Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Information sharing"

    58 publications with a total of 176 open recommendations including 14 priority recommendations
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    3 open recommendations
    Recommendation: To ensure progress is made toward the implementation of any IT enhancements needed to establish electronic public health situational awareness network capabilities mandated by PAHPRA, the Secretary of HHS should direct the Assistant Secretary for Preparedness and Response to task an integrated project team, made up of an IT project manager and business owner, with including specific actions in the Public Health and Medical Situational Awareness Strategy Implementation Plan for conducting all activities required to establish and operate the network.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure progress is made toward the implementation of any IT enhancements needed to establish electronic public health situational awareness network capabilities mandated by PAHPRA, the Secretary of HHS should direct the Assistant Secretary for Preparedness and Response to task the integrated project team with developing a project management plan that includes measurable steps--including a timeline of tasks, resource requirements, estimates of costs, and performance metrics--that can be used to guide and monitor HHS's actions to establish the network defined in the plans.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure progress is made toward the implementation of any IT enhancements needed to establish electronic public health situational awareness network capabilities mandated by PAHPRA, the Secretary of HHS should direct the Assistant Secretary for Preparedness and Response to conduct all IT management and oversight processes related to the establishment of the network in accordance with Enterprise Performance Life Cycle Framework guidance, under the leadership of the HHS CIO.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    3 open recommendations
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to, in coordination with the Director, USMEPCOM, and the military services develop a clear process with defined roles and responsibilities to ensure that complete Existed Prior to Service (EPTS) separation medical records for enlistees who separated within 180 days of service from the military services' basic training sites are provided to USMEPCOM.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to, in coordination with the Director, USMEPCOM, establish a schedule to repair the internal EPTS database so that USMEPCOM can provide more regular and specific feedback to MEPS chief medical officers.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to, in coordination with the Under Secretary of Defense for Acquisition, Technology, and Logistics and the DOD Healthcare Management Systems Program Executive Office, develop a schedule of actions for deploying its new electronic health record system, MHS GENESIS, within USMEPCOM that includes key activities such as the major actions required to accomplish this effort, completion dates for all actions leading up to these events, and dates for the system's deployment to MEPS locations.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Valerie Melvin
    Phone: (202) 512-6304

    6 open recommendations
    Recommendation: To provide clinicians and pharmacists with improved tools to support pharmacy services to veterans and reduce risks to patient safety, the Secretary of Veterans Affairs should direct the Assistant Secretary for Information and Technology and the Under Secretary for Health to establish and implement a plan for updating the pharmacy system to address the inefficiencies with viewing patient medication data in the Outpatient Pharmacy application and between the pharmacy application and viewers.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and in August 2017 stated that it had identified $4 million in fiscal year 2018 to establish a pharmacy graphical user interface. According to the department, it plans to complete its action in response to this recommendation by June 2018.
    Recommendation: To provide clinicians and pharmacists with improved tools to support pharmacy services to veterans and reduce risks to patient safety, the Secretary of Veterans Affairs should direct the Assistant Secretary for Information and Technology and the Under Secretary for Health to complete a plan for the implementation of an approach to data standardization that will support the capability for clinicians and pharmacists to view complete DOD data and receive order checks that consistently include DOD data.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred in principle with our recommendation and in August 2017 stated that it plans to implement the electronic health record system that is being deployed by DOD, which will present VA clinicians with complete DOD data and the ability to perform order checks on DOD data. In parallel, the department is continuing and expanding the implementation of data standardization. According to the department, it plans to complete its action in response to this recommendation by October 2019.
    Recommendation: To provide clinicians and pharmacists with improved tools to support pharmacy services to veterans and reduce risks to patient safety, the Secretary of Veterans Affairs should direct the Assistant Secretary for Information and Technology and the Under Secretary for Health to conduct an assessment to determine to what extent interoperability of VA's pharmacy system with DOD's pharmacy system is impacting transitioning service members.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and in May 2017 stated that the health executive committee would complete an assessment to determine the extent interoperability with DOD's pharmacy system is impacting transitioning service members. According to the department, it planned to complete its actions in response to this recommendation by September 2017. We will update the status of this recommendation when VA provides documentation of its interoperability assessment to us.
    Recommendation: To provide clinicians and pharmacists with improved tools to support pharmacy services to veterans and reduce risks to patient safety, the Secretary of Veterans Affairs should direct the Assistant Secretary for Information and Technology and the Under Secretary for Health to develop and execute a plan for implementing the capability to send outbound e-prescriptions to non-VA pharmacies, in accordance with National Council for Prescription Drug Programs standards.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and in August 2017 stated that it will review its plan for e-prescribing functionality after it has signed a contract to adopt the electronic health record system that is being deployed by DOD. According to the department, it plans to complete its action in response to this recommendation by March 2018.
    Recommendation: To provide clinicians and pharmacists with improved tools to support pharmacy services to veterans and reduce risks to patient safety, the Secretary of Veterans Affairs should direct the Assistant Secretary for Information and Technology and the Under Secretary for Health to ensure that the department's evaluation of alternatives for electronic health records includes consideration for additional generation level 3 capability such as navigating from an alert to medication order in the electronic health record system.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and in August 2017 stated that it had entered into contract negotiations to acquire and deploy a level 3 electronic health record system that is expected to address pharmacy functions. The department plans to award this contract in December 2017. We will update the status of this recommendation when VA provides documentation of its evaluation of alternatives to us.
    Recommendation: To provide clinicians and pharmacists with improved tools to support pharmacy services to veterans and reduce risks to patient safety, the Secretary of Veterans Affairs should direct the Assistant Secretary for Information and Technology and the Under Secretary for Health to reassess the priority for establishing an inventory management capability to monitor and update medication levels and track when to reorder medications.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation and in August 2017 stated that it will reassess the prioritization of medication inventory management after a contract for adoption of the electronic health record system is signed in December 2017. According to the department, it plans to complete its action in response to this recommendation by June 2018.
    Director: Jacqueline M. Nowicki
    Phone: (617) 788-0580

    2 open recommendations
    Recommendation: To enhance its oversight of discretionary grantee performance, the Secretary of Education should direct the Risk Management Service (RMS) to work with principal offices, as appropriate, to establish and implement detailed written supervisory review procedures for official grant files to provide reasonable assurance that grant staff perform and document key monitoring activities.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education substantially agreed with this recommendation. The agency noted that it planned to establish a standard operating procedure for grant file reviews, including a protocol for the review of these files to ensure that monitoring efforts are documented appropriately.
    Recommendation: To enhance its oversight of discretionary grantee performance, the Secretary of Education should direct RMS to work with principal offices, as appropriate, to develop guidance for grant staff on using the PAM Module to share information on grantee performance. Such guidance could clarify expectations about when staff should use the "Issues" and "Notable Results" tabs while monitoring grantees once the transition to electronic grant files is complete, and clarify the types of information staff should enter about grantee performance.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education substantially agreed with this recommendation. The agency noted that it planned to reinforce through grant administration trainings the importance of sharing grantee performance information agency-wide, including in the PAM Module.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    9 open recommendations
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should determine the extent to which the statutorily required implementing principles apply to NCCIC's cybersecurity functions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC is currently conducting an analysis of all mission functions to include the following goals: simplify the descriptions of NCCIC's mission functions, document all NCCIC functional capabilities, document the applicability of implementing principles to NCCIC mission functions, and map as appropriate. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should develop metrics for assessing adherence to applicable principles in carrying out statutorily required functions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that they were still in the process completing mission functional analysis described in DHS's response to Recommendation 1, which would serve as the basis of developing metrics. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should establish methods for monitoring the implementation of cybersecurity functions against the principles on an ongoing basis.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC is updating existing policies and procedures for program management reviews (PMR) to include the metrics developed in recommendation two. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should integrate information related to security incidents to provide management with more complete information about NCCIC operations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the NCCIC updated guidelines for incident reporting would be completed in May 2017. In addition, according to DHS, incident management system requirements were updated to support the new guidelines and are scheduled to be implemented in June 2017. DHS stated that these steps will enable the successful implementation of the new National Cyber Incident Scoring Schema (NCISS), which the NCCIC Watch Operations uses to help facilitate the timely, actionable, and relevant dissemination of information to leadership. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. As of August 2017, DHS has not provided evidence that the new guidelines have been implemented. However, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should determine the necessity of reducing, consolidating, or modifying the points of entry used to communicate with NCCIC to better ensure that all incident tickets are logged appropriately.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NCCIC had completed initial mapping of information flows, as well as the roles and responsibilities for the incident management function. A plan to integrate or consolidate disparate incident reporting systems is scheduled to be completed in December 2017. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should develop and implement procedures to perform regular reviews of customer information to ensure that it is current and reliable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that NPPD is gathering the requirements for a customer relationship management (CRM) tool that will support regular reviews and updates to customer information. Additionally, DHS stated that NCCIC will establish and implement a standing operating procedure for capturing and regularly updating prioritized customer information including contact information in the event of an incident. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should take steps to ensure the full representation of the owners and operators of the nation's most critical cyber-dependent infrastructure assets.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the Office of Cybersecurity and Communications is establishing integrated customer engagement activities that support cyber risk mitigation and incident response planning. In addition, NCCIC will develop standing operating procedures that leverage existing information sharing programs, activities and relationships to tailor engagements that support owners and operators of the most critical cyber-dependent infrastructure assets including designated lifeline sectors. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should establish plans and time frames for consolidating or integrating the legacy networks used by NCCIC analysts to reduce the need for manual data entry.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the Assistant Secretary of Office of Cybersecurity and Communications (CS&C) had consolidated the Enterprise Architecture role within the Office of the Chief Technology Officer (CTO). Working across CS&C, the CTO will establish a technology roadmap, to include consolidation of networks. In addition, NCCIC is working to determine the potential impact of network consolidation on mission functions, including mapping current data sources. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should identify alternative methods to collaborate with international partners, while ensuring the security requirements of high-impact systems.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS stated that the potential reduction in sharing cybersecurity products that may result from migrating the NCCIC Portal to HSIN should be minimal. Contingency information sharing plans will be developed to mitigate potential issues through alternate information sharing practices, particularly involving an actual incident during migration transition. Foreign partnerships will continued to be maintained by exercises, analytic exchanges with our closest partners, and continued participation in multilateral and bilateral engagements. Once completed, we will analyze the output of NCCIC's efforts in this area to determine the extent to which DHS has fulfilled this recommendation. In August 2017, DHS officials stated an update on the status of the recommendations was forthcoming in September 2017. We will review the evidence provided and update the recommendation status as appropriate.
    Director: Rebecca Shea
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To provide circuits with information needed to help guide future space-reduction and use decisions, the Director of AOUSC should document and share additional practices on innovative and cost-effective use or design of appellate courtrooms and judges' chambers, such as scheduling, redesign, and sharing arrangements, and any other potential approaches, with all regional circuits in order to help them determine the feasibility of these options for their circuit.

    Agency: Administrative Office of the United States Courts
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Susan Fleming
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To continue the agency's efforts to improve state and local emergency preparedness for rail accidents involving hazardous materials, the Secretary of Transportation should, after the rulemaking is finalized, develop a process for regularly collecting information from state emergency response commissions on the distribution of the railroad-provided hazardous-materials-shipping information to local planning entities.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Kay E. Brown
    Phone: (202) 512-7215

    2 open recommendations
    including 1 priority recommendation
    Recommendation: The Secretary of Agriculture should take additional steps to collect and disseminate information on promising practices that could help improve data matching processes among state SNAP agencies, including broad and timely dissemination of information on results of recent relevant pilots or demonstrations.

    Agency: Department of Agriculture
    Status: Open
    Priority recommendation

    Comments: The U.S. Department of Agriculture's (USDA) Food and Nutrition Service (FNS) agreed with this recommendation. The agency noted it is moving in this direction and would build on current efforts to address them. GAO will monitor these efforts and consider closing the recommendation when these efforts have been completed.
    Recommendation: The Secretary of Agriculture should work with the Department of Health and Human Services (as appropriate) to analyze spending and understand data needs for SNAP across federal and state contracts and in relation to other programs as FNS explores ways to potentially reduce the costs of using commercial data services.

    Agency: Department of Agriculture
    Status: Open

    Comments: The U.S. Department of Agriculture's (USDA) Food and Nutrition Service (FNS) agreed with this recommendation. The agency noted it has been moving in this general direction and would build on current efforts to address it. GAO will monitor these efforts and consider closing the recommendation when these efforts have been completed.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    22 open recommendations
    Recommendation: To assist CISOs in carrying out their responsibilities, the Director of OMB should issue guidance for agencies' implementation of the FISMA 2014 requirements to ensure that (1) senior agency officials carry out information security responsibilities and (2) agency personnel are held accountable for complying with the agency-wide information security program. This guidance should clarify the role of the agency CISO with respect to these requirements, as well as implementing the other elements of an agency-wide information security program, taking into account the challenges identified in this report.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) partially concurred with this recommendation, but does not intend to directly issue guidance as recommended. Instead, we are reviewing the relevant OMB memoranda that officials believe address the intent of the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with the FISMA 2014, the Secretary of Commerce should define the CISO's role in department policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce concurred with the recommendation, stating that the department's policy documents are expected to be updated by the end of the 4th Quarter in 2017. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the senior information security officer (SISO) is defined in department policy in accordance with FISMA 2014, the Secretary of Defense should define the SISO's role in department policy for ensuring that information security policies and procedures are developed and maintained.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) did not concur with our recommendation, nor has it provided evidence that it has implemented the recommendations.
    Recommendation: To ensure that the role of the SISO is defined in department policy in accordance with FISMA 2014, the Secretary of Defense should define the SISO's role in department policy for ensuring that the department has procedures for incident detection, response, and reporting.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) partially concurred with our recommendation, but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the SISO is defined in department policy in accordance with FISMA 2014, the Secretary of Defense should define the SISO's role in department policy for oversight of security for information systems that are operated by contractors on the department's behalf.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) partially concurred with our recommendation, but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy for ensuring that subordinate security plans are documented for the department's information systems.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy for ensuring that all users receive information security awareness training.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy for ensuring that the department has a process for planning implementing, evaluating, and documenting remedial actions.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy for oversight of security for information systems that are operated by contractors on the department's behalf.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Energy should define the CISO's role in department policy in the periodic authorization of the department's information systems.

    Agency: Department of Energy
    Status: Open

    Comments: The Department of Energy concurred with the recommendation, and estimates completion by March 1, 2018. The Department decided in April 2017 to make significant updates to its Cyber Security Program, and estimates it will take up to nine months to gain Departmental concurrence, complete revisions, and close this recommendation. However, the Department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Health and Human Services should define the CISO's role in department policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: The Department of Health and Human Services concurs with our recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Attorney General should define the CISO's role in department policy for ensuring that information security policies and procedures are developed and maintained.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurs with our recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Attorney General should define the CISO's role in department policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice concurs with our recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of State should define the CISO's role in department policy for ensuring that the department has procedures for incident detection, response, and reporting.

    Agency: Department of State
    Status: Open

    Comments: The Department of State (State) concurred with this recommendation. We are currently reviewing the evidence provided by State to determine whether the role of the CISO has been defined in its policy to for ensuring that State has procedures for incident detection, response, and reporting.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Transportation should define the CISO's role in department policy for ensuring that subordinate security plans are documented for the department's information systems.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation concurred with the recommendation and is currently updating its Cybersecurity Policy. The Department plans to be complete by June 29, 2018. However, the department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the CISO is defined in department policy in accordance with FISMA 2014, the Secretary of Transportation should define the CISO's role in department policy for ensuring that security controls are tested periodically.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation concurred with the recommendation and is currently updating its Cybersecurity Policy. The Department plans to be complete by June 29, 2018. However, the department has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To ensure that the role of the senior agency information security officer (SAISO) is defined in agency policy in accordance with FISMA 2014, the Administrator of the Environment Protection Agency should define the SAISO's role in agency policy for ensuring that subordinate security plans are documented for the department's information systems.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency (EPA) concurred with our recommendation. We are currently reviewing the evidence provided by EPA to determine whether the role of the SAISO has been defined in its policy to for ensuring that subordinate security plans are documented for the agency's information systems.
    Recommendation: To ensure that the role of the SAISO is defined in agency policy in accordance with FISMA 2014, the Administrator of the Environment Protection Agency should define the SAISO's role in agency policy for ensuring that plans and procedures are in place to ensure recovery and continued operations of the department's information systems in the event of a disruption.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency (EPA) concurred with our recommendation. We are currently reviewing the evidence provided by EPA to determine whether the role of the SAISO has been defined in its policy to ensure recovery and continued operations of the agency's information systems in the event of a disruption.
    Recommendation: To ensure that the role of the SAISO is defined in agency policy in accordance with FISMA 2014, the Administrator of the Environment Protection Agency should define the SAISO's role in agency policy in the periodic authorization of the department's information systems.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The Environmental Protection Agency (EPA) concurred with our recommendation. We are currently reviewing the evidence provided by EPA to determine whether the role of the SAISO has been defined in agency policy for the periodic authorization of the department's information systems.
    Recommendation: To ensure that the role of the SAISO is defined in agency policy in accordance with FISMA 2014, the Administrator of the National Aeronautics and Space Administration should define the SAISO's role in agency policy for oversight of security for information systems that are operated by contractors on the agency's behalf.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: The National Aeronautics and Space Administration (NASA) concurred with our recommendation. We are currently reviewing the evidence provided by NASA to determine whether the role of the SAISO has been defined in agency policy for oversight of security for information systems that are operated by contractors on NASA's behalf.
    Recommendation: To ensure that the role of the CISO is defined in agency policy in accordance with FISMA 2014, the Administrator of the Small Business Administration should define the CISO's role in agency policy for ensuring that personnel with significant security responsibilities receive appropriate training.

    Agency: Small Business Administration
    Status: Open

    Comments: The Small Business administration (SBA) concurs with our recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Director: Sager, Michelle A
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: The Administrator of General Services, in consultation with the STOC, should develop a travel data management approach, including common reporting formats that would provide GSA with more consistent travel cost data allowing GSA to compare travel costs across federal agencies. GSA could also include in this data management approach the planned implementation of the shared services model that would allow agencies to share a wide range of travel services with each other. This process could reduce both administrative costs and burden to the government and enable data-driven decision making.

    Agency: General Services Administration
    Status: Open

    Comments: According to GSA officials, GSA will take the following actions: (1) conduct a rest program to determine the opportunities and barriers for creating a reliable, standardized data repository containing government-wide travel spending data (pending OMB Director approval); (2) develop and test, in coordination with volunteer agencies and the GSA City Pairs Program personnel, an airfare savings dashboard to assimilates data from multiple sources and provides information on savings and opportunities for additional airfare savings by agencies; (3) publish an FTR Bulletin that identifies 5 core travel Key Performance Indicators that all agencies should use to improve travel management via standardized data; and (4) Identify and promote consistent adaptation of standardized default configurations of air and lodging choices within all E-Gove Travel Service 2 systems. As of August 2017, according to agency officials, they expect to implement this recommendation by the end of September 2017.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should clearly document the ECPC's strategic goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should establish a mechanism to track progress by the ECPC's member agencies in implementing the ECPC's recommendations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should clearly define the roles and responsibilities of the ECPC's member agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Diana C. Maurer
    Phone: (202) 512-9627

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To allow for more efficient use of data on missing and unidentified persons contained in the NCIC's Missing Persons and Unidentified Persons files and NamUs, the Directors of the FBI and NIJ should evaluate the feasibility of sharing certain information among authorized users, document the results of this evaluation, and incorporate, as appropriate, legally and technically feasible options for sharing the information.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In commenting on GAO's June 2016 report, DOJ disagreed with our recommendation, because DOJ believes it does not have the legal authority to fulfill the corrective action as described in the proposed recommendation. Specifically, DOJ stated that the National Missing and Unidentified Persons System (NamUs) does not qualify, under federal law, for access to the National Crime Information Center (NCIC) and is not an authorized user to receive NCIC data. Therefore, DOJ does not believe there is value in evaluating the technical feasibility of integrating these two databases. In March 2017, DOJ reiterated its position that any such sharing was prohibited by law. We understand the legal framework placed on NCIC and that it may be restricted from fully integrating with a public database. However, this statutory restriction does not preclude DOJ from exploring options to more efficiently share information within the confines of the current legal framework. Until DOJ studies whether such feasible mechanisms exist, it will be unable to make this determination, risking continued inefficiencies through fragmentation and overlap.
    Recommendation: To allow for more efficient use of data on missing and unidentified persons contained in the NCIC's Missing Persons and Unidentified Persons files and NamUs, the Directors of the FBI and NIJ should evaluate the feasibility of sharing certain information among authorized users, document the results of this evaluation, and incorporate, as appropriate, legally and technically feasible options for sharing the information.

    Agency: Department of Justice: Office of Justice Programs: National Institute of Justice
    Status: Open
    Priority recommendation

    Comments: In commenting on GAO's June 2016 report, DOJ disagreed with our recommendation, because DOJ believes it does not have the legal authority to fulfill the corrective action as described in the proposed recommendation. Specifically, DOJ stated that the National Missing and Unidentified Persons System (NamUs) does not qualify, under federal law, for access to the National Crime Information Center (NCIC) and is not an authorized user to receive NCIC data. Therefore, DOJ does not believe there is value in evaluating the technical feasibility of integrating these two databases. In March 2017, DOJ reiterated its position that any such sharing was prohibited by law. We understand the legal framework placed on NCIC and that it may be restricted from fully integrating with a public database. However, this statutory restriction does not preclude DOJ from exploring options to more efficiently share information within the confines of the current legal framework. Until DOJ studies whether such feasible mechanisms exist, it will be unable to make this determination, risking continued inefficiencies through fragmentation and overlap.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    8 open recommendations
    Recommendation: To help identify opportunities for cost savings, the Secretary of the Department of Defense should direct the Office of Defense Procurement and Acquisition Policy to issue guidance or instruction to help ensure that components make reasonable efforts to analyze component-level purchase card spend patterns to identify areas for possible savings.

    Agency: Department of Defense
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation and stated that the department will issue guidance to help ensure that components make reasonable efforts to analyze component-level purchase card spend patterns to identify areas of potential savings. In September 2016, DOD issued guidance asking its components to analyze purchase card spend for potential cost savings and to consider broader application of cost savings opportunities across the department. We will continue to follow up with DOD to determine what steps have been taken to communicate findings.
    Recommendation: To help identify opportunities for cost savings, the Secretary of the Department of Energy should take reasonable steps to regularly analyze agency-wide purchase card spend patterns to identify areas such as high-use vendors or frequently purchased commodities for further analysis.

    Agency: Department of Energy
    Status: Open

    Comments: The agency concurred with this recommendation and has begun implementation of a Spend Analytics Database to support capture and analysis of data on agency-wide spending patterns. The department has compiled data and begun testing the new databases to determine if useful reports can be generated to assist agency-wide purchase card spending analysis.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The department concurred with this recommendation and updated its purchase card manual November 2016 to encourage components to perform additional spend analysis for the identification of strategic sourcing opportunities, but it is unclear how results of analysis will be communicated for broader application across the agency. The department is also working with industry partners to increase the level of shared data for purchase card transactions and will develop a plan to communicate these data across the agency to support information sharing and increases strategic sourcing opportunities.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of Defense
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation and stated that guidance that encourages local examination of purchase card spend patterns to identify opportunities for cost savings will be developed. In September 2016, DOD issued guidance asking its components to analyze purchase card spend for potential cost savings and to consider broader application of cost savings opportunities across the department. The guidance also asked components and services to report the results of these analysis to purchase card management officials. We will continue to follow up with DOD to determine what steps have been taken to communicate findings.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of Energy
    Status: Open

    Comments: The agency concurred with this recommendation and will update its guidance, policy, and procedures to encourage local officials to examine purchase card spend patterns to identify opportunities to obtains savings and to share information on such efforts. Revisions were under review by the department in August 2017.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of the Interior
    Status: Open

    Comments: The department partially concurred with this recommendation, agreeing that it would be useful to perform analysis of purchase card spend patterns to identify opportunities for savings. However, rather than issue guidance, it will encourage its bureau charge card leads to use available tools to extract and share data with buyers and program managers. The department will also encourage bureau program and acquisition managers to share spend data across regional boundaries to identify potential opportunities to negotiate lower costs for commonly used items.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The department concurred with our recommendation and plans to develop guidance and implement strategic sourcing for all purchasing requirements to include purchase cards. Additionally the department will update purchase card policy to encourage agency officials to analyze spend patterns to identify opportunities to obtain savings and share information on these efforts. Further, the agency has developed a quarterly report to identify the top merchants receiving payment through the purchase card program in order to assist officials in identifying opportunities for strategic sourcing.
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: The agency provided comments indicating its concurrence with this recommendation, noting that it looks forward to opportunities to benchmark with other agencies and share information on approaches taken to identify opportunities which led to positive strategic sourcing outcomes.
    Director: Andrew Von Ah
    Phone: (213) 830-1011

    3 open recommendations
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, in consultation with officials from the military service components and the JAMRS office, to develop a formal process for coordination on crosscutting issues to facilitate better leveraging of resources. As part of this process, DOD could review existing advertising programs to identify opportunities to reduce unnecessary duplication, overlap, and fragmentation and obtain potential efficiencies.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, a DOD official from the office of Under Secretary of Defense for Personnel and Readiness stated that a working group drafted an Instruction on DOD advertising and marketing and this instruction will be signed within the next 30 days. The instruction requires that the relevant departmentwide office will meet quarterly with the military service marketing representatives to discuss best practices and to look for efficiencies. Further, the official stated that the Army has directed the Army National Guard to work through Army Marketing and Research Group regarding their marketing efforts, which consolidates all Army marketing efforts within one office. The Air force is also in discussion to determine how best to consolidate the marketing efforts of its Guard and Reserve components with the Active Duty to gain efficiencies. We will monitor the issuance of the instruction and the efforts of the Air Force to consolidate activities.
    Recommendation: The Secretary of Defense should direct the Secretaries of the Departments of the Army, the Navy, and the Air Force to ensure that each military service component fully measure advertising performance. This should include both the identification of measurable goals in future versions of the service components' advertising plans and assurance that the service components have access to the necessary performance data to determine the effectiveness of their advertising activities for lead generation activities.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, a DOD official from the office of Under Secretary of Defense for Personnel and Readiness stated that a working group drafted an Instruction on DOD advertising and marketing and this instruction will be signed within the next 30 days. The instruction requires that the relevant department-level office will meet quarterly with the military service marketing representatives to discuss best practices and to look for efficiencies. Upon issuance of the instruction, we will assess the direction provided to the services in the instruction regarding performance measurement.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to ensure, as the department undertakes its effort to issue a department-wide policy for advertising, that this policy (1) clearly defines DOD's role in overseeing the advertising activities of military service components; (2) clarifies issues related to sports-related advertising; and (3) outlines procedures that should guide the components' advertising activities for other types of advertising, such as music concerts, other event advertising, and digital advertising.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, a DOD official from the office of Under Secretary of Defense for Personnel and Readiness stated that a work group session was held in October 2016 and based on the outcome of that work group, DOD has drafted an Instruction on DOD advertising and marketing. That instruction is currently in the "Pre-Signature" phase as a priority instruction which means it should be signed and published within the next 30 days. We will continue to monitor the issuance of this instruction.
    Director: Michael J. Courts
    Phone: (202) 512-8980

    2 open recommendations
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should specify time frames for working with VWP countries to institute the additional VWP security requirements, including the requirement that the countries fully implement agreements to share information about known or suspected terrorists through the countries' Homeland Security Presidential Directive 6 arrangements and Preventing and Combating Serious Crime agreements with the United States.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, DHS reported that nearly all VWP countries have begun sharing information on known or suspected terrorists through Homeland Security Presidential Directive 6 arrangements and that DHS also made progress in fully implementing Preventing and Combating Serious Crime agreements. According to DHS, all VWP countries were informed of the new VWP requirements in July 2016. In its initial response, DHS stated that it planned to conduct a comprehensive assessment of VWP countries' compliance with the new VWP requirements and establish a time frame for each VWP country to reach full compliance as part of each country's next formal review. However, as of April 2017, DHS needs to provide documentation to GAO to support all of these actions. GAO will continue to monitor DHS efforts to fully address this recommendation.
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should take steps to improve DHS's timeliness in reporting to Congress, within the statutory time frame, the department's determination of whether each VWP country should continue participating in the program and any effects of the country's participation on U.S. law enforcement and security interests.

    Agency: Department of Homeland Security
    Status: Open

    Comments: Since 2016, DHS has issued several reports on VWP countries to Congress that have addressed several of the overdue reports identified in 2016, but some gaps remain. As of April 2017, DHS reported plans to deliver additional reports in 2017 to address these gaps. In its initial response, DHS reported that the department had taken steps to ensure timely reporting to Congress and committed to providing Congress with advance notification of any delays in delivering future reports. To fully address this recommendation, DHS needs to issue reports to Congress on VWP countries that have not been covered within the last two years. GAO will continue to monitor DHS efforts.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    7 open recommendations
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to collect and monitor deployed civilians' perceptions related to mental health care.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to leverage recommendations made by the RAND Corporation in its 2014 report on mental health stigma in the military to update and clarify policies as needed to remove stigmatizing provisions, such as career restrictions that may be too limiting for individuals who have received mental health care.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to establish a clear, consistent definition of those barriers to care generally understood by DOD as "mental health care stigma," to include explanations of its causes or contributing risk factors and ways that stigma is apparent in behaviors and policies.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to establish goals for efforts to address barriers to care generally understood by DOD as "stigma reduction efforts," and performance measures that link to these goals.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to develop a method to collect and analyze information on barriers to seeking mental health care, including stigma, so that reliable data may be gathered and used to measure the effectiveness of stigma reduction efforts over time.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to designate an entity to coordinate efforts to reduce mental health care stigma, among other barriers to care.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Intelligence to reissue consolidated guidance, incorporating subsequent updates for the denial or suspension of access to classified information and for assignment to sensitive duties based solely on information about mental health care.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Seto Bagdoyan
    Phone: (202) 512-6722

    2 open recommendations
    Recommendation: The Administrator of SBA should direct the Associate Administrator of Business Development to document its planned method for tracking revenue generated under subsidiaries' primary and secondary lines of business, with milestones and timelines for when and how the method will be implemented.

    Agency: Small Business Administration
    Status: Open

    Comments: GAO is reviewing documentation that SBA provided regarding actions that it has taken to address this recommendation and is currently determining whether these actions fully address the recommendation.
    Recommendation: The Administrator of SBA should direct the Associate Administrator of Business Development to provide the appropriate level of access to and sharing of relevant subsidiary data across district offices, including primary and secondary North American Industry Classification System codes and revenue data, once SBA develops a database with the capabilities of collecting and tracking this revenue data as we recommended in 2012.

    Agency: Small Business Administration
    Status: Open

    Comments: GAO is reviewing documentation that SBA provided regarding actions that it has taken to address this recommendation and is currently determining whether these actions fully address the recommendation.
    Director: Steve D. Morris
    Phone: (202) 512-3841

    6 open recommendations
    Recommendation: To strengthen USDA's ability to better manage and monitor the progress of the Blueprint, including efforts to streamline and improve administrative services, the Secretary of Agriculture should direct the Assistant Secretary for Administration to develop a complete list identifying all of the Blueprint efforts under way and document key information needed to monitor their progress, such as status of implementation, time frames for completion, and related performance measures.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of March 2017, we have requested an update from the coordinator for USDA's Blueprint for Stronger Service on USDA's actions, if any, to implement this recommendation.
    Recommendation: To strengthen USDA's ability to better manage and monitor the progress of the Blueprint, including efforts to streamline and improve administrative services, the Secretary of Agriculture should direct the Assistant Secretary for Administration to reexamine the adequacy of the staff and budget resources committed to the day-to-day management of the Blueprint, and further leverage existing departmental resources as needed.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of March 2017, we have requested an update from the coordinator for USDA's Blueprint for Stronger Service on USDA's actions, if any, to implement this recommendation.
    Recommendation: To improve USDA's efforts to identify and track the benefits of the Blueprint, the Secretary of Agriculture should direct the Assistant Secretary for Administration to document the methodologies used to calculate any savings claimed for the Blueprint effort to ensure any such estimate is based on quality information.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of March 2017, we have requested an update from the coordinator for USDA's Blueprint for Stronger Service on USDA's actions, if any, to implement this recommendation.
    Recommendation: To improve USDA's efforts to identify and track the benefits of the Blueprint, the Secretary of Agriculture should direct the Chief Financial Officer to develop a cost-effective method, using existing data systems, to collect and track USDA's spending on administrative services to identify baseline spending and target areas for future cost savings.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of March 2017, we have requested an update from the coordinator for USDA's Blueprint for Stronger Service on USDA's actions, if any, to implement this recommendation.
    Recommendation: To improve USDA's efforts to identify and track the benefits of the Blueprint, the Secretary of Agriculture should direct the Assistant Secretary for Administration to systematically identify and track nonfinancial benefits from USDA's Blueprint efforts to better gauge the Blueprint's progress and more fully report its results.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of March 2017, we have requested an update from the coordinator for USDA's Blueprint for Stronger Service on USDA's actions, if any, to implement this recommendation.
    Recommendation: To enhance USDA's efforts to share lessons learned from the Blueprint, the Secretary of Agriculture should direct the Assistant Secretary for Administration to maintain and promote existing web-based collaboration tools, including keeping information in these tools current, for agencies and staff offices to report their experiences and lessons learned from their Blueprint efforts to help strengthen internal information sharing and inform future efforts.

    Agency: Department of Agriculture
    Status: Open

    Comments: As of March 2017, we have requested an update from the coordinator for USDA's Blueprint for Stronger Service on USDA's actions, if any, to implement this recommendation.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    9 open recommendations
    Recommendation: The Secretary of Homeland Security should direct Network Security Deployment (NSD) to determine the feasibility of enhancing NCPS's current intrusion detection approach to include functionality that would detect deviations from normal network behavior baselines.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 Update: In Feb. 2017, DHS officials stated that they have continued pilot activities that will enable DHS to identify suspicious network activity based on anomalous behavior and reputation and have collected lessons learned that are being tracked by the NCPS Program Management Office. Officials added that DHS had identified a contractor to support the transition of the pilot, including drafting an implementation plan; however, it had yet to award a contract due to lack of resources. As such, the agency did not have an estimated date on the completion of a draft plan for how the transition would be implemented. We requested that DHS provide a copy of the draft implementation plan for our review, when it became available. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct NSD to determine the feasibility of developing enhancements to current intrusion detection capabilities to facilitate the scanning of traffic not currently scanned by NCPS.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the NCPS Program Management Office is working with participating Internet Service Providers (ISP) to develop plans to support IPv6 for Traffic Aggregation, DNS redirection, and SMTP quarantining capabilities. Officials stated that an implementation plan that would include all ISP schedules for all planned intrusion prevention services would be available in the third quarter of fiscal year 2017. Additionally, regarding encrypted traffic, officials stated that it is conducting an analysis of Security on Encrypted Traffic (SonET) to better understand options for addressing the challenges, viability of options, and how the issue is being addressed at a broader industry level. The study is scheduled to continue through the fourth quarter of fiscal year 2017. We asked DHS to provide the ISP implementation plans (when finalized) and any findings from the ongoing SCADA and Encrypted traffic studies. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct United States Computer Emergency Readiness Team (US-CERT) to update the tool it uses to manage and deploy intrusion detection signatures to include the ability to more clearly link signatures to publicly available, open-source data repositories.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS stated that the NCPS PMO is working with participating Internet Service Providers (ISP) to develop plans to support IPv6 for Traffic Aggregation, DNS redirection, and SMTP quarantining capabilities. Officials stated that an implementation plan that would include all ISP schedules for all planned intrusion prevention services would be available in the third quarter of fiscal year 17. Additionally, officials stated that NSD is conducting an analysis on Security on Encrypted Traffic (SonET) to better understand options for addressing the challenges, viability of options, how the issue is being addressed at a broader industry level. The study will continue through the fourth quarter of fiscal year 2017. We asked DHS to provide the ISP implementation plans (when finalized) and any output/results (findings) from the ongoing studies DHS has related to SCADA and Encrypted traffic. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to consider the viability of using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, as an input into the development and management of intrusion detection signatures.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that enhancements were made so that Continuous Diagnostics and Mitigation program (CDM) data can be viewed with the Cyber Indicators Analysis Program (CIAP). Officials stated that the CDM data now may be combined with known vulnerability findings from NCATS and known threats collected from the CIAP system to further prioritize signature development as necessary. We have requested a meeting with DHS to observe the described enhancements. We believe that we will be able to close this recommendation, once we observe the claimed enhancements.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to develop a timetable for finalizing the incident notification process, to ensure that customer agencies are being sent notifications of potential incidents, which clearly solicit feedback on the usefulness and timeliness of the notification.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 Update: In Feb. 2017, DHS stated that US-CERT is in the process of developing a targeted survey of EINSTEIN customers (based off of a prior survey). Additionally, US-CERT has updated the Incident Reporting Guidelines to address previously mentioned process concerns. We have requested a copy of these guidelines and will review the modifications made within. Additionally, DHS stated that modifications to the Remedy ticketing system are underway that would allow for the inclusion of user feedback. These changes are anticipated to be implemented by October 2017. We likely would not be able to close this recommendation until we could review the results of the modifications.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop metrics that clearly measure the effectiveness of NCPS's efforts, including the quality, efficiency, and accuracy of supporting actions related to detecting and preventing intrusions, providing analytic services, and sharing cyber-related information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the Office of Cyber Security and Communications (CS&C) had developed, refined, and were baselining a first set of measures that relate to the Einstein 3A program. Further, they are considering adding one of these measures as an addition to the measures tracked in support of the yearly Government Performance and Results Act (GPRA) required reporting in FY 2018. Additionally, DHS officials stated they are developing information sharing related measures, including exploring how its public and private sector recipients of information measure the value cyber threat indicators and defensive measures. In March 2017, we requested a copy of the developed measures, when they became available. This recommendation will remain open until we are able to review the developed metrics and the subsequent data they are to measure.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop clearly defined requirements for detecting threats on agency internal networks and at cloud service providers to help better ensure effective support of information security activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS provided memos that gave an overview of the planned enhancements to the Continuous Diagnostics and Mitigation (CDM) program that included references to cloud providers. However, DHS did not provide any specific requirements for us to review. We have requested a follow-up meeting to review the specific requirements developed in support of the planned enhancements described in the provided memos. We will not be able to close this recommendation until we can review the developed requirements and determine that cloud providers are appropriately covered.
    Recommendation: The Secretary of Homeland Security should direct NSD to develop processes and procedures for using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, to help ensure DHS is using a risk-based approach for the selection/development of future NCPS intrusion prevention capabilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS stated that the NCPS Program Management Office has made enhancements to the Continuous Diagnostics and Mitigation (CDM) dashboard, but had yet to fully develop the CDM/NCPS data correlation. In March 2017, we asked for update on the status of data correlation, once available. In order to close this recommendation, we would need to review this model and determine how, if at all, the vulnerability information was used as part of a risk-based approach to intrusion prevention.
    Recommendation: The Secretary of Homeland Security should direct NSD to work with their customer agencies and the Internet service providers to document secure routing requirements in order to better ensure the complete, safe, and effective routing of information to NCPS sensors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the agency worked with the Office of Management and Budget to develop a draft Trusted Internet Connections Reference Architecture. This architecture is to serve as the new guidance for agencies on perimeter security capabilities as well as alternative routing strategies. In March 2017, we requested a copy of the guidance to review the alternative routing guidance. This recommendation will remain open until we have been able to review the information above.
    Director: Jessica Farb
    Phone: (202) 512-6991

    1 open recommendations
    Recommendation: To ensure effective implementation of the strategic objective of the Weapons Chapter of the Strategy, the ONDCP Director should establish a more comprehensive indicator, or set of indicators, that more accurately reflects progress made by ATF and ICE in meeting the strategic objective.

    Agency: Office of National Drug Control Policy
    Status: Open

    Comments: As part of ONDCP's comments on our draft report, the agency concurred with our recommendation to establish a more comprehensive set of indicators for the Weapons Chapter of the National Southwest Border Counternarcotic Strategy. ONDCP indicated that it would work with ICE and ATF to develop additional indicators to evaluate their progress. ONDCP agreed that the indicators developed through this collaborative process would be used in future iterations of the Strategy. However, in its July 26, 2017 letter to the relevant congressional committees leadership ONDCP explained that a decision has not been made on whether a new iteration of Strategy will be released, or if the current Administration will take different approach to address this issue. We will need to wait until an update of the Strategy is available for us to review to determine if our recommendation has been implemented.
    Director: Melissa Emrey-Arras
    Phone: (617) 788-0534

    5 open recommendations
    Recommendation: In order to ensure complete, analyzable records regarding research grant award decisions are available for management and analysis, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to lead the implementation of additional data collection efforts in coordination with DOD's grant-making components. These should include: (1) Retaining complete records of pre-proposal, proposal, and award data, including a record of proposal disposition, in linked electronic files to facilitate aggregate, statistical analysis of the grant-making process, including the calculation of success rates. (2) Collecting demographic, education, and career information from applicants, on a voluntary basis, that is not available to proposal reviewers but is used for analysis of success rates.

    Agency: Department of Defense
    Status: Open

    Comments: DOD agreed with our recommendation to implement additional data collection efforts. As of August, 2017, the Basic Research Office (BRO) has drafted an implementation plan and schedule for the collection of demographic data on grant applicants and lifecycle grant data. As part of this, BRO has identified a number of issues to be addressed and resolved within DoD. One of these areas is the protection of any information collected to assess the success rates of women as Principal Investigators (PIs)/co-PIS under STEM Research grants and cooperative agreements. As a result, before BRO proceeds with its planned actions, they are working with the Office of Information Management, WHS, to ensure there are no issues related to the Privacy Act. The agency did not provide a timeline to GAO for when these actions are expected to be completed.
    Recommendation: In order to ensure complete, analyzable records regarding research grant award decisions are available for management and analysis, the Secretary of Energy should direct DOE's grant-making agencies to implement additional data collection efforts, which should include: (1) Retaining complete records of pre-proposal, proposal, and award data, including a record of proposal disposition, in linked electronic files to facilitate aggregate, statistical analysis of the grant-making process, including the calculation of success rates. (2) Collecting demographic, education, and career information from applicants, on a voluntary basis, that is not available to proposal reviewers but is used for analysis of success rates.

    Agency: Department of Energy
    Status: Open

    Comments: DOE generally agreed with our recommendation to implement additional data collection efforts. According to DOE officials, as of September, 2017, of the four components audited at DOE, all four have taken actions toward implementing the recommendation and one component has completed its implementation. Specifically, the Office of Science began collecting investigator demographics during the second quarter of fiscal year 2015 and already retained complete records that enabled the calculation of success rates. Three additional DOE components conducted a joint feasibility study and all concur that it is feasible to collect data on demographic, education and career information of applicants. The Office of Nuclear Energy (NE) revised its approach to data collection and now retains complete grant life cycle information for each individual award, including complete records of pre-proposal, proposal, and award data in linked electronic files. NE is also changing existing data systems to input/track voluntarily submitted demographic information on Principle Investigators on applications to facilitate aggregate, statistical analysis of the grant-making process, including the calculation of success rates. The agency notes that for NE, the completion of the actions required to implement this recommendation is estimated to take up to 12 months. Advanced Research Projects Agency-Energy (ARPA-E) and the Office of Energy Efficiency and Renewable Energy (EERE) participated in the joint feasibility study regarding the collection of demographic data, but have not completed any actions to implement such data collection.
    Recommendation: As NASA begins to collect demographic data on its grant proposals and awards, the NASA Administrator should include the following key components: (1) Retain complete records of pre-proposal, proposal, and award data, including a record of proposal disposition, in linked electronic files to facilitate aggregate, statistical analysis of the grant-making process, including the calculation of success rates. (2) Collect demographic, education, and career information from applicants, on a voluntary basis, that is not available to proposal reviewers but is used for analysis of success rates.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: NASA agreed with our recommendation and indicated it will begin collecting basic demographic, education, and career data from its research grant applicants on a voluntary basis by the end of fiscal year 2016. In addition, NASA noted it will explore its ability to consolidate proposal and award data as part of the ongoing update to its procurement and grants management systems. As of September 2017, NASA officials reported that the notice of grant award document (form 1687) was modified to require entry of the proposal number on the form in order to capture the linkage between proposal and award. When the transition to the new contract/grant writing system (Procurement for Public Sector) occurred in June 2017, NASA began using the amended award notice. NASA states they are continuing to investigate system options for fine tuning this cross-referencing methodology. However, as of September 2017, there were no stated plans to collect or track demographic, education, or career characteristics of grant applicants in such a way as to facilitate the analysis of success rates.
    Recommendation: To comply with Title IX enforcement requirements, the Secretary of the Department of Defense, which funds STEM research at universities, should direct the Director of the Office of Diversity Management and Equal Opportunity to ensure that Title IX compliance reviews of DOD's grantees are periodically conducted.

    Agency: Department of Defense
    Status: Open

    Comments: DOD agreed with our recommendation and noted it is in the process of revising current DOD guidance which will address its Title IX enforcement requirements. In a conversation with GAO in September 2017, a DOD official stated that the agency is in the process of formulating instructions related to both Title IX and Title VI that they believe will address the recommendation regarding Title IX enforcement. To date, these actions are not complete as they are still in the process of developing appropriate language.
    Recommendation: To comply with Title IX enforcement requirements, the Secretary of the Department of Health and Human Services, which funds STEM research at universities, should ensure that Title IX compliance reviews of NIH's grantees are periodically conducted.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: HHS indicated it would consult with NIH and initiate a sex discrimination compliance review program that includes grantee institutions with STEM programs. We will update the status of this recommendation when the agency provides documentation that these efforts have been completed.
    Director: Steve D. Morris
    Phone: (202) 512-3841

    3 open recommendations
    Recommendation: To help ensure that FDA has relevant and timely information to support management decisions, including the critical information necessary to ensure the safety and effectiveness of drugs compounded for animals, the Secretary of Health and Human Services should direct the Commissioner of the FDA to modify the voluntary reporting form FDA uses to obtain information on adverse events to ask whether drugs involved in adverse events were compounded.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: As of July 2017, FDA has drafted a notice for publication in the Federal Register that seeks comment on editorial revisions to Form FDA 1932a to clarify how to report adverse drug events associated with compounded products using that form. The publication of the notice was issued in July 2017. After a 60-day public comment period, the revisions to Form FDA 1932a will be submitted to OMB for review and approval under the Paperwork Reduction Act.
    Recommendation: To help ensure that FDA has relevant and timely information to support management decisions, including the critical information necessary to ensure the safety and effectiveness of drugs compounded for animals, the Secretary of Health and Human Services should direct the Commissioner of the FDA to develop policy or guidance for agency staff that specifies circumstances under which FDA will or will not enforce compounding regulations for animals and clearly define key terms.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In July 2017, FDA notified us that they are still in the process of developing guidance for agency staff that specifies circumstances under which FDA will enforce compounding regulations for animals. According to FDA, the agency received more than 150 comments regarding the draft Guide For Industry #230 and 280 nominations of bulk drug substances for use in compounding office stock; information necessary for updating the guidance. In addition, FDA is reviewing the substances that were nominated for use in compounding office stock. Officials did not provide a specific timeline for completing this work, but stated that developing updated guidance on compounding for animals continues to be a high priority for FDA.
    Recommendation: To help ensure that FDA has relevant and timely information to support management decisions, including the critical information necessary to ensure the safety and effectiveness of drugs compounded for animals, the Secretary of Health and Human Services should direct the Commissioner of the FDA to consistently document the bases for FDA's decisions about how or whether it followed up on warning letters, adverse event reports, and complaints about drug compounding for animals.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: As of July 2017, FDA reported that it is still developing an enforcement strategy for compounded animal drugs that includes a process for documenting the Agency's actions with respect to follow-up on warning letters, adverse event reports, and complaints.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    4 open recommendations
    Recommendation: To facilitate oversight and inform decision making regarding their respective department's interoperability-related activities, the Secretaries of Defense and Veterans Affairs, working with the Interagency Program Office, should ensure related goals are defined to provide a basis for assessing and reporting on the status of interoperability-related activities and the extent to which interoperability is being achieved by the departments' modernized electronic health record systems.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) and the Department of Veterans Affairs (VA) are working to define goals to provide a basis for assessing and reporting on the status of interoperability-related activities and the extent to which interoperability is being achieved by the departments' modernized electronic health record systems. Specifically, according to the DOD/VA Interagency Program Office (IPO), the office, in conjunction with the departments, has employed use cases in the Joint Interoperability Plan to define the interoperability-related goal areas, which are to be used as the basis for the development of outcome-oriented metrics, assessments, and reporting. The departments, the IPO, and workgroups within the Health Executive Committee's data sharing areas have focused on the feasibility and development of metrics aligned to six use cases as they relate to electronic health record interoperability between DOD and VA and outcomes to service members, veterans, and healthcare providers. The IPO reports that the work to establish these goals will be completed by December 2017. GAO will continue to review the results of these efforts.
    Recommendation: To facilitate oversight and inform decision making regarding their respective department's interoperability-related activities, the Secretaries of Defense and Veterans Affairs, working with the Interagency Program Office, should ensure related goals are defined to provide a basis for assessing and reporting on the status of interoperability-related activities and the extent to which interoperability is being achieved by the departments' modernized electronic health record systems.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department of Veterans Affairs (VA) and the Department of Defense (DOD) are working to define goals to provide a basis for assessing and reporting on the status of interoperability-related activities and the extent to which interoperability is being achieved by the departments' modernized electronic health record systems. Specifically, according to the DOD/VA Interagency Program Office (IPO), the office, in conjunction with the departments, has employed use cases in the Joint Interoperability Plan to define the interoperability-related goal areas, which are to be used as the basis for the development of outcome-oriented metrics, assessments, and reporting. The departments, the IPO, and workgroups within the Health Executive Committee's data sharing areas have focused on the feasibility and development of metrics aligned to six use cases as they relate to electronic health record interoperability between VA and DOD and outcomes to service members, veterans, and healthcare providers. The IPO reports that the work to establish these goals will be completed by December 2017. GAO will continue to review the results of these efforts.
    Recommendation: To facilitate oversight and inform decision making regarding their respective department's interoperability-related activities, the Secretaries of Defense and Veterans Affairs, working with the Interagency Program Office, should update IPO guidance to reflect the metrics and goals identified.

    Agency: Department of Defense
    Status: Open

    Comments: According to the Department of Defense (DOD)/Department of Veterans Affairs (VA) Interagency Program Office (IPO), the office has issued an update to the Health Data Interoperability Management Plan that documents the IPO's role and outlines governance for supporting interoperability between the departments. The IPO is also in the process of updating additional guidance to describe the benefits of interoperability and reflect associated outcome-oriented metrics and goals. Specifically, IPO officials reported that the IPO's Joint Interoperability Plan is transitioning to the Joint Interoperability Strategic Plan and is expected to be finalized in November 2017. GAO will review this guidance once it is approved by DOD and VA.
    Recommendation: To facilitate oversight and inform decision making regarding their respective department's interoperability-related activities, the Secretaries of Defense and Veterans Affairs, working with the Interagency Program Office, should update IPO guidance to reflect the metrics and goals identified.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: According to the Department of Defense (DOD)/Department of Veterans Affairs (VA) Interagency Program Office (IPO), the office has issued an update to the Health Data Interoperability Management Plan that documents the IPO's role and outlines governance for supporting interoperability between the departments. The IPO is also in the process of updating additional guidance to describe the benefits of interoperability and reflect associated outcome-oriented metrics and goals. Specifically, IPO officials reported that the IPO's Joint Interoperability Plan is transitioning to the Joint Interoperability Strategic Plan and is expected to be finalized in November 2017. GAO will review this guidance once it is approved by VA and DOD.
    Director: Gerald Dillingham
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To implement a more effective international strategy for achieving NextGen interoperability with other nations, the Secretary of Transportation should direct the FAA Administrator to conduct a risk assessment to identify potential threats and vulnerabilities to NextGen interoperability and establish timeframes for periodically re-evaluating these risks.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To implement a more effective international strategy for achieving NextGen interoperability with other nations, the Secretary of Transportation should direct the FAA Administrator to identify and document actions FAA will undertake to mitigate these risks, using information from the risk assessment as a basis for making management decisions about how to allocate resources for these activities.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Mihm, J Christopher
    Phone: (202) 512-6806

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure that federal program spending data are provided to the public in a transparent, useful, and timely manner, the Director of OMB should accelerate efforts to determine how best to merge DATA Act purposes and requirements with the GPRAMA requirement to produce a federal program inventory.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: OMB staff told us that they don't expect to be able to identify programs for the purposes of DATA Act reporting until sometime after May 2017. However, they said that they are conducting a program definition and alignment study to identify a more consistent framework for defining federal agency programs with the aim of improving government-wide comparability and tying programs to spending. The effort is supported by a working group comprised of representatives from the CFO community. OMB staff noted that they expect to begin analyzing the results of the study in fall 2016.
    Recommendation: To ensure that the integrity of data standards is maintained over time, the Director of OMB, in collaboration with the Secretary of the Treasury, should establish a set of clear policies and processes for developing and maintaining data standards that are consistent with leading practices for data governance.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: OMB and Treasury have taken some initial steps to build a data governance structure including conducting interviews with key stakeholders and developing a set of recommendations for decision-making authority. In September 2016, OMB and Treasury took another step toward establishing a data governance structure by creating a new Data Standards and Management Committee that will be responsible for maintaining established standards and identifying new data elements. However, more remains to be done. As part of our ongoing feedback with OMB, we shared 5 key practices that we believe should inform their plans to develop a data governance framework moving forward.
    Director: Melissa Emrey-Arras
    Phone: (617) 788-0534

    3 open recommendations
    Recommendation: The Secretary of Education should develop a risk-based, cost-effective strategy to verify that states are implementing a process for assessing whether any teacher preparation programs are low-performing.

    Agency: Department of Education
    Status: Open

    Comments: Education reported adding additional questions about states' processes for identifying low-performing and at-risk programs to its annual state data collection form. The Department reported that this revised data collection form was submitted to OMB in April 2016 and was still undergoing OMB review as of September 2017. In the meantime, Education reported that it is conducting a temporary risk-based monitoring approach to determine how states report information on low-performing teacher preparation programs. GAO will monitor Education's efforts to finalize and implement these initiatives.
    Recommendation: The Secretary of Education should study the usefulness of Title II data elements for policymakers and practitioners, and, if warranted, develop a proposal for Congress to eliminate or revise any statutorily-required elements that are not providing meaningful information.

    Agency: Department of Education
    Status: Open

    Comments: Education reported that its regulations published in October 2016 included new Title II data elements related to program quality. However, this action is distinct from our recommendation to assess whether existing fields required by law should be eliminated or revised. During our review, Education officials noted that such data elements could only be eliminated or revised through legislation, rather than regulation. Therefore, we continue to believe that it would be valuable for Education to review the existing data elements required by law and submit a proposal to Congress to eliminate or revise any of these fields, if warranted.
    Recommendation: The Secretary of Education should develop and implement mechanisms to systematically share information about teacher preparation program quality with relevant Department of Education program offices and states (including state Independent Standards Boards).

    Agency: Department of Education
    Status: Open

    Comments: Education reported that, subject to available staff resources, the agency would be designing an internal work group to increase information-sharing about teacher preparation program quality within and outside the Department. As of August 2017, ED reported that actions on this recommendation were pending. GAO will monitor Education's continued steps to design and implement this working group.
    Director: Zina Merritt
    Phone: (202) 512-5257

    2 open recommendations
    Recommendation: To improve the efficiency of DOD's conventional demilitarization efforts, including systematically collecting and maintaining key information about the items in its CAD stockpile and sharing information on excess items with other government agencies, the Secretary of Defense should direct the Secretary of the Army to improve the completeness and accuracy of information on the weight of items in the CAD stockpile--the key measure used by DOD to manage the conventional ammunition demilitarization operation--establish a plan to (1) identify and record, to the extent possible, the missing or inaccurate weight information for existing ammunition records in the CAD stockpile and (2) ensure that all items transferred to the CAD stockpile, including for example components removed from larger weapons and nonstandard ammunition, have the appropriate weight data.

    Agency: Department of Defense
    Status: Open

    Comments: Officials with the Joint Munitions Command stated that they continually monitor the inventory and correct any erroneous or missing data, which includes weight data. However, they had not yet developed a plan specifically focused on correcting weight data for ammunition in the Conventional Ammunition Demilitarization (CAD) stockpile.
    Recommendation: To improve the efficiency of DOD's conventional demilitarization efforts, including systematically collecting and maintaining key information about the items in its CAD stockpile and sharing information on excess items with other government agencies, the Secretary of Defense should direct the Secretary of the Army to improve the visibility and awareness of serviceable excess ammunition in the CAD stockpile that could potentially be transferred to other government agencies, develop a systematic means to make information available to other government agencies on excess ammunition that could be used to meet their needs.

    Agency: Department of Defense
    Status: Open

    Comments: As of August 2017, according to Department of Defense (DOD) officials, the department has made progress in developing a systematic process for sharing information on excess serviceable ammunition and plans, as GAO recommended in July 2015, but has not fully implemented that process. Specifically, the Army?s Office of the Deputy Chief of Staff for Logistics signed a memorandum of understanding with the Defense Logistics Agency (DLA) Disposition Services that established a process where DLA will assist the Army in transferring some excess DOD ammunition to federal, state, and local law enforcement agencies. Annually, the Army will provide DLA with a list of available types and quantities of excess ammunition that is 7.62 millimeters and smaller. DLA Disposition Services will inform participating law enforcement agencies of the ammunition available, screen all requests received from law enforcement agencies, and forward all approved law enforcement agency requests to the Army. The Army will prepare all necessary issue documents; pack and ship, on a reimbursable basis, ammunition to law enforcement agencies identified by DLA; and notify DLA and law enforcement agencies of any changes in condition of the ammunition. DOD and DLA conducted a pilot of this process from November 2016 to June 2017 in which DOD, through DLA, shared information on excess small arms ammunition with federal, state, and local law enforcement agencies. As a result, DOD transferred 1,209,095 rounds of 5.56-millimeter ammunition and 200,000 rounds of 9-millimeter ammunition to federal, state, and local law enforcement agencies. Since DOD was able to transfer this ammunition to another government agency, it does not have to pay to demilitarize (i.e. dispose of) the ammunition, which saved DOD about $60,000 in demilitarization costs. DOD officials stated that they are currently updating the Joint Conventional Ammunition Policies and Procedures (JCAPP) to formalize the procedures to accurately identify, execute, and track future transfers of excess small arms ammunition to federal, state, and local law enforcement agencies. Once JCAPP is updated, this recommendation would be considered fully implemented.
    Director: Joseph W. Kirschbaum
    Phone: (202) 512-9971

    2 open recommendations
    Recommendation: To assist U.S. installations in protecting against insider threats, the Secretary of Defense should direct the military services to share information about actions U.S. installations have taken to address insider threats by consistently using existing mechanisms--such as working groups, lessons-learned information systems, and antiterrorism web portals.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To assist DOD leadership in their oversight and decision-making process, the Secretary of Defense should direct the DOD leaders on the Mission Assurance Coordination Boards and the military services to take steps to improve the consistency of reporting and monitoring of the implementation of recommendations from the independent review of the 2009 Fort Hood shooting. Such steps could include DOD and the military services developing criteria for consistent reporting on the progress of recommendations and the military services providing periodic reports to the Mission Assurance Coordination Boards on the status of Fort Hood recommendations at the service level and installation level.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Lawrance Evans
    Phone: (202) 512-8678

    4 open recommendations
    Recommendation: To ensure that NCUA has adequate authority to determine the safety and soundness of credit unions, Congress should consider modifying the Federal Credit Union Act to grant NCUA authority to examine technology service providers of credit unions.

    Agency: Congress
    Status: Open

    Comments: In July 2015, we suggested that Congress modify the Federal Credit Union Act to grant NCUA authority to examine technology service providers of credit unions. As of October 2016, Congress had not granted NCUA such authority.
    Recommendation: To improve their ability to assess the adequacy of the information security practices at medium and small institutions, the heads of Federal Deposit Insurance Corporation, the Federal Reserve, Office of the Comptroller of the Currency, and NCUA should routinely categorize IT examination findings and analyze this information to identify trends that can guide areas of review across institutions.

    Agency: Department of the Treasury: Office of the Comptroller of the Currency
    Status: Open

    Comments: In July 2015, we recommended that the Office of the Comptroller of the Currency (OCC) and other federal financial institution regulators conduct trend analysis of their IT examination findings to improve their ability to assess the adequacy of information security practices at medium and small institutions. In September 2015, OCC stated that it is taking two actions to respond to our recommendation. First, the agency is integrating the Cybersecurity Assessment Tool (Tool), developed by OCC and other federal financial institution regulators, into OCC's ongoing IT examinations of national banks and federal savings associations. Officials believe that the Tool will provide OCC with a repeatable and measurable process for assessing both the level of risk and the maturity of risk management processes within and across OCC-supervised institutions. Also, officials believe that data gathered in this process will allow OCC to monitor industry trends and identify new or emerging weaknesses where additional guidance or supervisory actions may be needed. Furthermore, the Tool will help OCC allocate examiner resources and better target examiner training. OCC began integrating the Tool in selected examinations in December 2015. Second, OCC stated that it enhanced its guidance and procedures for examiners to identify and aggregate supervisory concerns into matters requiring attention (MRAs), which are the mechanism OCC uses to communicate supervisory concerns to bank management and directors. OCC believes that the enhancements will facilitate systemic categorization of supervisory concerns that strengthen recording, monitoring, and analyzing of volumes and trends across bank portfolios. Also, the enhanced guidance discusses the relationship between MRAs, interagency ratings, OCC's risk assessment system, and enforcement actions. OCC believes that these process enhancements combined with the integration of the Tool, will improve its ability to assess information security practices at medium and small institutions. We will continue to monitor OCC's progress in implementing the Tool and the resulting trend analyses that the Tool is intended to facilitate.
    Recommendation: To improve their ability to assess the adequacy of the information security practices at medium and small institutions, the heads of Federal Deposit Insurance Corporation, the Federal Reserve, Office of the Comptroller of the Currency, and NCUA should routinely categorize IT examination findings and analyze this information to identify trends that can guide areas of review across institutions.

    Agency: Federal Reserve System
    Status: Open

    Comments: In July 2015, we recommended that the Board of Governors of the Federal Reserve System (Board) and other federal financial institution regulators conduct trend analysis of their IT examination findings to improve their ability to assess the adequacy of information security practices at medium and small institutions. As of October 2016, the Board had not provided an update on its efforts to address this recommendation.
    Recommendation: To improve their ability to assess the adequacy of the information security practices at medium and small institutions, the heads of Federal Deposit Insurance Corporation, the Federal Reserve, Office of the Comptroller of the Currency, and NCUA should routinely categorize IT examination findings and analyze this information to identify trends that can guide areas of review across institutions.

    Agency: National Credit Union Administration
    Status: Open

    Comments: In July 2015, we recommended that the National Credit Union Administration (NCUA) and other federal financial institution regulators conduct trend analysis of their IT examination findings to improve their ability to assess the adequacy of information security practices at medium and small institutions. In July 2016, NCUA told us that it and the other federal financial institution regulators issued the Cybersecurity Assessment Tool (Tool) in June 2015 to provide a comprehensive method for institutions to benchmark their cybersecurity programs. Officials believe that the Tool will allow examiners to consistently and methodically look at credit union risks and trends, as well as collect detailed information on the risks and mitigating controls employed by credit unions. When the Tool is fully implemented, officials expect to be able to aggregate risk indicators and program gaps across the credit union industry to improve resource deployment and enhance cybersecurity supervisory oversight. NCUA plans to begin pilot testing the Tool in late 2016 with program integration targeted for July 2017. We will continue to monitor NCUA's progress with this program and revisit our recommendation in July 2017.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    2 open recommendations
    Recommendation: To help ensure that junior enlisted servicemembers who need and rely on the services and programs provided on military installations have access when needed and that departmental leadership has visibility over issues affecting this population, the Secretary of Defense should direct the Office of the Under Secretary of Defense for Personnel and Readiness in collaboration with the Secretaries of the military services and other defense agency leaders to review current data-collection mechanisms and consider appropriate additions and revisions to help ensure that specific information on junior enlisted servicemember access to on-base services and programs is collected, available, and disseminated to relevant decision makers, and have decision makers take appropriate action on the basis of that information.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure that junior enlisted servicemembers who need and rely on the services and programs provided on military installations have access when needed and that departmental leadership has visibility over issues affecting this population, the Secretary of Defense should direct the Office of the Under Secretary of Defense for Personnel and Readiness in collaboration with the Secretaries of the military services and other defense agency leaders to review existing methods of information sharing on initiatives and other good practices identified within and across the department, the military services, and individual installations and consider adding mechanisms to better leverage those existing methods--such as the Common Services Task Force--to help ensure that issues associated with junior enlisted servicemember access are identified and, to the extent possible, addressed, and that such information is shared at all levels of the department.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Seto J. Bagdoyan
    Phone: (202) 512-6722

    1 open recommendations
    Recommendation: To further improve efforts to limit improper payments, including fraud, in the Medicaid program, the Acting Administrator of CMS should provide guidance to states on the availability of automated information through Medicare's enrollment database--the Provider Enrollment, Chain and Ownership System (PECOS)--and full access to all pertinent PECOS information, such as ownership information, to help screen Medicaid providers more efficiently and effectively.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: HHS considers this recommendation closed because they provide states with training and direct access to PECOS on an ongoing basis. Additionally, CMS also makes Medicare Enrollment data available to states through custom data extracts. We do not consider this action sufficient to close the recommendation, to provide states information on the availability of automated information through PECOS. For example, custom extracts do not constitute automated information containing all information in PECOS states need to screen providers in Medicaid. Additionally, the states the we interviewed for our study were not aware that custom extracts were available. CMS should provide guidance to state Medicaid programs that this information is available until fully automated access to PECOS is available. We reached out to CMS about the status of this recommendation. As of May 2017, we have not received a response. We will continue to monitor progress on this recommendation.
    Director: Johana R. Ayers
    Phone: (202) 512-5741

    1 open recommendations
    Recommendation: To obtain information useful to DLA's decision making regarding MRE inventory levels, the Assistant Secretary of Defense for Logistics and Materiel Readiness should direct the Director, DLA, to request that the military services, as part of existing coordination efforts, share information on potential changes to MRE consumption and disposals that could affect future demand.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics: Office of the Assistant Secretary for Logistics and Materiel Readiness
    Status: Open

    Comments: In a June 2015 report to Congress, DLA stated that the agency and the services were sharing information on MRE demand and usage patterns. DOD officials stated in August 2016 that DLA is requesting more detailed information regarding MRE consumption and disposal data from the services for fiscal year 2016. As of September 2017, DLA had not provided documentation of information-sharing incorporating consumption and disposal data. We will continue to monitor DLA's actions on this recommendation.
    Director: Cary Russell
    Phone: (202) 512-5431

    4 open recommendations
    including 2 priority recommendations
    Recommendation: To help improve collection of OCS issues by the military services and service component commands, the Secretary of Defense should revise existing DOD guidance, such as DOD Instruction 3020.41, to specifically detail the roles and responsibilities of the services in collecting OCS issues.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: As of October 2016, officials from the Office of the Deputy Assistant Secretary of Defense for Program Support reported that the department is in the process of updating DOD Instruction 3020.41, which identifies responsibilities related to operational contract support. Officials stated that the revised instruction, which is expected to be issued in December 2016, will detail the roles and responsibilities of the services in collecting lessons learned on operational contract support issues.
    Recommendation: To specifically identify and improve awareness of OCS roles and responsibilities and to collect OCS issues at the military services and the service component commands, the Secretary of Defense should direct the Secretaries of the Navy and Air Force to include the services' roles and responsibilities to collect OCS issues in comprehensive service-specific guidance on how the Navy, Marine Corps, and Air Force should integrate OCS.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: As of October 2016, officials from the Office of the Deputy Assistant Secretary of Defense for Program Support reported that the department is in the process of updating DOD Instruction 3020.41, which identifies responsibilities related to operational contract support. Officials stated that the revised instruction, which is expected to be issued in December 2016, will detail the roles and responsibilities of the services in collecting lessons learned on operational contract support issues. Once revisions to the instruction are completed, officials noted that the services will be postured to include this new guidance in their respective regulations and guidance documents. Officials estimate completion of these service-specific regulations and guidance in fiscal year 2017.
    Recommendation: To help improve awareness of OCS roles and responsibilities and to collect OCS issues at the military services and the service component commands, the Secretary of Defense should direct the Secretaries of the military departments, in coordination with the Chairman of the Joint Chiefs of Staff, to establish an OCS training requirement for commanders and senior leaders.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation. In May 2016, officials from the Office of the Deputy Assistant Secretary of Defense for Program Support reported current OCS policy (DOD Instruction 3020.41) requires the Services and the Chairman to incorporate OCS into applicable policy, doctrine, programming, training, and operations. Officials stated that the revised instruction, which is expected to be issued in December 2016, will more clearly call out the OCS training requirement for commanders and senior leaders.
    Recommendation: To help improve DOD's management of OCS lessons learned, the Secretary of Defense should ensure that, as the department develops a concept for an OCS joint proponent, it include specific roles and responsibilities for a focal point responsible for integrating OCS issues from the Joint Lessons Learned Program.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with this recommendation. In May 2016, officials from the Office of the Deputy Assistant Secretary of Defense for Program Support reported the department decided against creating a joint proponent for OCS issues. Rather, the course of action chosen was to designate the Joint Staff J4 as the OCS focal point and the Under Secretary of Defense (Acquisition, Technology, and Logistics) as the Principal Staff Advisor. Officials stated that the Joint Staff (J4) will serve as the focal point for integrating OCS issues from the Joint Lessons Learned Program and into DOD processes and procedures. Officials said that this designation will be detailed in DOD Instruction 3020.41, which is expected to be issued in December 2016.
    Director: Andrew Sherrill
    Phone: (202) 512-7215

    5 open recommendations
    Recommendation: To better report the occupations filled by H-2B workers who have been approved by DHS, the Director of U.S. Citizenship and Immigration Services should implement during its transformation process to an electronic petition form, an occupation classification system that conforms to a national standard.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In September 2016, USCIS indicated that it was revising its Transformation Roadmap (schedule). The conversion to electronic nonimmigrant petitions is expected to be completed during the second quarter of fiscal year 2018. USCIS also noted that it is exploring the adoption of a single set of occupation codes across multiple form types, but has not yet made a final decision whether to implement this. USCIS estimates this recommendation will be completed by March 31, 2018.
    Recommendation: To help potential H-2A and H-2B workers and their advocates better assess employment offers and reduce their vulnerability to abuse, the Director of U.S. Citizenship and Immigration Services should, during its transformation to an electronic petition form, ensure that petition job information is collected in an electronic manner and made available to the public as soon as possible following a final adjudication decision. Such job information should include number of positions, wage, and any staffing, placement or recruitment agency the employer plans to use.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In September 2016, USCIS indicated that it was revising its Transformation Roadmap (schedule). The conversion to electronic nonimmigrant petitions is expected to be completed during the second quarter of fiscal year 2018. Therefore, USCIS estimates this recommendation will be completed by March 31, 2018.
    Recommendation: To help protect workers from being hired by employers who have been debarred from program participation, the Secretary of Labor should direct the Assistant Secretary, Employment and Training Administration, to use all employer-related information it collects on debarred employers to screen new applications.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2016, the agency noted that it continues to screen for debarred employers in two ways: 1) by adding debarred employers to its iCERT System, which matches incoming employer applications using the federal Employer Identification Number; and 2) by conducting additional reviews during analyst case adjudications using a more expansive set of employer-related information. While the Employment and Training Administration explored enhancing its iCERT system in 2015 to flag more information on debarred employers, the agency said this enhancement was not pursued due to technical difficulties in matching open text fields (e.g., physical employer addresses).
    Recommendation: To ensure that H-2B workers are adequately protected and that DOL's investigative resources are appropriately focused, the Secretary of Labor should direct the Administrator, Wage and Hour Division, to review its enforcement efforts and conduct a national investigations-based evaluation of H-2B employers.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2016, DOL's Wage and Hour Division (WHD) indicated that it is coordinating closely with the department's Chief Evaluation Office on evaluations and special projects involving data analytics. As a result of that coordination, it is shifting away from large-scale compliance surveys and toward leveraging internal enforcement data and external survey data to assess compliance levels in priority industries. Therefore, WHD is not currently considering a national level survey of the H-2B program. However, WHD indicated that its focus of enforcement resources on industries that employ workers vulnerable to violations of labor laws will include H-2B workers and employers.
    Recommendation: To determine to what extent, if any, the 2-year statute of limitations on debarment limits its use as a remedy for employers who violate program requirements: (1) the Secretary of Labor should direct the Assistant Secretary, Employment and Training Administration, and the Administrator, Wage and Hour Division, to collect data on the nature of the cases where debarment would have been recommended but was not because the 2-year statute of limitations had expired, and based on that data determine whether to pursue a legislative proposal to extend the statute of limitations; and (2) the Department of Labor Inspector General should direct the Assistant Inspector General, Office of Labor Racketeering and Fraud Investigations to provide the Assistant Secretary, Employment and Training Administration, and the Administrator, Wage and Hour Division, data on the number of referrals for debarment that the Inspector General's Office sent to the department after the 2-year statute of limitations had expired.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2016, DOL indicated that it was considering the utility of collecting these data in light of the fact that the new H-2B regulations that were issued in April 2015 eliminated the 2-year statute of limitations for the H-2B program. We continue to believe, however, that this data collection would be valuable given that the H-2A program is still subject to the 2-year statute of limitations. The department indicated it is undertaking a modernization of its data systems--by implementing a data governance structure that will manage its data as a business asset--and our recommendation for the collection of these data will be vetted through this process.
    Director: Vijay A. D'Souza
    Phone: (202) 512-7114

    1 open recommendations
    Recommendation: In order to ensure that efforts to address prenatal opioid use and NAS are systematically and effectively planned and coordinated across the federal government, the Director of ONDCP should document the process, including discussions held and information considered, of developing action items on prenatal opioid use and NAS. This may include documenting gaps that were considered in developing action items.

    Agency: Executive Office of the President: Office of National Drug Control Policy
    Status: Open

    Comments: In May 2017 and July 2017, ONDCP officials described the process used to develop the action items related to prenatal opioid use and NAS for the 2015 National Drug Control Strategy report. Specifically, officials described working directly with federal agencies to identify proposals for action items and review proposals during an interagency working group meeting in March 2015. However, ONDCP officials could not provide us any formal documentation, such as meeting minutes, showing the process used or what gaps were considered in developing the action items. ONDCP officials also told us the action items related to prenatal opioid use and NAS for the 2015 Strategy have been generally completed. No action items related to prenatal opioid use and NAS were included in the 2016 Strategy and ONDCP officials said they did not know whether any related action items will be included for the 2017 Strategy. We will update the status of this recommendation after future Strategy reports are published.
    Director: Marcia Crosse
    Phone: (202) 512-7114

    3 open recommendations
    Recommendation: To ensure that DEA is best positioned to administer the quota process to ensure an adequate and uninterrupted supply of controlled substances for legitimate medical use and respond to shortages of drugs containing controlled substances, the Administrator of DEA should expeditiously establish formal policies and procedures to facilitate coordination with FDA as directed by the Food and Drug Administration Safety and Innovation Act, including a specific time frame in which DEA will be expected to respond to FDA requests to expedite shortage-related quota applications.

    Agency: Department of Justice: Drug Enforcement Administration
    Status: Open

    Comments: In June 2016, DEA stated that the agency had met with FDA to determine the specific procedures by which information regarding drug shortages will be exchanged pursuant to the Food and Drug Administration Safety and Innovation Act. DEA stated it will include these procedures in the work plan being created in response to the updated memorandum of understanding signed by FDA and DEA in March 2015. DEA officials also said that they plan to include in the work plan time frames for which DEA will be expected to respond to FDA requests to expedite shortage-related quota applications. GAO is continuing to monitor the status of this recommendation.
    Recommendation: To strengthen DEA's and FDA's ability to respond to shortages of drugs containing controlled substances, the Administrator of DEA and the Commissioner of FDA should, either in the MOU or in a separate agreement, specifically outline what information the agencies will share, and time frames for sharing such information, in response to a potential or existing drug shortage.

    Agency: Department of Health and Human Services: Food and Drug Administration
    Status: Open

    Comments: In March 2015, DEA and FDA updated the MOU to establish procedures regarding the exchange of proprietary and other sensitive information between the two agencies. The MOU calls for the development of separate plans to specify what information is to be shared and who it is to be shared with. Since establishing the MOU, DEA said that it had met with FDA to determine the specific procedures for sharing information about drug shortages and a draft work plan has been circulated between the two agencies for comment. As of July 2016, FDA officials said that it has completed its section of the work plan related to sharing information about drug shortages. Although GAO has been advised by DEA that the workplan has not been finalized, in August 2017, FDA stated that it and DEA are actively sharing information and have successfully completed numerous exchanges. GAO is continuing to monitor the status of this recommendation.
    Recommendation: To strengthen DEA's and FDA's ability to respond to shortages of drugs containing controlled substances, the Administrator of DEA and the Commissioner of FDA should, either in the MOU or in a separate agreement, specifically outline what information the agencies will share, and time frames for sharing such information, in response to a potential or existing drug shortage.

    Agency: Department of Justice: Drug Enforcement Administration
    Status: Open

    Comments: In March 2015, DEA and FDA updated the MOU to establish procedures regarding the exchange of proprietary and other sensitive information between the two agencies. The MOU calls for the development of separate plans to specify what information is to be shared and who it is to be shared with. Since establishing the MOU, DEA said that it had met with FDA to determine the specific procedures for sharing information about drug shortages and a draft work plan has been circulated between the two agencies for comment. GAO is continuing to monitor the status of this recommendation.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: To ensure goal leader and deputy goal leader accountability, the Director of OMB should work with agencies to ensure that agency priority goal leader and deputy goal leader performance plans demonstrate a clear connection with agency priority goals.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: We contacted OMB and Performance Improvement Council (PIC) staff about this recommendation in November 2016 and February 2017. They have not yet responded regarding whether they have taken any action to implement this recommendation.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    5 open recommendations
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to work with federal and nonfederal partners to ensure that the maritime risk assessment includes cyber-related threats, vulnerabilities, and potential consequences.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, USCG stated that the National Maritime Strategic Risk Assessment (NMSRA) was still being finalized. The agency stated that they expected this to be completed by July 2017. Once completed, we will analyze the results of the NMSRA in order to validate the extent to which its contents implement our recommendation.
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to use the results of the risk assessment to inform how guidance for area maritime security plans, facility security plans, and other securityrelated planning should address cyber-related risk for the maritime sector.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, USCG stated that it had developed a draft Navigation and Vessel Inspection Circular (NVIC) to provide guidance on assessment methods that assist vessel and facility owners and operators identify and address cybersecurity vulnerabilities. USCG stated that the draft NVIC would be published in the Federal Register for 60 days, to enable maritime stakeholders to review and provide comment. Once USCG provides us a final copy of the NVIC, we will analyze it to determine if it provides guidance for addressing cyber-related risk in the maritime sector.
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to work with federal and nonfederal stakeholders to determine if the Maritime Modal Sector Coordinating Council should be reestablished to better facilitate stakeholder coordination and information sharing across the maritime environment at the national level.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, the U.S. Coast Guard (USCG) stated that the tasking for the National Maritime Security Advisory Committee to explore the issue of information sharing mechanisms in regards to cyber information had been completed. However, USCG did not mention any decision related to the reestablishment of the sector coordinating council.
    Recommendation: To help ensure the effective use of Port Security Grant Program funds to support the program's stated mission of addressing vulnerabilities in the maritime port environment, the Secretary of Homeland Security should direct the FEMA Administrator, in coordination with the Coast Guard, to develop procedures for officials at the field review level (i.e., captains of the port) and national review level (i.e., the National Review Panel and FEMA) to consult cybersecurity subject matter experts from the Coast Guard and other relevant DHS components, if applicable, during the review of cybersecurity grant proposals for funding.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, FEMA officials stated they would provide GAO an update on the status of the recommendation by July 2017. Once provided, we will analyze the information we receive and update status of implementation efforts.
    Recommendation: To help ensure the effective use of Port Security Grant Program funds to support the program's stated mission of addressing vulnerabilities in the maritime port environment, the Secretary of Homeland Security should direct the FEMA Administrator, in coordination with the Coast Guard, to use any information on cyberrelated threats, vulnerabilities, and consequences identified in the maritime risk assessment to inform future versions of funding guidance for grant applicants and reviews at the field and national levels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, FEMA officials stated they would provide GAO an update on the status of the recommendation by July 2017. Once provided, we will analyze the information received and update status of implementation efforts.
    Director: Kimberly Gianopoulos
    Phone: (202) 512-8612

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To improve federal-state collaboration in providing export promotion services in accordance with the National Export Initiative, and the Export Enhancement Act of 1992, the Secretary of Commerce, as Chair of the TPCC, should take steps consistent with key practices to enhance, where possible, federal information sharing with state trade offices on Commerce's export promotion activities. This could include more formal guidance to Commerce staff regarding the circumstances, in light of legal restrictions, in which information can be shared with state trade offices and other nonfederal entities, and exploring ways for clients to give permission to release information useful to such nonfederal entities.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: The Department of Commerce (Commerce) notified GAO that it did not fully concur with GAO's May 2014 recommendation, preferring instead to maintain a case-by-case approach rather than issuing more formal guidance on federal information sharing with state trade offices. According to Commerce, as of March 2016, the agency was in the process of implementing a new client relationship management system. Commerce officials said that as future iterations of this system and public websites come online, they would seek to identify ways for clients to give permission to release information useful to other federal agencies, state trade offices, and other local service providers. In February 2016, Congress passed The Trade Facilitation and Trade Enforcement Act of 2015, Public Law 114-125, which requires that within a year of the act's passing, Commerce must develop a federal-state export promotion coordination plan that addresses, among other things, information sharing between federal and state trade offices. The act also requires Commerce and state trade promotion agencies to develop a framework to share information on export successes, and report to Congress on this framework within a year of the law's enactment. Later in 2016, Commerce officials began holding monthly calls with SIDO and state trade offices to share information on topics such as client intake, performance measures, and new federal export promotion activities. In March 2017, Commerce officials informed GAO that after further review of information-sharing limitations under the Trade Secrets Act, Commerce has determined that Written Impact Narratives (WINs) that have been approved for public use by the clients can be shared with State trade agencies. Commerce is currently developing a policy to ensure they are shared in a timely manner. In addition, the newly formed Trade Promotion Coordinating Committee (TPCC) state and federal export promotion working group is expected to create a framework for information sharing. Without greater information sharing in the provision of similar services, Commerce will likely be limited in its ability to help ensure that export promotion services are efficiently managed across federal and state efforts, and that resources are appropriately leveraged.
    Recommendation: To improve federal-state collaboration in providing export promotion services in accordance with the National Export Initiative, and the Export Enhancement Act of 1992, the Secretary of Commerce, as Chair of the TPCC, should take steps consistent with key practices for collaboration to enhance TPCC agencies' partnering on export promotion with nonfederal entities, such as State International Development Organizations and Global Cities. This could include reassessing and strengthening the TPCC's intergovernmental partnerships by clarifying expected outcomes, defining roles and responsibilities, monitoring results, and planning resource needs.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: The Department of Commerce (Commerce) and the Trade Promotion Coordinating Committee (TPCC), which is responsible for providing a unified national framework for export promotion, have taken some steps to enhance federal-state collaboration in export promotion, as GAO recommended in May 2014 and as called for in a subsequent law. In February 2016, Congress passed The Trade Facilitation and Trade Enforcement Act of 2015, Public Law 114-125, which according to the State International Development Organizations (SIDO), contained provisions intended to enhance federal-state collaboration in export promotion. First, the act directs the President to establish a state and federal export promotion coordination working group as a subcommittee of the TPCC and appoint at least one representative from a state trade promotion agency to the TPCC. Second, beginning in February 2017, the act requires Commerce to annually submit to the TPCC a federal-state export strategy for each state that submits its export strategy to Commerce for that year that, among other things, addresses efforts to reduce duplication. Third, the act requires Commerce and state trade promotion agencies to develop a coordinated set of performance metrics, and report to Congress on these metrics within a year of the law's enactment. Fourth, the act mandates an annual survey and analysis, in coordination with state trade promotion agencies, of the overall effectiveness of federal-state coordination in export promotion. In April 2016 Commerce and SIDO signed a memorandum of intent to develop joint strategies and implement activities to enhance federal and state agency coordination and cooperation . In September 2016 Commerce issued a Federal Register Notice announcing the establishment of a state and federal export promotion coordination working group under the TPCC. The Secretary of Commerce appointed 14 members to this new working group in January 2017, which has met several times according to Commerce officials. The working group is developing a federal-state export coordination strategy that is expected to define roles and responsibilities, among other things. Successfully completing these activities is important, because without joint federal-state planning, programs at different levels of government will likely continue to be duplicative, and effective resource planning will likely be hampered.
    Director: Lawrance L. Evans, Jr.
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To help ensure that foreclosure prevention principles are being incorporated into servicers' practices, the Chairman of the Board of Governors of the Federal Reserve System should ensure that the planned activities to oversee the foreclosure prevention principles include evaluation and testing of servicers' implementation of the principles.

    Agency: Federal Reserve System: Board of Governors
    Status: Open

    Comments: In October 2016, Federal Reserve staff indicated that examiners are continuing to review servicers' efforts to incorporate the foreclosure prevention principles into their practices. Our assessment of the extent to which those reviews include evaluation and testing of servicers' implementation of the principles is pending additional discussions with the Federal Reserve.
    Director: Zina D.Merritt
    Phone: (202) 512-5257

    1 open recommendations
    Recommendation: To improve the efficiency of data exchanges between LMP and other service ammunition systems, the Secretary of Defense, in coordination with the Under Secretary of Defense for Acquisition, Technology, and Logistics, should direct the Secretary of the Navy to (1) take steps to incorporate Defense Logistics Management Standards (DLMS) into the Ordnance Information System and (2) direct the Commandant of the Marine Corps to take similar steps with regard to the Ordnance Information System-Marine Corps.

    Agency: Department of Defense
    Status: Open

    Comments: The Navy and Marine Corps have taken steps to incorporate Defense Logistics Management Standards into their ammunition information systems -- Ordnance Information System and Ordnance Information System-Marine Corps, respectively. The Navy has provided some documentation, and the Marine Corps has stated that it would provide documentation in the near future as well.
    Director: Bertoni, Daniel
    Phone: (202) 512-7215

    2 open recommendations
    Recommendation: In order to enhance the accuracy of and ensure appropriate agency access to SSA's death data, and to clarify how SSA applies the eligibility requirements of the Social Security Act and enhance agencies' awareness of how to obtain access, the Social Security Administration's Acting Commissioner should direct the Deputy Commissioner of Operations to develop and publicize guidance it will use to determine whether agencies are eligible to receive SSA's full death file.

    Agency: Social Security Administration
    Status: Open

    Comments: The Social Security Administration (SSA) disagreed with this recommendation, stating that each request to obtain the full death file is unique, and that officials must review them on a case-by-case basis to ensure compliance with various legal requirements. It also expressed concern that developing this guidance as we recommended would require agency expenditures unrelated to its mission in an already fiscally constrained environment. SSA noted that any federal agency that would like to explore accessing the full death master file (which includes state death records) should submit a request to SSA. SSA will review the file and, if satisfactory, enter into an Information Exchange Agreement covering terms, conditions and reimbursement for the exchange. As of April 2017, SSA reports that it is continuing its efforts and there is no change in status. GAO appreciates that agencies may base their request for the full death file on different intended uses, and supports SSA's efforts to ensure compliance with all applicable legal requirements. However, developing such guidance could help to ensure consistency in SSA's future decision making by the new Office of Data Exchange, and enhance agencies' ability to obtain the data in a timely and efficient manner.
    Recommendation: In order to enhance the accuracy of and ensure appropriate agency access to SSA's death data, and to increase transparency among recipient agencies, the Social Security Administration's Acting Commissioner should direct the Deputy Commissioner of Operations to share a more detailed explanation of how it determines reimbursement amounts for providing agencies with death information.

    Agency: Social Security Administration
    Status: Open

    Comments: The Social Security Administration (SSA) reported that it has implemented improvements in its estimating procedures for future reimbursable agreements to ensure consistent estimates for all customers. It reviews all reimbursable requests on a case-by-case basis to determine full costs (including direct and indirect expenses) to provide goods, resources, or services. However, the agency stated that it is not a typical government business practice to share these detailed costs for reimbursable agreements. As of April 2017, SSA reports that it is continuing its efforts and there is no change in status. We are encouraged that SSA has made efforts to standardize the estimates it shares with its federal partners. While we recognize that there may be limitations on the type of cost details SSA can provide to recipient agencies, we continue to believe that more transparency in conveying the factors that lead to the estimated and final reimbursement amounts recipient agencies are charged could help them make more informed decisions.
    Director: Cackley, Alicia P
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: Congress should consider strengthening the current consumer privacy framework to reflect the effects of changes in technology and the marketplace--particularly in relation to consumer data used for marketing purposes--while also ensuring that any limitations on data collection and sharing do not unduly inhibit the economic and other benefits to industry and consumers that data sharing can accord. Among the issues that should be considered are: (1) the adequacy of consumers' ability to access, correct, and control their personal information in circumstances beyond those currently accorded under FCRA; (2) whether there should be additional controls on the types of personal or sensitive information that may or may not be collected and shared; (3) changes needed, if any, in the permitted sources and methods for data collection; and (4) privacy controls related to new technologies, such as web tracking and mobile devices.

    Agency: Congress
    Status: Open

    Comments: As of April 2017, Congress has not taken action on this matter.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    3 open recommendations
    including 2 priority recommendations
    Recommendation: To promote coordination as a practice to help avoid overlap, the Secretary of Homeland Security, the Attorney General, and the Director of ONDCP should work through the Information Sharing and Access Interagency Policy Committee (ISA IPC) or otherwise collaborate to develop a mechanism, such as performance metrics related to coordination, that will allow them to hold field-based information-sharing entities accountable for coordinating with each other and monitor and evaluate the coordination results achieved.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: The Department of Justice (DOJ), in coordination with the Department of Homeland Security (DHS) and the Office of National Drug Control Policy (ONDCP), has made progress toward addressing GAO's April 2013 recommendation but has not included all of the relevant field-based information sharing entities in its efforts. Through their involvement in an interagency policy committee within the Executive Office of the President, DHS, DOJ, and ONDCP have developed a mechanism to hold state and urban area fusion centers, Regional Information Sharing System (RISS) centers, and High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers accountable for coordinating their analytical and investigative activities. However, the agencies have not fully addressed the action because DOJ's Federal Bureau of Investigation's (FBI) Joint Terrorism Task Forces (JTTF) and Field Intelligence Groups (FIG), two of the five field-based entities included in GAO's April 2013 report, have not participated in the assessment on which the mechanism is based. In December 2015, DHS developed a field-based partners report in which DHS, DOJ and ONDCP reported data for state and urban area fusion centers, RISS centers, and HIDTA Investigative Support Centers. These data were focused on field-based collaboration, including governance, colocation, and other information sharing, analytic, and deconfliction-focused topics. However, the report did not include data for DOJ's JTTFs or FIGs. DOJ has noted that JTTFs and FIGs are different from the other entities because JTTFs are operational law enforcement investigative entities and FIGs provide intelligence support to FBI Field Offices. However, GAO's April 2013 report identified areas in which the missions and activities of JTTFs and FIGs overlapped with those of the other entities and that coordination with other field based entities was important to prevent unnecessary overlap and potential duplication. Considering the exclusion of two of the five entities, the agencies do not have a collective mechanism that can hold FIGS and JTTFs accountable for coordinating with the other field-based information sharing entities and allow the agencies to monitor progress and evaluate results across entities. Such a mechanism can help entities maintain effective relationships when new leadership is assigned and avoid unnecessary overlap in activities, which in turn can help entities to leverage scarce resources. As of March 2017, DOJ had provided no new updates. GAO will continue to monitor DOJ's progress in this area.
    Recommendation: To help identify where agencies and the field-based entities they support could apply coordination mechanisms to enhance information sharing and reduce inefficiencies resulting from overlap, the Secretary of Homeland Security, the Attorney General, and the Director of ONDCP should work through the ISA IPC or otherwise collaborate to identify characteristics of entities and assess specific geographic areas in which practices that could enhance coordination and reduce unnecessary overlap, such as cross-entity participation on governance boards and colocation of entities, could be further applied. The results of this assessment could be used by the agencies to provide recommendations or guidance to the entities to create coordinated governance boards or colocate entities, which can result in increased efficiencies through shared facilities and resources and reduced overlap through coordinated or collaborative products, activities, and services.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: The Department of Justice (DOJ), in coordination with the Department of Homeland Security (DHS) and the Office of National Drug Control Policy (ONDCP), has made progress toward addressing GAO's April 2013 recommendation but has not included all of the relevant field-based information sharing entities in its efforts. The three agencies have taken the necessary steps to assess the extent to which practices that can enhance coordination are being implemented at state and urban area fusion centers, Regional Information Sharing System (RISS) centers, and High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers through their involvement in an interagency policy committee within the Executive Office of the President. However, the assessment did not include DOJ's Federal Bureau of Investigation's (FBI) Joint Terrorism Task Forces (JTTF) or Field Intelligence Groups (FIG), two of the five field-based entities included in GAO's April 2013 report. In December 2015, DHS, DOJ, and ONDCP developed a field-based partners report in which DOJ and ONDCP collected and reported data elements for RISS centers and HIDTA Investigative Support Centers similar to those DHS uses in its annual fusion center assessment. These data were focused on field-based collaboration, including governance, colocation, and other information sharing, analytic, and deconfliction-focused topics. However, the report did not include data for DOJ's FBI JTTFs or FIGs. A collaborative assessment of where practices that enhance coordination can be applied to reduce overlap, collaborate, and leverage resources for all five field-based information-sharing entities would allow the agencies to provide recommendations or guidance to the entities on implementing these practices. As of March 2017, DOJ had provided no new updates. GAO will continue to monitor DOJ's progress in this area.
    Recommendation: To help ensure that an assessment of practices that could enhance coordination and reduce unnecessary overlap is shared and used to further enhance collaboration and efficiencies across agencies, the Program Manager, with input from the ISA IPC collaborating agencies, should report in the Information Sharing Environment (ISE) annual report to Congress the results of the assessment, including any additional coordination practices identified, efficiencies realized, or actions planned.

    Agency: Office of the Director of National Intelligence: Office of the Program Manager--Information Sharing Environment
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information. Status last updated August 31, 2017.
    Director: Bagdoyan, Seto J
    Phone: (202) 512-4749

    1 open recommendations
    Recommendation: Congress should consider granting Labor the additional authority it is seeking to access wage data to help verify claimants' reported income and help ensure the proper payment of benefits.

    Agency: Congress
    Status: Open

    Comments: No legislation introduced as of February 2017. The Workers' Compensation Reform Act of 2015 (S. 2051, title V) was introduced in the 114th Congress. It would have allowed DOL to access wage data, as GAO suggested in April 2013, from the National Directory of New Hires to improve the integrity of the Federal Employees' Compensation Act program, among other actions. If introduced in the 115th Congress and enacted, this legislation could help to prevent and detect improper payments in the Federal Employees' Compensation Act program.
    Director: Larence, Eileen
    Phone: (202)512-6510

    1 open recommendations
    Recommendation: To ensure that USNCB and ICE are providing more comprehensive information to their respective foreign counterparts regarding registered sex offenders traveling internationally, the Attorney General and the Secretary of Homeland Security should take steps to help ensure that USNCB and ICE have information on the same number of registered sex offenders as well as the same level of detail on registered sex offenders traveling internationally. Such steps could include USNCB and ICE copying each other on their notifications to their foreign counterparts or USNCB receiving information directly from the CBP National Targeting Center (NTC).

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that U.S. National Central Bureau (USNCB) and U.S. Immigration and Customs Enforcement (ICE) did not have information on the same registered sex offenders or the same level of detail on registered sex offenders traveling internationally, which affected their ability to notify their respective foreign counterparts. In part, this is because the two agencies rely on different information sources and do not share information with one another. We recommended that DOJ and DHS develop mechanisms that would enable these two agencies to have access to the same information on traveling sex offenders. In August 2013, ICE provided documentation showing that it copied several U.S. Marshals Service (USMS) officials on notifications that ICE sent to other countries regarding registered sex offenders traveling internationally. However, ICE did not copy USNCB on these notifications. ICE explained that it thought sharing information on traveling sex offenders with USMS and relying on USMS to pass that information along to USNCB was the most efficient way to share information with USNCB. However, we analyzed notifications from ICE, USNCB, and USMS regarding sex offenders who initiated international travel in February 2014 and found that USMS only passed along about 30 percent of the notifications it received from ICE to USNCB. We provided the results of this analysis to all three agencies in July 2014. We met with relevant U.S. Customs and Border Protection (CBP), ICE, USMS, and USNCB officials in September 2014 to discuss options for ensuring that USNCB receives more comprehensive information regarding traveling sex offenders. ICE officials stated that since CBP is the source of the information ICE receives on traveling sex offenders, as well as one of the information sources for USMS, that it may be best for CBP to provide information directly to USNCB. USNCB officials also stated that their preference was to receive information directly from CBP, and it was their understanding that CBP and USNCB were in the process of developing an MOU that would allow for this. In October 2015, CBP confirmed that the MOU would enable CBP to share information with USNCB regarding traveling sex offenders. CBP also stated that the MOU had been approved by CBP and sent to USNCB for review. In an April 2016 update, CBP reported that the MOU had been tentatively approved by USNCB and is expected to be finalized and signed in July 2016. In August 2016, CBP stated that the completion date for the MOU was pushed back to September 30, 2016, to allow time for CBP and USNCB to negotiate additional edits. We followed up with CBP about the status of the MOU in February 2017. We are awaiting a response.
    Director: Kohn, Linda T
    Phone: (202) 512-7114

    1 open recommendations
    Recommendation: To ensure that nonmedical DOD research organizations coordinate with the Assistant Secretary of Defense for Health Affairs early in the research process to understand medical research requirements and avoid inefficiencies that may lead to duplicative work, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to communicate to DOD's nonmedical research organizations the importance of coordination with the Joint Program Committee for Combat Casualty Care chair on combat casualty care issues, and require this coordination early in the research process when these organizations conduct research with implications for combat casualty care.

    Agency: Department of Defense
    Status: Open

    Comments: DOD took several actions in 2014 to communicate to DOD's nonmedical research organizations the importance of coordination with the Joint Program Committee for Combat Casualty Care. Specifically, DOD chartered the Armed Services Biomedical Research Evaluation and Management Community of Interest to include both medical and non-medical researchers and to improve coordination, collaboration, and cooperation. DOD also appointed senior leaders to work in both this community of interest and in other DOD research communities of interest, to improve coordination. Furthermore, DOD conducted joint research meetings to share research data across the medical and non-medical communities. As of September 2017, DOD had not indicated a requirement for this coordination to occur early in the research process, as included in GAO's recommendation.
    Director: Cackley, Alicia P
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To better enable CPSC to target unsafe consumer products, Congress may wish to amend section 29(f) of CPSA to allow CPSC greater ability to enter into information-sharing agreements with its foreign counterparts that permit reciprocal terms on disclosure of nonpublic information.

    Agency: Congress
    Status: Open

    Comments: As of July 31, 2017, Section 29 of CPSA had not been amended since 2008. In 2013, a bill was introduced (S.1887) but not passed. That bill would have allowed "the Commission, when sharing information under the federal-state cooperation program with a foreign government agency for official law enforcement or consumer protection purposes, to authorize a foreign government agency to make that information available to another agency of the same foreign government (including a political subdivision of that foreign government that is located within the same territory or administrative area as the agency disclosing the information) if an appropriate official of the foreign government agency disclosing the information certifies (by prior agreement, memorandum of understanding with the CPSC, or other written certification) that it will establish and apply specified confidentiality restrictions under the Consumer Product Safety Act."
    Director: Williamson, Randall B
    Phone: (206)287-4860

    3 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure that servicemembers have equitable access to the military services' wounded warrior programs, including the RCP, and to establish central accountability for these programs, the Secretary of Defense should establish or designate an office to centrally oversee and monitor the activities of the military services' wounded warrior programs to include the following: (1) Develop consistent eligibility criteria to ensure that similarly situated recovering servicemembers from different military services have uniform access to these programs; (2) Direct the military services' wounded warrior programs to fully comply with the policies governing care coordination and case management programs and any future changes to these policies; (3) Develop a common mechanism to systematically monitor the performance of the wounded warrior programs--to include the establishment of common terms and definitions--and report this information on a biannual basis to the Armed Services Committees of the House of Representatives and the Senate.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: DOD did not concur with our part (1) of our recommendation to develop consistent eligibility criteria, explaining that the three military department secretaries should have the ability to control entrance criteria into their wounded warrior programs and that varying eligibility criteria have not resulted in noticeable differences in access to these programs by recovering servicemembers or their families. In attachments to a memo dated April 8, 2014, DOD provided an update on progress made to implement parts (2) and (3) of the DOD-specific recommendation made in GAO-13-5. Regarding part (2), DOD reported that budget constraints had delayed its plan to conduct oversight visits to 63 service sites over a 12-month period to ensure that military wounded warrior programs were operating in compliance with DOD Recovery Coordinator Program policy. DOD stated that the Warrior Care Policy office, in coordination with the military service branches, had intended to begin these oversight visits and interviews in September 2013; that as of March 2014, five sites had been reviewed; and that results of the compliance visits would be available upon completion. Regarding part (3) of the recommendation, DOD's memo stated that DOD and VA continue work on developing policies on clinical and non-clinical care coordination. It also noted that interagency metrics for monitoring complex care coordination performance were under development by the DOD/VA Interagency Care Coordination Committee. Further, DOD stated that because the Joint Executive Council publishes an annual report, that reporting the progress in developing common terms and definitions used by wounded warrior programs to congressional committees would be of limited value. As of October 2016, when we determine what additional steps the agency has taken to implement this recommendation, we will update this information.
    Recommendation: To ensure that persistent challenges with care coordination, disability evaluation, and the electronic sharing of health records are fully resolved, the Secretaries of Defense and Veterans Affairs should ensure that these issues receive sustained leadership attention and collaboration at the highest levels with a singular focus on what is best for the individual servicemember or veteran to ensure continuity of care and a seamless transition from DOD to VA. This should include holding the Joint Executive Council accountable for (1) ensuring that key issues affecting recovering servicemembers and veterans get sufficient consideration, including recommendations made by the Warrior Care and Coordination Task Force and the Recovering Warrior Task Force; (2) developing mechanisms for making joint policy decisions; (3) involving the appropriate decision-makers for timely implementation of policy; and; (4) establishing mechanisms to systematically oversee joint initiatives and ensure that outcomes and goals are identified and achieved.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: As of October 2016, under the joint DOD/VA Interagency Care Coordination Committee, the departments have made progress to improve nonclinical care coordination procedures, primarily through the development of two initiatives?the Lead Coordinator initiative (in which a single care coordinator serves as the primary point of contact for a recovering servicemember) and through the use of a single, interagency care plan (ICP) for each recovering servicemember. As of March 2016, the departments were continuing the national rollout of the Lead Coordinator initiative and had trained nearly 3,700 DOD and VA personnel on the new process. In addition, DOD and VA continued the development of the ICP initiative, which will depend upon their ability to electronically exchange the information needed to implement servicemembers' care plans. In December 2015, DOD awarded a contract to support the ICP and to create electronic interoperability with VA. The departments anticipate testing their ability to exchange information digitally in June 2016 and achieving full operational capability by September 2016. We will continue to monitor progress to implement the joint Lead Coordinator and the ICP care coordination initiatives.
    Recommendation: To ensure that persistent challenges with care coordination, disability evaluation, and the electronic sharing of health records are fully resolved, the Secretaries of Defense and Veterans Affairs should ensure that these issues receive sustained leadership attention and collaboration at the highest levels with a singular focus on what is best for the individual servicemember or veteran to ensure continuity of care and a seamless transition from DOD to VA. This should include holding the Joint Executive Council accountable for (1) ensuring that key issues affecting recovering servicemembers and veterans get sufficient consideration, including recommendations made by the Warrior Care and Coordination Task Force and the Recovering Warrior Task Force; (2) developing mechanisms for making joint policy decisions; (3) involving the appropriate decision-makers for timely implementation of policy; and; (4) establishing mechanisms to systematically oversee joint initiatives and ensure that outcomes and goals are identified and achieved.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: As of October 2016, under the joint DOD/VA Interagency Care Coordination Committee, the departments have made progress to improve nonclinical care coordination procedures, primarily through the development of two initiatives?the Lead Coordinator initiative (in which a single care coordinator serves as the primary point of contact for a recovering servicemember) and through the use of a single, interagency care plan (ICP) for each recovering servicemember. As of March 2016, the departments were continuing the national rollout of the Lead Coordinator initiative and had trained nearly 3,700 DOD and VA personnel on the new process. In addition, DOD and VA continued the development of the ICP initiative, which will depend upon their ability to electronically exchange the information needed to implement servicemembers' care plans. In December 2015, DOD awarded a contract to support the ICP and to create electronic interoperability with VA. The departments anticipate testing their ability to exchange information digitally in June 2016 and achieving full operational capability by September 2016. We will continue to monitor progress to implement the joint Lead Coordinator and the ICP care coordination initiatives.
    Director: Lepore, Brian J
    Phone: (202)512-4523

    3 open recommendations
    Recommendation: To enable DOD to achieve cost savings and efficiencies and to track its progress toward achieving these goals, the Secretary of Defense should direct the Deputy Under Secretary of Defense (Installations and Environment) to develop and implement a plan that provides measurable goals linked to achieving savings and efficiencies at the joint bases and provide guidance to the joint bases that directs them to identify opportunities for cost savings and efficiencies. DOD should at a minimum consider the items identified in its recommendation to the 2005 BRAC Commission as areas for possible savings and efficiencies, including (1) paring unnecessary management personnel, (2) consolidating and optimizing contract requirements, (3) establishing a single space management authority to achieve greater utilization of facilities, and (4) reducing the number of base support vehicles and equipment.

    Agency: Department of Defense
    Status: Open

    Comments: DOD did not concur with this recommendation. The department stated that its "patient" approach to cost savings is working, and that the senior joint base working group decided against savings targets because of the complexity involved in setting up the bases. As of October 2017, there had been no further action on this recommendation, according to an official of the Office of the Secretary of Defense's joint basing office.
    Recommendation: To improve DOD's ability to provide a common framework for the management and planning of support services at the joint bases, the Secretary of Defense should direct the Deputy Under Secretary of Defense (Installations and Environment) to direct the joint bases to compile a list of those common standards in all functional areas needing clarification and the reasons why they need to be clarified, including those standards still being provided or reported on according to service-specific standards rather than the common standard.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with this recommendation. It stated that the department already has a quarterly process to review its joint base common standards, and that reviewing all the standards simultaneously does not allow for the depth of analysis required to make sound decisions. An official from the joint basing office of the Office of the Secretary of Defense stated that DOD believes its current review and update process for the joint base common standards is effective and does not need to be changed. As of October 2017, there had been no further action on this recommendation, according to an official of the joint basing office.
    Recommendation: To improve DOD's ability to provide a common framework for the management and planning of support services at the joint bases, the Secretary of Defense should direct the Deputy Under Secretary of Defense (Installations and Environment) to amend the OSD joint standards review process to prioritize review and revision of those standards most in need of clarification within this list.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with his recommendation. The department stated that it already has a quarterly joint base common standards review process, and that reviewing all the standards simultaneously does not allow for the depth of analysis required to make sound decisions. In addition, it noted that the current process incorporates input from the Joint Base commanders, Intermediate Command Summit, and service headquarters. An official from the joint basing office of the Office of the Secretary of Defense stated that DOD believes its current review and update process for the joint base common standards is effective and does not need to be changed. As of October 2017, there had been no further action on this recommendation, according to an official of the Office of the Secretary of Defense's joint basing office.
    Director: King, Kathleen M
    Phone: (202) 512-7114

    1 open recommendations
    including 1 priority recommendation
    Recommendation: In order to promote greater use of effective prepayment edits and better ensure proper payment, and to promote implementation of effective edits based on national policies, the CMS Administrator should develop written procedures to provide guidance to agency staff on all steps in the processes for developing and implementing edits based on national policies, including (1) time frames for taking corrective actions, (2) methods for assessing the effects of corrective actions, and (3) procedures for ensuring consideration of automated edits whenever possible, including for all existing NCDs and other national policies.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open
    Priority recommendation

    Comments: HHS concurred with this recommendation. CMS developed written procedures in November 2012 to provide guidance to agency staff on procedures for ensuring consideration of automated edits whenever possible, as GAO recommended in November 2012, but these procedures do not include several key elements of GAO's recommendation. For example, the written procedures do not include time frames for making decisions on whether an edit will be developed for all existing National Coverage Determinations (NCD) and national policies. The written procedures also do not include requirements for methods to assess the effects of corrective actions taken. Implementing a comprehensive written process for developing edits for national policies could help ensure that edits are implemented whenever possible to reduce improper payments. As of September 2017, CMS had not provided us updated documentation that addressed these aspects of our recommendation. Once received, we will review the information and update this recommendation accordingly.
    Director: Fleming, Susan A
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To enhance the safety of unregulated onshore hazardous liquid and gas gathering pipelines, the Secretary of Transportation should direct the PHMSA Administrator to collect data from operators of federally unregulated onshore hazardous liquid and gas gathering pipelines, subsequent to an analysis of the benefits and industry burdens associated with such data collection. Data collected should be comparable to what PHMSA collects annually from operators of regulated gathering pipelines (e.g., fatalities, injuries, property damage, location, mileage, size, operating pressure, maintenance history, and the causes of incidents and consequences).

    Agency: Department of Transportation
    Status: Open

    Comments: PHMSA is proposing to collect data from previously unregulated gas gathering lines via a Natural Gas rulemaking; PHMSA anticipates issuing the final rule by December 30, 2017.
    Director: Melvin, Valerie C
    Phone: (202) 512-6304

    2 open recommendations
    Recommendation: To help ensure the success of FDA's modernization efforts, the Commissioner of FDA should direct the CIO to, in completing the assessment of Mission Accomplishments and Regulatory Compliance Services (MARCS), develop an integrated master schedule (IMS) that (1) identifies which legacy systems will be replaced and when; (2) identifies all current and future tasks to be performed by contractors and FDA; and (3) defines and incorporates information reflecting resources and critical dependencies.

    Agency: Department of Health and Human Services: Food and Drug Administration
    Status: Open

    Comments: In commenting on our report, the Department of Health and Human Services neither agreed nor disagreed with our recommendations. However, in response to this recommendation, FDA officials developed an integrated master schedule (IMS) for the Mission Accomplishment and Regulatory Compliance System, along with corresponding sub-project schedules. The officials also provided explanations of their approach for updating the schedules and estimating resources that are reflected in the schedules, and evidence that the agency is updating the schedule regularly. However, the IMS did not identify all legacy systems to be replaced, did not trace all tasks and contractor subproject schedules, and did not include information reflecting the use of government resources. In 2016, we requested that FDA provide an update on their efforts to address these limitations. As of September 2017, the agency restructured MARCS into two projects and notified us that it was working to establish an IMS for each. FDA officials expect to complete the schedules by the end of calendar year 2017. Until FDA takes steps to address the noted deficiencies, it will lack key information needed for determining what work remains and for identifying and addressing potential problems, thus increasing risks to the success of the agency's modernization efforts. We will continue to work with the Department to address this recommendation.
    Recommendation: To help ensure the success of FDA's modernization efforts, the Commissioner of FDA should direct the CIO to monitor progress of MARCS against the integrated master schedule IMS.

    Agency: Department of Health and Human Services: Food and Drug Administration
    Status: Open

    Comments: In commenting on the report, the Department of Health and Human Services neither agreed nor disagreed with our recommendations. However, in response to this recommendation, FDA officials provided a baseline schedule, integrated master schedule (IMS), and sub-project schedules intended to be used to monitor progress of the agency's efforts to implement changes to the Mission Accomplishment and Regulatory Compliance System (MARCS). Nonetheless, while the IMS is updated regularly, it contains data anomalies, and FDA has not documented reasons for changes to the schedule. Consequently, the schedule does not include complete and reliable information needed for monitoring progress of the system investment. As of September 2017, the agency restructured MARCS into two projects and notified us that it was working to establish an IMS for each. FDA officials expect to complete the schedules by the end of calendar year 2017, and to use the schedules to continually monitor the status of the projects. Until FDA takes steps to address deficiencies noted in the IMS for MARCS, it will continue to lack key data needed to monitor progress of the implementation of the system, and increase the risks of this key component of the agency's modernization efforts. We will continue to work with the Department to address this recommendation.
    Director: Goldstein, Mark L
    Phone: (202)512-6670

    2 open recommendations
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Justice
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.
    Director: Mctigue, James R Jr
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To better ensure that economically similar outcomes are taxed similarly and minimize opportunities for abuse, the Secretary of the Treasury should undertake a study that compares the current approach to alternative approaches for the taxation of financial derivatives. To determine if changes would be beneficial, such a study should weigh the tradeoffs to IRS and taxpayers that each alternative presents, including simplicity, administrability, and economic efficiency.

    Agency: Department of the Treasury
    Status: Open

    Comments: Treasury disagreed with this recommendation based on the fact that many outside studies already exist and IRS did not comment. While Treasury disagreed with the recommendation, debate on tax reform, both in Congress and within IRS, continues and actions to ensure that economically similar outcomes are taxed similarly seem likely. GAO continues to maintain that further study is needed in coordination with IRS. If financial derivatives are included in tax reform, this could lead to savings for the federal government. GAO will continue to monitor progress on tax reform and whether it includes changes to the taxation of financial derivatives consistent with the recommendation.
    Director: Farrell, Brenda S
    Phone: (202) 512-3604

    2 open recommendations
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness to coordinate with the services on conducting research, as appropriate, to determine optimal bonus amounts.

    Agency: Department of Defense
    Status: Open

    Comments: In a July 2012 report, the USD (P&R) stated that it continues to believe that a study to determine optimal bonus amounts would be beneficial. As of September 2015, DOD is working with the RAND Corporation to develop a model to analyze the impact of adjusting bonuses and special pays for certain personnel communities. According to officials at USD (P&R) the goal of this effort is to provide the services with a tool that can be used to set bonuses and special pays more efficiently. The officials added that models have been developed for officers in the aviation community, and are currently being developed for officers in the healthcare and special operations communities.
    Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Personnel and Readiness, as the consolidation of the special and incentive pay programs is completed over the next 7 years and the instructions directing the services on how to administer the new programs are revised, to monitor the implementation of this consolidation to determine whether it is in fact resulting in greater flexibility and more precise targeting of resources and what impact the consolidation is having on DOD's budget.

    Agency: Department of Defense
    Status: Open

    Comments: In a July 2012 report, the USD (P&R) states that it continues to consolidate special and incentive pay authorities. However, because this consolidation is not yet complete, it has not yet determined whether this consolidation has resulted in greater flexibility, as GAO recommended. In June 2013, OSD reported that OSD was about halfway through with its effort to consolidate special pay authorities, and in September 2015 USD (P&R) officials stated that this effort is continuing. The officials added that, while the Department is tracking the impact of the consolidation on the cost of special and incentive pays, it had not assessed whether the consolidation had resulted in greater flexibility.
    Director: Iritani, Katherine M
    Phone: (206)287-4820

    2 open recommendations
    Recommendation: In light of the need for accurate and complete information on children's access to health services under Medicaid and CHIP, the requirement that states report information to CMS on certain aspects of their Medicaid and CHIP programs, and problems with accuracy and completeness in this state reporting, the Administrator of CMS should establish a plan, with goals and time frames, to review the accuracy and completeness of information reported on the CMS 416 and CHIP annual reports and ensure that identified problems are corrected.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: In September 2016, CMS said that it was taking new steps to review data on children's access and quality of care by reviewing required reports that evaluate states' Medicaid managed care plans; however, these reports do not represent a consistent set of measures used by all states that CMS can use for oversight purposes. Accurate, complete, and reliable data for both Medicaid and CHIP are necessary for CMS's oversight of children's access to services. GAO considers this recommendation open.
    Recommendation: In light of the need for accurate and complete information on children's access to health services under Medicaid and CHIP, the requirement that states report information to CMS on certain aspects of their Medicaid and CHIP programs, and problems with accuracy and completeness in this state reporting, the Administrator of CMS should work with states to identify additional improvements that could be made to the CMS 416 and CHIP annual reports, including options for reporting on the receipt of services separately for children in managed care and fee-for-service delivery models, while minimizing reporting burden, and for capturing information on the CMS 416 relating to children's receipt of treatment services for which they are referred.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: In September 2016, CMS said that it had changed the instructions for completing the CMS 416 to provide more detailed guidance for states on capturing required information on the total number of children who were referred for treatment services. However, CMS is not planning to require states to submit information on whether children received the treatment services for which they were referred. We maintain that having ability to monitor receipt of treatment services, receipt of services in managed care separate from fee-for-service, and having data from all states is important to CMS oversight. GAO considers this recommendation open.
    Director: Gambler, Rebecca
    Phone: (202) 512-6912

    2 open recommendations
    Recommendation: To help ensure DHS is maximizing the benefits of its coordination efforts with northern border partners through interagency forums, documented agreements, and its resource planning process, the Secretary of Homeland Security should provide DHS-level guidance and oversight for interagency forums established or sponsored by its components to ensure that the missions and locations are not duplicative and to consider the downstream burden on northern border partners.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2011, we reviewed and reported the extent to which the Department of Homeland Security (DHS) had improved federal coordination of border security intelligence and enforcement operations with state, local, and Canadian law enforcement partners. We found, among other things, that DHS improved northern border security coordination through interagency forums and joint operations; however, partners raised concerns about the resources needed for the increasing number of interagency forums and that some efforts may be overlapping. In May 2011 and June 2012, DHS reported that it took action to coordinate law enforcement initiatives and advance communications interoperability and information sharing, while reducing duplicative activities. DHS also reported that the DHS Northern Border Strategy, released in June 2012, is intended to align internal DHS operations and provide a unified direction that will also help the department reduce duplicative activities. However, DHS's efforts to coordinate law enforcement initiatives and its Northern Border Strategy do not specifically address possible duplication of efforts and resource constraints that may be imposed by interagency forums. Further, DHS leadership has not yet determined how the strategy will be implemented. In October 2015, DHS officials stated that a statement of cooperation for a Cross-Border Law Enforcement Advisory Committee was signed by all five core members. The intent of the committee is to provide executive-level strategic guidance to cross-border law enforcement initiatives involving partnerships between U.S. and Canadian law enforcement agencies on the northern border. However, DHS officials stated that it will take at least a year to show how this committee will increase coordination and prevent duplication among interagency forums, including the IBET and BEST. Development of this committee is a positive step; however, it is too soon to assess the extent to which this committee helps prevent duplication of effort and strengthen coordination efforts along the northern border. As of August 31, 2017, DHS had not provided updated information to show how the committee increased coordination and prevented duplication among interagency forums. To fully address this recommendation, DHS needs to provide guidance specific to interagency forums established or sponsored by its components and conduct DHS-level oversight for those forums to ensure they are not duplicative and do not burden northern border partners.
    Recommendation: To help ensure DHS is maximizing the benefits of its coordination efforts with northern border partners through interagency forums, documented agreements, and its resource planning process, the Secretary of Homeland Security should provide regular DHS-level oversight of Border Patrol and ICE compliance with the provisions of the interagency memorandum of understanding (MOU), including evaluation of outstanding challenges and planned corrective actions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2011, we reviewed and reported on the extent to which the Department of Homeland Security (DHS) had made progress in addressing past coordination challenges between U.S. Border Patrol, an office within U.S. Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE), and across the Drug Enforcement Administration and Forest Service, according to northern border security partners. We found, among other things, that federal agency coordination to secure the northern border was improved, but partners cited ongoing challenges sharing information and resources for daily border security related to operations and investigations despite the efforts made to establish and update interagency agreements. In June 2012, DHS reported that the DHS Northern Border Strategy emphasizes the importance of partnerships and coordination and discusses the benefits that can be garnered through collaboration and information sharing. DHS also reported that a National Special Agent in Charge/Chief Patrol Agent Advisory Council was established to enhance collaboration between Border Patrol and ICE, which includes addressing historical points of contention between the two components. While the strategy emphasizes and encourages coordination between Border Patrol and ICE, it does not specifically address compliance with the interagency memoranda of agreement, evaluation of longstanding challenges, or any planned corrective actions. In addition, the advisory council established does not provide DHS-level oversight as it is composed of ICE and Border Patrol officials. In October 2015, DHS officials stated that the Cross-Border Law Enforcement Advisory Committee may provide DHS-level oversight because both CBP and ICE officials are members of the committee. However, as of August 31, 2017, DHS has not yet indicated how the committee may provide guidance and oversight to ensure Border Patrol and ICE compliance with the provisions of the interagency memorandum of understanding, and DHS could not provide timeframes for addressing this recommendation. To fully address this recommendation, DHS needs to take action to specifically address long-standing coordination challenges and enforce DHS-level oversight of Border Patrol and ICE compliance with the interagency memoranda of agreement.