Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Proprietary data"

    10 publications with a total of 25 open recommendations including 2 priority recommendations
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    3 open recommendations
    Recommendation: To effectively implement key elements of the FDA's information security program, the Secretary of Health and Human Services should direct the Commissioner of FDA to update security plans to ensure the plans fully and accurately document the controls selected and intended for protecting each of the six systems.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: FDA concurred with the recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To effectively implement key elements of the FDA's information security program, the Secretary of Health and Human Services should direct the Commissioner of FDA to implement a process to effectively monitor and track training for personnel with significant security roles and responsibilities.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: FDA concurred with the recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Recommendation: To effectively implement key elements of the FDA's information security program, the Secretary of Health and Human Services should direct the Commissioner of FDA to ensure that personnel with significant security responsibilities receive role-based training.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: FDA concurred with the recommendation but has not yet provided sufficient evidence that it has implemented the recommendation.
    Director: Rebecca Shea
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To maximize resources for the Inland Waterways Trust Fund, the Commissioner of Internal Revenue should consult with the U.S. Army Corps of Engineers to explore options to obtain proprietary data to enhance IRS's efforts to ensure taxpayer compliance with the inland waterways fuel tax.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Mihm, J Christopher
    Phone: (202) 512-3236

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To help ensure that agencies report consistent and comparable data on federal spending, the Director of OMB, in collaboration with the Secretary of the Treasury, should provide agencies with additional guidance to address potential clarity, consistency, or quality issues with the definitions for specific data elements including Award Description and Primary Place of Performance and that they clearly document and communicate these actions to agencies providing this data as well as to end-users.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open
    Priority recommendation

    Comments: In May 2016, OMB issued guidance for DATA Act Implementation entitled, Implementing Data-Centric Approach for Reporting Federal Spending Information (Management Procedures Memorandum No. 2016-03). This memorandum provided guidance on new federal prime award reporting requirements, agency assurances, and authoritative sources for reporting. In August 2016, OMB released additional draft guidance describing how agencies should report financial information involving intragovernmental transfers and personally identifiable information, as well as how agency Senior Accountable Officials should provide quality assurances for submitted data. Despite these positive steps, we continue to have concerns about the need for additional guidance to facilitate agency implementation of certain data definitions (such as "primary place of performance" and "award description") in order to produce consistent and comparable information, and whether the guidance provides sufficient detail in areas such as the process for providing assurance on data submissions.
    Director: Michael J. Sullivan
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To improve technology transition planning and outcomes at DARPA, the Secretary of Defense should direct the Director, DARPA, to oversee assessments of technology transition strategies for new and existing DARPA programs as part of existing milestone reviews used to assess scientific and technical progress to inform transition planning and program changes, as necessary. Our analysis identified four factors that could underpin these assessments, but the uniqueness of individual DARPA programs suggests that other considerations may also be warranted.

    Agency: Department of Defense
    Status: Open

    Comments: Although DOD partially concurred with this recommendation, the Assistant Secretary of Defense for Research and Engineering stated in August 2016 that DOD did not agree with directing the DARPA Director to mandate assessments of technology transition beyond what is currently being conducted throughout the agency. He further stated that the Director of DARPA already participates in technology transition discussions throughout DARPA program's lifecycle to include the initial briefing of a program and milestone reviews. Furthermore, he stated that in 2013, the Director, DARPA directed the Adaptive Execution Office (AEO) to assist DARPA Program Managers with engagement and technology transition strategies for their programs, and AEO tracks and documents the final transition status of DARPA programs. A DARPA representative stated in June 2017 that there has been no change in status and that no additional related actions are planned. We will continue to track any developments that relate to this recommendation.
    Recommendation: To improve technology transition planning and outcomes at DARPA, the Secretary of Defense should direct the Director, DARPA, to increase technology transition training requirements and offerings for DARPA program managers, leveraging existing DOD science and technology training curricula, as appropriate.

    Agency: Department of Defense
    Status: Open

    Comments: Although DOD partially concurred with this recommendation, the Assistant Secretary of Defense for Research and Engineering stated in August 2016 that DOD disagreed with directing the DARPA Director to increase training requirements. He stated that DOD believes DARPA's current approach of uniquely tailored training focusing on a programs unique transition needs is most appropriate. He further noted that DARPA continues to explore opportunities to draw from existing DOD and other training materials to offer tailored and streamlined training to its program managers that works within the relatively short tenure of a DARPA program manager. A DARPA representative stated in June 2017 that there has been no change in status and that no additional related actions are planned. We will continue to track any developments that relate to this recommendation.
    Director: Cary Russell
    Phone: (202) 512-5431

    6 open recommendations
    including 1 priority recommendation
    Recommendation: To help DOD develop an affordable sustainment strategy for the F-35, the Secretary of Defense should direct the Under Secretary of Defense for Acquisitions, Technology and Logistics to direct the F-35 Program Executive Officer to establish affordability constraints linked to, and informed by, military service budgets that will help guide sustainment decisions, prioritize requirements, and identify additional areas for savings by March 2015, at which point the Future Support Construct decision will be approved.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our recommendation and stated in April 2017 that the F-35 Program Executive Officer and the F-35 enterprise have expanded their collaborative effort to reduce F-35 operating and support (O&S) costs to ensure that they deliver affordable readiness for the F-35 fleet. In an effort to reduce overall O&S costs, the department has undertaken several initiatives. For example, according to DOD, as of January 2017, a program office "cost war room" initiative had reduced the 2012 F-35 annual cost estimate by $60.7 billion. Additionally, according to DOD, a Reliability and Maintainability Improvement Program has resulted in a $1.7 billion O&S cost avoidance through the program's life cycle. Other efforts are also under way that aim to help reduce O&S costs by better informing sustainment decision-making. While the department is taking steps to try to reduce overall O&S costs, the program has yet to develop affordability constraints linked to the military services' budgets. Without affordability constraints that are linked to military service budgets, it remains unclear the extent to which the military services can afford to operate and sustain the F-35 throughout its life cycle as currently planned.
    Recommendation: To help DOD address key risks to F-35 affordability and operational readiness, and to improve the reliability of its O&S cost estimates for the life cycle of the program, the Secretary of Defense should direct the F-35 Program Executive Officer, to enable DOD to better identify, address, and mitigate performance issues with the Autonomic Logistics Information System (ALIS) that could have an effect on affordability, as well as readiness, to establish a performance-measurement process for ALIS that includes, but is not limited to, performance metrics and targets that (1) are based on intended behavior of the system in actual operations and (2) tie system performance to user requirements.

    Agency: Department of Defense
    Status: Open

    Comments: According to DOD officials, the ALIS Integrated Product Team (IPT) is continuing to work with the Joint Program Office's Performance Based Logistics (PBL) team to further develop and refine appropriate metrics for inclusion into future sustainment contracts. Although DOD has made progress in developing performance metrics for ALIS, as of September 2017, DOD has yet to develop metrics that are based on intended behavior of the system and tie system performance to user requirements. Until this progression is made, this recommendation will remain open.
    Recommendation: To help DOD address key risks to F-35 affordability and operational readiness, and to improve the reliability of its O&S cost estimates for the life cycle of the program, the Secretary of Defense should direct the F-35 Program Executive Officer, to develop a high level of confidence that the aircraft will achieve its R+M goals, to develop a software reliability and maintainability (R+M) assessment process, with metrics, by which the program can monitor and determine the effect that software issues may have on overall F-35 R+M issues.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has an R&M assessment process in place, but as of September 2017, had not developed a process that would focus directly on software reliability and maintainability. Until DOD develops a process more focused on software and its effects on overall R&M issues, this recommendation will remain open.
    Recommendation: To help DOD address key risks to F-35 affordability and operational readiness, and to improve the reliability of its O&S cost estimates for the life cycle of the program, the Secretary of Defense should direct the F-35 Program Executive Officer, to promote competition, address affordability, and inform its overarching sustainment strategy, to develop a long-term Intellectual Property (IP) Strategy to include, but not be limited to, the identification of (1) current levels of technical data rights ownership by the federal government and (2) all critical technical data needs and their associated costs.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has still not developed an overall strategy that would identify data rights ownership, needs, and costs. As of September 2017, the program had taken some steps to develop an Intellectual Property Strategy, but has not identified all critical needs and their associated costs. Program office officials said that they are currently working with the prime contractor to develop a list of technical data requirements. Until this strategy is developed, this recommendation will remain open.
    Recommendation: To help DOD address key risks to F-35 affordability and operational readiness, and to improve the reliability of its O&S cost estimates for the life cycle of the program, the Secretary of Defense should direct the F-35 Program Executive Officer, to understand the potential range of costs associated with the JPO F-35 O&S cost estimate, to conduct uncertainty analyses on future JPO estimates.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2017, DOD had not applied risk/uncertainty analyses to its cost estimates. Until it does so, this recommendation will remain open.
    Recommendation: To improve the reliability of the CAPE F-35 O&S cost estimate, the Secretary of Defense should direct the Director of CAPE, for future F-35 O&S cost estimates, to conduct uncertainty analyses to understand the potential range of costs associated with its estimates to reflect the most likely costs associated with the program.

    Agency: Department of Defense
    Status: Open

    Comments: According to DOD officials, the Cost Assessment and Program Evaluation (CAPE) has not updated its F-35 estimate subsequent to the release of GAO-14-778. Pending a major program change, CAPE will update the F-35 O&S estimate for the full-rate production decision point in the second quarter of fiscal year 2019. Until CAPE updates its F-35 estimate, we will not be able to determine if they will perform any uncertainty analyses on its cost estimate; therefore, this recommendation will remain open as of September 1, 2017.
    Director: Cristina Chaplain
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To improve DOD's ability to ensure it is fully leveraging investments made in canceled programs, the Secretary of Defense should direct the Office of Acquisition, Technology, and Logistics to develop department-wide processes to improve tracking of assets, including technical data and software, and dissemination of information about assets available for reuse after programs are canceled.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2017, DOD has not provided evidence of any processes that could improve tracking of assets such as technical data and software.
    Director: Belva Martin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help improve reporting of federal procurement data and strengthen oversight of contracts awarded on the basis of an unusual and compelling urgency, the Secretaries of Defense and State and the Administrator of the U.S. Agency for International Development should develop an oversight mechanism when the cumulative value of noncompetitive contracts awarded on the basis of unusual and compelling urgency increases considerably beyond the initial contract award value.

    Agency: Department of Defense
    Status: Open

    Comments: In April 2015, the Acting Director of Defense Procurement and Acquisition Policy issued a memorandum instructing contracting officers to notify management when the cumulative dollar value of a contract awarded on the basis of urgency increases beyond the initial value at award. Further, the memorandum instructs components to establish an oversight mechanism to ensure the appropriate approval level is obtained. This memorandum was incorporated into the Defense Federal Acquisition Regulations by reference. As of August 2017, the Defense Procurement and Acquisition Policy office had not followed up to determine whether components had implemented this recommendation. We will continue to follow up with DOD to determine how and whether the oversight mechanisms were established at the component level.
    Director: Wilshusen, Gregory C
    Phone: (202) 512-6244

    8 open recommendations
    Recommendation: To improve their response to data breaches involving PII, the Secretary of Defense should direct the Secretary of the Army to require documentation of the reasoning behind risk determinations for breaches involving PII.

    Agency: Department of Defense
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the department stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Secretary of Defense should direct the Secretary of the Army to require an evaluation of the agency's response to data breaches involving PII to identify lessons learned that could be incorporated into agency security and privacy policies and practices.

    Agency: Department of Defense
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the department stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Secretary of Health and Human Services should direct the Administrator for the Centers for Medicare & Medicaid Services to require documentation of the risk assessment performed for breaches involving PII, including the reasoning behind risk determinations.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the department stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Secretary of Health and Human Services should direct the Administrator for the Centers for Medicare & Medicaid Services to document the number of affected individuals associated with each incident involving PII.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the department stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Secretary of Health and Human Services should direct the Administrator for the Centers for Medicare & Medicaid Services to require an evaluation of the agency's response to data breaches involving PII to identify lessons learned that could be incorporated into agency security and privacy policies and practices.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the department stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Chairman of the Federal Reserve Board should require documentation of the risk assessment performed for breaches involving PII, including the reasoning behind risk determinations.

    Agency: Federal Reserve System
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the agency stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Chairman of the Federal Reserve Board should document the number of affected individuals associated with each incident involving PII.

    Agency: Federal Reserve System
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the agency stating that it has taken action, we plan to verify whether implementation has occurred.
    Recommendation: To improve their response to data breaches involving PII, the Chairman of the Federal Reserve Board should require an evaluation of the agency's response to data breaches involving PII to identify lessons learned that could be incorporated into agency security and privacy policies and practices.

    Agency: Federal Reserve System
    Status: Open

    Comments: We have not yet validated agency actions on this recommendation. Subsequent to the agency stating that it has taken action, we plan to verify whether implementation has occurred.
    Director: Cackley, Alicia P
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: Congress should consider strengthening the current consumer privacy framework to reflect the effects of changes in technology and the marketplace--particularly in relation to consumer data used for marketing purposes--while also ensuring that any limitations on data collection and sharing do not unduly inhibit the economic and other benefits to industry and consumers that data sharing can accord. Among the issues that should be considered are: (1) the adequacy of consumers' ability to access, correct, and control their personal information in circumstances beyond those currently accorded under FCRA; (2) whether there should be additional controls on the types of personal or sensitive information that may or may not be collected and shared; (3) changes needed, if any, in the permitted sources and methods for data collection; and (4) privacy controls related to new technologies, such as web tracking and mobile devices.

    Agency: Congress
    Status: Open

    Comments: As of April 2017, Congress has not taken action on this matter.
    Director: Martin, Belva M
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To help inform DOD's use of long-term maintenance contracts, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology, and Logistics, in coordination with cognizant offices within each of the military departments, to collect and analyze information on the use of long-term maintenance contracts by major weapon system programs.

    Agency: Department of Defense
    Status: Open

    Comments: In providing comments on this report, DOD concurred with this recommendation and has since taken actions which may support the collection and analysis of long-term maintenance contracts. In January 2017, DOD's Office of Cost Assessment and Program Evaluation (CAPE) issued a memorandum stating its intent to update existing policies and systems to prescribe policies and procedures for the conduct of cost estimation and cost analysis for acquisition programs. Among the initiatives discussed in the memorandum is an updated approach to collect sustainment data through Contractor Cost Data Reporting (CCDR) in order to provide better information to support competing sustainment alternatives and approaches. According to officials from the Office of the Deputy Assistant Secretary of Defense for Materiel Readiness (MR), this step will expand the data collected from contractors on maintenance contracts and will include reporting on the use of award terms and other incentives for their maintenance contracts in the CCDR system. Data item descriptions for these reports have been developed by the department but have not yet been implemented to support maintenance contract data collection. This guidance is expected to approved by the end of 2017.