Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Systems design"

    31 publications with a total of 74 open recommendations including 9 priority recommendations
    Director: Marie A. Mak
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: The Secretary of the Army should conduct a comprehensive assessment to better understand the resources necessary for the requirements development process and determine the extent to which the shortfalls can be addressed given other funding priorities.

    Agency: Department of Defense: Department of the Army
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    4 open recommendations
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to identify performance metrics and associated targets for the goals and objectives in the department's IT strategic plans, including the Information Resources Management strategic plan and the Health Information Strategic Plan, as they relate to the delivery of health IT and the VHA mission.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation and described planned coordination with the Office of Information and Technology and the Veterans Health Administration to develop or revise and maintain performance metrics that support the strategic and health information technology goals and objectives. The department plans to revise performance metrics to align to new goals and objectives by June 2018.
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to ensure that the department-level investment review structure is implemented as planned and that guidance on the IT governance process is documented and identifies criteria for selecting new investments, and reselecting investments currently operational at VHA.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation and provided meeting minutes for its Portfolio Investment Management Board and a document describing the proposed alignment and interdependencies between the 11 governance boards. We will continue to monitor the implementation of the proposed relationships and review any additional guidance issued that further describes the process used by the governance boards for selecting and reselecting information technology investments.
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to identify additional performance metrics to align with VHA's core business functions, and then use these metrics to determine the extent to which the department's IT systems support performance of VHA's mission.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation. In addition, the department outlined steps it intends to take to address our recommendation. These steps include developing a set of core metrics to provide continuous input into investment portfolio decisions and establishing a methodology for ensuring that information technology investments are aligned to business needs and that expected outcomes are defined prior to making the investments. The department plans to complete this work by September 2018. We will continue to monitor VA's progress on these efforts.
    Recommendation: To assist VA in improving key IT management processes to ensure that investments support the delivery of health care services, the Secretary of Veterans Affairs should direct the Under Secretary for Health and the Chief Information Officer to ensure that unmet IT needs identified by key program areas--pharmacy benefits management, scheduling, and community care--are addressed appropriately and that related business functions are supported by IT systems to the extent required.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In comments on our report, VA concurred with our recommendation. The department has described its intention to ensure that unmet information technology needs for the pharmacy benefits management, scheduling, and community care program areas are addressed appropriately during fiscal year 2018 budget formulation. We will follow-up with VA to ascertain what needs have been addressed, closed, or reprioritized for each program office during fiscal year 2018.
    Director: Michael J. Sullivan
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To enhance program oversight and provide more robust input to budget deliberations, Congress should consider requiring DOD to report on each major acquisition program's systems engineering status in the department's annual budget request, beginning with the budget requesting funds to start development. The information could be presented on a simple timeline--as done for the case studies in this report--and at a minimum should reflect the status of a program's functional and allocated baselines as contained in the most current version of the program's systems engineering plan.

    Agency: Congress
    Status: Open

    Comments: Congress has not yet taken action on the matter for consideration. GAO will continue to monitor.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    7 open recommendations
    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to update the CEDCAP program office cost estimate to reflect the current status of the program as soon as appropriate information becomes available.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation and has taken initial steps to implement it. In May 2017, the Census Bureau provided summary documentation that included the fiscal year 2015 through 2021 estimated lifecycle costs for the Census Enterprise Data Collection and Processing (CEDCAP) program; however, this information lacked the level of detail needed to determine whether the cost estimate reflects the current status of the program. In addition, in June 2017, the Bureau developed a draft version of the CEDCAP Cost Analysis Requirements Description (CARD), which included descriptions of technical and programmatic features of the program and is intended to serve as the basis for preparing the Program Office Estimate and the Independent Cost Estimate. However, as of August 2017, the CARD had not yet been finalized. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.
    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to ensure that updates to the status of risks are consistently documented for CEDCAP's Internet and Mobile Data Collection and Survey (and Listing) Interview Operational Control projects.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation and has taken initial steps to implement it. In August 2017, the Census Bureau provided risk management documentation, including a risk management plan and risk review board meeting minutes. However, this information did not include updated risk registers that documented risk status for the Census Enterprise Data Collection and Processing (CEDCAP) Internet and Mobile Data Collection and Survey (and Listing) Interview Operational Control projects. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.
    Recommendation: TTo ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to ensure that CEDCAP's Internet and Mobile Data Collection, Survey (and Listing) Interview Operational Control, and Centralized Operational Analysis and Control projects establish detailed risk mitigation plans on a consistent basis and that the Internet and Mobile Data Collection and Centralized Operational Analysis and Control projects establish trigger events for all relevant risks.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation and has taken initial steps to implement it. In August 2017, the Census Bureau provided risk management documentation, including a risk management plan and risk review board meeting minutes. However, this documentation did not include detailed risk mitigation plans for risks related to the Census Enterprise Data Collection and Processing (CEDCAP) Internet and Mobile Data Collection, Survey (and Listing) Interview Operational Control, and Centralized Operational Analysis and Control projects. The Bureau's risk management documentation also did not include trigger events for all relevant risks for the Internet and Mobile Data Collection and Centralized Operational Analysis and Control projects. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.
    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to define, document, and implement a repeatable process to establish complete alignment between CEDCAP and 2020 Census programs by, for example, maintaining a single dependency schedule.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation, but has not yet taken steps to implement it. In August 2016, we reported that several issues can result from the lack of a single dependency schedule, including the need to manually identify activities, the inability to be dynamically responsive to change, and a limited ability to ensure that both the Census Enterprise Data Collection and Processing (CEDCAP) and 2020 Census program are planning and measuring their activities according to the same agreed upon timeframe. However, as of August 2017, the Bureau had not yet established a single dependency schedule to ensure complete alignment between the CEDCAP and 2020 Census programs. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.
    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to establish a comprehensive and integrated list of all interdependent risks facing the CEDCAP and 2020 Census programs, and clearly identify roles and responsibilities for managing this list.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation, but has not yet taken steps to implement it. In August 2016, we reported that several issues can result from the lack of an integrated risk register, including inconsistencies in tracking and managing interdependent risks, redundant efforts to manage risks, and potentially conflicting risk mitigation efforts. As of August 2017, the Census Bureau had not yet developed an integrated risk register for the Census Enterprise Data Collection and Processing (CEDCAP) and 2020 Census programs or documented the roles for managing it. Instead, Bureau officials stated that they flag risks in the risk register that affect both programs. However, as of August 2017, the Bureau had not provided evidence that relevant risks for both programs are flagged in the risk registers. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.
    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to identify when the 74 requirements related to redistricting data program and data products and dissemination will be tested.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation and has taken initial steps to implement it. In June 2017, Census Bureau officials stated that, as part of the 2018 End-to-End Census Test, program-level integration testing of the requirements related to the redistricting program and the data products and dissemination are planned to occur from April 3, 2018, to August 1, 2018. However, as of August 2017, the Bureau had not provided supporting documentation for its plans for program-level integration testing of the requirements related to the redistricting program and data products and dissemination. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.
    Recommendation: To ensure that the Bureau is better positioned to deliver CEDCAP, the Secretary of Commerce should direct the Director of the Census Bureau to make developing a better understanding of and identifying requirements related to non-ID response validation a high and immediate priority, or consider alternatives to avoid late definition of such requirements.

    Agency: Department of Commerce
    Status: Open

    Comments: The Department of Commerce agreed with our recommendation and has taken initial steps to implement it. In April 2017, the Census Bureau documented high-level milestones related to implementing a fraud detection process in an initial effort to better understand non-ID response validation. However, as of August 2017, the Bureau had not finalized the fraud detection process or documented milestones for implementing the non-ID response validation process. We will continue to monitor and evaluate the Bureau's progress in implementing this recommendation.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To ensure a more accurate estimate of the expected cost savings under the fiscal year 2013-2017 multiyear procurement, Congress should consider requiring the Navy to update its estimate of savings, which currently reflects only Flight IIA ships, to increase transparency for costs and savings for Congress and the taxpayers, as well as provide improved information to support future multiyear procurement savings estimates.

    Agency: Congress
    Status: Open

    Comments: To ensure a more accurate estimate of the expected cost savings under the fiscal year 2013-2017 multiyear procurement, we asked Congress to consider requiring the Navy to update its estimate of savings, which currently reflects only Flight IIA ships, to increase transparency for costs and savings for Congress and the taxpayers, as well as provide improved information to support future multi-year procurement savings estimates. Neither the Senate nor House National Defense Authorization Act (NDAA) reports for fiscal year 2018 direct the Navy to update its savings and both reports include language authorizing the Navy to pursue a DDG 51 Flight III multi-year procurement contract for fiscal years 2018-2022. We will continue to monitor the status of this matter at least until the NDAA for fiscal year 2018 is enacted, at which time we will close the matter as not implemented if the multi-year procurement is authorized and no savings update requirement is included.
    Recommendation: To better support DDG 51 Flight III oversight, the Secretary of Defense should designate the Flight III configuration as a major subprogram of the DDG 51 program in order to increase the transparency, via Selected Acquisition Reports, of Flight III cost, schedule, and performance baselines within the broader context of the DDG 51 program.

    Agency: Department of Defense
    Status: Open

    Comments: DOD agreed that visibility into DDG 51 Flight III cost, schedule, and performance is important for oversight, but does not plan to designate Flight III as a major subprogram. No further DOD action has been taken on this recommendation and congressional reports supporting the National Defense Authorization Act for Fiscal Year 2018--yet to be finalized and enacted--do not include any direction for the department to do so. Nevertheless, with construction of the lead Flight III ship only recently awarded (June 2017), we will continue to monitor any action taken to designate Flight III as a major subprogram.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: The Secretary of Defense should, before the downselect decision for the frigates, require the program to submit appropriate milestone documentation as identified by OSD, which could include an Independent Cost Estimate, an Acquisition Program Baseline, and a plan to incorporate the frigate into SAR updates.

    Agency: Department of Defense
    Status: Open

    Comments: DOD partially concurred with this recommendation, noting that the Navy views the LCS transition to the frigate as an incremental upgrade as opposed to a new acquisition program. DOD also stated that the Navy would be required to provide key documentation related to the seaframe, including an independent cost estimate and an updated acquisition program baseline. In 2017, the Navy decided to pursue a different frigate acquisition strategy, and according to the program office, the frigate is now considered a new, distinct acquisition program and will have milestone decisions and require the applicable milestone documentation and OSD oversight and reporting as the program moves toward an award decision in fiscal year 2020. The program office also noted that the specific milestone documentation that will be required is currently being assessed and the program plans to have a frigate Selected Acquisition Report. Once more details are finalized for the program, the planned actions would meet the intention of our recommendation. We will keep this recommendation open until the program's approach has been better defined.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    9 open recommendations
    Recommendation: The Secretary of Homeland Security should direct Network Security Deployment (NSD) to determine the feasibility of enhancing NCPS's current intrusion detection approach to include functionality that would detect deviations from normal network behavior baselines.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 Update: In Feb. 2017, DHS officials stated that they have continued pilot activities that will enable DHS to identify suspicious network activity based on anomalous behavior and reputation and have collected lessons learned that are being tracked by the NCPS Program Management Office. Officials added that DHS had identified a contractor to support the transition of the pilot, including drafting an implementation plan; however, it had yet to award a contract due to lack of resources. As such, the agency did not have an estimated date on the completion of a draft plan for how the transition would be implemented. We requested that DHS provide a copy of the draft implementation plan for our review, when it became available. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct NSD to determine the feasibility of developing enhancements to current intrusion detection capabilities to facilitate the scanning of traffic not currently scanned by NCPS.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the NCPS Program Management Office is working with participating Internet Service Providers (ISP) to develop plans to support IPv6 for Traffic Aggregation, DNS redirection, and SMTP quarantining capabilities. Officials stated that an implementation plan that would include all ISP schedules for all planned intrusion prevention services would be available in the third quarter of fiscal year 2017. Additionally, regarding encrypted traffic, officials stated that it is conducting an analysis of Security on Encrypted Traffic (SonET) to better understand options for addressing the challenges, viability of options, and how the issue is being addressed at a broader industry level. The study is scheduled to continue through the fourth quarter of fiscal year 2017. We asked DHS to provide the ISP implementation plans (when finalized) and any findings from the ongoing SCADA and Encrypted traffic studies. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct United States Computer Emergency Readiness Team (US-CERT) to update the tool it uses to manage and deploy intrusion detection signatures to include the ability to more clearly link signatures to publicly available, open-source data repositories.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS stated that the NCPS PMO is working with participating Internet Service Providers (ISP) to develop plans to support IPv6 for Traffic Aggregation, DNS redirection, and SMTP quarantining capabilities. Officials stated that an implementation plan that would include all ISP schedules for all planned intrusion prevention services would be available in the third quarter of fiscal year 17. Additionally, officials stated that NSD is conducting an analysis on Security on Encrypted Traffic (SonET) to better understand options for addressing the challenges, viability of options, how the issue is being addressed at a broader industry level. The study will continue through the fourth quarter of fiscal year 2017. We asked DHS to provide the ISP implementation plans (when finalized) and any output/results (findings) from the ongoing studies DHS has related to SCADA and Encrypted traffic. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to consider the viability of using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, as an input into the development and management of intrusion detection signatures.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that enhancements were made so that Continuous Diagnostics and Mitigation program (CDM) data can be viewed with the Cyber Indicators Analysis Program (CIAP). Officials stated that the CDM data now may be combined with known vulnerability findings from NCATS and known threats collected from the CIAP system to further prioritize signature development as necessary. We have requested a meeting with DHS to observe the described enhancements. We believe that we will be able to close this recommendation, once we observe the claimed enhancements.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to develop a timetable for finalizing the incident notification process, to ensure that customer agencies are being sent notifications of potential incidents, which clearly solicit feedback on the usefulness and timeliness of the notification.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 Update: In Feb. 2017, DHS stated that US-CERT is in the process of developing a targeted survey of EINSTEIN customers (based off of a prior survey). Additionally, US-CERT has updated the Incident Reporting Guidelines to address previously mentioned process concerns. We have requested a copy of these guidelines and will review the modifications made within. Additionally, DHS stated that modifications to the Remedy ticketing system are underway that would allow for the inclusion of user feedback. These changes are anticipated to be implemented by October 2017. We likely would not be able to close this recommendation until we could review the results of the modifications.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop metrics that clearly measure the effectiveness of NCPS's efforts, including the quality, efficiency, and accuracy of supporting actions related to detecting and preventing intrusions, providing analytic services, and sharing cyber-related information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the Office of Cyber Security and Communications (CS&C) had developed, refined, and were baselining a first set of measures that relate to the Einstein 3A program. Further, they are considering adding one of these measures as an addition to the measures tracked in support of the yearly Government Performance and Results Act (GPRA) required reporting in FY 2018. Additionally, DHS officials stated they are developing information sharing related measures, including exploring how its public and private sector recipients of information measure the value cyber threat indicators and defensive measures. In March 2017, we requested a copy of the developed measures, when they became available. This recommendation will remain open until we are able to review the developed metrics and the subsequent data they are to measure.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop clearly defined requirements for detecting threats on agency internal networks and at cloud service providers to help better ensure effective support of information security activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS provided memos that gave an overview of the planned enhancements to the Continuous Diagnostics and Mitigation (CDM) program that included references to cloud providers. However, DHS did not provide any specific requirements for us to review. We have requested a follow-up meeting to review the specific requirements developed in support of the planned enhancements described in the provided memos. We will not be able to close this recommendation until we can review the developed requirements and determine that cloud providers are appropriately covered.
    Recommendation: The Secretary of Homeland Security should direct NSD to develop processes and procedures for using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, to help ensure DHS is using a risk-based approach for the selection/development of future NCPS intrusion prevention capabilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS stated that the NCPS Program Management Office has made enhancements to the Continuous Diagnostics and Mitigation (CDM) dashboard, but had yet to fully develop the CDM/NCPS data correlation. In March 2017, we asked for update on the status of data correlation, once available. In order to close this recommendation, we would need to review this model and determine how, if at all, the vulnerability information was used as part of a risk-based approach to intrusion prevention.
    Recommendation: The Secretary of Homeland Security should direct NSD to work with their customer agencies and the Internet service providers to document secure routing requirements in order to better ensure the complete, safe, and effective routing of information to NCPS sensors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: April 2017 update: In Feb. 2017, DHS officials stated that the agency worked with the Office of Management and Budget to develop a draft Trusted Internet Connections Reference Architecture. This architecture is to serve as the new guidance for agencies on perimeter security capabilities as well as alternative routing strategies. In March 2017, we requested a copy of the guidance to review the alternative routing guidance. This recommendation will remain open until we have been able to review the information above.
    Director: Valerie C. Melvin
    Phone: (202) 512-6304

    2 open recommendations
    Recommendation: To improve the oversight of states' marketplace IT projects, the Secretary of Health and Human Services should direct the Administrator of the Centers for Medicare & Medicaid Services to ensure that all CMS senior executives from IT and business units who are involved in the establishment of state marketplace IT projects review and approve funding decisions for these projects.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In 2015, Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) concurred with the recommendation. The department, in its agency comments, stated that it already included senior executives in its funding decisions for these projects. However, as noted in our report, CMS did not provide evidence that key senior executives from CCIIO, CMCS, and OTS were involved in various funding decisions associated with the states' IT projects. For example, CMS did not demonstrate that senior-level executives from all relevant business and IT units were involved in the initial approval of grant awards or the release of restricted IT funds from marketplace grants as states progressed with their projects. In addition, CMS did not provide evidence of senior executive involvement in the approval of Medicaid funds for marketplace IT projects. Furthermore, as of March 10, 2017, CMS still had not provided evidence that it had taken such actions to support the implementation of this recommendation. By ensuring such executive involvement, CMS would increase accountability for decisions to fund states' IT projects and ensure that these decisions are well informed in order to make efficient use of federal funds.
    Recommendation: To improve the oversight of states' marketplace IT projects, the Secretary of Health and Human Services should direct the Administrator of the Centers for Medicare & Medicaid Services to ensure that states have completed all testing of marketplace system functions prior to releasing them into operation.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In 2015, Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) concurred with the recommendation. The department noted that it would continue to follow its guidelines to determine if state marketplace system functions are ready for release. The department added that it would work closely with state-based marketplaces to improve their systems and verify that system requirements are met and fully tested before approving them for release into production. While CMS drafted guidance to update its process in June 2016, which required states to submit certain testing reports and supporting documentation, as of March 10, 2017, the agency had not provided evidence that it had determined that state systems had been sufficiently tested for release into operations.
    Director: Cristina Chaplain
    Phone: (202) 512-4841

    4 open recommendations
    Recommendation: To better position DOD as it continues pursuing GPS modernization, to have the information necessary to make decisions on how best to improve that modernization, and to mitigate risks to sustaining the GPS constellation, the Secretary of Defense should convene an independent task force comprising experts from other military services and defense agencies with substantial knowledge and expertise to provide an assessment to the Under Secretary of Defense for Acquisition, Technology, and Logistics of the OCX program and concrete guidance for addressing the OCX program's underlying problems, particularly including: (1) A detailed engineering assessment of OCX defects to determine the systemic root causes of the defects; (2) Whether the contractor's software development procedures and practices match the levels described in the OCX systems engineering and software development plans; and (3) Whether the contractor is capable of executing the program as currently resourced and structured.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation. Prior to the program declaring a Nunn-McCurdy breach on June 30, 2016, the only independent assessment was conducted by Defense Digital Services and was limited in focus to software development. Air Force notes a completion date of independent assessment on Sept 29, 2017. Once received, we will evaluate whether that meets the intent of the recommendation.
    Recommendation: To better position DOD as it continues pursuing GPS modernization, to have the information necessary to make decisions on how best to improve that modernization, and to mitigate risks to sustaining the GPS constellation, the Secretary of Defense should develop high confidence OCX cost and schedule estimates based on actual track record for productivity and learning curves.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation. Prior to the program declaring a Nunn-McCurdy breach on June 30, 2016, no high confidence cost assessment was completed. The Air Force and contractor provided schedule assessments that were not evaluated and considered low-risk, but were directed to execute a 24 month schedule extension with no assessment of its feasibility and that did not take into account past contractor performance. Pending Nunn-McCurdy documentation and repeat of Milestone B, there is no evidence a high confidence cost or schedule has been put in place. Once we receive documentation on approval of Milestone B, we will reevaluate.
    Recommendation: To better position DOD as it continues pursuing GPS modernization, to have the information necessary to make decisions on how best to improve that modernization, and to mitigate risks to sustaining the GPS constellation, the Secretary of Defense should direct the Air Force to retain experts from the independent task force as a management advisory team to assist the OCX program office in conducting regular systemic analysis of defects and to help ensure OCX corrective measures are implemented successfully and sustained.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation. Prior to the program declaring a Nunn-McCurdy breach on June 30, 2016, Defense Digital Services were initially retained for a month and subsequently remain embedded with contractor software developers to provide advice on development and process improvements. Upon completion of the Nunn-McCurdy review and continued involvement of Defense Digital Services, we will examine the extent to which the program has met this recommendation if the program is recertified to determine if this recommendation was met. Air Force did not provide an update to this recommendation in 2017, but program still has not had Milestone B approved and the Defense Digital Services group is no longer engaged on OCX.
    Recommendation: To better position DOD as it continues pursuing GPS modernization, to have the information necessary to make decisions on how best to improve that modernization, and to mitigate risks to sustaining the GPS constellation, the Secretary of Defense should put in place a mechanism for ensuring that the knowledge gained from the OCX assessment is used to determine whether further programmatic changes are needed to strengthen oversight.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation. Senior quarterly reviews continue of the OCX program and have been in place since December 2015. Documentation still pending on Milestone B to see if these reviews have informed programmatic changes that better position DOD to complete this acquisition.
    Director: Michael J. Sullivan
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To help ensure that requirements are well defined and well understood before a program is approved to start system development, the Secretary of Defense should direct the military service chiefs and service acquisition executives to work together to assess whether sufficient systems engineering expertise is available during the requirements development process.

    Agency: Department of Defense
    Status: Open

    Comments: The agency has not yet taken action in response to this recommendation. GAO will continue to monitor.
    Recommendation: To help ensure that requirements are well defined and well understood before a program is approved to start system development, the Secretary of Defense should direct the military service chiefs and service acquisition executives to work together to develop a better way to make sure sufficient systems engineering is conducted and opportunities exist to better define requirements and assess resource trade-offs before a program starts.

    Agency: Department of Defense
    Status: Open

    Comments: The agency has not yet taken action in response to this recommendation. GAO will continue to monitor.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To improve performance management of the Telecommunications Relay Service, the Chairman of the Federal Communications Commission should develop specific performance goals and measures for the TRS program. FCC should establish goals that would guide its efforts on major program dimensions--for example, consider goals and performance measures related to, but not limited to, service quality or competition among providers.

    Agency: Federal Communications Commission
    Status: Open

    Comments: On May 12, 2017, FCC's Liaison reported to us that FCC is working towards implementing these recommendations, but FCC does not have any specific achievements or documentation to report at this time. GAO will continue to monitor and update the status of this rec.
    Recommendation: To improve performance management of the Telecommunications Relay Service, following the establishment of TRS's performance goals, the Chairman of the Federal Communications Commission should conduct a robust risk assessment that can help FCC design a comprehensive internal-control system.

    Agency: Federal Communications Commission
    Status: Open

    Comments: On May 12, 2017, FCC's Liaison reported to us that FCC is working towards implementing these recommendations, but FCC does not have any specific achievements or documentation to report at this time. GAO will continue to monitor and update the status of this rec.
    Recommendation: To improve performance management of the Telecommunications Relay Service, the Chairman of the Federal Communications Commission should improve FCC's communication of TRS rules and procedures to the community of individuals who are deaf, hard of hearing, or have speech disabilities and the companies providing TRS services through the creation and dissemination of a handbook, program manual, or other consolidation of TRS rules and procedures.

    Agency: Federal Communications Commission
    Status: Open

    Comments: On May 12, 2017, FCC's Liaison reported to us that FCC is working towards implementing these recommendations, but FCC does not have any specific achievements or documentation to report at this time. GAO will continue to monitor and update the status of this rec.
    Director: Dave Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To address risks in the GOES-R program development and to help ensure that the satellite is launched on time, the Secretary of Commerce should direct the NOAA Administrator to address shortfalls in defect management identified in this report, including the lack of clear guidance on defect definitions, what defect metrics should be collected and reported, and how to establish a defect's priority or severity.

    Agency: Department of Commerce
    Status: Open

    Comments: NOAA agreed with this recommendation. The agency subsequently reported that contractors are required to report defects and that the agency can place a hold or put liens against contractors if defects are not addressed. NOAA also provided documentation to support its recurring meetings at which defects are addressed. Additionally, NOAA provided documentation on its defect reporting requirements and definitions. However, NOAA did not provide documentation showing what defect metrics should be collected and reported, and how to establish a defect's priority or severity. We will continue to monitor the agency's actions on this recommendation.
    Director: Cristina Chaplain
    Phone: (202) 512-4841

    3 open recommendations
    Recommendation: Before making decisions on whether to disaggregate DOD's protected satellite communications, SBIRS, or environmental monitoring satellite systems, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to develop common measures for resilience.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has not yet developed common measures for resilience, but has stated standard metrics are under development. Results from a recent study by the National Security Space Enterprise Vision Tiger Team are expected to develop resilience requirements and options for attaining resiliency. DOD plans to use the Space Based Infrared System Follow-on as a test case for describing resilience as a system requirement. The Air Force approved a draft capability development document in February 2017, and a full capability development document is under development. In addition, DOD has identified mission assurance and resiliency as priorities for the next Space Strategic Portfolio Review. GAO's ongoing review of hosted payloads, to be conducted over the next year, will likely review issues related to this area.
    Recommendation: Before making decisions on whether to disaggregate DOD's protected satellite communications, SBIRS, or environmental monitoring satellite systems, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to expand demonstration efforts to examine the operational feasibility of disaggregation by empirically quantifying its benefits and limitations as well as addressing longstanding barriers that could hinder its implementation.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has not yet empirically quantified the benefits and limitations of disaggregation, or addressed longstanding barriers that could hinder its implementation, through a demonstration of operational feasibility. However, DOD stated it has considered the disaggregation of certain capabilities in previous war games, and lessons learned will be carried forward into future war games. For example, the most recent war games focused on ways to increase space system resilience by expanding and integrating international and private sector capabilities, and increasing the number of sensors and associated coverage.
    Recommendation: Before making decisions on whether to disaggregate DOD's protected satellite communications, Space Based Infrared System (SBIRS), or environmental monitoring satellite systems, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to comprehensively examine--either through the Analysis of Alternatives studies or through other assessments--the full range of disaggregation issues, including those that go beyond the satellite systems themselves.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has made progress toward assessing disaggregation through its analysis of alternatives (AOA) efforts for individual satellite programs within three areas: protected satellite communications services (PSCS), space-based environmental monitoring (SBEM), and the Space Based Infrared System (SBIRS). However, DOD has not yet completed a comprehensive examination of the full range of disaggregation issues. DOD completed the SBEM AOA in October 2013, the SBIRS Follow-on AOA in December 2015, and the PSCS AOA in February 2016. These AOAs each included cost, capability, and risk analyses for aggregated and disaggregated alternatives, though each did not assess the full range of disaggregation issues for the subject area. For example, the SBEM AOA evaluated options including placing sensors on host satellites, placing satellites in different orbits, and relying on international and U.S. civil partners to provide some capabilities, but it focused on the space segment and did not analyze alternative ground segment components. The AOA team determined impacts to the ground segment would need to be assessed more thoroughly once DOD decided on a solution. In October 2016, the Air Force approved an acquisition strategy for the planned solution, called the Weather System Follow-on - Microwave. The program has not yet assessed ground segment impacts, but the Air Force stated it will be assessed further once a contract is awarded. For the PSCS and SBIRS areas, the Air Force conducted subsequent studies on resiliency in 2016, which evaluated the benefits of resiliency in future architectures for satellite communications missions and informed resilience requirements for the SBIRS Follow-on. GAO has ongoing work in these areas and plans to complete reviews of the AOAs in the fall of 2017 and a hosted payload review in the next year.
    Director: Frank Rusco
    Phone: (202) 512-3841

    2 open recommendations
    including 1 priority recommendation
    Recommendation: To reduce uncertainty about the expected cost and schedule of the U.S. ITER Project and its potential impact on the U.S. fusion program, once the ITER Organization completes its reassessment of the international project schedule, the Secretary of Energy should direct the Associate Director of the Office of Fusion Energy Sciences to use that schedule, if reliable, to propose a final, stable funding plan for the U.S. ITER Project, approve a performance baseline with finalized cost and schedule estimates, and communicate this information to Congress.

    Agency: Department of Energy
    Status: Open
    Priority recommendation

    Comments: As of June 2017, the ITER Council had approved a revised international project schedule through the achievement of first plasma, and DOE had used that revised schedule to establish a performance baseline for the first plasma portion of the U.S. ITER Project. DOE had also communicated that performance baseline to Congress through its fiscal year 2018 budget request. However, DOE has not yet set a performance baseline for the post-first plasma portion of the U.S. ITER Project. DOE officials told us they planned to do so once the Secretary of Energy has made a decision on whether the U.S. would continue to participate in ITER, a decision which officials expected to happen at the end of 2017.
    Recommendation: To reduce uncertainty about the expected cost and schedule of the U.S. ITER Project and its potential impact on the U.S. fusion program, the Secretary of Energy should direct the Associate Director of the Office of Fusion Energy Sciences to direct the U.S. ITER Project Office to revise and update the project's cost estimate to meet all characteristics of high-quality, reliable cost estimates. Specifically, the U.S. ITER Project Office should revise the project's cost estimate to ensure it is credible by including a comprehensive sensitivity analysis that includes all significant cost elements and conducting an independent cost estimate.

    Agency: Department of Energy
    Status: Open

    Comments: As of June 2017, DOE had revised and updated the cost estimate for the first plasma portion of the U.S. ITER Project. Officials reported that, as part of that update, the U.S. ITER Project Office had completed a comprehensive sensitivity analysis and that the Office of Science's Office of Project Assessment had conducted a review of the revised cost estimate. However, DOE had yet to revise and update the cost estimate for the post-first plasma portion of the U.S. ITER Project. DOE officials told us they planned to do so when they set a performance baseline for that portion of the project, which they expected to do once the Secretary of Energy has made a decision on whether the U.S. would continue to participate in ITER. Officials expected that decision to happen at the end of 2017.
    Director: Cristina Chaplain
    Phone: (202) 512-4841

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To provide the Congress with the necessary insight into program affordability, ensure its ability to effectively monitor total program costs and execution, and to facilitate investment decisions, the NASA's Administrator should direct the Human Exploration and Operations Mission Directorate to establish a separate cost and schedule baseline for work required to support the SLS Block I Exploration Mission-2 (EM-2) and report this information to the Congress through NASA's annual budget submission. If NASA decides to fly the SLS Block I beyond EM-2, establish separate life cycle cost and schedule baseline estimates for those efforts, to include funding for operations and sustainment, and report this information annually to Congress via the agency's budget submission.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA partially agreed with this recommendation, stating that it defined and documented life cycle costs for SLS to a first demonstrated capability, consistent with cost estimating best practices and NASA project and program management policy and that it would report costs associated with the second exploration mission via its annual budget submission. Best practices for cost estimating recognize that NASA's evolutionary development approach for SLS helps reduce risk and provide capabilities more quickly, but reporting costs via the budget alone will not provide information about potential costs over the long-term and progress cannot be assessed without a baseline that serves as a means to compare current costs against expected costs. To address this recommendation, NASA needs to establish separate cost and schedule baselines for work required to support SLS for EM-2.
    Recommendation: To provide the Congress with the necessary insight into program affordability, ensure its ability to effectively monitor total program costs and execution, and to facilitate investment decisions, because NASA intends to use the increased capabilities of the SLS, Orion, and Ground Systems Development and Operations efforts well into the future and has chosen to estimate costs associated with achieving the capabilities, the NASA's Administrator should direct the Human Exploration and Operations Mission Directorate to establish separate cost and schedule baselines for each additional capability that encompass all life cycle costs, to include operations and sustainment. When NASA cannot fully specify costs due to lack of well-defined missions or flight manifests, forecast a cost estimate range -- including life cycle costs -- having minimum and maximum boundaries. These baselines or ranges should be reported to Congress annually via the agency's budget submission.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA partially agreed with this recommendation, stating that it had established separate programs for Space Launch System, Orion, and the ground systems and adopted a block upgrade approach for SLS. While NASA's prior establishment of SLS, Orion, and the ground systems as separate programs lends some insight into expected costs and schedule at the broader program level, it does not meet the intent of the recommendation because cost and schedule identified at that level is unlikely to provide the detail necessary to monitor the progress of each block against a baseline. To address this recommendation, NASA needs to establish separate cost and schedule baselines for each additional SLS, Orion, and Ground Systems Development and Operations capability blocks that encompass all life-cycle costs, to include operations and sustainment.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    4 open recommendations
    Recommendation: To ensure that the increasing risks of GPS disruptions to the nation's critical infrastructure are effectively managed, the Secretary of Homeland Security should increase the reliability and usefulness of the GPS risk assessment by developing a plan and time frame to collect relevant threat, vulnerability, and consequence data for the various critical infrastructure sectors, and periodically review the readiness of data to conduct a more data-driven risk assessment while ensuring that DHS's assessment approach is more consistent with the National Infrastructure Protection Plan (NIPP).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials had previously indicated that DHS's Office of Infrastructure Protection (IP) and Office of Cyber and Infrastructure Analysis (OCIA) have discussed an update of the GPS risk assessment, noting that such an update may be included in fiscal year 2017 planning documents. However, as of February 2017, no documentation had been provided that demonstrates such plans. Additionally, information from DHS shows that DHS has continued other efforts to collect potentially relevant threat, vulnerability, and consequence data for various GPS equipment in use. For example, according to DHS officials, DHS has conducted visits to major maritime, finance, wireless communications, and electricity firms to gauge their understanding of GPS vulnerabilities and of technology- and strategy-based efforts to improve GPS resilience, and DHS documentation shows that DHS has held events to test GPS receivers as part of assessing vulnerabilities. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To ensure that the increasing risks of GPS disruptions to the nation's critical infrastructure are effectively managed, the Secretary of Homeland Security should, as part of current critical infrastructure protection planning with Sector-Specific Agencys (SSAs) and sector partners, develop and issue a plan and metrics to measure the effectiveness of GPS risk mitigation efforts on critical infrastructure resiliency.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2017, DHS documentation shows that DHS has worked with Sector Specific Agencies (SSAs) and other interagency partners to help manage GPS risks and continues to communicate information on risks to critical infrastructure partners. For example, according to DHS officials, this included briefing field staff and developing questions for infrastructure surveys to gather information on GPS resilience at the facility level. According to DHS officials, at the national level DHS included GPS in discussions with SSAs on topics they could include in their Sector-Specific Plans (each SSA develops a Sector-Specific Plan to detail risk management in its critical infrastructure sector), but DHS has also indicated that sector-oriented metrics are not a viable means of assessing risk management actions. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To improve collaboration and address uncertainties in fulfilling the National Security Presidential Directive 39 (NSPD-39) backup-capabilities requirement, the Secretaries of Transportation and Homeland Security should establish a formal, written agreement that details how the agencies plan to address their shared responsibility. This agreement should address uncertainties, including clarifying and defining DOT's and DHS's respective roles, responsibilities, and authorities; establishing clear, agreed-upon outcomes; establishing how the agencies will monitor and report on progress toward those outcomes; and setting forth the agencies' plans for examining relevant issues, such as the roles of SSAs and industry, how NSPD-39 fits into the NIPP risk management framework, whether an update to the NSPD-39 is needed, or other issues as deemed necessary by the agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2017, the National Executive Committee for Space-Based Positioning, Navigation, and Timing (PNT) Executive Steering group had established an interagency team called the "Complementary PNT Tiger Team" co-chaired by DHS, DOT, and DOD. This team was formed to manage the federal government's efforts to establish a national backup system to GPS. According to DHS officials, this organizational structure obviates the need for a formal, written agreement between DOT and DHS specific to GPS backup responsibilities. They also stated that, in a separate but related effort, DHS, DOT, and DOD are discussing a tri-lateral agreement that covers a broad spectrum of PNT-related responsibilities and activities. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To improve collaboration and address uncertainties in fulfilling the National Security Presidential Directive 39 (NSPD-39) backup-capabilities requirement, the Secretaries of Transportation and Homeland Security should establish a formal, written agreement that details how the agencies plan to address their shared responsibility. This agreement should address uncertainties, including clarifying and defining DOT's and DHS's respective roles, responsibilities, and authorities; establishing clear, agreed-upon outcomes; establishing how the agencies will monitor and report on progress toward those outcomes; and setting forth the agencies' plans for examining relevant issues, such as the roles of SSAs and industry, how NSPD-39 fits into the NIPP risk management framework, whether an update to the NSPD-39 is needed, or other issues as deemed necessary by the agencies.

    Agency: Department of Transportation
    Status: Open

    Comments: As of February 2017, the National Executive Committee for Space-Based Positioning, Navigation, and Timing (PNT) Executive Steering group had established an interagency team--called the "Complementary PNT Tiger Team"--co-chaired by DHS, DOT, and DOD. This team was formed to manage the federal government's efforts to establish a national backup system to GPS. According to DHS officials, this organizational structure obviates the need for a formal, written agreement between DOT and DHS specific to GPS backup responsibilities. They also stated that, in a separate but related effort, DHS, DOT, and DOD are discussing a tri-lateral agreement that covers a broad spectrum of PNT-related responsibilities and activities. We will update the status of this recommendation after we receive additional information from DOT.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure Ford-class carrier acquisitions are supported by sound requirements and a comprehensive testing strategy, and to promote the introduction of reliable, warfighting capable ships into the fleet, the Secretary of Defense should direct the Secretary of the Navy to take the following action prior to accepting delivery of Gerald R. Ford CVN 78. The Secretary of Defense should direct the Secretary of the Navy to conduct a cost-benefit analysis on (1) currently required capabilities, including increased sortie generation rates and reduced manning and (2) the time and money needed to field systems to provide these capabilities, in light of known and projected reliability shortfalls for critical systems. This analysis should be informed by demonstrated system performance from land-based testing, including updated reliability growth projections, and should identify trade space among competing cost, schedule, and performance parameters. The analysis should also consider whether the Navy should seek requirements relief from the Joint Requirements Oversight Council, to the extent necessary, to maximize its return on investment to the warfighter. The Navy should report the results of this analysis to Congress within 30 days of CVN 78 commissioning.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: We recommended that DOD conduct a cost-benefit analysis on currently required capabilities, and report the results to Congress within 30 days of CVN 78 commissioning. DOD agreed with our recommendation for a cost-benefit analysis, but disagreed with the timing of it, stating that it plans to measure CVN 78 capabilities through completion of operational testing after ship delivery. Since the release of our report, the Navy completed cost-benefit analyses to determine the acquisition strategy for CVN 79, making two major changes to the ship (replacing the Dual Band Radar (DBR) with a different radar solution and introducing a phased construction and delivery approach.) While these are major program changes, the department did not evaluate the fundamental reason for conducting a cost-benefit analysis, namely that known and projected reliability shortfalls make it unlikely that the program will achieve its sortie generation requirements. In December 2016, an Independent Review Team commissioned by the Under Secretary of Defense, Acquisition, Technology and Logistics completed a comprehensive assessment of the CVN 78's systems, but did not recommend any capability trade-offs or requirements relief.
    Recommendation: To ensure Ford-class carrier acquisitions are supported by sound requirements and a comprehensive testing strategy, and to promote the introduction of reliable, warfighting capable ships into the fleet, the Secretary of Defense should direct the Secretary of the Navy to take the following action prior to accepting delivery of CVN 78. The Secretary of Defense should direct the Secretary of the Navy to adjust the planned post-delivery test schedule to ensure that system integration testing is completed prior to entering initial operational test and evaluation.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: Until the Navy updates the test plan in February 2018, we will not know if it will fully address our recommendation. However, recent test schedules suggest an overlap remains between integration testing and the start of initial operational test and evaluation.
    Director: Fleming, Susan A
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To help ensure that the Federal Railroad Administration manages its limited resources and provides flexibility to railroads in implementing PTC, Congress should consider amending RSIA as requested in the FRA's August 2012 PTC Implementation Status Report to Congress, including granting FRA the authority to approve the use of alternative safety technologies in lieu of PTC to allow railroads to improve safety and meet many of the functions of PTC through other means.

    Agency: Congress
    Status: Open

    Comments: As of August 2017, Congress had not taken any action regarding this Matter for Congressional Consideration.
    Director: Chaplain, Cristina T
    Phone: (202) 512-4841

    3 open recommendations
    including 2 priority recommendations
    Recommendation: In order to strengthen investment decisions, place the chosen investments on a sound acquisition footing, provide a better means of tracking investment progress, and improve the management and transparency of the U.S. missile defense approach in Europe, the Secretary of Defense should direct MDA's new Director to add risk reduction non-intercept flight tests for each new type of target missiles developed.

    Agency: Department of Defense
    Status: Open

    Comments: Despite partially concurring with our recommendation in 2013, MDA has not adjusted its test plans to include risk-reduction (i.e., non-intercept) flight tests for new target types prior to their inclusion in an intercept flight test. MDA officials have not done so because such decisions must be balanced against potential cost, schedule, and programmatic impacts and flight test preparation processes, like dry-runs and quality control checks, are sufficient to discover issues prior to an intercept test. While test preparation processes are valuable, they are not a substitute for risk reduction flight tests. This was proven in June 2015 when MDA launched a new intermediate-range target that had 6 different test preparation processes but not a risk-reduction flight test and the target failed, which resulted in significant cost, schedule, and programmatic impacts. Moving forward, despite the impacts from its recent target failure, MDA plans to use a new medium-range target during its third, and most complex operational test in the second quarter of fiscal year 2019. We maintain our stance that risk reduction flight tests would reduce the risk for the associated test and the overall flight test plan; however, MDA's action to-date suggest that it has no intention of including risk-reduction flight tests for new targets. However, we will continue to monitor its progress in this regard.
    Recommendation: In order to strengthen investment decisions, place the chosen investments on a sound acquisition footing, provide a better means of tracking investment progress, and improve the management and transparency of the U.S. missile defense approach in Europe, the Secretary of Defense should direct MDA's new Director to include in its resource baseline cost estimates all life cycle costs, specifically the operations and support costs, from the military services in order to provide decision makers with the full costs of ballistic missile defense systems.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: DOD partially concurred with our recommendation that decisionmakers should have insight into the full lifecycle costs of MDA's programs. However, as of August 2017, MDA is still not including the military services' operations and sustainment costs--which are a part of the full lifecycle costs--in the resource baselines it reports in the Ballistic Missile Defense System Accountability Report. MDA is trying to determine how to report the full lifecycle costs to decisionmakers, but has indicated that the Ballistic Missile Defense System Accountability Report is not the appropriate forum for reporting the military services' operation and support costs. We continue to believe that including the full lifecycle costs of MDA's programs enables decisionmakers to make funding determinations that are based on a comprehensive understanding of the depth and breadth of each program's costs.
    Recommendation: In order to strengthen investment decisions, place the chosen investments on a sound acquisition footing, provide a better means of tracking investment progress, and improve the management and transparency of the U.S. missile defense approach in Europe, the Secretary of Defense should direct MDA's new Director to stabilize the acquisition baselines, so that meaningful comparisons can be made over time that support oversight of those acquisitions.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: DOD concurred with our recommendation regarding the need for MDA to stabilize its acquisition baselines, but also noted MDA's need to adjust its baselines to remain responsive to evolving requirements and threats; both of which are beyond MDA's control. Further, DOD highlighted the MDA Director's authority to make adjustments to the agency's programmatic baselines, within departmental guidelines. Our recommendation, however, is not designed to limit the Director's authority to adjust baselines or to prevent adjusting baselines as appropriate. Rather, our recommendation is designed to address traceability issues we have found with MDA's baselines, which are within its control. Specifically, for MDA to be able to effectively report longer-term progress of its acquisitions and provide the necessary transparency to Congress, it is critical that the agency stabilize its baselines so that once set, any revisions can be tracked over time. At this point we have not seen any indication that MDA is working to implement this recommendation. For example, in 2016, MDA's Director made changes to the Targets and Countermeasures program's baseline that omit the costs of some targets and may make tracking progress against prior years and the original baseline very difficult, and in some instances, impossible. We will continue to monitor MDA's baselines to determine any progress in this area or implementation of this recommendation.
    Director: Clowers, Angela N
    Phone: (202) 512-8678

    4 open recommendations
    including 1 priority recommendation
    Recommendation: FSOC and OFR should clarify responsibility for implementing requirements to monitor threats to financial stability across FSOC and OFR, including FSOC members and member agencies, to better ensure that the monitoring and analysis of the financial system are comprehensive and not unnecessarily duplicative.

    Agency: Department of the Treasury: Financial Stability Oversight Council
    Status: Open
    Priority recommendation

    Comments: As of October 2016, FSOC staff have said FSOC and its members, including OFR, understand their responsibilities, saying that meetings of FSOC's Systemic Risk Committee help to ensure that FSOC member agencies have clarity on their responsibilities and noted that the committee operated under a charter. However, our review of the charter found that it does not clarify responsibilities for monitoring threats to financial stability. They also stated that actions OFR and the Federal Reserve (both of which serve on the Systemic Risk Committee) agreed to take in response to a recommendation in a GAO report issued in February 2016 would help to clarify these responsibilities. However, these represent just two of FSOC's member agencies; similar collaborative steps by other agencies would support the clarity of roles for monitoring threats to financial stability. We maintain that more specific action from FSOC and OFR, including FSOC member and member agencies, is needed to address this recommendation that ensures clarity of roles and responsibilities in proactively and comprehensively monitoring for potential emerging threats in the financial system. Our past work has shown that the lack of clear roles and coordination can lead to duplication, confusion, and regulatory gaps.
    Recommendation: FSOC and OFR should clarify responsibility for implementing requirements to monitor threats to financial stability across FSOC and OFR, including FSOC members and member agencies, to better ensure that the monitoring and analysis of the financial system are comprehensive and not unnecessarily duplicative.

    Agency: Department of the Treasury: Financial Stability Oversight Council: Office of Financial Research
    Status: Open

    Comments: As of March 2017, OFR has taken some steps to work with the Board of Governors of the Federal Reserve System, a member agency of FSOC, to organize semi-annual meetings to jointly discuss views from their respective monitoring of the financial system for risks. We continue to monitor FSOC and OFR actions that would be responsive to clarifying responsibilities for monitoring threats to financial stability across all the agencies that are members of FSOC.
    Recommendation: To strengthen accountability and collaboration in FSOC's decision making, FSOC should establish a collaborative and comprehensive framework for assessing the impact of its decisions for designating FMUs and nonbank financial companies on the wider economy and those entities. This framework should include assessing the effects of subjecting designated FMUs and nonbank financial companies to new regulatory standards, requirements, and restrictions; establishing a baseline from which to measure the effects; and documenting the approach.

    Agency: Department of the Treasury: Financial Stability Oversight Council
    Status: Open

    Comments: In response to an April 2017 presidential memorandum, Treasury is conducting a review of FSOC's designation process, including an assessment of the effects of designating FMUs and nonbank financial companies. This review will result in a report. We will update the status of this recommendation after we have reviewed the report.
    Recommendation: To strengthen accountability and collaboration in FSOC's decision making, FSOC should develop more systematic forward-looking approaches for reporting on potential emerging threats to financial stability in annual reports. Such an approach should provide methodological insight into why certain threats to financial stability are included or excluded over time, separate current or past threats from those that are potentially emerging, and prioritize the latter.

    Agency: Department of the Treasury: Financial Stability Oversight Council
    Status: Open

    Comments: When FSOC publishes its annual report for 2017 and we have reviewed it, we will provide updated information.
    Director: Goldstein, Mark L
    Phone: (202)512-6670

    2 open recommendations
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Justice
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.
    Director: Powner, David A
    Phone: (202)512-9286

    1 open recommendations
    Recommendation: The Commissioner of Internal Revenue should direct the appropriate officials to define and implement a process, including defined criteria, for reselecting ongoing projects.

    Agency: Department of the Treasury: Internal Revenue Service
    Status: Open

    Comments: Since we made the recommendation, IRS has been working to redesign its investment management process. In June 2016, we reported that the agency had defined and implemented a repeatable process for selecting (and reselecting) operations support activities, though it had not fully documented the process, but did not have a similar process for its business systems modernization activities (GAO-16-545). We recommended that IRS document its process for operations support activities and establish, document, and implement policies and procedures for selecting new and reselecting ongoing business systems modernization activities. IRS agreed with our recommendations and, in January 2017, stated it expected to have an internal draft document of the operations support activities process completed by the end of February 2017 with a draft ready to share with GAO a month later. In addition, for the business systems modernization process, IRS noted several improvements underway and stated it would document the process as it improved by December 2017. We will continue to monitor IRS's efforts to define and implement processes, including criteria, for reselecting ongoing projects.
    Director: Farrell, Brenda S
    Phone: (202)512-3604

    1 open recommendations
    Recommendation: To promote an efficient use of resources and to better plan for the design of a new performance management system, the Secretary of Defense should direct the Deputy Assistant Secretary of Defense for Civilian Personnel Policy to, in conjunction with the DOD Comptroller, help ensure that information identifying and supporting the costs of the NSPS termination and new performance management system is documented, reliable, traceable to a source document, and readily available for examination.

    Agency: Department of Defense
    Status: Open

    Comments: As of September 2015, there has been no evidence that the department has taken action to address this recommendation.
    Director: Chaplain, Cristina T
    Phone: (202)512-3000

    2 open recommendations
    Recommendation: To strengthen its baselines, facilitate external and independent reviews of those baselines, ensure effective oversight of the BMDS, and further improve transparency and accountability of its efforts, and to improve clarity, consistency, and completeness of the baselines reported to Congress, the Secretary of Defense should ensure that MDA, for resource baselines, obtain independent cost estimates for each baseline.

    Agency: Department of Defense
    Status: Open

    Comments: In providing comments on our report, the agency concurred with this recommendation but has not yet taken all actions necessary to implement it. Although the Missile Defense Agency (MDA) has received independent cost estimates from its internal independent cost group for some programs and components that support the baselines provided in MDA's Ballistic Missile Defense System Accountability Report (BAR), MDA officials told us they have not yet completed independent estimates for all the BAR baselines. In addition, the independent estimates will not have full lifecycle costs which will hamper their effectiveness. We will continue to monitor MDA's progress over the course of our next annual review.
    Recommendation: To strengthen its baselines, facilitate external and independent reviews of those baselines, ensure effective oversight of the BMDS, and further improve transparency and accountability of its efforts, and to improve clarity, consistency, and completeness of the baselines reported to Congress, the Secretary of Defense should ensure that MDA, for schedule baselines, in meeting new statutory requirements to report variances between reported acquisition baselines, also report variances between the test plan as presented in the previous acquisition baseline and the test plan as executed that explain the reason for any changes.

    Agency: Department of Defense
    Status: Open

    Comments: In providing comments on this report, the Department of Defense concurred with our recommendation and has taken initial steps to report the test variances, by laying out the dates of the proposed changes. However, the variances do not include all changes to test objectives, detail when tests are deleted, nor when the altered objectives will be satisfied. MDA has initiated an effort with DOT&E and the OTA to track the movement of test objectives, however these changes are not reported and are only used internally. In addition, MDA utilizes a "mid-year" test change memorandum. The change explains the difference from the prior master test plan, but is not reported. Thus, changes that are included in the mid-year memorandum can not be tracked if one only receives the annual test plan. We will continue to monitor MDA's progress in fiscal year 2017 and determine whether MDA lays out the changes in its upcoming integrated master test plan.
    Director: Cosgrove, James C
    Phone: (202)512-7029

    2 open recommendations
    Recommendation: To help ensure that Medicare beneficiaries have access to high-quality dialysis care, the Administrator of CMS should assess the extent to which the bundled payment for dialysis care will be sufficient to cover an efficient dialysis organization's costs to provide such care when the bundled payment expands to cover oral-only ESRD drugs. The Administrator should conduct this assessment before implementing this expanded bundled payment.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: In order to ensure effective monitoring of treatment of mineral and bone disorder, the Administrator of CMS should continue collecting data for quality measures related to this condition from sources such as the Elab Project until CROWNWeb is fully implemented and concerns about its data reliability have been adequately addressed.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Currie, Christopher
    Phone: (404)679-3000

    1 open recommendations
    Recommendation: In order to help build and maintain a national biosurveillance capability---an inherently interagency enterprise---the Homeland Security Council should direct the National Security Staff to, in coordination with relevant federal agencies, charge this focal point with the responsibility for developing, in conjunction with relevant federal agencies, a national biosurveillance strategy that: 1) defines the scope and purpose of a national capability; 2) provides goals, objectives and activities, priorities, milestones, and performance measures; 3) assesses the costs and benefits associated with supporting and building the capability and identifies the resource and investment needs, including investment priorities; 4) clarifies roles and responsibilities of leading, partnering, and supporting a national capability; and 5) articulates how the strategy is integrated with and supports other related strategies' goals, objectives, and activities.

    Agency: Executive Office of the President: Homeland Security Council
    Status: Open

    Comments: In July 2012, the White House released the National Strategy for Biosurveillance to describe the U.S. government's approach to strengthening biosurveillance. A strategic implementation plan was to be completed within 120 days of the strategy issuance. As we testified in September 2012, the strategy did not fully meet the intent of our recommendation; however, when the implementation plan is complete, it may meet our recommendation. Specifically, the strategy did not provide the mechanism GAO recommended to identify resource and investment needs, including investment priorities. As of September 2015, GAO has not received a copy of the implementation plan for review and has not been able to confirm that it has been finalized and is considered operational by the White House and the key interagency partners.
    Director: Cosgrove, James C
    Phone: (202)512-7029

    1 open recommendations
    Recommendation: To help ensure that changes in Medicare payment methods for dialysis care do not adversely affect beneficiaries, the Administrator of CMS should monitor the access to and quality of dialysis care for groups of beneficiaries, particularly those with above average costs of dialysis care, under the new bundled payment system. Such monitoring should begin as soon as possible once the new bundled payment system is implemented and be used to inform potential refinements to the payment system.

    Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
    Status: Open

    Comments: In March 2010, we recommended that the Administrator of CMS monitor the access to and quality of dialysis care for groups of beneficiaries, particularly those with above average costs, under the new bundled payment system to help ensure that changes in the Medicare payment methods for dialysis care do not adversely affect. We further specified that such monitoring begin as soon as possible once the new bundled payment system is implemented. CMS implemented the expanded bundled payment system for dialysis care in January 2011. As of August 2011, CMS is collecting data on dialysis care utilization that could be used to examine access to and quality of dialysis care by groups of beneficiaries. Although CMS anticipates using these data to identify potential problems in dialysis care, the agency has not begun using these data to examine access to and quality of care by groups of beneficiaries, nor has finalized plans to do so.
    Director: Chaplain, Cristina T
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: The Secretary of Defense should direct MDA to ensure that developmental hardware and software changes are not made to the operational baseline that disrupt the assessments needed to understand the capabilities and limitations of new BMDS developments.

    Agency: Department of Defense
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. In the June 2010 Ballistic Missile Defense System Accountability Report (BAR), Missile Defense Agency (MDA) provided some operational baselines and continues to do so annually. Nonetheless, configuration changes continue to pose challenges to a thorough assessment of the BMDS architecture. For example, the Director, Operational Test and Evaluation stated that the many configurations of the fielded ground-based interceptor inhibits a full evaluation of the GMD program. Moreover, some changes to BMDS elements are still delivered while testing of the architecture is already underway. We will continue to assess whether MDA fully adopts an approach allowing time for the warfighter and testers to fully understand hardware and software before placing it in the operational baseline.
    Director: Goldenkoff, Robert N
    Phone: (202)512-2757

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To improve the Bureau's use of its master schedule to manage the 2020 decennial census, the Secretary of Commerce should require the Director of the U.S. Census Bureau to include estimates of the resources, such as labor, materials, and overhead costs, in the 2020 integrated schedule for each activity as the schedule is built, and prepare to carry out other steps as necessary to conduct systematic schedule risk analyses on the 2020 schedule.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: Commerce neither agreed nor disagreed with this recommendation. The Bureau continues to refine its 2020 Census master schedule, which it recently announced it completed in July 2016. Bureau officials have periodically described their intent to link resources to activities within their schedules, but as of July 2016 had confirmed that it had not yet done so. The Bureau has provided us with copies of its schedule, but not yet satisfactory evidence of having completed such an analysis. We are beginning an audit of the Bureau's scheduling practices this summer and will review actions the Bureau may have taken to address this recommendation. As of July 2017, we have received initial documents as we begin this review.
    Director: Farrell, Brenda S
    Phone: (202)512-3604

    3 open recommendations
    Recommendation: To help implement a fair, effective, and credible performance management system for its civilian employees--whether NSPS or another--the Secretary of Defense should review and evaluate the effectiveness of the department's training.

    Agency: Department of Defense
    Status: Open

    Comments: The National Defense Authorization Act for Fiscal Year 2010 which repealed the National Security Personnel System required that DOD (1) take all actions necessary for the orderly termination of NSPS and (2) transition of all employees and positions from NSPS to legacy personnel systems or, if applicable, to the personnel systems that would have applied if NSPS had never been established. The law also mandated that the transition be completed by no later than January 1, 2012 and required DOD to establish a new performance management system, among other things. At the time of last update in June 2013, DOD had completed its efforts to research and design a new performance management system, in coordination with the unions. More recently, on July 24, 2014, the department released its 3rd update to Congress on the design and implemenation of its new personnel management system. DOD is required to report every 6 months on its progress. In its most recent report, DOD discusses its intent to implement a new multi-level rating system, but does not provide specific details about any steps taken that would allow us to close the recommendation nor has it taken actions to implement a system at this time. According to the DOD official overseeing this effort, DOD has made progress and the next update scheduled to be issued in Decembr 2014 will have significant more detail about the efforts taken.
    Recommendation: To help implement a fair, effective, and credible performance management system for its civilian employees--whether NSPS or another--the Secretary of Defense should ensure that guidance is in place for conducting a postdecisional analysis that specifies what process the components should follow to investigate and eliminate potential barriers to fair and equitable ratings.

    Agency: Department of Defense
    Status: Open

    Comments: The National Defense Authorization Act for Fiscal Year 2010 which repealed the National Security Personnel System required that DOD (1) take all actions necessary for the orderly termination of NSPS and (2) transition of all employees and positions from NSPS to legacy personnel systems or, if applicable, to the personnel systems that would have applied if NSPS had never been established. The law also mandated that the transition be completed by no later than January 1, 2012 and required DOD to establish a new performance management system, among other things. At the time of last update in June 2013, DOD had completed its efforts to research and design a new performance management system, in coordination with the unions. More recently, on July 24, 2014, the department released its 3rd update to Congress on the design and implemenation of its new personnel management system. DOD is required to report every 6 months on its progress. In its most recent report, DOD discusses its intent to implement a new multi-level rating system, but does not provide specific details about any steps taken that would allow us to close the recommendation nor has it taken actions to implement a system at this time. According to the DOD official overseeing this effort, DOD has made progress and the next update scheduled to be issued in Decembr 2014 will have significant more detail about the efforts taken.
    Recommendation: To help implement a fair, effective, and credible performance management system for its civilian employees--whether NSPS or another--the Secretary of Defense should include, as part of the department's monitoring of the implementation of its system, efforts to monitor and evaluate how the safeguards specifically are implemented by lower-level organizations across the department.

    Agency: Department of Defense
    Status: Open

    Comments: The National Defense Authorization Act for Fiscal Year 2010 which repealed the National Security Personnel System required that DOD (1) take all actions necessary for the orderly termination of NSPS and (2) transition of all employees and positions from NSPS to legacy personnel systems or, if applicable, to the personnel systems that would have applied if NSPS had never been established. The law also mandated that the transition be completed by no later than January 1, 2012 and required DOD to establish a new performance management system, among other things. At the time of last update in June 2013, DOD had completed its efforts to research and design a new performance management system, in coordination with the unions. More recently, on July 24, 2014, the department released its 3rd update to Congress on the design and implemenation of its new personnel management system. DOD is required to report every 6 months on its progress. In its most recent report, DOD discusses its intent to implement a new multi-level rating system, but does not provide specific details about any steps taken that would allow us to close the recommendation nor has it taken actions to implement a system at this time. According to the DOD official overseeing this effort, DOD has made progress and the next update scheduled to be issued in Decembr 2014 will have significant more detail about the efforts taken.
    Director: Powner, David A
    Phone: (202)512-6408

    1 open recommendations
    Recommendation: Congress may wish to consider requiring the Departments of Justice, Homeland Security, and Treasury to collaborate on the development and implementation of a joint radio communications solution. Specifically, Congress may wish to consider requiring the departments to (1) establish an effective governance structure that includes a formal process for making decisions and resolving disputes, (2) define and articulate a common outcome for this joint effort, and (3) develop a joint strategy for improving radio communications.

    Agency: Congress
    Status: Open

    Comments: Congress enacted legislation and introduced a few other bills in the House of Representatives during the last Congress that were aimed at improving interoperable communications. However, Congress has not yet passed legislation that would require all three departments to collaborate on a joint communications solution. As a result, GAO maintains that Congress should consider requiring the three departments to collaborate on the development and implementation of a joint radio communications solution in order to improve the interoperability of radio communications systems and potentially achieve savings.