improve the agency's implementation of PortfolioStat, the Administrator of the U.S. Agency for International Development should direct the CIO to reflect 100 percent of information technology investments in the agency's enterprise architecture.

    Agency: United States Agency for International Development
    Status: Open

    Comments: In response to this recommendation, in September 2014, USAID provided GAO its guidance for establishing an IT asset inventory consistent with Federal Information Systems Management Act requirements and its guidance for purchasing equipment and services which are compliant with agency standards. In October 2015, USAID also stated that it regularly updates its enterprise architecture through maintenance of its information systems inventory and evaluation of future investments. In March 2017, the agency provided GAO documentation supporting its efforts to maintain its information systems inventory and evaluate future investments. However, USAID did not show how these activities help ensure that investments are all included in the enterprise architecture. GAO is following up with the agency on this matter.
    Recommendation: To improve the department's implementation of PortfolioStat, in future reporting to OMB, the Secretary of Veterans Affairs should direct the CIO to fully describe the following PortfolioStat action plan element: target duplicative systems or contracts that support common business functions for consolidation.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In a December 2015 update to the status of this recommendation, the department stated it was changing its governance processes and organizational structures for IT portfolio, system, project and requirements management to strengthen its ability to identify and eliminate/consolidate duplicative systems or contracts. The department recently reported that these new processes and organizations were established in the Spring of 2016, including a new strategic sourcing approach which should assist in addressing our recommendation. We are following up with the department to obtain evidence of this approach.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Veterans Affairs should direct the CIO to report on the department's progress in consolidating the dedicated fax servers to a shared service as part of the OMB integrated data collection quarterly reporting until completed.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In December 2015, the department reported that it would no longer pursue the initiative because an analysis performed in fiscal year 2014 indicated very little, if any cost savings to be achieved. The agency, however, did not provide evidence regarding any related reporting to OMB. We are following up with the department to obtain this evidence.
    Recommendation: To improve the department's implementation of PortfolioStat, as the department matures its enterprise architecture process, the Secretary of Veterans Affairs should direct the CIO to make use of it, as well as the valuation model, to identify whether there are additional opportunities to reduce duplicative, low-value, or wasteful investments.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In December 2015, the department stated it was changing its governance processes and organizational structures for IT portfolio, system, project and requirements management to strengthen its ability to identify and eliminate/consolidate duplicative systems or contracts. The department recently reported that these new processes and organizations were established in the Spring of 2016. We are following up with the department to find out how they are incorporating the use of the enterprise architecture and value model to identify opportunities to reduce duplicative, low-value, or wasteful investments.
    Recommendation: To improve the department's implementation of PortfolioStat, the Secretary of Veterans Affairs should direct the CIO to develop detailed support for the estimated savings for fiscal years 2013 to 2015 for the Server Virtualization, Eliminate Dedicated Fax Servers Consolidation, Renegotiate Microsoft Enterprise License Agreement, and one CPU policy initiatives.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In December 2015, the department reported that the scope of the Server Virtualization initiative was increased and that the cost avoidance estimates were being revised accordingly. It also reported that the Elimination of Analog Fax Lines initiative was no longer being pursued because an analysis found that it would result in very little, if any, cost savings. In regards to the Renegotiate Microsoft Enterprise License Agreement initiative, the department reported that total savings over a 5-year period were renegotiated but did not provide supporting documentation. Lastly, the department reported that a new economic justification for the One CPU Policy initiative was being developed based on a consolidation strategy, and would be provided when completed. We are following up with the department to obtain documentation supporting its reported actions.
    Director: Wise, David J
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To improve future real property cost-savings initiatives and promote reliability and transparency, the Director of OMB, in collaboration with Federal Real Property Council agencies, develop clear and specific standards for: (1) identifying and reporting savings that help ensure common understanding of the various types of cost savings; (2) consistently reporting across categories and agencies; and (3) sufficiently documenting, validating, and reviewing results.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In March 2015, GAO met with OMB officials about their implementation of a new cost estimating model that would largely implement this recommendation. OMB officials said they had engaged a contractor to develop the model and in the coming months they would be contacting member agencies on the Federal Real Property Council to obtain their feedback, with hopes of eventually incorporating the model into ongoing real property reform efforts. As of May 2016, GAO was inquiring about the status of this effort and was anticipating a meeting with OMB in the coming weeks to discuss this and other related real property efforts aimed at addressing GAO's high risk designation for this area.
    Director: Wise, David J
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To enhance transparency and allow for more informed decision making related to the appropriate role of leasing in GSA's real property portfolio, the Administrator of GSA should include in the lease prospectus a description of the length of time that an agency estimates it will need the space, an historical account of how long the agency has been in the particular building it is occupying at the time of the prospectus, and any major investments the agency will have to make to the leased space to meet its mission. For those spaces for which the agency has a long-term projected need, also include an appropriate form of cost-to-lease versus cost-to-own analysis.

    Agency: General Services Administration
    Status: Open

    Comments: As of March 2017, GSA had not incorporated the recommended information into its fiscal year 2016 lease prospectuses and did not plan to do so in future prospectuses. GSA officials stated that GSA may not know how long an agency will need the space or the amount of investment that will be needed, so this information would be difficult to incorporate. However, in its 2013 review, GAO found that 9 of the 12 case study leases included space for long-term or mission critical space needs for tenant agencies. Some of the tenant agencies in these leases had been housed in multiple successive leases far longer than the statutory term limit of 20 years for a single GSA lease-situations that would lend themselves to analyzing the extent to which it would be more cost-effective for the government to own rather than lease. Moreover, GSA and the agency are likely to have general information on the complexity and likely investment needed to meet an agency's mission-related needs in leased space that could be included in the prospectus. Including the recommended information would increase transparency and facilitate more informed decision making by Congress.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To improve the management and oversight of FPS's contract guard program, the Secretary of Homeland Security should direct the Under Secretary of National Protection and Programs Directorate (NPPD) and the Director of FPS to take immediate steps to determine which guards have not had screener or active-shooter scenario training and provide it to them and, as part of developing a national lesson plan, decide how and how often these trainings will be provided in the future.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS has indicated that they plan to implement this recommendation through its implementation of a training management system. FPS anticipates beginning implementation of this system in early 2018 and completing implementation by August 2018. GAO will continue to work with FPS to determine whether this recommendation has been implemented.
    Recommendation: To improve the management and oversight of FPS's contract guard program, the Secretary of Homeland Security should direct the Under Secretary of NPPD and the Director of FPS to require that contract guard companies' instructors be certified to teach basic and refresher training courses to guards and evaluate whether a standardized instructor certification process should be implemented.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS has indicated that they are currently assessing options for implementing a national lesson plan for guard training that addresses this recommendation. GAO will continue to work with FPS to determine whether this recommendation has been implemented.
    Director: Powner, David A
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretary of Health and Human Services should direct appropriate officials to assess whether it would be cost effective to consolidate the remaining functions of the Medicare coverage determination systems.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We contacted the department and are awaiting a response on its efforts to implement this recommendation.
    Director: Khan, Asif A
    Phone: (202) 512-9869

    2 open recommendations
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense, in his capacity as the Chief Management Officer and in consultation with the Under Secretary of Defense (Comptroller), to design and implement department-level policies and detailed procedures for FIAR Plan risk management that incorporate the five guiding principles for effective risk management. The following are examples of key features of each of the guiding principles that DOD should, at a minimum, address in its policies and procedures. (1) Identify risks. Generate a comprehensive and continuously updated list of risks that includes the root cause of each risk, audit area(s) each risk will affect, and the potential consequences if a risk is not effectively mitigated. (2) Analyze risks. Consult with key stakeholders, including program managers; use analytical techniques, such as risk categorization, risk urgency assessment, or sensitivity analysis; and determine the impact of the identified risks on individual DOD components' abilities to achieve audit readiness. (3) Plan for risk mitigation. Assign responsibility or ownership of the risk mitigation actions, define roles and responsibilities in executing mitigation plans, establish deadlines or milestones for individual mitigation actions, and estimate resource needs. (4) Implement risk mitigation plan. Document the implementation of mitigation actions, develop appropriate metrics that allow for tracking of progress, and validate reported metrics. (5) Monitor risks. Track identified risks and assess the effectiveness of implemented mitigation actions on a continuous basis, including identifying and planning for new risks.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with our recommendation. While DOD did concur with our assessment that they did not have a risk management policy and procedures related to implementing the FIAR guidance. They did not concur with our assessment of the overall environment of DOD's risk management of the FIAR initiative. DOD has taken steps to address our recommendation including implementing an NFR tracker and standard operating procedures designed to track DOD component material weaknesses. DOD has also documented a critical path and milestones in Appendix F of their FIAR Guidance; military component tasks and milestones in appendix G of the FIAR Guidance; and audit readiness deal breakers, now referred to as critical capabilities. However, while these are positive actions, they do not address our recommendation for DOD to implement risk management policies and procedures for FIAR implementation. Further, DOD has not provided GAO with evidence of planned actions it summarized in its agency comments. Specifically, DOD has not provided documentation related to (1) improving risk management documentation, (2) reinstating the DOD probability and impact matrix, and (3) re-evaluation of metrics to monitor progress and risk of audit readiness. Lastly, DOD's tracking of military component material weaknesses does not identify risks to audit readiness, or the agencies capabilities to manage risks to audit readiness. According to the May 2017 FIAR Status Update for the HASC Panel Recommendations, DOD has reinforced the importance of internal controls over areas of significant risk by updating the FIAR Guidance with a new chapter dedicated to internal controls. DOD has also changed how they respond to recommendation follow-up by way of the Washington Headquarters Service (WHS). We are currently waiting for a POC to be assigned. We will continue to evaluate the status of actions to address this recommendation.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense, in his capacity as the Chief Management Officer and in consultation with the Under Secretary of Defense (Comptroller), to consider and incorporate, as appropriate, the Navy's and DLA's risk management practices in department-level policies and procedures.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has changed how they respond to recommendation follow-up by way of the Washington Headquarters Service (WHS). We are currently waiting for a POC to be assigned. We will continue to evaluate the status of actions to address this recommendation.
    Director: Gambler, Rebecca S
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To improve the usefulness of southwest border crossing wait time data for informing public and management decisions, the Commissioner of CBP should identify and carry out steps that can be taken to help CBP port officials overcome challenges to consistent implementation of existing wait time estimation methodologies. Steps for ensuring consistent implementation of these methodologies could include, for example, implementing the fiscal year 2008 Western Hemisphere Travel Initiative report recommendations to use closed-circuit television cameras to measure wait time in real time and provide a standardized measurement and validation tool.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of May 2017, CBP officials report that in order to avoid further investment in a manual wait time methodology, the agency plans to focus resources on developing an enterprise-wide solution for automating the measurement of border delays. CBP estimates that this recommendation will be completed in October 2017.
    Recommendation: To improve the usefulness of southwest border crossing wait time data for informing public and management decisions, the Commissioner of CBP should, in consultation with Federal Highway Administration and state DOTs, assess the feasibility of replacing current methods of manually calculating wait times with automated methods, which could include assessing all of the associated costs and benefits, options for how the agency will use and publicly report the results of automated data collection, the potential trade-offs associated with moving to this new system, and other factors such as those influencing the possible expansion of existing automation efforts to the 34 other locations that currently report wait times but have no automation projects under way.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of May 2017, CBP's Office of Field Operations (OFO) reports working to identify a feasible and cost effective wait time solution to measure commercial vehicle delays along the southern border. Specifically, CBP officials report that they have been partnering with the Federal Highway Administration and the Texas A&M's Transportation Institute on the deployment of an automated radio-frequency identification measurement solution to measure commercial delays at eight crossings. To verify the accuracy of the automated wait time data, CBP officials report that in June 2016 they conducted a ground-truth analysis with mixed results. CBP officials report DHS Science and Technology directorate delivered their final report in February 2017 and by the end of September 2017, pending review and acceptance of the report's findings, CBP will coordinate efforts to develop the required communication protocols and data schematics for near real-time commercial vehicle wait time updates to the CBP Border Wait Time website and Border Wait Time app. CBP estimates that this recommendation will be completed in October 2017.
    Recommendation: To better ensure that CBP's Office of Field Operations' (OFO) staffing processes are transparent and to help ensure CBP can demonstrate that these resource decisions have effectively addressed CBP's mission needs, the Commissioner of CBP should document the methodology and process OFO uses to allocate staff to land ports of entry on the southwest border, including the rationales and factors considered in making these decisions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of May 2017, CBP's Office of Field Operations (OFO) reports that they have adopted a workload staffing model to identify CBP staffing requirements at land ports of entry. CBP officials report that the workload staffing model provides senior leadership with a decision-support tool to identify the number of required resources for each location and accounts for distinct operating environments, unique variables, and major functions and activities. CBP officials report that they use the workload staffing model results in its budget requests and when allocating staff to the ports of entry. However, CBP has not provided GAO with documentation showing how staff are allocated among land ports of entry including how workload staffing model results are used in this process. CBP officials report that in May 2017 OFO began working with contracted experts to synthesize the quantitative and qualitative data available and develop a comprehensive CBP position allocation methodology. CBP estimates that this recommendation will be completed in March 2018.
    Director: Engel, Gary T
    Phone: (202)512-8815

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To improve the reliability of the information presented in the CFS budget statements, the Secretary of the Treasury should direct the Fiscal Assistant Secretary, working in coordination with the Controller of OMB's Office of Federal Financial Management, to establish and implement effective procedures for reporting amounts in the CFS budget statements that are fully consistent with the underlying information in significant federal entities' audited financial statements and other financial data.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: As of the completion of our fiscal year 2016 consolidated financial statements (CFS) audit, Treasury and OMB agreed that this recommendation remained open. Treasury partnered with the Federal Accounting Standards Advisory Board (FASAB) to develop a Statement of Federal Financial Accounting Standards exposure draft that identifies items needed to reconcile net cost to outlays at the entity level, with a focus on demonstrating consistency with significant entities' audited financial statements. We will follow-up on progress made by Treasury and OMB as part of our fiscal year 2017 CFS audit, which is ongoing as of March 2017.
    Recommendation: To improve the reliability of the information presented in the CFS budget statements, the Secretary of the Treasury should direct the Fiscal Assistant Secretary, working in coordination with the Controller of OMB's Office of Federal Financial Management, to establish and implement effective procedures for identifying and reporting all items needed to prepare the CFS budget statements.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: As of the completion of our fiscal year 2016 consolidated financial statements (CFS) audit, Treasury and OMB agreed that this recommendation remained open. Treasury has improved its process for preparing the budget statements over the past three years and is continuing to do so. For example, Treasury has developed a reconciliation process to ensure that all cash related amounts reconcile on a monthly basis. We will follow-up on progress made by Treasury and OMB as part of our fiscal year 2017 CFS audit, which is ongoing as of March 2017.
    Director: Powner, David A
    Phone: (202)512-9286

    1 open recommendations
    Recommendation: The Secretaries of Agriculture and Commerce should address the weaknesses in agency- and bureau-led TechStat processes and management outlined in this report.

    Agency: Department of Agriculture
    Status: Open

    Comments: The agency partially agreed with our assessment of the agency's TechStat process, but has not yet implemented our recommendation. At the time of our review, we identified several weaknesses in the agency's TechStat processes and management, including holding bureau-led TechStats, incorporating TechStats in its capital planning and governance structure, providing training on TechStats, and consistently capturing action steps, deadlines, and responsibilities in its TechStat memorandums. In an April 2017 update, the agency stated that it had not held any TechStats in 2016, but had identified several candidates for TechStats within the next 6 months. In addition, the agency plans to update its capital planning documents to include the TechStat program in late summer 2017. In addition, it has not finalized its TechStat training documentation, but plans to complete the documentation in late summer 2017. We will continue to monitor the implementation of this recommendation.
    Director: Mihm, J Christopher
    Phone: (202)512-3236

    3 open recommendations
    Recommendation: To enhance the value of Performance.gov for intended audiences and improve the ability to identify and prioritize potential improvements, the Director of the Office of Management and Budget--working with the Performance Improvement Council and the General Services Administration--should clarify the ways that intended audiences could use the information on the Performance.gov website to accomplish specific tasks and specify the design changes that would be required to facilitate that use.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: OMB has taken some steps to address this recommendation, but additional actions are needed. The General Services Administration, on behalf of OMB, conducted usability testing on Performance.gov in September 2013. The test found that (1) sections of the website were not accessible; (2) users were unclear about the purpose of Performance.gov, its intended audiences, and what users can do on the website; (3) users had difficultly locating graphics and understanding if agencies had met their goals; and (4) the search functionality produced poor results and the search terms were not highlighted. This usability test produced several recommendations based on these findings. According to OMB and PIC staff in August 2015 and May 2016, they have taken some actions to address the recommendations. For example, staff addressed the accessibility issue and partly addressed the search issue. However, as of June 2017, OMB has not yet addressed the other two recommendations. Further, OMB and the PIC have not clarified the ways that intended audiences can use the information on the website to accomplish specific tasks, or specified design changes that would be required to facilitate that use, as we described in our report. We will continue to monitor progress.
    Recommendation: To enhance the value of Performance.gov for intended audiences and improve the ability to identify and prioritize potential improvements, the Director of the Office of Management and Budget--working with the Performance Improvement Council and the General Services Administration--should seek to more systematically collect information on the needs of a broader audience, including through the use of customer satisfaction surveys and other approaches recommended by HowTo.gov.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB), the General Services Administration (GSA) and the Performance Improvement Council (PIC) systematically collect information on the needs of its users, by implementing a website survey, a feedback form on Performance.gov and a working group focused on improving the PREP system. Staff have set up a backlog system to prioritize, store and address user feedback. According to PIC staff, feedback is prioritized based on several factors, including the value it would bring to a larger audience, the cost and estimated time to implement, and the risk and opportunity cost of addressing the feedback. The highest priority items on the product backlog system are placed on the monthly prioritized list for the contractor to begin work on. However, as of June 2017, OMB and the PIC have not identified, engaged, or collected information on the needs of a broader audience, such as interested members of the public, and how those needs might be addressed through the website.
    Recommendation: To enhance the value of Performance.gov for intended audiences and improve the ability to identify and prioritize potential improvements, the Director of the Office of Management and Budget--working with the Performance Improvement Council and the General Services Administration--should seek to ensure that all performance, search, and customer satisfaction metrics, consistent with leading practices outlined in HowTo.gov, are tracked for the website, and, where appropriate, create goals for those metrics to help identify and prioritize potential improvements to Performance.gov.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: As of June 2017, the Office of Management and Budget (OMB) and the Performance Improvement Council (PIC) monitor 18 of the 24 recommended performance metrics. PIC staff said that they now track the performance measures through the Digital Analytics Program, which does not track the remaining 6 measures. OMB and PIC staff have not created goals for the measures they track to help identify and prioritize potential improvements to Performance.gov. We will continue to monitor progress
    Director: Czerwinski, Stanley J
    Phone: (202) 512-6806

    3 open recommendations
    including 3 priority recommendations
    Recommendation: The Director of OMB should, in collaboration with the members of COFAR, develop and make publicly available an implementation schedule that includes performance targets, goal leaders who can be held accountable for each goal, and mechanisms to monitor, evaluate, and report on results.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: In January 2017, GAO reported that although COFAR had released its updated priorities for Fiscal Years 2016 through 2017, it had not released to the public an implementation schedule that included key elements such as performance targets, mechanisms to monitor, evaluate, and report on progress made toward its stated priorities. For this reason, this recommendation remains open.
    Recommendation: The Director of OMB should, in collaboration with the members of COFAR, clarify the roles and responsibilities for various streamlining initiatives and steps for decision making, in particular how COFAR will engage with relevant grant-making agency stakeholders and utilize agency resources.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: In January 2017, GAO reported that although COFAR had released its updated priorities for Fiscal Years 2016 through 2017, the document did not provide clarification on roles and responsibilities for its members. For this reason, this recommendation remains open.
    Recommendation: The Director of OMB should, in collaboration with the members of COFAR, improve efforts to develop an effective two-way communication strategy that includes the grant recipient community, smaller grantmaking agencies that are not members of COFAR, and other entities involved with grants management policy.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: In January 2017, GAO reported that although COFAR had released its updated priorities for Fiscal Years 2016 through 2017, the document did not provide a detailed communication strategy for the grant recipient community. For this reason, this recommendation remains open.
    Director: King, Kathleen M
    Phone: (202) 512-7114

    1 open recommendations
    Recommendation: To improve the effectiveness of the unpublished MUEs and better ensure Medicare program integrity, the CMS Administrator should consider periodically reviewing claims to identify the providers exceeding the unpublished MUE limits and determine whether their billing was proper.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: In its comments on a draft of this report, HHS concurred with this recommendation and indicated that CMS would conduct further analysis to determine the most appropriate way to respond. In July 2015, HHS told us that CMS has established a process to identify providers exceeding the unpublished MUE limits and determine whether their billing was proper. In August 2016, CMS informed us that the agency is developing a process to review provider level data to determine potential improper billing that exceeds unpublished MUE limits. However, as of September 2016, CMS has not yet implemented this process. We requested that CMS provide documentation of the process once it has been implemented. With this documentary support, we hope to close the recommendation.
    Director: Mihm, J Christopher
    Phone: (202) 512-6806

    2 open recommendations
    Recommendation: When such revisions are made, the Director of OMB should work with the Performance Improvement Council to test and implement these provisions.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: According to information provided by Office of Management and Budget (OMB) and Performance Improvement Council (PIC) staff in June 2015, although OMB revised its guidance as we recommended, it did not work with the PIC to test implementation of these provisions. Instead, they told us that both PIC and OMB staff ensure agencies are implementing these provisions of their guidance when reviewing agencies' agency priority goals (APG) quarterly update submissions. However, our analysis of agencies' APG updates in October 2016 found implementation of these provisions continues to be mixed. We will continue to monitor progress.
    Recommendation: In addition, as OMB works with agencies to enhance Performance.gov to include additional information about APGs, the Director of OMB should ensure that agencies adhere to OMB's guidance for website updates by providing a description of how input from congressional consultations was incorporated into each APG.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In June 2015, OMB staff stated that they would focus agency attention on congressional consultations and publishing relevant input from those consultations during the development of the 2016-2017 agency priority goals (APG). OMB and agencies published information about the 2016-2017 APGs on Performance.gov in October 2015. However, our analysis of relevant sections of Performance.gov in October 2016 generally found that either agencies did not include information about congressional input or they had not updated Performance.gov to reflect the most recent round of stakeholder engagement. We will continue to monitor progress.
    Director: Mihm, J Christopher
    Phone: (202) 512-6806

    4 open recommendations
    Recommendation: To improve performance management staff capacity to support performance management in federal agencies, the Director of OPM, in coordination with the PIC and the Chief Learning Officer (CLO) Council, should work with agencies to identify competency areas needing improvement within agencies.

    Agency: Office of Personnel Management
    Status: Open

    Comments: GAO reached out to Performance Improvement Council (PIC) and Office of Management and Budget staff in November 2016 and February 2017 for an update on the status of this recommendation, but has not received a response. In May 2016, the PIC had reported that it has an ongoing series of survey and focus group work that includes some issues related to learning needs, but that they do not address competency areas directly as the PIC community does not find this framework useful.
    Recommendation: To improve performance management staff capacity to support performance management in federal agencies, the Director of OPM, in coordination with the PIC and the CLO Council, should work with agencies to identify agency training that focuses on needed performance management competencies.

    Agency: Office of Personnel Management
    Status: Open

    Comments: GAO reached out to Performance Improvement Council (PIC) and Office of Management and Budget staff in November 2016 and February 2017 for an update on the status of this recommendation, but has not received a response. In May 2016, the PIC had reported that it had created and was piloting performance training to test the best way to make this training available to a broad audience. Previously, the PIC had planned to use a website, LearnPerformance.gov, to make courses on performance management competencies available. According to the PIC, the website had been taken down and there is ongoing discussion about what to do in its place.
    Recommendation: To improve performance management staff capacity to support performance management in federal agencies, the Director of OPM, in coordination with the PIC and the CLO Council, should work with agencies to share information about available agency training on competency areas needing improvement.

    Agency: Office of Personnel Management
    Status: Open

    Comments: GAO reached out to Performance Improvement Council (PIC) and Office of Management and Budget staff in November 2016 and February 2017 for an update on the status of this recommendation, but has not received a response. In May 2016, the PIC had reported that it had created and was piloting performance training to test the best way to make this training available to a broad audience. Previously, the PIC had planned to use a website, LearnPerformance.gov, to make courses on performance management competencies available. According to the PIC, the website had been taken down and there is ongoing discussion about what to do in its place.
    Recommendation: To ensure that the PIC has a clear plan for accomplishing its goals and evaluating its progress, the Director of OMB should work with the PIC to update its strategic plan and review the PIC's goals, measures, and strategies for achieving performance, and revise them if appropriate.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: GAO reached out in November 2016 and February 2017 to staff at the Office of Management and Budget and Performance Improvement Council regarding the status of this recommendation, but has not received a response.
    Director: Caldwell, Stephen L
    Phone: (202) 512-9610

    2 open recommendations
    Recommendation: To better assess risk associated with facilities that use, process, or store chemicals of interest consistent with the NIPP and the CFATS rule, the Secretary of Homeland Security should direct the Under Secretary for National Protection and Programs Directorate (NPPD), the Assistant Secretary for NIPP's Office of Infrastructure Protection (IP), and Director of ISCD to develop a plan, with timeframes and milestones, that incorporates the results of the various efforts to fully address each of the components of risk and take associated actions where appropriate to enhance ISCD's risk assessment approach consistent with the NIPP and the CFATS rule.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, they completed development of an updated tiering methodology, which incorporates improvements based on recommendations from both the external peer review of the tiering methodology and a Sandia National Laboratory (Sandia) report on economic consequences, which was submitted to the Department in the first quarter of fiscal year (FY) 2015. Additionally, according to the officials, DHS continued hosting meetings of an external experts panel consisting of representatives from other Federal agencies and the chemical and oil and natural gas industries, who have met repeatedly to review and provide input on the proposed improvements to the Chemical Facility Anti-Terrorism Standards (CFATS) tiering methodology. As noted in the tiering methodology improvement plan previously provided by the Department to GAO, the ISCD is having external entities validate and verify the updated methodology before deployment. To that end, the Homeland Security Studies and Analysis Institute (HSSAI) has reviewed and provided findings and recommendations on all parts of the updated tiering engine. Additionally, Sandia has been conducting component testing of the tiering engine as it is being updated and, beginning in January 2016, Sandia will conduct end-to-end testing of the engine. Concurrent with these efforts, ISCD has been updating the Chemical Security Assessment Tool (CSAT) applications which currently support the collection of the data used by the CFATS tiering methodology (i.e., Top-Screen, Security Vulnerability Assessment). According to the officials, deployment of these new applications cannot occur until the DHS's Information Collection Request (ICR) is approved by the White House's Office of Management and Budget (OMB), which the Department anticipates submitting to OMB in the third quarter of fiscal year 2016. We will update the status of this recommendation after additional information is received from DHS. Status as of January 20, 2016.
    Recommendation: To better assess risk associated with facilities that use, process, or store chemicals of interest consistent with the NIPP and the CFATS rule, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for IP, and Director of ISCD to conduct an independent peer review, after ISCD completes enhancements to its risk assessment approach, that fully validates and verifies ISCD's risk assessment approach consistent with the recommendations of the National Research Council of the National Academies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, the updated CFATS risk-based tiering methodology has been developed and portions of it are undergoing independent review from both HSSAI and Sandia. An independent verification and validation of the updated tiering methodology is scheduled to be conducted by Sandia beginning in January 2016. We will update the status of this recommendation after additional information is received from DHS. Status as of January 20, 2016.
    Director: Melvin, Valerie C
    Phone: (202) 512-6304

    1 open recommendations
    Recommendation: To better ensure that GCSS-Army implements effective risk management and project monitoring and control practices, the Secretary of Defense should direct the Secretary of the Army to direct the GCSS-Army program office to specify the roles and responsibilities of the IV&V agent to ensure that it acts as a third party that validates and verifies the risks and mitigation plans developed by the program office and system integrator.

    Agency: Department of Defense
    Status: Open

    Comments: According to officials from Army's Program Executive Office Enterprise Information Systems in July 2017, the Army is working to draft an updated independent verification and validation policy in response to our recommendation. These officials expected the policy to be signed by the Program Executive Officer later this summer. We will continue to follow-up with the Army regarding this draft policy and the implementation of this recommendation.
    Director: Wilshusen, Gregory C
    Phone: (202)512-6244

    2 open recommendations
    Recommendation: To effectively implement key components of the IRS information security program, the Acting Commissioner of Internal Revenue should update policies and procedures to ensure that they address (1) both methods available for granting all users access to mainframe resources, (2) audit and monitoring of access from one processing environment to another, (3) use of appropriate accounts by multiple databases on a single server, (4) data storage shared between systems, (5) out-of-date security standards, and (6) reconciliation of access privileges.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: We are evaluating IRS's implementation of this recommendation as part of the audit of IRS's FY 2017 financial statements.
    Recommendation: To effectively implement key components of the IRS information security program, the Acting Commissioner of Internal Revenue should update mainframe test and evaluation processes to improve periodic monitoring of compliance with IRS policies.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: We are evaluating IRS's implementation of this recommendation as part of the audit of IRS's FY 2017 financial statements.
    Director: Rusco, Franklin W
    Phone: (202) 512-3841

    1 open recommendations
    Recommendation: To better inform efforts for nuclear power plant emergency preparedness and planning, NRC Commissioners should obtain information on public awareness of radiological emergency preparedness for communities outside the 10-mile emergency planning zone and the likely response of those communities in the event of a radiological incident at a nuclear facility and consider how these results may affect estimates for shadow evacuations outside the zone.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Larence, Eileen
    Phone: (202)512-6510

    1 open recommendations
    Recommendation: To ensure that USNCB and ICE are providing more comprehensive information to their respective foreign counterparts regarding registered sex offenders traveling internationally, the Attorney General and the Secretary of Homeland Security should take steps to help ensure that USNCB and ICE have information on the same number of registered sex offenders as well as the same level of detail on registered sex offenders traveling internationally. Such steps could include USNCB and ICE copying each other on their notifications to their foreign counterparts or USNCB receiving information directly from the CBP National Targeting Center (NTC).

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that U.S. National Central Bureau (USNCB) and U.S. Immigration and Customs Enforcement (ICE) did not have information on the same registered sex offenders or the same level of detail on registered sex offenders traveling internationally, which affected their ability to notify their respective foreign counterparts. In part, this is because the two agencies rely on different information sources and do not share information with one another. We recommended that DOJ and DHS develop mechanisms that would enable these two agencies to have access to the same information on traveling sex offenders. In August 2013, ICE provided documentation showing that it copied several U.S. Marshals Service (USMS) officials on notifications that ICE sent to other countries regarding registered sex offenders traveling internationally. However, ICE did not copy USNCB on these notifications. ICE explained that it thought sharing information on traveling sex offenders with USMS and relying on USMS to pass that information along to USNCB was the most efficient way to share information with USNCB. However, we analyzed notifications from ICE, USNCB, and USMS regarding sex offenders who initiated international travel in February 2014 and found that USMS only passed along about 30 percent of the notifications it received from ICE to USNCB. We provided the results of this analysis to all three agencies in July 2014. We met with relevant U.S. Customs and Border Protection (CBP), ICE, USMS, and USNCB officials in September 2014 to discuss options for ensuring that USNCB receives more comprehensive information regarding traveling sex offenders. ICE officials stated that since CBP is the source of the information ICE receives on traveling sex offenders, as well as one of the information sources for USMS, that it may be best for CBP to provide information directly to USNCB. USNCB officials also stated that their preference was to receive information directly from CBP, and it was their understanding that CBP and USNCB were in the process of developing an MOU that would allow for this. In October 2015, CBP confirmed that the MOU would enable CBP to share information with USNCB regarding traveling sex offenders. CBP also stated that the MOU had been approved by CBP and sent to USNCB for review. In an April 2016 update, CBP reported that the MOU had been tentatively approved by USNCB and is expected to be finalized and signed in July 2016. In August 2016, CBP stated that the completion date for the MOU was pushed back to September 30, 2016, to allow time for CBP and USNCB to negotiate additional edits. We followed up with CBP about the status of the MOU in February 2017. We are awaiting a response.
    Director: Pickup, Sharon L
    Phone: (202)512-9619

    2 open recommendations
    Recommendation: To enhance DOD's ability to set strategic direction for its business transformation efforts, better assess overall progress toward business transformation goals, and take any necessary corrective actions, the Secretary of Defense should direct the Deputy Secretary of Defense, in his capacity as the Chief Management Officer (CMO), to ensure that the SMP includes a description of the key business transformation challenges to be addressed, sufficient context for why specific goals and strategies were chosen, and measures to address core activities.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with this recommendation, noting that future releases of the Strategic Management Plan will include key business transformation challenges, context for the inclusion of specific goals and strategies, and measures to address core activities. However, in its response, DOD also noted that the Department's senior leaders will continue to make strategic choices about which broad goals are most important and, within those goals, on which initiatives and key indicators they will focus their management attention. On July 1, 2013, DOD issued the FY 2014-2015 Strategic Management Plan. DOD subsequently issued its Agency Strategic Plan in place of the Strategic Management Plan to comply with GPRA Act Modernization Act requirements. In May 2017, the Acting Deputy Chief Management Officer (DCMO) issued a memorandum to DOD components. The memo directed implementation of DOD's Agency Reform Plan and a strategic planning framework, including the Agency Strategic Plan. As part of DOD's Agency Reform plan and strategic planning framework, each component is tasked with reviewing all business operations and proposing reform initiatives to improve efficiency, effectiveness, and accountability. The initial deadline for this review is September 2017. As part of the terms of reference, DOD components are also asked to identify goals and measures to monitor progress. We believe that the identification of reform initiatives will meet the intent of this recommendation. We will confirm after September 2017 that these initiatives have been identified.
    Recommendation: To enhance DOD's ability to set strategic direction for its business transformation efforts, better assess overall progress toward business transformation goals, and take any necessary corrective actions, the Secretary of Defense should direct the Deputy Secretary of Defense, in his capacity as the CMO, to further define DOD's performance management approach, by outlining elements such as how it will consider the various sources of performance information along with SMP performance results to monitor progress in achieving business goals and identify corrective actions and ensure this information is reviewed on a regular basis.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation, noting that the Department will continue to improve and institutionalize operations of the Defense Business Council to provide unified direction and leadership to efficiently and effectively manage the DOD business mission area. However, as of July 31, 2013, the Secretary of Defense had not issued any guidance directing the Deputy Secretary of Defense to further define DOD's performance management approach for business transformation, nor had the Deputy Secretary of Defense issued any guidance defining this approach. DOD subsequently issued its Agency Strategic Plan in place of the Strategic Management Plan to comply with GPRA Act Modernization Act requirements. In May 2017, the Acting DCMO issued a memorandum outlining to DOD components. The memo directed implementation of DOD's Agency Reform Plan and a strategic planning framework, including the Agency Strategic Plan. The DOD strategic planning framework is intended to align DOD core business functions with the Office of Management and Budget's Agency Reform Plan categories. DOD expects to complete this framework in September 2017. As part of this framework, DOD components are tasked with conducting thorough reviews of their business operations, identifying reform initiatives, and developing performance goals and measures to monitor and assess implementation of reform initiatives. We believe the establishment of this framework will meet the intent of our recommendation. We will confirm after September 2017 that this framework has been completed.
    Director: Russell, Cary B
    Phone: (202) 512-5431

    3 open recommendations
    including 1 priority recommendation
    Recommendation: To further the integration of operational contract support into all of the services' planning, the Secretary of Defense should direct the Secretaries of the Navy and Air Force to provide comprehensive service-wide guidance for the Navy, Marine Corps, and Air Force that describes how each service should integrate operational contract support into its respective organization to include planning for contingency operations.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: As of September 2017, the Marine Corps and Air Force has developed OCS guidance; however, the Navy has not. In September 2016, the Marine Corps published Marine Corps Order 4200.34 on the manning, equipping and training of OCS capability. The Corps has established a new task list to define OCS as an essential wartime fighting capability, which provides units the foundation and ability to establish Mission Essential Tasks (METs) needed to effectively and efficiently measure and report OCS mission readiness. Marine Corps also developed and published an OCS career progression plan. The Air Force has taken steps to incorporate OCS into existing guidance, and the Secretary of the Air Force issued a memorandum in April 2016 providing guidance on integrating OCS into the total force. Additionally, Air Force issued AFI 64-105, Contingency Contracting Support, in August 2016. The Navy has begun drafting-but not yet issued-an instruction for internal review. Until all the services issue OCS guidance, this recommendation will remain open.
    Recommendation: To further the integration of operational contract support into all areas of the operation planning process, the Secretary of Defense should direct the Chairman of the Joint Chiefs of Staff to focus its training about operational contract support, which is currently focused on the logistics planners, on training all planners at the combatant commands and components as necessary.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2017, DOD has taken steps to focus OCS training to all planners, including those outside the logistics directorate. In December 2015, the Joint Staff J7 certified the Joint OCS Planning and Execution (JOPEC) course of instruction for Joint training. The Joint Staff, per this training certification, is working with the Joint Deployment Training Center and the Joint Force Staff College to provide student administrative and course catalog support for future JOPEC training. Due to demand for JOPEC training by the Combatant Commands and Services, an eighth JOPEC training course was added in late FY2015. In September 2017, OSD officials stated that a detailed analysis of alternatives required to transition JOPEC to a traditional program is on track to be completed by the end of fiscal year 2017. Results will be presented to Joint Staff senior leadership and the operational contract support Functional Capabilities Integration Board during the first quarter of fiscal year 2018. We will continue to monitor these efforts and this recommendation will remain open.
    Recommendation: To enable the integration of operational contract support into service component command-level planning efforts, the Secretary of Defense should direct the Chairman of the Joint Chiefs of Staff to work with the military services as necessary to improve the level of expertise in operational contract support for the combatant commands' components.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has taken steps to improve the level of OCS expertise at the component commands. Since September 2013, the Army has complemented Joint Staff efforts by converting its Army Tactics, Techniques, and Procedures 4-10 into a Multi-Service TIP (MTTP) as a part of the DoD OCS Action Plan. The Army issued the MTTP in February 2016. Air Force and Marine Corps have also issued OCS guidance, but as of September 2017, Navy has not. We will continue to monitor these and other efforts, and the recommendation will remain open at this time.
    Director: Woods, William T
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To ensure that DOD organizations fully comply with interagency acquisition regulations, the Secretary of Defense should direct the Office of Defense Procurement and Acquisition Policy, as part of its ongoing interagency acquisition policy review, to ensure that its acquisition regulations, policies, and guidance on interagency contracting are updated to reflect new Federal Acquisition Regulation (FAR) rules, including those related to a best procurement approach determination.

    Agency: Department of Defense
    Status: Open

    Comments: In September 2014, DOD revised its acquisition regulations to incorporate additional guidance to ensure awareness of the total cost of interagency acquisitions, including fees, as part of making a determination that use of another agency's contract is in the best interest of DOD. However, DOD's regulations and guidance still do not reflect all of the factors described in the FAR which should be considered in making these determinations. In particular, DOD's regulations still do not mention assessing whether the requesting agency has the expertise to place orders and administer them against the selected contract vehicle throughout the acquisition lifecycle. In September 2017, DOD policy officials drafted new guidance to ensure that contracting officers document these factors, but this draft guidance is in the process of being reviewed and is not yet final.
    Director: Caldwell, Stephen L
    Phone: (202)512-9610

    1 open recommendations
    Recommendation: To address long-standing challenges that continue to hinder regional preparedness efforts in the NCR, the FEMA Administrator should require that the Director of NCRC assist regional officials in developing measures to better assess the implementation of the NCR's strategic plan.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In May 2017, FEMA officials reported that (1) efforts to update the NCR Homeland Security Strategic Plan had been delayed o provide more time to determine targets for each core capability, and in light of anticipated changes in the NCR homeland security and emergency management governance structure; (2) FEMA's 's Office of National Capital Region Coordination (ONCRC) held a kick-off meeting of a new NCR Strategic Plan Working Group in February 2017; and (3) the working group will continue development of the new plan with a revised estimated completion date of November 2017.
    Director: Emrey Arras, Melissa H
    Phone: (617)788-0534

    1 open recommendations
    Recommendation: To better balance the benefits of expedited rulemaking procedures with the benefits of public comments that are typically part of regular notice-and-comment rulemakings, and improve the quality and transparency of rulemaking records, the Director of OMB, in consultation with the Chairman of Administrative Conference of the United States (ACUS), should issue guidance to encourage agencies to respond to comments on final major rules, for which the agency has discretion, that are issued without a prior notice of proposed rulemaking.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: In comments on the draft report, OMB disagreed with GAO's recommendation. OMB stated that it did not believe it was necessary to issue guidance on this topic at that time. In July 2014, OMB said that it had no further comments on this recommendation. As of June 2017, OMB had not provided any additional responses to GAO's requests for an update on the status of this recommendation.
    Director: Khan, Asif A
    Phone: (202) 512-9869

    5 open recommendations
    Recommendation: To strengthen the design of controls over active duty Army military payroll, and to assure the effectiveness of the UCFR process as a compensating control for confirming the accuracy of its military pay, the Secretary of Defense should direct the Secretary of the Army to revise AR 37-104-4, Military Pay and Allowances Policy, to establish a requirement for periodic monitoring of the effectiveness of unit commander UCFR reviews.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2013, DOD and Army officials told us that the Army and Defense Finance and Accounting Service (DFAS) performed an analysis of the effectiveness of the Unit Commander Finance Report (UCFR) in preventing payroll errors. The officials shared a February 21, 2013, Army memo on the results of the analysis, which indicated that while the UCFR was an effective tool as a snapshot of a Soldier's pay, it was not comprehensive enough to provide the level of detail needed to manage many pay entitlements. Additionally, analytical results showed that in most cases, having units certify and return UCFRs to the Finance Office did not result in corrective action in the month the condition requiring action first appeared on the report. The officials told us the Army intends to rely on existing primary controls over pay transactions and the implementation of the Integrated Personnel and Pay System-Army (IPPS-A), which was targeted for implementation in 2017, to address the issues we reported rather than revising AR-37-104-4 to require certification of the UCFR and its return to the Finance Office. The Army concluded that if used properly, the UCFR could provide a secondary control for units to identify a limited number of pay discrepancies. The Army's Finance Command Director subsequently told us that because the analysis showed that the UCFR was not being used as an effective tool by unit commanders, the Army would continue to pursue methods to improve pay transaction timeliness through training and command awareness efforts, to include use of the UCFR, pending implementation of IPPS-A. For example, the Army expanded the list of entitlements that, similar to UCFRs, are sent to commands for review and increased the frequency of the command reviews. The Army also implemented a process for monitoring high-risk special pays that have an anniversary date, such as Foreign Language Proficiency Bonus, Basic Allowance for Housing, and Basic Allowance for Subsistence, and confirming that the certifications have not expired. However, DOD's May 2017 FIAR Plan Status Report showed that the Army's IPPS-A is not expected to be fully implemented until April 2020. We will continue to assess DOD's efforts to address this recommendation.
    Recommendation: To strengthen the design of controls over active duty Army military payroll, and to assure the effectiveness of the UCFR process as a compensating control for confirming the accuracy of its military pay, the Secretary of Defense should direct the Secretary of the Army to revise AR 37-104-4, Military Pay and Allowances Policy, to require unit commanders to review and submit documentation showing completion of all monthly UCFR reviews.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2013, DOD and Army officials told us that the Army and Defense Finance and Accounting Service (DFAS) performed an analysis of the effectiveness of the Unit Commander Finance Report (UCFR) in preventing late transactions for updating pay. The results of an Army analysis showed that units certifying and returning UCFRs to the Finance Office did not increase timely corrective actions being taken to a soldier's pay. In a memo dated Feb. 21, 2013, the Army stated, "Creating a mandatory process of requiring Commanders to certify and return the UCFR (even when there are no errors) imposes additional administrative requirements and associated costs on the unit, the Finance Office and DFAS." The memo further stated that, based on the sample taken, most units are already certifying UCFRs and returning them to Finance -- with little impact on Soldiers' pay." Army officials told us that based on the Feb. 21, 2013, memo and subsequent follow up, the Army intended to rely on existing primary controls over pay transactions and the implementation of the Integrated Personnel and Pay System-Army (IPPS-A) targeted for August 2017 to address the issues we reported, rather than revise AR-37-104-4 to require certification of the UCFR and its return to the Finance Office. Army officials told us they would continue to pursue methods to improve pay transaction timeliness through training and command awareness efforts, to include use of the UCFR. The Army stated that the development and fielding of IPPS-A offers opportunities for reducing errors and manual inputs, while providing improved transaction timeliness and pay accuracy. However, DOD's May 2017 FIAR Plan Status Report showed that the Army's IPPS-A is not expected to be fully implemented until April 2020. We will continue to assess DOD's efforts to address this recommendation.
    Recommendation: To strengthen the design of controls over active duty Army military payroll, and to assure the effectiveness of the UCFR process as a compensating control for confirming the accuracy of its military pay, the Secretary of Defense should direct the Secretary of the Army to revise AR 37-104-4, Military Pay and Allowances Policy, to specify the time frame for submitting UCFRs, such as no later than the 10th of the month.

    Agency: Department of Defense
    Status: Open

    Comments: In a Feb. 21, 2013 memo, the Army stated that its regulations require units to take immediate action when an error is discovered during a review of an Unit Commander Finance Report (UCFR). According to the Army, specifying a timeframe for the review and submission of UCFRs, such as 10 days, would also require the development of additional controls and monitoring procedures and create exceptions/waivers for those units deployed or on training exercises. As a result, the Army intended to rely on existing primary controls over pay transactions and the targeted implementation of the Integrated Personnel and Pay System-Army (IPPS-A) in August 2017 to address the issues, rather than revise AR-37-104-4. With the slippage in implementation of IPPS-A integrated military personnel and pay functionality to April 2020, the Army needs to reconsider our recommendation along with reasonable timeline accommodations for deployed units. We will continue to assess the Army's efforts to address this recommendation.
    Recommendation: To strengthen the design of controls over active duty Army military payroll, and to provide a means for monitoring the overall accuracy of the Army's military payroll, the Secretary of Defense should direct the DOD Comptroller to require DFAS-IN to develop criteria and establish a comprehensive metric to capture and measure all types of pay errors affecting accuracy.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2013, the Defense Finance and Accounting Service (DFAS)-Indianapolis Director told us that DFAS conducted a gap analysis for two installations (Ft. Carson and Ft. Gordon). This analysis compared data on the effective date of pay impacting transactions (e.g., Basic Allowance for Housing, Foreign Language Proficiency Pay, etc.); the date transactions were entered into the pay system; the elapsed time in days from the effective date through each step of the process to the date pay was input to the military pay system. The Army's analysis concluded that most errors that occurred were due to units' late submissions of source documents. The Army's position is that the key metric for military pay accuracy is the timeliness of processing of pay impacting transactions. The Army intended to rely on the targeted August 2017 implementation of the Integrated Personnel and Pay System-Army (IPPS-A) to address pay transaction timeliness and address any other identified issues rather than require DFAS-Indianapolis to develop additional criteria and metrics within the current systems environment to measure all types of conditions affecting accuracy. However, DOD's May 2017 FIAR Plan Status Report showed that the Army's IPPS-A is not expected to be fully implemented until April 2020. We will continue to assess DOD's efforts to address this recommendation.
    Recommendation: To strengthen the design of controls over active duty Army military payroll, and to provide a means for monitoring the overall accuracy of the Army's military payroll, the Secretary of Defense should direct the Department of Defense (DOD) Comptroller to require DFAS-IN to establish an interim mechanism at DFAS-IN for identifying and analyzing the extent and causes of all types of military payroll errors processed by Defense Military Pay Offices (DMPOs), Army Finance Offices, Defense Joint Military Pay System-Active Component (DJMS-AC), and Case Management System (CMS) to address any systemic control weaknesses.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2013, DOD and Army officials stated that DFAS, as part of its pre-assertion audit readiness efforts for the Military Pay Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization examination, has identified and validated many controls over the completeness, accuracy and validity of military pay. This included identifying gaps in internal controls and developing and implementing corrective action plans to mitigate any gaps. The Army subsequently engaged another independent public accounting firm to assess its audit readiness for the Statement of Budgetary Resources, including audit readiness for its military pay. In addition, the Army underwent an audit of its fiscal year 2015 General Fund Schedule of Budgetary Activity. Both audit engagements identified military pay issues requiring corrective action. Most recently, the audit of the Army's fiscal year 2016 Budgetary Schedule resulted in a disclaimer of opinion, in part, due to the Army's inability to produce a complete and accurate population of accession, separation, promotion/reduction, special pay, and leave populations for Active Duty, Reserve, and Guard soldiers. In January 2016, the Army auditor reported that "without the ability to produce complete populations, the risk exists that a soldier is improperly accessed, separated, promoted/reduced, awarded special pay, and/or had his or her leave account adjusted incorrectly. Further, the Army's ability to identify and correct any errors is significantly reduced, potentially misstating payroll obligations and outlays reported on the schedule." Army officials stated that it intends to rely on its current transaction timeliness metrics, pre-payment statistical sampling, Improper Payment Elimination and Reporting Act (IPERA) reporting, and eventually implementation of the Integrated Personnel and Pay System - Army (IPPS-A) to address the issues regarding completeness, accuracy, and validity of military pay. However, DOD's May 2017 FIAR Plan Status Report showed that the Army's IPPS-A is not expected to be fully implemented until April 2020. Therefore, we believe that the Army needs to revisit our recommendation and establish an interim mechanism for identifying and analyzing the extent and causes of military payroll errors and take appropriate action to address any systemic control weaknesses. We will continue to assess the Army's efforts to address this recommendation.
    Director: Mackin, Michele
    Phone: (202)512-4309

    3 open recommendations
    Recommendation: To help mitigate future confusion regarding justifications for 8(a) sole-source contracts over $20 million, the Administrator of the Office of Federal Procurement Policy, in consultation with the FAR Council, should promulgate guidance to clarify whether an 8(a) justification is required for 8(a) contracts that are subject to a pre-existing Competition in Contracting Act (CICA) class justification.

    Agency: Executive Office of the President: Office of Management and Budget: Office of Federal Procurement Policy
    Status: Open

    Comments: The FAR Council opened a FAR case (2013-018) to address the recommendations from this report by clarifying the requirement for sole source 8(a) justifications. As of July 2017, the draft proposed FAR rule was awaiting approval for release. We will continue to monitor the progress of this proposed FAR rule.
    Recommendation: To help mitigate future confusion regarding justifications for 8(a) sole-source contracts over $20 million, the Administrator of the Office of Federal Procurement Policy, in consultation with the FAR Council, should promulgate guidance to provide additional information on actions contracting officers should take to comply with the justification requirement when the contract value rises above or falls below $20 million between SBA's acceptance of the contract for negotiation under the 8(a) program and the contract award.

    Agency: Executive Office of the President: Office of Management and Budget: Office of Federal Procurement Policy
    Status: Open

    Comments: The FAR Council opened a FAR case (2013-018) to address the recommendations from this report by clarifying the requirement for sole source 8(a) justifications. As of July 2017, the draft proposed FAR rule was awaiting approval for release. We will continue to monitor the progress of this proposed FAR rule.
    Recommendation: To help mitigate future confusion regarding justifications for 8(a) sole-source contracts over $20 million, the Administrator of the Office of Federal Procurement Policy, in consultation with the FAR Council, should promulgate guidance to clarify whether and under what circumstances a separate sole-source justification is necessary for out-of-scope modifications to 8(a) sole-source contracts.

    Agency: Executive Office of the President: Office of Management and Budget: Office of Federal Procurement Policy
    Status: Open

    Comments: The FAR Council opened a FAR case (2013-018) to address the recommendations from this report by clarifying the requirement for sole source 8(a) justifications. As of July 2017, the draft proposed FAR rule was awaiting approval for release. We will continue to monitor the progress of this proposed FAR rule.
    Director: Powner, David A
    Phone: (202) 512-9286

    2 open recommendations
    Recommendation: The Secretary of Transportation should designate a senior agency official who has departmentwide responsibility, accountability, and authority for geospatial information issues. The Secretary of Transportation direct the designated senior official for geospatial information to prepare, maintain, publish, and implement a strategy for advancing geographic information and related geospatial data activities appropriate to its mission.

    Agency: Department of Transportation
    Status: Open

    Comments: In July 2016, a Transportation official told GAO that the department had completed a draft of the geospatial strategic plan that month. According to a Transportation official, as of March 1, 2017, the draft was under review. On September 8, 2017, a Transportation official stated that the department plans to issue the plan by November 1, 2017.
    Recommendation: To improve OMB oversight of geospatial information and assets, and minimize duplication of federal geospatial investments, the Director of OMB should develop a mechanism, or modify existing mechanisms, to identify and report annually on all geospatial related investments, including dollars invested and the nature of the investment.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: OMB has made progress in developing a way to identify and report annually on all geospatial-related investments, but has not completed its efforts. In March 2014, the Federal Geographic Data Committee (FGDC) issued its National Geospatial Data Asset (NGDA) Management Plan. The plan was developed in conjunction with OMB officials. One of the objectives of the plan is to develop and apply a standard definition of a geospatial investment in order to facilitate reporting on budgeted geospatial data investments, due to the fact that different definitions are being used by OMB, the FGDC community, and individual agencies. There are two supporting actions for this objective. The first action was completed with the finalization and issuance of the FGDC's Geospatial Investment Definitions for Tracking and Reporting Geospatial Investment Costs document in April 2016. The document contains a set of geospatial definitions with specific examples for each. The second action is for the geospatial community to apply the definitions in submissions to OMB during the annual federal government budget planning and reporting process. According to FGDC officials, they expect this to be challenging for a number of reasons, including the need for agencies to determine how they can align their investment tracking systems to accommodate the new definitions and the extent to which agencies will be able to use a common reporting capability. As a result, a two-pronged approach is being used. First, FGDC developed a reporting method using the theme implementation plans to support federal geospatial data investment tracking. For example, in February 2017, an official provided an implementation plan from January 2017 which included an estimate of the amount of time federal employees spent on NGDA work, and reported this as a percentage of full-time equivalents. Second, OMB worked with FGDC to revise geospatial investment reporting guidance found in OMB Circular No. A-11. Starting with fiscal year 2018 allocations (Circular No. A-11 revised July 2016), agencies are required to report on annual aggregated geospatial data investments of $100,000 or greater using the Marketplace feature of the Geospatial Platform. According to an agency official, this approach leverages existing, federal government-wide reporting methods already in place and minimizes the potential for agencies to implement separate, potentially duplicative reporting mechanisms that are not integrated with existing OMB reporting procedures. According to OMB officials as of September 7, 2017, OMB anticipates that since fiscal year 2018 will be the first year of implementation, some agencies may have challenges identifying and reporting their data. As a result, OMB states that the content and completeness of the reported information will need to be evaluated prior to determining its fitness and application for overseeing geospatial investments.
    Director: Lepore, Brian J
    Phone: (202)512-4523

    3 open recommendations
    Recommendation: To enable DOD to achieve cost savings and efficiencies and to track its progress toward achieving these goals, the Secretary of Defense should direct the Deputy Under Secretary of Defense (Installations and Environment) to develop and implement a plan that provides measurable goals linked to achieving savings and efficiencies at the joint bases and provide guidance to the joint bases that directs them to identify opportunities for cost savings and efficiencies. DOD should at a minimum consider the items identified in its recommendation to the 2005 BRAC Commission as areas for possible savings and efficiencies, including (1) paring unnecessary management personnel, (2) consolidating and optimizing contract requirements, (3) establishing a single space management authority to achieve greater utilization of facilities, and (4) reducing the number of base support vehicles and equipment.

    Agency: Department of Defense
    Status: Open

    Comments: DOD did not concur with this recommendation. The department stated that its "patient" approach to cost savings is working, and that the senior joint base working group decided against savings targets because of the complexity involved in setting up the bases. As of October 2017, there had been no further action on this recommendation, according to an official of the Office of the Secretary of Defense's joint basing office.
    Recommendation: To improve DOD's ability to provide a common framework for the management and planning of support services at the joint bases, the Secretary of Defense should direct the Deputy Under Secretary of Defense (Installations and Environment) to direct the joint bases to compile a list of those common standards in all functional areas needing clarification and the reasons why they need to be clarified, including those standards still being provided or reported on according to service-specific standards rather than the common standard.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with this recommendation. It stated that the department already has a quarterly process to review its joint base common standards, and that reviewing all the standards simultaneously does not allow for the depth of analysis required to make sound decisions. An official from the joint basing office of the Office of the Secretary of Defense stated that DOD believes its current review and update process for the joint base common standards is effective and does not need to be changed. As of October 2017, there had been no further action on this recommendation, according to an official of the joint basing office.
    Recommendation: To improve DOD's ability to provide a common framework for the management and planning of support services at the joint bases, the Secretary of Defense should direct the Deputy Under Secretary of Defense (Installations and Environment) to amend the OSD joint standards review process to prioritize review and revision of those standards most in need of clarification within this list.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with his recommendation. The department stated that it already has a quarterly joint base common standards review process, and that reviewing all the standards simultaneously does not allow for the depth of analysis required to make sound decisions. In addition, it noted that the current process incorporates input from the Joint Base commanders, Intermediate Command Summit, and service headquarters. An official from the joint basing office of the Office of the Secretary of Defense stated that DOD believes its current review and update process for the joint base common standards is effective and does not need to be changed. As of October 2017, there had been no further action on this recommendation, according to an official of the Office of the Secretary of Defense's joint basing office.
    Director: King, Kathleen M
    Phone: (202) 512-7114

    1 open recommendations
    including 1 priority recommendation
    Recommendation: In order to promote greater use of effective prepayment edits and better ensure proper payment, and to promote implementation of effective edits based on national policies, the CMS Administrator should develop written procedures to provide guidance to agency staff on all steps in the processes for developing and implementing edits based on national policies, including (1) time frames for taking corrective actions, (2) methods for assessing the effects of corrective actions, and (3) procedures for ensuring consideration of automated edits whenever possible, including for all existing NCDs and other national policies.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open
    Priority recommendation

    Comments: HHS concurred with this recommendation. CMS developed written procedures in November 2012 to provide guidance to agency staff on procedures for ensuring consideration of automated edits whenever possible, as GAO recommended in November 2012, but these procedures do not include several key elements of GAO's recommendation. For example, the written procedures do not include time frames for making decisions on whether an edit will be developed for all existing National Coverage Determinations (NCD) and national policies. The written procedures also do not include requirements for methods to assess the effects of corrective actions taken. Implementing a comprehensive written process for developing edits for national policies could help ensure that edits are implemented whenever possible to reduce improper payments. As of September 2017, CMS had not provided us updated documentation that addressed these aspects of our recommendation. Once received, we will review the information and update this recommendation accordingly.
    Director: Caldwell, Stephen L
    Phone: (202)512-9610

    1 open recommendations
    Recommendation: To better ensure consistent implementation of and accountability for DHS's resilience policy, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to develop an implementation strategy for this new policy that identifies the following characteristics and others that may be deemed appropriate: (1) steps needed to achieve results, by developing priorities, milestones, and performance measures; (2) responsible entities, their roles compared with those of others, and mechanisms needed for successful coordination; and (3) sources and types of resources and investments associated with the strategy, and where those resources and investments should be targeted.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In the 60-day letter provided in January 2013, DHS indicated that the Resilience Integration Team (RIT) was developing a draft implementation plan to be circulated among relevant stakeholders for review. On 10/30/13, we notified DHS that we would like to see a copy of the resilience policy implementation plan (if developed), or any other related documentation if the plan is still in development. We were informed later that day that a draft plan had been developed, and DHS needed to confirm its status. In May of 2015, we were told again that a draft plan had been developed but never finalized. As of August 2015, DHS's Policy Office is looking into the status of plan development. We await their response. DHS response still pending as of 10/4/16.
    Director: Powner, David A
    Phone: (202) 512-9286

    5 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that major steady state IT investments are being adequately analyzed, the Secretaries of Defense, Veterans Affairs, and the Treasury should direct appropriate officials to develop an OA policy, annually perform OAs on all investments, and ensure the assessments include all key factors.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has stated it is developing OA policy, but has yet to provide a timeframe for when it will be completed. In addition, we are waiting for fiscal year 2016 OAs.
    Recommendation: To ensure that major steady state IT investments are being adequately analyzed, the Secretaries of Defense, Veterans Affairs, and the Treasury should direct appropriate officials to develop an OA policy, annually perform OAs on all investments, and ensure the assessments include all key factors.

    Agency: Department of the Treasury
    Status: Open
    Priority recommendation

    Comments: The Department of Treasury has developed an OA policy and is currently performing OAs on investments. However, we are waiting for fiscal year 2016 investment OAs to determine if all key factors are being met.
    Recommendation: To ensure that major steady state IT investments are being adequately analyzed, the Secretaries of Defense, Veterans Affairs, and the Treasury should direct appropriate officials to develop an OA policy, annually perform OAs on all investments, and ensure the assessments include all key factors.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: We are waiting for VA to provide its finalized OA policy and for fiscal year 2016 OAs.
    Recommendation: The Secretaries of Homeland Security and Health and Human Services should direct their Chief Information Officers to ensure OAs are performed annually on all major steady state investments and the assessments include all key factors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security has updated their OA policy and is currently performing OAs on investments. We received fiscal year 2016 OAs for CBP but are waiting for the rest of the departments OAs for FY2016.
    Recommendation: The Secretaries of Homeland Security and Health and Human Services should direct their Chief Information Officers to ensure OAs are performed annually on all major steady state investments and the assessments include all key factors.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We are waiting for HHS's fiscal year 2016 OAs.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To strengthen DHS's evaluation and planning process for addressing employee morale, the Secretary of Homeland Security should direct the Office of the Chief Human Capital Officer (OCHCO) and component human capital officials to examine their root cause analysis efforts and, where absent, add the following: comparisons of demographic groups, benchmarking against similar organizations, and linkage of root cause findings to action plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2012, we reviewed and reported on actions DHS took to address the morale of its employees. We reported, among other things, that DHS's Office of the Chief Human Capital Officer and DHS components had not consistently used three survey analysis techniques when analyzing employee survey results--comparisons of demographic groups, benchmarking against similar organizations, and linking root cause findings to action plans. DHS OCHCO officials, and supporting documentation, indicate some actions taken to incorporate these techniques. Specifically, as of June 2017, officials provided copies of the DHS FY 2017 Component Employee Engagement Action Plans. We reviewed the action plans and spoke with DHS OCHCO officials to determine the extent to which DHS's action plans addressed our recommendation. Several action plans we reviewed included evidence of utilizing the three survey analysis techniques we recommended, while other action plans lack some or all of the techniques. For example, components whose action plans fully address the recommendation includes: Customs and Border Protection (CBP), Federal Emergency Management Agency (FEMA), Immigration and Customs Enforcement (ICE), and the Transportation Security Administration (TSA). Components whose action plans partially address the recommendation are: U.S. Citizenship and Immigration Services (USCIS), U.S. Coast Guard (USCG), and U.S. Secret Service (USSS). National Protection and Programs Directorate's (NPPD) action plan did not address any of the three survey analysis techniques. According to DHS OCHCO officials, while OCHCO developed a checklist to consult when creating action plans to address employee survey results, senior management decided not to require that components use the checklist in developing their action plans as it may limit their freedom to develop their goals and planning. To fully address this recommendation, DHS OCHCO officials need to continue to provide documentary evidence of demographic analysis, benchmarking, and root cause linkage efforts completed for components that have not fully addressed the recommendation in their action plans. DHS OCHCO officials agreed with our analysis and reiterated their intent to fully implement this recommendation. We will update the status of this recommendation after additional information is received from DHS. Status as of June 2017.
    Recommendation: To strengthen DHS's evaluation and planning process for addressing employee morale, the Secretary of Homeland Security should direct the OCHCO and component human capital officials to establish metrics of success within the action plans that are clear and measurable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2012, we reviewed and reported on actions DHS took to address the morale of its employees. We reported, among other things, that DHS's Office of the Chief Human Capital Officer and DHS components measures of action plan success related to employee morale could have improved clarity and incorporate measurable targets. DHS officials regularly provided us with copies of annual component employee engagement action plans, most recently as of June 2017. We reviewed the action plans and spoke with DHS OCHCO officials to determine the extent to which DHS's action plans addressed our recommendation. Our review in June 2017 indicated that most components' action plans included clear and measureable targets. For example, components whose action plans fully address the recommendation include CBP, Coast Guard, FEMA, ICE, NPPD, USCIS, and USSS. TSA's action plans partially addressed the recommendation and the component is taking steps to improve its measures. To fully address this recommendation, DHS OCHCO officials need to continue to provide documentary evidence of improved measure clarity and incorporate measurable targets in components' action planning efforts. DHS OCHCO officials agreed with our assessment and told us that they continue to provide feedback to component officials to address action planning improvement. These officials reiterated their efforts to fully implement this recommendation and we will update the status of this recommendation after additional information is received from DHS.
    Director: Chaplain, Cristina T
    Phone: (202) 512-4841

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To improve departmentwide strategic sourcing efforts at DOD, the Secretary of Defense should direct the Office of Acquisition, Technology, and Logistics to issue direction that (1) sets goals for spending managed through strategic sourcing vehicles, (2) establishes procedures for the identification and tracking of departmentwide and component strategic sourcing efforts through the PASS office, (3) implements the PASS office strategic sourcing guidance, (4) links strategic sourcing to its Better Buying Power memorandum, and (5) establishes metrics, such as utilization rates, to track progress toward these goals.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our recommendation. To fully implement this recommendation, DOD should improve department-wide strategic sourcing efforts to achieve significant cost savings. DOD has been working with the Office of Management and Budget's Category Management Leadership Council to determine appropriate strategic sourcing goals, but specific goals and corresponding metrics have not yet been established.
    Recommendation: To improve departmentwide strategic sourcing efforts at DOD, the Secretary of Defense should direct the Office of Acquisition, Technology, and Logistics to identify and evaluate the best way to strategically source DOD's highest spending categories of products and services (e.g., governmentwide vehicles, interagency collaboration, departmentwide vehicles).

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our recommendation. To fully implement this recommendation, DOD should improve department-wide strategic sourcing efforts to achieve significant cost savings. DOD has been working with the Office of Management and Budget's Category Management Leadership Council to determine appropriate strategic sourcing goals, but specific goals and corresponding metrics have not yet been established.
    Director: Wilshusen, Gregory C
    Phone: (202) 512-6244

    1 open recommendations
    Recommendation: To help mitigate vulnerabilities in mobile devices, the Chairman of the Federal Communications Commission should monitor progress of wireless carriers and device manufacturers in achieving their milestones and time frames once an industry baseline of mobile security safeguards has been implemented.

    Agency: Federal Communications Commission
    Status: Open

    Comments: FCC plans on monitoring the progress of wireless carriers and device manufacturers in achieving their milestones and time frames through one-on-one cyber risk management assurance meetings with service providers. FCC stated that it anticipates the meetings will begin within the next year pending the Commission's adoption of the policy statement for conducting the recommended meetings. We will validate these actions in the coming year.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help mitigate the risk of poor acquisition outcomes and strengthen the department's investment management activities, the Secretary of Homeland Security should direct the Under Secretary for Management to, once the department's acquisition programs comply with DHS acquisition policy, prioritize major acquisition programs departmentwide and ensure that the department's acquisition portfolio is consistent with DHS's anticipated resource constraints.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with this recommendation, and stated that its effort to more fully reflect portfolio management practices in its acquisition policy will help DHS prioritize its major acquisition programs departmentwide. DHS also stated that the revised portfolio management approach will help ensure that the department's acquisition portfolio is consistent with anticipated resource constraints. However, it has taken years for some of the department's major acquisition programs to comply with DHS's acquisition policy, which requires getting approval for key acquisition documentation that contains the critical knowledge needed for DHS to make effective portfolio management decisions. In February 2017, we found that DHS had approved the required acquisition documentation for all of its major acquisition programs and planned to continue to ensure that all major acquisition programs have approved documents, such as acquisition program baselines. Now that major acquisition programs are in compliance with DHS's acquisition policy, GAO will evaluate the department's implementation of its revised portfolio management approach to determine whether DHS has met the intent of this recommendation by ensuring that the department's acquisition portfolio is consistent with DHS's anticipated resource constraints.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should develop and implement a new comprehensive and reliable system for contract guard oversight.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FPS officials, as of September 2017, FPS is currently reviewing proposals and preparing to make a decision for the final contract award for a Post Tracking System (PTS). According to FPS, this PTS will allow FPS to comprehensively and reliability mange its contract guards. Once the contract is awarded in late 2017 FPS will begin to implement the PTS system. GAO is keeping this recommendation open pending successful implementation of this system.
    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should verify independently that FPS's contract guards are current on all training and certification requirements.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FPS officials, as of September 2017, FPS plans to address this recommendation through the implementation of FPS?s Training Academy and Management System (TAMS). FPS reported that this system should allow it to verify independently that FPS's contract guards are current on all training and certification requirements. FPS is currently taking various steps to finalize the system and anticipates full implementation of TAMS by August 2018. GAO is leaving this recommendation open pending successful implementation of TAMS.
    Director: Farrell, Brenda S
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To improve the effectiveness of the implementation of the Joint Duty Program and to help ensure that institutional knowledge about the program transcends the individual tenure of each serving Joint Duty Program Chief, the Director of National Intelligence should develop a comprehensive strategic framework for the Joint Duty Program. This framework could include things such as (1) clearly defining its mission, (2) establishing performance goals, (3) developing quantifiable metrics for measuring progress toward achieving performance goals, (4) determining the financial resources necessary to accomplish the mission of the program, (5) using performance information and metrics to make decisions to improve the program, and (6) communicating results effectively with each of the IC elements.

    Agency: Office of the Director of National Intelligence
    Status: Open

    Comments: As of September 2017, the Office of the Director of National Intelligence has not implemented this recommendation.
    Director: Scire, Mathew J
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To help meet the requirements of the Recovery Act's Section 1602 provisions to help ensure the long-term viability of the buildings, the Secretary of the Treasury should assess the extent to which HFAs are utilizing information provided to them by project owners duringthe 15-year compliance period, taking into account the level of investor equity in projects.

    Agency: Department of the Treasury
    Status: Open

    Comments: In an email from Treasury on September 14, 2015, officials stated that they have taken no additional actions since the report was issued. At that time, they sent copies of the report to the state HFAs with instructions for the HFAs to fulfill their duties. However, this does not insure the HFAs maintain their asset management responsibilities during the 15 year compliance period as required by Section 1602. On January 24, 2017, the agency informed us that they plan no further action on this recommendation.
    Director: Goldenkoff, Robert N
    Phone: (202)512-3000

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To improve the Bureau's process of organizational transformation, long-term planning, and strategic workforce planning for the 2020 Census, and thus better position the Bureau to carry out a cost-effective decennial census, the Secretary of Commerce should require the Under Secretary for Economic Affairs who oversees the Economics and Statistics Administration, as well as the Director of the U.S. Census Bureau to, in order to ensure prioritization and timely completion of all necessary research and testing efforts, as well as timely transition to later 2020 Census phases, develop and implement a long-term planning schedule that includes key milestones and deadlines, including (1) deadlines for decisions that directly affect activity in later 2020 Census phases; (2) a schedule for creating, revising, or updating governance, program management, and system engineering and architecture plans to be used in later 2020 Census phases beyond research and testing; and (3) expected times of delivery for Bureau-wide enterprise tools, processes, and standards that 2020 Census planning would be expected to use.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: Commerce agreed with this recommendation. Bureau officials released an operational plan in November 2015, including a high-level timeline for much of the remaining activity, but final schedules of delivery for Bureau-wide enterprise tools, processes, and standards are being revised and are not yet complete. In June 2016, officials announced that the Bureau would finalize its updated schedule in July 2016. To fully implement this recommendation, the Bureau needs to finalize program management and other governance documents applicable to the current and later phases of the decennial lifecycle, as well as finalizing schedules for delivery of Bureau-wide enterprise tools, processes, and standards. As of July 2017, Bureau officials reported they were working to provide artifacts they believe may address this recommendation.
    Recommendation: To improve the Bureau's process of organizational transformation, long-term planning, and strategic workforce planning for the 2020 Census, and thus better position the Bureau to carry out a cost-effective decennial census, the Secretary of Commerce should require the Under Secretary for Economic Affairs who oversees the Economics and Statistics Administration, as well as the Director of the U.S. Census Bureau to, in order to improve the Bureau's process for following up on Bureau and oversight agencies' recommendations to improve the 2020 Census, (1) assess the status of recommendation follow-up at regular intervals, such as every 12 months; and (2) periodically report on the status of recommendation follow-up--such as on the Bureau's intranet or Internet pages.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: Commerce agreed with this recommendation. The Bureau assigns outstanding recommendations from GAO and others within the Bureau's knowledge management database to various leads, such as specific 2020 Census research and testing project teams. The Bureau regularly collates status updates on our open recommendations as well as the Office of Inspector General for reporting to department officials. The Bureau has begun quarterly meetings with us to discuss open GAO recommendations. When the status of its own internal recommendations -- such as from evaluations of its earlier tests -- is more visible inside and outside the Bureau, the Bureau's knowledge management will be better positioned to help the Bureau achieve goals of a cost-effective census. To fully implement this recommendation, the Bureau needs to implement mechanisms to capture lessons learned from its ongoing research and testing experience for recommendations in its database, and periodically report on the status of all open recommendations. As of July 2017, the Bureau is actively collecting artifacts, but has not yet provided evidence of either regular or open reporting on the status of other recommendations, such as from its own prior evaluations, ongoing tests, or the National Academy of Sciences.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    3 open recommendations
    Recommendation: To help ensure that FEMA's agencywide workforce planning and training efforts are conducted in a comprehensive and integrated manner, the FEMA Administrator should identify and document long-term and quantifiable mission critical goals that reflect the agency's priorities for workforce planning and training.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In October 2016, agency officials said they had contracted for the development of a Workforce Strategic Plan that is intended to assess current steady state staffing needs based on mission requirements and establish workforce models capable of determining future needs based on workload drivers. Further, they said the plan will monitor and evaluate FEMA's progress towards mission critical goals and the contribution that human capital results have made towards achieving programmatic priorities. In July 2017, they provided an updated estimate that the plan will be completed by June 2020. Pending completion of this effort, the recommendation will remain open.
    Recommendation: To help ensure that FEMA's agencywide workforce planning and training efforts are conducted in a comprehensive and integrated manner, the FEMA Administrator should establish a time frame for completing the development of quantifiable performance measures related to workforce planning and training efforts.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In October 2016, agency officials said they had contracted for the development of a Workforce Strategic Plan that is intended to assess current steady state staffing needs based on mission requirements and establish workforce models capable of determining future needs based on workload drivers. Once complete, they said the plan will identify performance metrics to track FEMA's progress towards mission critical goals regarding workforce planning and training efforts. In July 2017, they provided an updated estimate that the plan will be completed by September 2020. Pending completion of this effort, the recommendation will remain open.
    Recommendation: To better inform FEMA's decision-making related to agencywide workforce planning and training efforts, the FEMA Administrator should develop systematic processes to collect and analyze workforce and training data.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In July 2017, officials reported that FEMA's Chief Component Human Capital Office was preparing a Training Plan that will outline the collection and analysis methodology of training data with an estimated completion date of September 2018. Pending documentation of the results of these efforts this recommendation will remain open.
    Director: Martin, Belva M
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To better inform management and resource allocation decisions, effectively manage limited export control enforcement resources, and improve the license determination process, the Secretary of Homeland Security and the Attorney General, as they implement efforts to track resources expended on export control enforcement activities, should use such data to make resource allocation decisions.

    Agency: Department of Justice
    Status: Open

    Comments: DOJ had identified plans to make continual improvements to the investigative and prosecutorial data to allow better tracking and refined resource allocation decisions going forward. However, we have not been able to obtain status information from Justice despite our attempts.
    Recommendation: To better inform management and resource allocation decisions, effectively manage limited export control enforcement resources, and improve the license determination process, the Secretary of Homeland Security, in consultation with the departmental representatives of the Export Enforcement Coordination Center, including Commerce, Justice, State, and the Treasury should (1) leverage export control enforcement resources across agencies by building on existing agency efforts to track resources expended, as well as existing agency coordination at the local level; (2) establish procedures to facilitate data sharing between the enforcement agencies and intelligence community to measure illicit transshipment activity; and (3) develop qualitative and quantitative measures of effectiveness for the entire enforcement community to baseline and trend this data.

    Agency: Department of Homeland Security
    Status: Open

    Comments: To help track resources expended and coordination of enforcement resources, the E2C2 has ratified and implemented the investigative deconfliction protocol. The Export Enforcement Coordination Center (E2C2) has also ratified and implemented the dispute resolution protocol and it is being used by all E2C2 partners. These are two of seven standard operating procedures planned to be in use by the E2C2. The Intelligence Community engagement/information protocols are being addressed through the E2C2 Export Enforcement Intelligence Working Group to help facilitate data sharing, and ICE, through the E2C2, is still in the process of establishing interagency agreement on procedures to facilitate data sharing between the enforcement agencies and intelligence community to assist in measuring illicit transshipment activity. The E2C2 Intel Cell White Paper is complete, but the Cell is not staffed or operational. This Cell is to serve as the primary interagency conduit for defining, establishing, and implementing protocols and facilitating information sharing between the IC and export enforcement community. The white paper outlines the E2C2 Intel Cell's mission, general roles and functions, recommended tasks and structure to facilitate enhanced coordination and intelligence sharing. When established, the Cell will develop standard operating procedures but this has not yet occurred. In late August 2016, the Department of Commerce assigned a new Assistant Director and