Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Physical security"

    15 publications with a total of 49 open recommendations including 6 priority recommendations
    Director: Lori Rectanus
    Phone: (202) 512-2834

    8 open recommendations
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Commissioner of U.S. Customs and Border Protection should, with regard to the updated Security Policy and Procedures Handbook, include the ISC's Risk Management Process for Federal Facilities requirement to assess all undesirable events, consider all three factors of risk, and document deviations from the standard.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Commissioner of U.S. Customs and Border Protection, with regard to the updated Security Policy and Procedures Handbook, should include data collection and analysis requirements for monitoring the performance of CBP's physical security program.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Commissioner of U.S. Customs and Border Protection, should revise the assumptions used in the plan to address the backlog to balance assessments with competing priorities, such as updating the policy manual and reviewing new construction design, to develop a feasible time frame for completing the assessment backlog.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Secretary of Transportation should direct the FAA Administrator to develop a plan that provides sufficient details on the activities needed and time frames within the date when FAA will implement an improved methodology.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Secretary of Transportation should direct the FAA Administrator to update FAA's policy to require the use of a methodology that fully aligns with the ISC's Risk Management Process for Federal Facilities for assessing all undesirable events, considering all three factors of risk, and documenting all deviations from the standard countermeasures.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Secretary of Transportation should direct the FAA Administrator to update FAA's policy to include ongoing monitoring of physical security information.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Secretary of Agriculture should include data collection and analysis requirements for monitoring the performance of agencies' physical security programs, in the department's revised physical-security manual.

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Secretary of Agriculture should direct the Administrator of the Agricultural Research Service and the Chief of the Forest Service to implement and monitor a long-term assessment schedule with key milestones to ensure that higher-level facilities are reassessed at least once every 3 years.

    Agency: Department of Agriculture
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Seto J. Bagdoyan
    Phone: (202) 512-6722

    4 open recommendations
    Recommendation: The NIST Director should incorporate elements of key practices into the implementation of the Security Sprint action plans, by establishing a comprehensive communication strategy for employees; interim milestone dates; and measures to assess effectiveness. (Recommendation 1)

    Agency: Department of Commerce: National Institute of Standards and Technology
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the Office of Security (OSY), in coordination with the NIST Director, should conduct an evaluation of the effectiveness of the current security management structure as compared to a consolidated security structure, centrally managed by OSY, to identify the most effective and feasible approach to physical security at NIST. (Recommendation 2)

    Agency: Department of Commerce: Office of Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of OSY should ensure that the draft Commerce risk management policy is finalized and implemented in accordance with the ISC's RMP Standard, by requiring the following: (1) Use and documentation of a sound risk assessment methodology that assesses the threats, vulnerabilities, and consequences for each of the undesirable events required by the RMP Standard, and use of these three factors to measure risk. (2) Documentation of key risk management decisions, such as justification and tenants' approval for facility security level (FSL) determinations, justification for deviation from baseline levels of risk or protection, as well as risk acceptance and consideration of alternative countermeasures. (3) Establishment of a facility security committee (FSC) at multitenant facilities and campuses, including locations such as the NIST Boulder campus. (4) ISC training for all OSY assessors and the individuals responsible for deciding to implement countermeasures and accepting risk. (Recommendation 3)

    Agency: Department of Commerce: Office of Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The NIST Director should finalize and implement risk management policies and procedures, ensuring that they contain a formal coordination mechanism between OSY and NIST and are aligned with Commerce's revised risk management policy, particularly with regard to establishing FSCs. (Recommendation 4)

    Agency: Department of Commerce: National Institute of Standards and Technology
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    7 open recommendations
    Recommendation: The Secretary of the Interior should direct the Director of the National Park Service to direct the U.S. Park Police to ensure that performance measures linked to program goals are included as part of its updated strategic plan and direct it to develop a timeline for completion of this plan.

    Agency: Department of the Interior
    Status: Open

    Comments: Interior concurred with this recommendation and said it would take steps to implement it. When we confirm what actions Interior has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Interior should direct the Director of the National Park Service to direct the U.S. Park Police to seek additional input from federal entities with expertise regarding ways to enhance testing of its physical security program.

    Agency: Department of the Interior
    Status: Open

    Comments: Interior concurred with this recommendation and said it would take steps to implement it. When we confirm what actions Interior has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Smithsonian Institution should direct the Office of Protection Services to develop program goals and ensure that performance measures linked to those goals are included as part of the strategic plan for security and develop a timeline for completion of this plan.

    Agency: Smithsonian Institution
    Status: Open

    Comments: The Smithsonian concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the Smithsonian has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of the Smithsonian Institution should direct the Office of Protection Services to seek additional input from federal entities with expertise regarding ways to enhance testing of the physical security program.

    Agency: Smithsonian Institution
    Status: Open

    Comments: The Smithsonian concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the Smithsonian has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to develop a process for documenting risk management decisions.

    Agency: National Gallery of Art
    Status: Open

    Comments: The National Gallery concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the National Gallery has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to ensure that program goals and performance measures linked to those goals are included as part of the master security plan and develop a timeline for completion of this plan.

    Agency: National Gallery of Art
    Status: Open

    Comments: The National Gallery concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the National Gallery has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of the National Gallery of Art should direct the Office of Protection Services to seek additional input from federal entities with expertise regarding ways to enhance testing of the physical security program.

    Agency: National Gallery of Art
    Status: Open

    Comments: The National Gallery concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the National Gallery has taken in response to this recommendation, we will provide updated information.
    Director: Shelby S. Oakley
    Phone: (202) 512-3841

    4 open recommendations
    Recommendation: The Secretary of Energy, working with the Administrator of the National Nuclear Security Administration, should include more complete information on the assessments--that is, security plans, vulnerability assessments, independent assessments, and other assessments--used in the annual reports to support the agencies' assessments that DOE and NNSA sites are secure.

    Agency: Department of Energy
    Status: Open

    Comments: When we confirm what actions the agency has taken, we will update.
    Recommendation: The Secretary of Energy, working with the Administrator of the National Nuclear Security Administration, should better align the internal review process and mandated report publication deadlines.

    Agency: Department of Energy
    Status: Open

    Comments: When we confirm what actions the agency has taken, we will update.
    Recommendation: Additionally, the Secretary of Energy should develop a plan for addressing the physical security infrastructure needs at DOE sites. Similar to a report under development by NNSA, this plan could identify cost and time frames and enable DOE and the Congress to prioritize these projects.

    Agency: Department of Energy
    Status: Open

    Comments: When we confirm what actions the agency has taken, we will update.
    Recommendation: Additionally, the Secretary of Energy should, in future annual security certification reports, inform Congress of the reasons for the delayed implementation of the June 2011 DOE material control and accountability order at some sites, as well as the steps DOE and its sites are taking to implement it. DOE should also provide Congress with information on any vulnerabilities or deficiencies in the security at sites that may potentially exist while the sites complete implementation of the order as well as information on any concomitant adjustment to their security posture that is required.

    Agency: Department of Energy
    Status: Open

    Comments: When we confirm what actions the agency has taken, we will update.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    4 open recommendations
    Recommendation: The Attorney General should instruct the Director of the Marshals Service to ensure that the improvements being made to the Marshals Service's information on the security concerns of individual buildings allow the Marshals Service to understand the concerns across the portfolio.

    Agency: Department of Justice
    Status: Open

    Comments: When we confirm what actions the Marshalls Service has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of GSA and the Director of the AOUSC, on behalf of the Judicial Conference of the United States, in conjunction with the Marshals Service and FPS, should improve CSP documentation in order to improve transparency and collaboration in the CSP program.

    Agency: General Services Administration
    Status: Open

    Comments: When we confirm what actions GSA has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of GSA and the Director of the AOUSC, on behalf of the Judicial Conference of the United States, in conjunction with the Marshals Service and FPS, should improve CSP documentation in order to improve transparency and collaboration in the CSP program.

    Agency: Administrative Office of the United States Courts
    Status: Open

    Comments: When we confirm what actions AOUSC has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of GSA--in conjunction with AOUSC, the Marshals Service, and FPS--should establish a national-level working group or similar forum, consisting of leadership designees with decision-making authority, to meet regularly to address courthouse security issues.

    Agency: General Services Administration
    Status: Open

    Comments: When we confirm what actions GSA has taken in response to this recommendation, we will provide updated information.
    Director: David Wise
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Administrator of the General Services Administration should determine whether the beneficial owner of high-security space that GSA leases is a foreign entity and, if so, share that information with the tenant agencies so they can adequately assess and mitigate any security risks.

    Agency: General Services Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Charles Michael Johnson, Jr.
    Phone: (202) 512-7331

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To strengthen compliance with the Leahy laws and implementation of State's human rights vetting process and to help ensure that U.S. funded assistance is not provided to Egyptian security forces that have committed gross violations of human rights, as State works to implement a revised version of the International Vetting and Security Tracking system (INVEST) system that is expected to help facilitate equipment vetting, the Secretary of State should develop time frames for establishing corresponding policies and procedures to implement a vetting process to help enable the U.S. government to provide a more reasonable level of assurance that equipment is not transferred to foreign security forces, including those in Egypt, when there is credible information that a unit has committed a gross violation of human rights.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: State agreed with this recommendation. State acknowledged challenges identifying recipients of equipment across the range of assistance activities, but noted that it would continue to update its systems and procedures to facilitate human rights vetting for recipients of equipment. In April 2017, State reported that it had provided finalized guidance on vetting Egyptian recipients of Foreign Military Financing-funded equipment to Embassy Cairo. These procedures have been incorporated into a revised version of Embassy Cairo's guide for conducting human rights vetting. According to State, Embassy Cairo has implemented these procedures. Also, as of June 2017, State has added new features to INVEST to help facilitate vetting of equipment recipients. However, State has not yet provided information on its plans for adopting the procedures used in Egypt more broadly in other countries that also receive equipment through the Foreign Military Financing account or through other U.S. assistance programs. In addition, State has not established requirements for posts to use the new equipment vetting features in INVEST. We will continue to monitor agency efforts to implement this recommendation.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    8 open recommendations
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on a joint strategy and finalizing it in order to define and articulate a common understanding of expected outcomes and align the two agencies' activities and core processes to achieve their related missions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for completing a joint strategy for federal security once its memorandum of agreement with the General Services Administration is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on a joint strategy and finalizing it in order to define and articulate a common understanding of expected outcomes and align the two agencies' activities and core processes to achieve their related missions.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported that until FPS works with GSA specifically on the joint strategy, no final document will be released.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on the two agencies' respective roles and responsibilities for federal facility security, and update and finalize the two agencies' MOA accordingly.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it is working internally to prepare the memorandum of agreement for review and signature by the FPS Director, pending no additional changes are required to the document.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on the two agencies' respective roles and responsibilities for federal facility security, and update and finalize the two agencies' MOA accordingly.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported sending a final MOA draft to FPS in December 2015 and stated that it hopes to have a signed MOA by both agencies when leadership is in place.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop a process to ensure that compatible policies and procedures, including those for information sharing, are communicated at the regional level so that regional officials at both agencies have common information on how to operationalize the two agencies' collaborative efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for the issuance of a joint field guidance for working with the General Services Administration (GSA) once its memorandum of agreement with GSA is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop a process to ensure that compatible policies and procedures, including those for information sharing, are communicated at the regional level so that regional officials at both agencies have common information on how to operationalize the two agencies' collaborative efforts.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported developing and releasing "GSA Order 1000.1 Document Security for Handling Facility Security Assessments" to ensure that when GSA receives a Facility Security Assessment from FPS, it will be handled in a consistent, appropriate manner.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop mechanisms to monitor, evaluate, and report on their collaborative efforts to protect federal facilities in order to identify possible areas for improvement and to reinforce accountability.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, FPS reported that it will begin the process for the appointment of an FPS-GSA Liaison once its memorandum of agreement with GSA is updated and signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop mechanisms to monitor, evaluate, and report on their collaborative efforts to protect federal facilities in order to identify possible areas for improvement and to reinforce accountability.

    Agency: General Services Administration
    Status: Open

    Comments: As of September 2017, GSA reported that the updated MOA will cover this recommendation once signed.
    Director: Michael J. Courts
    Phone: (202) 512-8980

    3 open recommendations
    including 3 priority recommendations
    Recommendation: To enhance State's efforts to manage risks to residences, schools, and other soft targets overseas, the Secretary of State should direct the Bureau of Diplomatic Security (DS) to institute procedures to improve posts' compliance with requirements for conducting residential security surveys.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: To improve posts' compliance with residential survey requirements, State is developing a global standardized residential survey program that, according to DS, will give DS officials at State headquarters and security officers at posts the ability to access and audit security surveys for all residential holdings. DS estimated a 12-month development cycle for this program beginning in February 2017. As of October 2017, State had not completed the described actions. We will continue to monitor State's progress in implementing this recommendation.
    Recommendation: To enhance State's efforts to manage risks to residences, schools, and other soft targets overseas, the Secretary of State should direct DS to take steps to clarify existing standards and security-related guidance for residences. For example, DS could conduct a comprehensive review of its various standards and security-related guidance for residences and take steps to identify and eliminate gaps and inconsistencies.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: State conducted a review of existing standards and identified numerous gaps, inconsistencies, and standards receiving exceptions more than being followed. As of October 2017, State was in the process of updating these standards. We will continue to monitor State's progress in implementing this recommendation.
    Recommendation: To enhance State's efforts to manage risks to residences, schools, and other soft targets overseas, the Secretary of State should direct DS to develop procedures for ensuring that all residences at posts overseas either meet applicable standards or have required exceptions on file.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: To ensure residences meet applicable standards, State is developing a global standardized residential survey program that, according to DS, will give DS officials at State headquarters and security officers at posts the ability to access and audit security surveys for all residential holdings. DS has estimated a 12-month development cycle for this program beginning in February 2017. As of October 2017, DS had also launched a system to track exception requests and approvals. We will continue to monitor State's progress in implementing this recommendation.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of the Department of Homeland Security should direct FPS to develop and implement a strategy for using covert-testing data and data on prohibited items to improve FPS's security-screening efforts. The strategy should, at a minimum, aim to ensure that: (1) covert-testing data are used to systematically monitor, review, and improve performance nationwide; (2) covert-testing data are used to determine which testing scenarios will be implemented or reinstated; and (3) data on prohibited items are analyzed to determine the reasons for wide variations in the number of reported prohibited-items detected across buildings and to assist with managing the screening process and informing policy.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, implementation of this recommendation was in process, according to the Federal Protective Service (FPS). FPS provided no additional information, but plans to update GAO in the coming weeks on the status of this and other open recommendations.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of Homeland Security, in consultation with GSA, should develop and implement a strategy to address cyber risk to building and access control systems that, among other things: (1) defines the problem; (2) identifies roles and responsibilities; (3) analyzes the resources needed; and (4) identifies a methodology for assessing this cyber risk.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions DHS has taken in response to this recommendation, we will provide updated information.
    Director: Courts, Michael J
    Phone: (202) 512-8980

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To strengthen the applicability and effectiveness of the Department of State's physical security standards, the Secretary of State should work through DS or, in his capacity as chair, through the OSPB to clarify existing flexibilities in the FAH to ensure that security and life-safety updates to the OSPB standards and Physical Security Handbook are updated through an expedited review process.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: As of September 2017, State had drafted a revision to the Overseas Security Policy Board (OSPB) Working Group Guidelines in the Foreign Affairs Handbook (FAH) to clarify existing flexibilities for and to formalize an expedited process for making security and life-safety updates to the OSPB standards and Physical Security Handbook, and according to State, the revisions are under review.
    Recommendation: To strengthen the effectiveness of the Department of State's risk management policies, the Secretary of State should develop a risk management policy and procedures for ensuring the physical security of diplomatic facilities, including roles and responsibilities of all stakeholders and a routine feedback process that continually incorporates new information.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: In December 2016, we learned that State had convened a working group to develop a comprehensive risk management policy. According to State, the Bureau of Diplomatic Security is coordinating this working group. As of September 2017, State expects to publish the new risk management policy by December 31, 2018.
    Director: Clark, Cheryl E
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: The Commissioner of the Internal Revenue Service should direct the appropriate IRS officials to update the Internal Revenue Manual (IRM) to specify steps to be followed to prevent campus support clerks as well as any other employees who process payments through the electronic check presentment system from making adjustments to taxpayer accounts.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: During fiscal year 2012, IRS updated the IRM to require managers to verify that all campus support employees who process payments through the electronic check presentment system have the appropriate command code restriction in their IDRS profiles to prevent them from making adjustments to taxpayer accounts. However, during our subsequent audits we found that in updating the IRM, IRS did not undertake a global review of the level of access provided to all employee groups who handle hard-copy taxpayer receipts and related sensitive information to ensure that their levels of IDRS access were appropriate. As a result, in May 2016, IRS reassessed the risks at its TACs, including the specific risks and mitigating factors associated with allowing TAC employees to process taxpayer remittances through the electronic check presentment system and to adjust taxpayer accounts. However, IRS did not update the IRM to reflect the conclusions from the risk assessment related to TAC employees needing access to certain sensitive command codes as part of their normal job duties. We will continue to evaluate IRS's actions to address this recommendation during our fiscal year 2017 audit.
    Director: Goldstein, Mark L
    Phone: (202)512-6670

    2 open recommendations
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Justice
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.
    Director: Aloise, Eugene E
    Phone: (202)512-6870

    2 open recommendations
    Recommendation: To ensure that NNSA functions as a separately organized agency, the Secretary of Energy and the Administrator, NNSA, should clearly define NNSA's status as a separately organized agency within the department.

    Agency: Department of Energy
    Status: Open

    Comments: In his 31 USC Section 720 response to our report, the Deputy Secretary of Energy stated that he did not concur with this recommendation. He stated that elements of the Department and the NNSA had executed memoranda of understanding specifying how certain Department-wide functions would be performed while respecting the statutory insulation of NNSA personnel. He also stated that the Department will consider issuing circumstance-specific guidance where required to correct misperceptions about the effect of the NNSA's act limitations. NNSA's relationship with DOE continues to evolve. NNSA asserted its independence aggressively through July 2012 when an important security incident took place at the Y-12 plant. Since that time, NNSA has been less independent.
    Recommendation: To ensure that NNSA functions as a separately organized agency, the Secretary of Energy and the Administrator, NNSA, should clearly define NNSA's status as a separately organized agency within the department.

    Agency: Department of Energy: National Nuclear Security Administration
    Status: Open

    Comments: In his 31 USC Section 720 response to our report, the Deputy Secretary of Energy stated that he did not concur with this recommendation. He stated that elements of the Department and the NNSA had executed memoranda of understanding specifying how certain Department-wide functions would be performed while respecting the statutory insulation of NNSA personnel. He also stated that the Department will consider issuing circumstance-specific guidance where required to correct misperceptions about the effect of the NNSA's act limitations. Since we received the letter, there have been instances where the DOE/NNSA relationship has become less clear.