Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: Technology

    37 publications with a total of 110 open recommendations including 16 priority recommendations
    Director: Mark Goldstein
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: As part of its annual reporting on the broadband market, FCC should solicit and report on the views of stakeholders and others on how well FCC's actions promote broadband competition. (Recommendation 1)

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: As part of its annual reporting on the broadband market, FCC should solicit and report on the views of stakeholders and others on how varying levels of broadband deployment affect broadband prices and service quality. (Recommendation 2)

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Shelby S. Oakley
    Phone: (202) 512-3841

    3 open recommendations
    Recommendation: To help ensure the availability of Pu-238 and RPS for space exploration, the Secretary of Energy should develop an implementation plan with milestones and interim steps for the department's management approach for Pu-238 and RPS production.

    Agency: Department of Energy
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure the availability of Pu-238 and RPS for space exploration, the Secretary of Energy should assess the long-term effects that known challenges may have on production quantities, time frames, or required funding, and communicate these potential effects to NASA.

    Agency: Department of Energy
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure the availability of Pu-238 and RPS for space exploration, the Secretary of Energy should develop a more comprehensive system to track more systemic risks, beyond the specific technical risks identified by individual laboratories.

    Agency: Department of Energy
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Dave Wise
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of Transportation should direct NHTSA to define, document, and externally communicate the agency's roles and responsibilities in relation to connected vehicle data privacy.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Mike Sullivan
    Phone: (202) 512-4841

    5 open recommendations
    Recommendation: To ensure that DOD is positioned to counter both near and far term threats, consistent with its S&T framework, the Secretary of Defense should direct the new Under Secretary of Defense for Research and Engineering to annually define the mix of incremental and disruptive innovation investments for each military department.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure that DOD is positioned to counter both near and far term threats, consistent with its S&T framework, the Secretary of Defense should direct the new Under Secretary of Defense for Research and Engineering to annually assess whether that mix is achieved.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure that DOD is positioned to more comprehensively implement leading practices for managing science and technology programs, the Secretary of Defense should direct the new Under Secretary of Defense for Research and Engineering to define, in policy or guidance, an S&T management framework that includes emphasizing greater use of existing flexibilities to more quickly initiate and discontinue projects to respond to the rapid pace of innovation.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure that DOD is positioned to more comprehensively implement leading practices for managing science and technology programs, the Secretary of Defense should direct the new Under Secretary of Defense for Research and Engineering to define, in policy or guidance, an S&T management framework that includes incorporating acquisition stakeholders into technology development programs to ensure they are relevant to customers.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure that DOD is positioned to more comprehensively implement leading practices for managing science and technology programs, the Secretary of Defense should direct the new Under Secretary of Defense for Research and Engineering to define, in policy or guidance, an S&T management framework that includes promoting advanced prototyping of disruptive technologies within the labs so the S&T community can prove these technologies work to generate demand from future acquisition programs.

    Agency: Department of Defense
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Dillingham, Gerald L
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To help FAA better manage and oversee its portfolio of R&D activities, the Secretary of Transportation should direct the FAA to take a more strategic approach to identifying research priorities across the agency, including developing guidance to identify long-term priorities and emerging issue areas, as part of FAA's portfolio development process.

    Agency: Department of Transportation
    Status: Open

    Comments: As of June 2017, FAA officials said they were redesigning the agency?s National Aviation Research Plan (NARP) to, among other things, better align research to agency outcomes. FAA officials said that the redesigned NARP will provide the agency a strategic view of R&D and a better understanding of the driving forces for research, such as longer term strategic needs and emerging issues. The officials also said that the redesigned NARP will allow for a more effective framework from which to prioritize research. FAA plans to finalize the redesign of the NARP by February 2019.
    Recommendation: To help FAA better manage and oversee its portfolio of R&D activities, the Secretary of Transportation should direct the FAA to clarify its portfolio development guidance to call for each Program Planning Teams to disclose the process it used for prioritizing and selecting research projects so that decision-making is more transparent for FAA management.

    Agency: Department of Transportation
    Status: Open

    Comments: As of June 2017, FAA officials said they were developing guidance that will require the Program Planning Teams to identify and document their process for prioritizing and selecting research projects. FAA plans to finalize the guidance by November 2017.
    Recommendation: To help FAA better manage and oversee its portfolio of R&D activities, the Secretary of Transportation should direct the FAA to develop guidance to ensure that future National Aviation Research Plans (NARP) and R&D Annual Reviews meet statutory requirements to the extent practicable, including (a) The NARP lists activities that are carried under cooperative agreements. (b) The NARP describes the rationale for the prioritized research programs. (c) The NARP identifies how resources were allocated for long-term and near-term research. (d) The NARP identifies REDAC recommendations that are accepted, not accepted, and the reasons for non-acceptance. (e) The NARP provides a detailed description of technology transfer to government, industry, and academia. (f) The Annual Review describes new technologies developed and the dissemination of research results to the private sector. (g) The Annual Review allows a comparison to the NARP. (h) The Annual Review is prepared and presented in accordance with agency performance reporting requirements.

    Agency: Department of Transportation
    Status: Open

    Comments: As of June 2017, FAA officials said they were redesigning the National Aviation Research Plan (NARP) and R&D Annual Review to include, among other things, information required by statute. FAA plans to finalize the redesign of the NARP and Annual Review by February 2019.
    Director: Andrew Sherrill
    Phone: (202) 512-7215

    1 open recommendations
    Recommendation: To enhance the ability of the Executive Office of the President to implement the Revitalize American Manufacturing and Innovation Act of 2014 requirements related to reporting on advanced manufacturing, the Director of the Office of Science and Technology Policy, working through the National Science and Technology Council and agency leadership, as appropriate, should identify the information they will collect from federal agencies to determine the extent to which the objectives outlined in the National Strategic Plan for Advanced Manufacturing are being achieved.

    Agency: Executive Office of the President: Office of Science and Technology Policy
    Status: Open

    Comments: OSTP did not state whether it agreed or disagreed with this recommendation. They provided some comments on the draft recommendation. For example, OSTP commented that the recommendation could focus on the extent to which the objectives of the Advanced Manufacturing Partnership (AMP) recommendations are being achieved in periodic updates to the implementation of the National Strategic Plan for Advanced Manufacturing. However, these recommendations were not covered in the scope of our report: we focused on reporting on the progress in achieving the objectives of the strategic plan.
    Director: Shelby S. Oakley
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: The NNSA Administrator should direct the DNN R&D program to track and document the transitioned and deployed technologies that result from its research and technology development projects, to the extent practicable.

    Agency: Department of Energy: National Nuclear Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken, we will update.
    Recommendation: The NNSA Administrator should direct the DNN R&D and NPAC programs to document, using a common template or other means, their assessment that compares the final results of each project against the baseline targets established in each project's initial project plan.

    Agency: Department of Energy: National Nuclear Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken, we will update.
    Director: Tim Persons
    Phone: (202) 512-6412

    1 open recommendations
    Recommendation: The Secretary of Homeland Security--in consultation with the Federal Bureau of Investigation--should conduct a formal bioforensics capability gap analysis to identify scientific and technical gaps and needs in bioforensics capabilities to help guide current and future bioforensics investments and update its analysis periodically.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    5 open recommendations
    Recommendation: To effectively measure 18F's performance, the Administrator of GSA should direct the Commissioner for the Technology Transformation Service to ensure that goals and associated performance measures are outcome-oriented and that performance measures have targets, including (1) performance measures and targets tied to fully recovering program costs; and (2) goals, performance measures, and targets for how the program will achieve its mission after September 2016.

    Agency: General Services Administration
    Status: Open

    Comments: The General Services Administration (GSA) agreed with, and has begun to take steps to implement, this recommendation. Specifically, GSA developed a quarterly performance report for fiscal year 2017 that includes an outcome-oriented goal for 18F as well as associated performance measures and targets. According to a Technology Transformation Service official, GSA plans to expand its quarterly performance report for fiscal year 2018 to reflect additional 18F goals and performance measures, including measures tied to fully recovering program costs. We will continue to evaluate GSA's progress in implementing this recommendation.
    Recommendation: To effectively measure 18F's performance, the Administrator of GSA should direct the Commissioner for the Technology Transformation Service to assess actual results for each performance measure.

    Agency: General Services Administration
    Status: Open

    Comments: The General Services Administration (GSA) agreed with, and has begun to take steps to implement, this recommendation. Specifically, GSA developed a quarterly performance report for fiscal year 2017 that includes an outcome-oriented goal for 18F as well as associated performance measures with targets. Additionally, GSA has assessed actual results of the performance measures for the first two quarters of fiscal year 2017. According to a Technology Transformation Service official, GSA plans to expand its quarterly performance report for fiscal year 2018 to include additional 18F goals and performance measures. We will continue to evaluate GSA's progress in implementing this recommendation.
    Recommendation: To effectively measure performance, prioritize USDS's resources, and ensure that CIOs play an integral role in agency digital service teams, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to ensure that all goals and associated performance measures are outcome-oriented and that performance measures have targets.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in its December 2016 report to Congress, OMB developed three goals for U.S. Digital Service (USDS): (1) rethink how the federal government builds and buys digital services; (2) expand the use of common, platforms, services, and tools; and (3) bring top technical talent into public service. In addition, OMB established performance measures with targets for its third goal and for each of the program's major projects. However, OMB has not established performance measures for the first two USDS goals. Further, the program's third goal is not outcome-oriented. We will continue to evaluate OMB's progress in implementing this recommendation.
    Recommendation: To effectively measure performance, prioritize USDS's resources, and ensure that CIOs play an integral role in agency digital service teams, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to assess actual results for each performance measure.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with, and has begun to take steps to implement, this recommendation. Specifically, in its December 2016 report to Congress, OMB assessed the results of performance measures for one of the U.S. Digital Service (USDS) program's goals--bring top technical talent into public service--and for each of the program's major projects. However, OMB has not established performance measures for the other two USDS goals--rethink how the federal government builds and buys digital services; and expand the use of common, platforms, services, and tools. We will continue to evaluate OMB's progress in implementing this recommendation.
    Recommendation: To effectively measure performance, prioritize USDS's resources, and ensure that CIOs play an integral role in agency digital service teams, the Director of the Office of Management and Budget should direct the Federal Chief Information Officer to update USDS policy to clearly define the responsibilities and authorities governing the relationships between CIOs and the digital service teams and require existing agency digital service teams to address this policy. In doing so, the Federal Chief Information Officer should ensure that this policy is aligned with relevant federal law and OMB guidance on CIO responsibilities and authorities.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: The Office of Management and Budget (OMB) generally agreed with, and has begun to take steps to implement, this recommendation. In particular, OMB updated its digital service team policy to require that teams appropriately inform their chief information officers (CIO) regarding U.S. Digital Service (USDS) projects. However, the policy does not describe the responsibilities or authorities governing the relationships between CIOs and digital service teams. We will continue to evaluate OMB's progress in implementing this recommendation.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    17 open recommendations
    including 7 priority recommendations
    Recommendation: To improve agency information security programs, the Administrator of the National Aeronautics and Space Administration should update security assessment plans for selected systems to ensure they include the test procedures to be performed.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA concurred with our recommendation. The agency has implemented a system to support updates of security assessment plans that include the test procedures to be performed. Subsequent to NASA informing us that security assessment plans for selected systems include these test procedures, we plan to verify the agency's actions.
    Recommendation: To improve agency information security programs, the Administrator of the National Aeronautics and Space Administration should re-evaluate security control assessments for selected systems to ensure that they comprehensively test technical controls.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA concurred with our recommendation, and will re-evaluate the selected systems' security control assessments to ensure that technical controls will be comprehensively tested. NASA officials said that they expect to complete this action by January 15, 2018. Subsequent to NASA informing us that it has implemented the recommendation, we plan to verify the agency's actions.
    Recommendation: To improve agency information security programs, the Administrator of the National Aeronautics and Space Administration should update remedial action plans for selected systems, to include responsible organization, estimated funding, source of funding, and updated milestones and completion dates.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA concurred with our recommendation. The agency has implemented a system that generates plans of actions and milestones (POA&Ms), but has not yet provided sufficient examples of remedial action plans for the selected systems. Subsequent to NASA informing us that it has updated POA&Ms for the selected systems to include responsible organization, estimated funding, source of funding, and updated milestones and completion dates, we plan to verify these actions.
    Recommendation: To improve agency information security programs, the Administrator of the National Aeronautics and Space Administration should update the continuous monitoring strategy to include metrics, ongoing status monitoring of metrics, and reporting of security status.

    Agency: National Aeronautics and Space Administration
    Status: Open
    Priority recommendation

    Comments: NASA concurred with our recommendation. The agency has issued an updated continuous monitoring strategy, but this strategy does not clearly identify specific metrics to be used. Subsequent to NASA informing us that the strategy includes metrics, ongoing status monitoring of metrics, and reporting of security status, we plan to verify these actions.
    Recommendation: To improve agency information security programs, the Chairman of the Nuclear Regulatory Commission should re-evaluate security control assessments to ensure that they comprehensively test technical controls.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: NRC concurred with our recommendation. NRC supplied documents regarding its cybersecurity assessment process, but has not yet provided evidence of re-evaluating assessments to ensure that technical controls were comprehensively tested.
    Recommendation: To improve agency information security programs, the Chairman of the Nuclear Regulatory Commission should update remedial action plans for selected systems, to include responsible organization, estimated funding, funding source, and scheduled completion dates.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: NRC concurred with our recommendation. The agency provided evidence that it is including the responsible organization and scheduled completion dates in its plans of action and milestones (POA&Ms). While the estimated funding and source of funding do not appear in the POA&Ms, the agency has indicated that this data is available elsewhere. We are following up with NRC to verify this information.
    Recommendation: To improve agency information security programs, the Chairman of the Nuclear Regulatory Commission should update the standard that addresses continuous monitoring to include metrics and ongoing status monitoring.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: NRC concurred with our recommendation. The agency expects to publish a revised computer security standard in 2018.
    Recommendation: To improve agency information security programs, Acting Director of the Office of Personnel Management should update security plans for selected systems to ensure that all controls specific to high-impact systems are addressed, including a rationale if the control is not implemented, and where other plans are cross-referenced, ensure that the other system's plan appropriately addresses the control.

    Agency: Office of Personnel Management
    Status: Open
    Priority recommendation

    Comments: OPM concurred with our recommendation. The agency intends to migrate security plans to an automated system in order to improve management of security controls.
    Recommendation: To improve agency information security programs, Acting Director of the Office of Personnel Management should provide and track specialized training for all individuals, including contractors, who have significant security responsibilities.

    Agency: Office of Personnel Management
    Status: Open
    Priority recommendation

    Comments: OPM partially concurred with our recommendation. OPM is in the process of reviewing its procedures for identifying employees and contractors who directly access its information systems and reviewing the training requirements for those individuals, as well as specialized training requirements, and how compliance is tracked.
    Recommendation: To improve agency information security programs, Acting Director of the Office of Personnel Management should re-evaluate security control assessments to ensure that they comprehensively test technical controls.

    Agency: Office of Personnel Management
    Status: Open
    Priority recommendation

    Comments: OPM did not concur with our recommendation. OPM is developing additional standards for evaluating technical-controls testing and will incorporate these standards into its oversight of security assessments, once the standards are complete.
    Recommendation: To improve agency information security programs, Acting Director of the Office of Personnel Management should update remedial action plans for selected systems, to include source of funding and updated completion dates.

    Agency: Office of Personnel Management
    Status: Open

    Comments: OPM concurred with our recommendation. OPM is in the process of migrating POA&Ms to a new automated system that will allow the source of funding to be included in plans of action and milestones.
    Recommendation: To improve agency information security programs, the Secretary of the Department of Veterans should update security plans for selected systems to ensure that all controls specific to high-impact systems are addressed, including a rationale if the control is not implemented.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation. VA stated that all high-impact security controls have been addressed, and the agency expects to include all controls in one plan. Subsequent to the agency informing us that it has implemented the recommendation, we plan to verify its actions.
    Recommendation: To improve agency information security programs, the Secretary of the Department of Veterans should provide and track specialized training for all individuals who have significant security responsibilities.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation. VA provided limited evidence that it is tracking specialized training for staff who have significant security responsibilities. GAO plans to request further documentation and verify the completeness of VA's actions.
    Recommendation: To improve agency information security programs, the Secretary of the Department of Veterans should conduct security control assessments for the two selected systems and ensure the procedures comprehensively test technical controls.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation. VA has assessed technical controls, but has not yet provided evidence of re-evaluating assessments to ensure that technical controls were comprehensively tested.
    Recommendation: To improve agency information security programs, the Secretary of the Department of Veterans should update remedial action plans for selected systems, to include estimated funding and funding source.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation. VA provided limited evidence that it is including more information in its remedial action plans for selected systems, but did not demonstrate that it is including estimated funding and funding sources in these plans.
    Recommendation: To improve agency information security programs, the Secretary of the Department of Veterans should develop a continuous monitoring strategy that addresses organization-defined metrics, frequency of monitoring metrics, ongoing status monitoring of metrics, and reporting of security status.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: VA concurred with our recommendation. VA is developing a new framework to address the people, processes, technology, and performance monitoring mechanisms identified in the Information Security Continuous Monitoring (ISCM) Maturity Model. This framework and supporting program plan are linked to the Department of Homeland Security Continuous Diagnostics and Mitigation (CDM) phase 1 deployment that is ongoing and anticipated to be completed by the fourth quarter of 2017. VA's ISCM program plan and framework have been delayed to accommodate these changes.
    Recommendation: To improve security over federal systems, including those considered to be high impact, the Director of the Office of Management and Budget should issue plan and practices specified in the Cybersecurity Strategy and Implementation Plan.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: OMB concurred with our recommendation. On December 9, 2016, OMB issued memorandum M-17-09, Management of Federal High Value Assets, which lists some existing policies and guidance and other actions that agencies need to take to protect IT assets. In addition OMB provided limited access to a document describing best practices for federal security operation centers. GAO is requesting further access to this document on best practices in order to determine whether OMB has adequately addressed the recommendation.
    Director: Diana Maurer
    Phone: (202) 512-9627

    6 open recommendations
    including 6 priority recommendations
    Recommendation: To improve transparency and better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Attorney General should assess the PIA development process to determine why PIAs were not published prior to using or updating face recognition capabilities, and implement corrective actions to ensure the timely development, updating, and publishing of PIAs before using or making changes to a system.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: DOJ officials did not concur with this recommendation, and stated that the FBI has established practices that protect privacy and civil liberties beyond the requirements of the law. DOJ officials stated that it will internally evaluate the PIA process as part of the Department's overall commitment to improving its processes, not in response to our recommendation. In March 2017, we followed up with DOJ to obtain its current position on our recommendation. DOJ continues to believe that its approach in designing the NGI system was sufficient to meet legal privacy requirements and that our recommendation represents a "checkbox approach" to privacy. We disagree with DOJ's characterization of our recommendation. We continue to believe that the timely development and publishing of future PIAs would increase transparency of the department's systems. We recognize the steps the agency took to consider privacy protection during the development of the NGI system. We also stand by our position that notifying the public of these actions is important and provides the public with greater assurance that DOJ components are evaluating risks to privacy when implementing systems. As a result, the recommendation remains open and unimplemented.
    Recommendation: To improve transparency and better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Attorney General should assess the SORN development process to determine why a SORN was not published that addressed the collection and maintenance of photos accessed and used through NGI for the FBI's face recognition capabilities prior to using NGI-IPS, and implement corrective actions to ensure SORNs are published before systems become operational.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: DOJ agreed, in part, with our recommendation and submitted the SORN for publication to the Federal Register on April 21, 2016, and it was published on May 5, 2016. DOJ did not agree that the publication of a SORN is required by law. We disagree with DOJ's interpretation regarding the legal requirements of a SORN. The Privacy Act of 1974 requires that when agencies establish or make changes to a system of records, they must notify the public through a SORN published in the Federal Register. DOJ's comments on our draft report acknowledge that the automated nature of face recognition technology and the sheer number of photos now available for searching raise important privacy and civil liberties considerations. DOJ officials also stated that the FBI's face recognition capabilities do not represent new collection, use, or sharing of personal information. We disagree. We believe that the ability to perform automated searches of millions of photos is fundamentally different in nature and scope than manual review of individual photos, and the potential impact on privacy is equally fundamentally different. By assessing the SORN development process and taking corrective actions to ensure timely development of future SORNs, the public would have a better understanding of how personal information is being used and protected by DOJ components. As a result, the recommendation remains open and unimplemented.
    Recommendation: To better ensure that face recognition capabilities are being used in accordance with privacy protection laws and policy requirements, the Director of the Federal Bureau of Investigation should conduct audits to determine the extent to which users of NGI-IPS and biometric images specialists in FACE Services are conducting face image searches in accordance with Criminal Justice Information Services Division policy requirements.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In March 2017, DOJ provided us with the audit plan the CJIS Audit Unit developed in June 2016 for NGI-IPS users. In addition, DOJ reported that the CJIS Audit Unit began assessing NGI-IPS requirements at participating states in conjunction with its triennial National Identity Services audit and that, as of February 2017, the unit had conducted NGI-IPS audits of four states. Further, DOJ officials said CJIS developed an audit plan of the FACE Services Unit to coincide with the existing triennial FBI internal audit for 2018. However, DOJ did not provide the audit plan for the FACE Services Unit. DOJ officials said the methodology would be the same as the audit plan for NGI-IPS, but that methodology does not describe oversight on use of information obtained from external systems accessed by FACE Services employees. Therefore, we believe DOJ is making progress towards meeting the recommendation, but has not fully implemented our recommendation.
    Recommendation: To better ensure that face recognition systems are sufficiently accurate, the Director of the Federal Bureau of Investigation should conduct tests of NGI-IPS to verify that the system is sufficiently accurate for all allowable candidate list sizes, and ensure that the detection and false positive rate used in the tests are identified.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In comments on our draft report in 2016, and reiterated during recommendation follow-up, as of March 2017, DOJ did not concur with this recommendation. DOJ officials stated that the FBI has performed accuracy testing to validate that the system meets the requirements for the detection rate, which fully satisfies requirements for the investigative lead service provided by NGI-IPS. We disagree with DOJ. A key focus of our recommendation is the need to ensure that NGI-IPS is sufficiently accurate for all allowable candidate list sizes. Although the FBI has tested the detection rate for a candidate list of 50 photos, NGI-IPS users are able to request smaller candidate lists (between 2 and 50 photos). FBI officials stated that they do not know, and have not tested, the detection rate for other candidate list sizes. According to these officials, a smaller candidate list would likely lower the detection rate because a smaller candidate list may not contain a likely match that would be present in a larger candidate list. However, according to the FBI Information Technology Life Cycle Management Directive, testing needs to confirm the system meets all user requirements. Because the accuracy of NGI-IPS's face recognition searches when returning fewer than 50 photos in a candidate list is unknown, the FBI is limited in understanding whether the results are accurate enough to meet NGI-IPS users' needs. DOJ officials also stated that searches of NGI-IPS produce a gallery of likely candidates to be used as investigative leads, not for positive identification. As a result, according to DOJ officials, NGI-IPS cannot produce false positives and there is no false positive rate for the system. We disagree with DOJ. The detection rate and the false positive rate are both necessary to assess the accuracy of a face recognition system. Generally, face recognition systems can be configured to allow for a greater or lesser number of matches. A greater number of matches would generally increase the detection rate, but would also increase the false positive rate. Similarly, a lesser number of matches would decrease the false positive rate, but would also decrease the detection rate. Reporting a detection rate of 86 percent without reporting the accompanying false positive rate presents an incomplete view of the system's accuracy. As a result, the recommendation remains open and unimplemented.
    Recommendation: To better ensure that face recognition systems are sufficiently accurate, the Director of the Federal Bureau of Investigation should conduct an operational review of NGI-IPS at least annually that includes an assessment of the accuracy of face recognition searches to determine if it is meeting federal, state, and local law enforcement needs and take actions, as necessary, to improve the system.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: As of March 2017, FBI officials stated they implemented the recommendation by submitting a paper to solicit feedback from users through the Fall 2016 Advisory Policy Board Process. Specifically, officials said the paper requested feedback on whether the face recognition searches of the NGI-IPS are meeting their needs, and input regarding search accuracy. According to FBI officials, no users expressed concern with any aspect of the NGI-IPS meeting their needs, including accuracy. Although FBI's action of providing working groups with a paper presenting GAO's recommendation is a step, the FBI's actions do not fully meet the recommendation. The FBI's paper was presented as informational, and did not result in any formal responses from users. We disagree with the FBI's conclusion that receiving no responses on the informational paper fulfills the operational review recommendation, which includes determining that NGI-IPS is meeting user's needs. As such, we continue to recommend the FBI conduct an operational review of NGI-IPS at least annually.
    Recommendation: To better ensure that face recognition systems are sufficiently accurate, the Director of the Federal Bureau of Investigation should take steps to determine whether each external face recognition system used by FACE Services is sufficiently accurate for the FBI's use and whether results from those systems should be used to support FBI investigations.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open
    Priority recommendation

    Comments: In comments on our draft report in 2016, and reiterated during recommendation follow-up in 2017, DOJ officials did not concur with this recommendation and had no plans to implement it. DOJ officials stated that the FBI has no authority to set or enforce accuracy standards of face recognition technology operated by external agencies. In addition, DOJ officials stated that the FBI has implemented multiple layers of manual review that mitigate risks associated with the use of automated face recognition technology. Further, DOJ officials stated there is value in searching all available external databases, regardless of their level of accuracy. We disagree with the DOJ position. We continue to believe that the FBI should assess the quality of the data it is using from state and federal partners. We acknowledge that the FBI cannot and should not set accuracy standards for the face recognition systems used by external partners. We also do not dispute that the use of external face recognition systems by the FACE Services Unit could add value to FBI investigations. However, we disagree with FBI's assertion that no assessment of the quality of the data from state and federal partners is necessary. We also disagree with the DOJ assertion that manual review of automated search results is sufficient. Even with a manual review process, the FBI could miss investigative leads if a partner does not have a sufficiently accurate system. By relying on its external partners' face recognition systems, the FBI is using these systems as a component of its routine operations and is therefore responsible for ensuring the systems will help meet FBI's mission, goals and objectives. The recommendation remains open and unimplemented.
    Director: Daniel Bertoni
    Phone: (202) 512-7215

    4 open recommendations
    Recommendation: To ensure that it provides all eligible populations access to its services and that its eligibility requirements are consistent with currently accepted practices, the Library of Congress should re-examine and potentially revise its requirement that medical doctors must certify eligibility for the NLS program for those with a reading disability caused by organic dysfunction.

    Agency: Library of Congress
    Status: Open

    Comments: The Library of Congress indicated that the National Library Service for the Blind and Physically Handicapped (NLS) has contracted for a study of how eligibility based on reading disability should be certified. This study will look at medical advances in the diagnosis of reading disabilities, the NLS authorizing statute, and the potential impact of a regulatory change on the program. The expected completion date is December 2017. To close this recommendation, the Library of Congress must demonstrate that this study has been completed and that NLS has determined whether a change in its requirements is warranted.
    Recommendation: To ensure funds are directed to the most cost-effective outreach efforts, NLS should evaluate the effectiveness of its outreach efforts, including the extent to which different outreach efforts have resulted in new users.

    Agency: Library of Congress: National Library Service for the Blind and Physically Handicapped
    Status: Open

    Comments: The Library of Congress indicated that the National Library Service for the Blind and Physically Handicapped (NLS) has begun revising the program application form so that it captures information on how applicants were referred to the program. NLS expects to have all libraries nationwide using this revised application by sometime in 2018. In addition, the Library of Congress indicated that NLS has contracted for a multi-year, multi-media advertising campaign. This effort will assess the effectiveness of different approaches by connecting direct responses to ads with verified program enrollment. The campaign is expected to be fully underway by January 2018. To close this recommendation, the Library of Congress will need to demonstrate that NLS has fully implemented one or more of its planned new approaches for evaluating outreach.
    Recommendation: To help it determine the most cost-effective approach for its next audio player, NLS should comprehensively assess the alternatives of designing its own specialized audio player versus providing commercially available players to its users.

    Agency: Library of Congress: National Library Service for the Blind and Physically Handicapped
    Status: Open

    Comments: The Library of Congress indicated that the National Library Service for the Blind and Physically Handicapped (NLS) has contracted for a study of the different commercially available audio players for their usability, life-cycle costs, maintenance needs, and durability. The study is expected to be completed by December 2017, and will guide NLS in its decision about how to develop its next generation of audio players. To close this recommendation as implemented, the Library of Congress will have to demonstrate that this study has been conducted and that NLS has considered its findings in making a decision about its next generation audio player.
    Recommendation: To help it determine whether to supplement its collection of human-narrated audio materials with text-to-speech materials, NLS should thoroughly assess the text-to-speech option versus continuing to provide only human-narrated materials.

    Agency: Library of Congress: National Library Service for the Blind and Physically Handicapped
    Status: Open

    Comments: The Library of Congress indicated that the National Library Service for the Blind and Physically Handicapped (NLS) has developed a library of 100 text-to-speech (synthetic speech) talking books. In September 2017, NLS will begin a 3-month pilot in which a group of NLS users try out these talking books and provide input to NLS. Also, NLS will require that its next generation of audio players have the capacity to play synthetic speech talking books, and the study it has contracted of commercially available players will consider this requirement among other factors. To close this recommendation as implemented, NLS needs to demonstrate that it has completed its text-to-speech pilot and has decided on an approach going forward with regards to expanding this program.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    1 open recommendations
    Recommendation: To better facilitate adoption of the NIST Framework for Improving Critical Infrastructure Cybersecurity, the Secretary of Homeland Security should direct officials responsible for the Critical Infrastructure Cyber Community Voluntary Program to develop metrics for measuring the effectiveness of efforts to promote and support the framework.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In December 2016, DHS officials stated that they will continue to work with sector-specific agency partners and NIST to determine how to develop measurement activities and collect information on C3VP outreach and its effectiveness in promoting and supporting the Cybersecurity Framework. We will continue to monitor their efforts and verify whether implementation of metrics has occurred.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To strengthen FCC's data collection efforts, the Chairman of FCC should develop a strategy to gather additional information on the IP transition to assess the transition's potential effects on public safety and consumers.

    Agency: Federal Communications Commission
    Status: Open

    Comments: FCC stated it will continue to use its existing strategy to obtain data necessary to ensure that core values remain intact through the tech transitions with present resource commitment levels. FCC plans to dedicate resources toward upgrading FCC systems and software to better use "big-data" capabilities.
    Director: Gerald Dillingham
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To implement a more effective international strategy for achieving NextGen interoperability with other nations, the Secretary of Transportation should direct the FAA Administrator to conduct a risk assessment to identify potential threats and vulnerabilities to NextGen interoperability and establish timeframes for periodically re-evaluating these risks.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To implement a more effective international strategy for achieving NextGen interoperability with other nations, the Secretary of Transportation should direct the FAA Administrator to identify and document actions FAA will undertake to mitigate these risks, using information from the risk assessment as a basis for making management decisions about how to allocate resources for these activities.

    Agency: Department of Transportation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Joseph Kirschbaum
    Phone: (202) 512-9971

    3 open recommendations
    Recommendation: To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to fully institutionalize the use of risk assessments to support future investment decisions, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to update the roles and responsibilities guidance in DOD Directive 5160.05E to identify which organizations are responsible for conducting and participating in CBDP Enterprise risk assessments.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation but has not yet completed actions to implement it. As of August 2017, DOD was still waiting to release the final version of DOO Directive 5160.05E.
    Recommendation: To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to fully institutionalize the use of risk assessments to support future investment decisions, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to update the CBDP Enterprise's portfolio planning process, to include when risk assessments will be conducted.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation but has not yet completed actions to implement it. On 6/8/16, DOD reported that the risk assessment process was initially piloted in 2014 to determine its utility for informing CBDP Enterprise portfolio planning and guidance. Moving forward, the CBDP Enterprise plans to conduct risk assessments annually to support portfolio planning and guidance. As of August 2017, DOD reported that the department was beginning an approximately 12-month process to revise the CBDP Business Plan, which would likely be published as a DOD Instruction. This plan should address the risk assessment recommendation.
    Recommendation: To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to enhance PAIO's ongoing analysis of potential infrastructure duplication in the CBDP Enterprise and gain potential efficiencies, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to identify, request, and consider any information from existing infrastructure studies from other federal agencies with chemical and biological research and development and test and evaluation infrastructure.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation but has not yet completed actions to implement it. As of July 2017, DOD has requested, but not received, such studies from other federal agencies. However, DOD is currently engaged in phase two of a three-phase effort regarding its chemical and biological defense infrastructure program (CBDP), which includes a review of the department's interagency roles and responsibilities for its chemical and biological defense Infrastructure Manager. Targeted completion for this phase is December 2017, at which time, DOD may have obtained relevant information from other federal agencies.
    Director: J. Alfredo Gómez
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: To better ensure compliance with ERDDAA when handling congressional requests for scientific advice from EPA's SAB, the EPA Administrator should document procedures for reviewing congressional committee requests to determine which questions should be taken up by the SAB and criteria for evaluating such requests.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In September 2016, EPA finalized procedures for reviewing congressional committee requests for advice from the Science Advisory Board (SAB). According to EPA officials, the agency will also make modifications to the SAB charter to be consistent with the process. When the charter is updated, we will review it to determine whether clarifying language included meets the intent of this recommendation.
    Recommendation: To better ensure compliance with ERDDAA when handling congressional requests for scientific advice from EPA's SAB, the EPA Administrator should clarify in policy documents when it is and when it is not appropriate for the EPA Administrator to forward advice to the requesting committee.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In September 2016, EPA finalized procedures for reviewing congressional committee requests for advice from the Science Advisory Board (SAB) to determine which questions should be taken up by the SAB. These procedures, however, do not ensure compliance with ERDDAA because they fail to recognize that under ERDDAA, the SAB is required to provide requested scientific advice to select committees. The procedures lay out a process and criteria for reviewing congressional requests for SAB advice which include: 1) the scope of EPA's legal authorities; 2) whether the requested advice is related to the science and technical aspect of the environmental issue, rather than a question of public policy; and 3) EPA priorities and strategic plan. The relevant criterion for determining whether the SAB should take up a question, however, is whether it is scientific in nature. The other criteria may be relevant to EPA's prioritization of requests to the SAB in light of the SAB's limited resources.
    Director: Mak, Marie A
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: In order for NASA to fully implement the NASA Authorization Act of 2008 and for CASIS to fulfill its responsibility as outlined in the cooperative agreement, the NASA Administrator should direct the Associate Administrator for the Human Exploration and Operations Mission Directorate to fully staff the ISS National Laboratory Advisory Committee.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: NASA does not plan to staff the International Space Station National Laboratory Advisory Committee (INLAC) at this time. Officials stated that they continue to believe that the Center for the Advancement of Science in Space (CASIS) Board of Directors meets the intent of the INLAC charter by providing oversight of CASIS implementation of utilization of the ISS as a national laboratory. NASA remains concerned about staffing another oversight group that may create conflicts with the existing CASIS Board of Directors. NASA is also exploring with CASIS opportunities to open portions of board meetings to the general public and interested parties in order to foster additional transparency and a broad and free exchange of ideas. In response to this recommendation, the Associate Administrator for the Human Exploration and Operations Mission Directorate indicated that NASA was seeking relief from the statutory requirement to staff the INLAC.
    Director: Cristina T. Chaplain
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To improve technology planning and ensure planning efforts are clearly aligned with the SBIRS follow-on, the Secretary of the Air Force should establish a technology insertion plan as part of the SBIRS follow-on acquisition strategy that identifies obsolescence needs as well as specific potential technologies and insertion points.

    Agency: Department of Defense: Department of the Air Force
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. DOD's planned action on the scope and focus of technology insertion will be based on the direction provided in the Space Based Infrared System (SBIRS) Follow-on Analysis of Alternatives (AoA) and will be executed through the SBIRS Space Modernization Initiative (SMI). The SBIRS AoA was completed in March 2016; however, as of June 2017, the SMI schedule has yet to show how technology will be inserted into the follow-on system.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    6 open recommendations
    Recommendation: To ensure that CBP's land mobile radio systems are functioning as intended in each location and are meeting user needs, the CBP Commissioner should develop a plan to monitor the performance of its deployed radio systems.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure the ICE TACCOM program is effectively managed, the Assistant Secretary of ICE should develop a program plan to ensure that the agency establishes the appropriate documentation of resource needs, program goals, and measures to monitor the performance of its deployed radio systems.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve CBP training efforts, CBP Commissioner should develop and implement a plan to address any skills gaps for CBP agents and officers related to understanding the new digital radio systems and interagency radio use protocols.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve CBP training efforts, CBP Commissioner should develop a mechanism to verify that all Border Patrol and OFO radio users receive radio training.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve ICE training efforts, the Assistant Secretary of ICE should develop and implement a plan to address any skills gaps for ICE agents related to understanding the new digital radio systems and interagency radio use protocols.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve ICE training efforts, the Assistant Secretary of ICE should develop a mechanism to verify that all ICE radio users receive radio training.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Johana Ayers
    Phone: (202) 512-5741

    2 open recommendations
    Recommendation: To help manage the risks from changes in conference participation and any potential effects on the defense S&T enterprise, the Secretary of Defense should direct the Assistant Secretary of Defense for Research and Engineering, in consultation with the Office of the DCMO, to develop a plan to analyze and periodically reevaluate the risks from changes in participation at S&T conferences for any potential effects on DOD's ability to meet its scientific mission, including identifying and collecting additional information needed to conduct this analysis.

    Agency: Department of Defense
    Status: Open

    Comments: In September 2015, DOD updated its conference approval guidelines. According to DOD, these guidelines were designed to facilitate conference participation and attendance by DOD employees. The updated guidelines now treat conference attendance as Temporary Duty/Temporary Assigned Duty, and delegate approval authority to the lowest level possible. However, DOD has not yet implemented a requirement to develop a plan and periodically reevaluate the risks from changes in participation at S&T conferences as of June 2016 because officials in the Office of the Deputy Chief Management Officer believe this recommendation in GAO-15-278 is no longer applicable as a result of its updated conference approval guidelines. We disagree and believe this recommendation continues to have merit in order for DOD to better understand and manage the risks to achieving its S&T mission from any future changes in conference participation, and to determine if any future actions to adjust its conference approval guidelines are warranted.
    Recommendation: To help manage the risks from changes in conference participation and any potential effects on the defense S&T enterprise, the Secretary of Energy should direct the Administrator of NNSA and the relevant national lab directors, in consultation with DOE's Office of Management, to develop a plan to analyze and periodically reevaluate the risks from changes in participation at S&T conferences for any potential effects on NNSA's ability to meet its scientific mission, including identifying and collecting additional information needed to conduct this analysis.

    Agency: Department of Energy
    Status: Open

    Comments: In August 2015, DOE updated its conference management policies and procedures to, among other things, expedite the conference attendance approval process by establishing timeframes for review and approval. According to DOE, as of September 2016, streamlining the conference approval process eliminates the need to periodically evaluate risks from changes in participation at S&T conferences. We disagree and believe this recommendation continues to have merit in order for DOE to better understand and manage the risks to achieving its S&T mission from any future changes in conference participation, and to determine if any future actions to adjust its conference approval guidelines are warranted.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To ensure that application of UBP for fixed Internet access does not conflict with the public interest, the FCC should make use of existing data collection sources to track fixed-Internet UBP implementation and its effects on consumers nationwide so that FCC can take actions, if necessary, to protect consumer interests.

    Agency: Federal Communications Commission
    Status: Open

    Comments: When we confirm what actions FCC has taken in response to this recommendation, we will provide updated information.
    Director: Cristina Chaplain
    Phone: (202) 512-4841

    3 open recommendations
    Recommendation: Before making decisions on whether to disaggregate DOD's protected satellite communications, SBIRS, or environmental monitoring satellite systems, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to develop common measures for resilience.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has not yet developed common measures for resilience, but has stated standard metrics are under development. Results from a recent study by the National Security Space Enterprise Vision Tiger Team are expected to develop resilience requirements and options for attaining resiliency. DOD plans to use the Space Based Infrared System Follow-on as a test case for describing resilience as a system requirement. The Air Force approved a draft capability development document in February 2017, and a full capability development document is under development. In addition, DOD has identified mission assurance and resiliency as priorities for the next Space Strategic Portfolio Review. GAO's ongoing review of hosted payloads, to be conducted over the next year, will likely review issues related to this area.
    Recommendation: Before making decisions on whether to disaggregate DOD's protected satellite communications, SBIRS, or environmental monitoring satellite systems, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to expand demonstration efforts to examine the operational feasibility of disaggregation by empirically quantifying its benefits and limitations as well as addressing longstanding barriers that could hinder its implementation.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has not yet empirically quantified the benefits and limitations of disaggregation, or addressed longstanding barriers that could hinder its implementation, through a demonstration of operational feasibility. However, DOD stated it has considered the disaggregation of certain capabilities in previous war games, and lessons learned will be carried forward into future war games. For example, the most recent war games focused on ways to increase space system resilience by expanding and integrating international and private sector capabilities, and increasing the number of sensors and associated coverage.
    Recommendation: Before making decisions on whether to disaggregate DOD's protected satellite communications, Space Based Infrared System (SBIRS), or environmental monitoring satellite systems, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to comprehensively examine--either through the Analysis of Alternatives studies or through other assessments--the full range of disaggregation issues, including those that go beyond the satellite systems themselves.

    Agency: Department of Defense
    Status: Open

    Comments: DOD has made progress toward assessing disaggregation through its analysis of alternatives (AOA) efforts for individual satellite programs within three areas: protected satellite communications services (PSCS), space-based environmental monitoring (SBEM), and the Space Based Infrared System (SBIRS). However, DOD has not yet completed a comprehensive examination of the full range of disaggregation issues. DOD completed the SBEM AOA in October 2013, the SBIRS Follow-on AOA in December 2015, and the PSCS AOA in February 2016. These AOAs each included cost, capability, and risk analyses for aggregated and disaggregated alternatives, though each did not assess the full range of disaggregation issues for the subject area. For example, the SBEM AOA evaluated options including placing sensors on host satellites, placing satellites in different orbits, and relying on international and U.S. civil partners to provide some capabilities, but it focused on the space segment and did not analyze alternative ground segment components. The AOA team determined impacts to the ground segment would need to be assessed more thoroughly once DOD decided on a solution. In October 2016, the Air Force approved an acquisition strategy for the planned solution, called the Weather System Follow-on - Microwave. The program has not yet assessed ground segment impacts, but the Air Force stated it will be assessed further once a contract is awarded. For the PSCS and SBIRS areas, the Air Force conducted subsequent studies on resiliency in 2016, which evaluated the benefits of resiliency in future architectures for satellite communications missions and informed resilience requirements for the SBIRS Follow-on. GAO has ongoing work in these areas and plans to complete reviews of the AOAs in the fall of 2017 and a hosted payload review in the next year.
    Director: David Powner
    Phone: (202) 512-9286

    8 open recommendations
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to ensure that all IT investments are assessed for suitability for migration to a cloud computing service.

    Agency: Department of Agriculture
    Status: Open

    Comments: We are in the process of reviewing agency documentation and waiting for additional supporting documentation.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to ensure that all IT investments are assessed for suitability for migration to a cloud computing service.

    Agency: Department of the Treasury
    Status: Open

    Comments: We contacted the agency and are awaiting its response on the status of efforts to implement this recommendation.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to ensure that all IT investments are assessed for suitability for migration to a cloud computing service.

    Agency: Department of State
    Status: Open

    Comments: The Department of State established a requirement for completing a cloud computing service alternatives analysis for all new projects, and that existing IT projects be evaluated for the viability to migrate to a cloud computing environment. Further, the department established key factors for consideration when selecting applications for migration to a cloud environment. However, State has not yet evaluated a majority of its IT investments for cloud alternatives. The department said it plans to complete evaluations for some of these investments by the end of FY2017, but has not yet established plans to evaluate over a third of its investments.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to ensure that all IT investments are assessed for suitability for migration to a cloud computing service.

    Agency: Small Business Administration
    Status: Open

    Comments: We are waiting for a response from SBA on the status of efforts to implement this recommendation.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to establish evaluation dates for those investments identified in this report that have not been assessed for migration to the cloud.

    Agency: Department of Agriculture
    Status: Open

    Comments: We are in the process of waiting for additional department documentation.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to establish evaluation dates for those investments identified in this report that have not been assessed for migration to the cloud.

    Agency: Department of the Treasury
    Status: Open

    Comments: We are waiting for a response from the department on the status of efforts to implement this recommendation.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to establish evaluation dates for those investments identified in this report that have not been assessed for migration to the cloud.

    Agency: Department of State
    Status: Open

    Comments: The Department of State established a requirement for completing a cloud computing service alternatives analysis for all new projects, and that existing IT projects be evaluated for viability to migrate to a cloud computing environment. Further, the department established key factors for consideration when selecting applications for migration to a cloud environment. However, the department has not yet established evaluation dates for the vast majority of the investments that have not been assessed for migration to the cloud. Specifically, the department plans to complete evaluations for some of these investments by the end of fiscal year 2017, but does not plan to do so for most of them.
    Recommendation: To help ensure continued progress in the implementation of cloud computing services, the Secretaries of Agriculture, Health and Human Services, Homeland Security, State, and the Treasury; and the Administrators of the General Services Administration and Small Business Administration should direct their respective Chief Information Officers to establish evaluation dates for those investments identified in this report that have not been assessed for migration to the cloud.

    Agency: Small Business Administration
    Status: Open

    Comments: We are waiting for a response from the department on the status of efforts to implement this recommendation.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of Agriculture should align performance goals under the "enhance rural prosperity" strategic objective in the APR to the broadband loan program's purpose, to the extent feasible.

    Agency: Department of Agriculture
    Status: Open

    Comments: USDA's Fiscal Year 2017 Budget Summary and Annual Performance Plan includes a key performance measure for the number of borrowers/subscribers receiving new or improved telecommunication services. This measure will track the number of subscribers proposed to receive broadband service. However, this method does not measure actual adoption of RUS-financed broadband service. Further, the plan does not include goals or measures to determine the program's progress towards economic development in rural areas.
    Director: David C. Trimble
    Phone: (202) 512-3841

    5 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that DOE's cooperative agreement and internal documentation supporting its June 2012 acceptance of depleted uranium tails are accurate and transparent, the Secretary of Energy should continue to review the accuracy of its documentation associated with this transaction and seek an independent review of this documentation by a third party, such as the DOE Inspector General.

    Agency: Department of Energy
    Status: Open

    Comments: DOE disagreed with our recommendation, and as of March 2017, has not taken steps to implement it. GAO staff will follow-up on this recommendation in fiscal year 2017.
    Recommendation: If DOE continues to transfer, sell, or barter depleted uranium tails pursuant to its general authority under the Atomic Energy Act, notwithstanding that the USEC Privatization Act likely prohibits such actions, to ensure that DOE is receiving the required compensation under the Atomic Energy Act and DOE policy, the Secretary of Energy should develop guidance for setting an appropriate method for determining the value of depleted uranium tails when transferring them as an asset and apply the method consistently and transparently, prior to conducting such transfers, sales, or barters.

    Agency: Department of Energy
    Status: Open
    Priority recommendation

    Comments: DOE disagreed with our recommendation and, as of March 2017, has not taken steps to implement it. DOE has maintained that the department is not required to establish guidance or a pricing policy for depleted uranium and that doing so would hinder DOE's ability to maximize the value received by the government in a given transaction. We continue to believe that having guidance that provides a consistent and transparent method of determining the value of tails in the context of a transaction is necessary to help DOE ensure that it is receiving reasonable compensation in return for its tails, especially given the potential for future tails transactions
    Recommendation: To ensure that DOE mitigates risks associated with achieving the expected benefits of future uranium transactions that may rely on third-party contracts, the Secretary of Energy should take steps to mitigate the risks for each uranium transaction, in accordance with federal internal control standards.

    Agency: Department of Energy
    Status: Open

    Comments: DOE disagreed with our recommendation, and as of March 2017, has not taken steps to implement it. GAO staff will follow-up on this recommendation in fiscal year 2017.
    Recommendation: To ensure the quality, credibility, and transparency of any future uranium market impact studies, the Secretary of Energy should (1) conduct a rigorous and documented internal assessment consistent with contract provisions and the Department of Energy's Information Quality Guidelines of the quality of such studies and/or have an independent third party conduct a peer review; and (2) to the extent that market impact studies are made publicly available, require that studies include information on the methods, data sources, and assumptions used in such a way that allows others to understand, interpret, and evaluate the studies consistent with DOE's Information Quality Guidelines.

    Agency: Department of Energy
    Status: Open

    Comments: DOE disagreed with our recommendation, and as of March 2017, has not taken steps to implement it. GAO staff will follow-up on this recommendation in fiscal year 2017.
    Recommendation: To further ensure that DOE's future uranium transfers do not have an adverse material impact on the domestic uranium market, the Secretary of Energy should seek and consider industry input both on the amount of DOE sales or transfers of uranium the market can absorb annually and on whether there is a need to reinstitute a guideline that limits annual uranium sales or transfers.

    Agency: Department of Energy
    Status: Open

    Comments: DOE disagreed with our recommendation, and as of March 2017, has not taken steps to implement it. GAO staff will follow-up on this recommendation in fiscal year 2017.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    4 open recommendations
    Recommendation: To ensure that the increasing risks of GPS disruptions to the nation's critical infrastructure are effectively managed, the Secretary of Homeland Security should increase the reliability and usefulness of the GPS risk assessment by developing a plan and time frame to collect relevant threat, vulnerability, and consequence data for the various critical infrastructure sectors, and periodically review the readiness of data to conduct a more data-driven risk assessment while ensuring that DHS's assessment approach is more consistent with the National Infrastructure Protection Plan (NIPP).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials had previously indicated that DHS's Office of Infrastructure Protection (IP) and Office of Cyber and Infrastructure Analysis (OCIA) have discussed an update of the GPS risk assessment, noting that such an update may be included in fiscal year 2017 planning documents. However, as of February 2017, no documentation had been provided that demonstrates such plans. Additionally, information from DHS shows that DHS has continued other efforts to collect potentially relevant threat, vulnerability, and consequence data for various GPS equipment in use. For example, according to DHS officials, DHS has conducted visits to major maritime, finance, wireless communications, and electricity firms to gauge their understanding of GPS vulnerabilities and of technology- and strategy-based efforts to improve GPS resilience, and DHS documentation shows that DHS has held events to test GPS receivers as part of assessing vulnerabilities. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To ensure that the increasing risks of GPS disruptions to the nation's critical infrastructure are effectively managed, the Secretary of Homeland Security should, as part of current critical infrastructure protection planning with Sector-Specific Agencys (SSAs) and sector partners, develop and issue a plan and metrics to measure the effectiveness of GPS risk mitigation efforts on critical infrastructure resiliency.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2017, DHS documentation shows that DHS has worked with Sector Specific Agencies (SSAs) and other interagency partners to help manage GPS risks and continues to communicate information on risks to critical infrastructure partners. For example, according to DHS officials, this included briefing field staff and developing questions for infrastructure surveys to gather information on GPS resilience at the facility level. According to DHS officials, at the national level DHS included GPS in discussions with SSAs on topics they could include in their Sector-Specific Plans (each SSA develops a Sector-Specific Plan to detail risk management in its critical infrastructure sector), but DHS has also indicated that sector-oriented metrics are not a viable means of assessing risk management actions. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To improve collaboration and address uncertainties in fulfilling the National Security Presidential Directive 39 (NSPD-39) backup-capabilities requirement, the Secretaries of Transportation and Homeland Security should establish a formal, written agreement that details how the agencies plan to address their shared responsibility. This agreement should address uncertainties, including clarifying and defining DOT's and DHS's respective roles, responsibilities, and authorities; establishing clear, agreed-upon outcomes; establishing how the agencies will monitor and report on progress toward those outcomes; and setting forth the agencies' plans for examining relevant issues, such as the roles of SSAs and industry, how NSPD-39 fits into the NIPP risk management framework, whether an update to the NSPD-39 is needed, or other issues as deemed necessary by the agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2017, the National Executive Committee for Space-Based Positioning, Navigation, and Timing (PNT) Executive Steering group had established an interagency team called the "Complementary PNT Tiger Team" co-chaired by DHS, DOT, and DOD. This team was formed to manage the federal government's efforts to establish a national backup system to GPS. According to DHS officials, this organizational structure obviates the need for a formal, written agreement between DOT and DHS specific to GPS backup responsibilities. They also stated that, in a separate but related effort, DHS, DOT, and DOD are discussing a tri-lateral agreement that covers a broad spectrum of PNT-related responsibilities and activities. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To improve collaboration and address uncertainties in fulfilling the National Security Presidential Directive 39 (NSPD-39) backup-capabilities requirement, the Secretaries of Transportation and Homeland Security should establish a formal, written agreement that details how the agencies plan to address their shared responsibility. This agreement should address uncertainties, including clarifying and defining DOT's and DHS's respective roles, responsibilities, and authorities; establishing clear, agreed-upon outcomes; establishing how the agencies will monitor and report on progress toward those outcomes; and setting forth the agencies' plans for examining relevant issues, such as the roles of SSAs and industry, how NSPD-39 fits into the NIPP risk management framework, whether an update to the NSPD-39 is needed, or other issues as deemed necessary by the agencies.

    Agency: Department of Transportation
    Status: Open

    Comments: As of February 2017, the National Executive Committee for Space-Based Positioning, Navigation, and Timing (PNT) Executive Steering group had established an interagency team--called the "Complementary PNT Tiger Team"--co-chaired by DHS, DOT, and DOD. This team was formed to manage the federal government's efforts to establish a national backup system to GPS. According to DHS officials, this organizational structure obviates the need for a formal, written agreement between DOT and DHS specific to GPS backup responsibilities. They also stated that, in a separate but related effort, DHS, DOT, and DOD are discussing a tri-lateral agreement that covers a broad spectrum of PNT-related responsibilities and activities. We will update the status of this recommendation after we receive additional information from DOT.
    Director: Cackley, Alicia P
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: Congress should consider strengthening the current consumer privacy framework to reflect the effects of changes in technology and the marketplace--particularly in relation to consumer data used for marketing purposes--while also ensuring that any limitations on data collection and sharing do not unduly inhibit the economic and other benefits to industry and consumers that data sharing can accord. Among the issues that should be considered are: (1) the adequacy of consumers' ability to access, correct, and control their personal information in circumstances beyond those currently accorded under FCRA; (2) whether there should be additional controls on the types of personal or sensitive information that may or may not be collected and shared; (3) changes needed, if any, in the permitted sources and methods for data collection; and (4) privacy controls related to new technologies, such as web tracking and mobile devices.

    Agency: Congress
    Status: Open

    Comments: As of April 2017, Congress has not taken action on this matter.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure Ford-class carrier acquisitions are supported by sound requirements and a comprehensive testing strategy, and to promote the introduction of reliable, warfighting capable ships into the fleet, the Secretary of Defense should direct the Secretary of the Navy to take the following action prior to accepting delivery of Gerald R. Ford CVN 78. The Secretary of Defense should direct the Secretary of the Navy to conduct a cost-benefit analysis on (1) currently required capabilities, including increased sortie generation rates and reduced manning and (2) the time and money needed to field systems to provide these capabilities, in light of known and projected reliability shortfalls for critical systems. This analysis should be informed by demonstrated system performance from land-based testing, including updated reliability growth projections, and should identify trade space among competing cost, schedule, and performance parameters. The analysis should also consider whether the Navy should seek requirements relief from the Joint Requirements Oversight Council, to the extent necessary, to maximize its return on investment to the warfighter. The Navy should report the results of this analysis to Congress within 30 days of CVN 78 commissioning.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: We recommended that DOD conduct a cost-benefit analysis on currently required capabilities, and report the results to Congress within 30 days of CVN 78 commissioning. DOD agreed with our recommendation for a cost-benefit analysis, but disagreed with the timing of it, stating that it plans to measure CVN 78 capabilities through completion of operational testing after ship delivery. Since the release of our report, the Navy completed cost-benefit analyses to determine the acquisition strategy for CVN 79, making two major changes to the ship (replacing the Dual Band Radar (DBR) with a different radar solution and introducing a phased construction and delivery approach.) While these are major program changes, the department did not evaluate the fundamental reason for conducting a cost-benefit analysis, namely that known and projected reliability shortfalls make it unlikely that the program will achieve its sortie generation requirements. In December 2016, an Independent Review Team commissioned by the Under Secretary of Defense, Acquisition, Technology and Logistics completed a comprehensive assessment of the CVN 78's systems, but did not recommend any capability trade-offs or requirements relief.
    Recommendation: To ensure Ford-class carrier acquisitions are supported by sound requirements and a comprehensive testing strategy, and to promote the introduction of reliable, warfighting capable ships into the fleet, the Secretary of Defense should direct the Secretary of the Navy to take the following action prior to accepting delivery of CVN 78. The Secretary of Defense should direct the Secretary of the Navy to adjust the planned post-delivery test schedule to ensure that system integration testing is completed prior to entering initial operational test and evaluation.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: Until the Navy updates the test plan in February 2018, we will not know if it will fully address our recommendation. However, recent test schedules suggest an overlap remains between integration testing and the start of initial operational test and evaluation.
    Director: Dinapoli, Timothy J
    Phone: (202) 512-4841

    3 open recommendations
    Recommendation: To better position DOD to determine whether its actions have improved service acquisition, the Principal Deputy Under Secretary of Defense for Acquisition, Technology, and Logistics, in consultation with the military departments' senior services managers, should identify baseline data on the status of service acquisition, in part, by using budget and spending data and leveraging its ongoing efforts to gauge the effects of its actions to improve service acquisition.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: DOD concurred with our recommendation and is in the process of developing baseline data on the current status of its service acquisitions. In July 2014, DOD issued its annual Performance of the Defense Acquisition report. For the first time, this report included information on its contracted services, such obligations for each service portfolio group, competition rates, and small business participation information. DOD expects to develop service acquisition related goals and metrics in 2017 from which it can develop additional baseline data.
    Recommendation: To better position DOD to determine whether its actions have improved service acquisition, the Principal Deputy Under Secretary of Defense for Acquisition, Technology, and Logistics, in consultation with the military departments' senior services managers, should develop specific goals associated with their actions to improve service acquisition.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: DOD concurred with our recommendation and is in the process of developing service acquisition goals and metrics as well as an action plan for improving service acquisition. As of February 2017, DOD began a review of internal guidance that will include an analysis of the roles, responsibilities, authorities, goals, metrics, and structure associated with managing service acquisitions.
    Recommendation: To better position DOD to determine whether its actions have improved service acquisition, the Principal Deputy Under Secretary of Defense for Acquisition, Technology, and Logistics, in consultation with the military departments' senior services managers, should establish metrics to assess progress in meeting these goals.

    Agency: Department of Defense: Office of the Secretary of Defense: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
    Status: Open

    Comments: DOD concurred with our recommendation and is in the process of developing service acquisition goals and metrics as well as an action plan for improving service acquisition. As of February 2017, DOD began a review of internal guidance that will include an analysis of the roles, responsibilities, authorities, goals, metrics, and structure associated with managing service acquisitions.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To provide clarity on how sponsorship identification requirements apply to activities not directly addressed by FCC's current guidance, such as the use of video news releases, and to update its guidance to reflect current technologies and recent FCC decisions about video news releases, the Chairman of the FCC should initiate a process to update its sponsorship identification guidance and consider providing additional examples relevant to more modern practices.

    Agency: Federal Communications Commission
    Status: Open

    Comments: In August 2017, GAO contacted FCC for an update on this status of this recommendation, but received no information from the agency.
    Director: Powner, David A
    Phone: (202) 512-9286

    2 open recommendations
    Recommendation: The Secretary of Transportation should designate a senior agency official who has departmentwide responsibility, accountability, and authority for geospatial information issues. The Secretary of Transportation direct the designated senior official for geospatial information to prepare, maintain, publish, and implement a strategy for advancing geographic information and related geospatial data activities appropriate to its mission.

    Agency: Department of Transportation
    Status: Open

    Comments: In July 2016, a Transportation official told GAO that the department had completed a draft of the geospatial strategic plan that month. According to a Transportation official, as of March 1, 2017, the draft was under review. On September 8, 2017, a Transportation official stated that the department plans to issue the plan by November 1, 2017.
    Recommendation: To improve OMB oversight of geospatial information and assets, and minimize duplication of federal geospatial investments, the Director of OMB should develop a mechanism, or modify existing mechanisms, to identify and report annually on all geospatial related investments, including dollars invested and the nature of the investment.

    Agency: Executive Office of the President: Office of Management and Budget
    Status: Open

    Comments: OMB has made progress in developing a way to identify and report annually on all geospatial-related investments, but has not completed its efforts. In March 2014, the Federal Geographic Data Committee (FGDC) issued its National Geospatial Data Asset (NGDA) Management Plan. The plan was developed in conjunction with OMB officials. One of the objectives of the plan is to develop and apply a standard definition of a geospatial investment in order to facilitate reporting on budgeted geospatial data investments, due to the fact that different definitions are being used by OMB, the FGDC community, and individual agencies. There are two supporting actions for this objective. The first action was completed with the finalization and issuance of the FGDC's Geospatial Investment Definitions for Tracking and Reporting Geospatial Investment Costs document in April 2016. The document contains a set of geospatial definitions with specific examples for each. The second action is for the geospatial community to apply the definitions in submissions to OMB during the annual federal government budget planning and reporting process. According to FGDC officials, they expect this to be challenging for a number of reasons, including the need for agencies to determine how they can align their investment tracking systems to accommodate the new definitions and the extent to which agencies will be able to use a common reporting capability. As a result, a two-pronged approach is being used. First, FGDC developed a reporting method using the theme implementation plans to support federal geospatial data investment tracking. For example, in February 2017, an official provided an implementation plan from January 2017 which included an estimate of the amount of time federal employees spent on NGDA work, and reported this as a percentage of full-time equivalents. Second, OMB worked with FGDC to revise geospatial investment reporting guidance found in OMB Circular No. A-11. Starting with fiscal year 2018 allocations (Circular No. A-11 revised July 2016), agencies are required to report on annual aggregated geospatial data investments of $100,000 or greater using the Marketplace feature of the Geospatial Platform. According to an agency official, this approach leverages existing, federal government-wide reporting methods already in place and minimizes the potential for agencies to implement separate, potentially duplicative reporting mechanisms that are not integrated with existing OMB reporting procedures. According to OMB officials as of September 7, 2017, OMB anticipates that since fiscal year 2018 will be the first year of implementation, some agencies may have challenges identifying and reporting their data. As a result, OMB states that the content and completeness of the reported information will need to be evaluated prior to determining its fitness and application for overseeing geospatial investments.
    Director: Gambler, Rebecca S
    Phone: (202)512-3000

    2 open recommendations
    Recommendation: To increase the likelihood of successful implementation of the Arizona Border Surveillance Technology Plan and maximize the effectiveness of technology already deployed, the Commissioner of CBP should take the following step in planning the agency's new technology approach: determine the mission benefits to be derived from implementation of the plan and develop and apply key attributes for metrics to assess program implementation.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As GAO recommended in November 2011, CBP has identified mission benefits to be derived from implementing the Arizona Border Surveillance Technology Plan (Plan). In April 2013, CBP issued its Multi-Year Investment and Management Plan for Border Security Fencing, Infrastructure, and Technology for Fiscal Years 2014 through 2017, which identifies mission benefits to be achieved by all surveillance technologies (e.g., cameras or sensors) to be deployed under the Plan. According to CBP, the majority of these technologies will provide the mission benefits of improved situational awareness and agent safety. Furthermore, according to CBP's Multi-Year Investment and Management Plan for Border Security Fencing, Infrastructure, and Technology for Fiscal Years 2014 - 2017, the technologies deployed or planned for deployment as part of the Plan are intended to help enhance the ability of Border Patrol agents to detect, identify, deter, and respond to threats along the border. CBP's identification of mission benefits will help position CBP to assess its progress in implementing the Plan and the effectiveness of the Plan's technologies in achieving their intended goals. CBP has made some progress in identifying key attributes for metrics to assess implementation of the Arizona Border Surveillance Technology Plan (Plan), as GAO recommended in November 2011, but it has not yet fully identified and applied attributes for metrics for all technologies under the Plan. Since August 2010, CBP has operated multiple technology systems under the Secure Border Initiative Network (SBInet), which preceded the Plan and is a combination of surveillance technologies aimed at creating a "virtual fence" along the southwest border. Specifically, CBP has operated two surveillance systems under SBInet's initial deployment in high-priority regions of the Arizona border. In October 2012, CBP officials stated that these operations identified examples of key attributes for metrics that can be useful in assessing the implementation for technologies. For example, according to CBP, to help measure whether illegal activity has decreased, examples of key attributes include decreases in arrests, complaints by citizens and ranchers, and destruction of public and private lands and property. In November 2014, CBP identified a set of potential key attributes for performance metrics for all technologies to be deployed under the Plan. While CBP has yet to apply these measures, it established a timeline for developing performance measures for each technology. CBP initially expected baselines for each performance measure to be developed by the end of fiscal year 2015. However, in October 2015, CBP officials stated that CBP had modified its time frame for developing baselines and that additional time would be needed to implement and apply key attributes for metrics. In March 2016, CBP officials stated that CBP had planned to use the baseline data to establish a tool by the end of fiscal year 2016. In addition, CBP officials stated these performance measures would profile levels of situational awareness in various areas of the border. In September 2016, CBP provided GAO a case study that assessed technology assist data along with other measures such as field-based assessments of capability gaps, to determine the contributions of surveillance technologies to its mission. While this is a start to developing and applying performance metrics, the case study was limited to one border location and the analysis was limited to select technologies. Until CBP completes its efforts to fully develop and apply key attributes for performance metrics for all technologies to be deployed under the Plan, it will likely not be able to fully assess its progress in implementing the Plan and determine when mission benefits have been fully realized.
    Recommendation: To increase the reliability of CBP's Cost Estimate for the Arizona Border Surveillance Technology Plan, the Commissioner of CBP should update its cost estimate for the Plan using best practices, so that the estimate is comprehensive, accurate, well-documented, and credible. Specifically, the CBP's Office of Technology Innovation and Acquisition (OTIA) program office should (1) fully document data used in the cost model; (2) conduct a sensitivity analysis and risk and uncertainty analysis to determine a level of confidence in the estimate so that contingency funding can be established relative to quantified risk; and (3) independently verify the new life-cycle cost estimate with an independent cost estimate and reconcile any differences.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As GAO recommended in 2011, CBP provided cost estimates for the IFT and RVSS programs, the two highest cost programs in the Arizona Border Surveillance Technology Plan (Plan), in February and March 2012, respectively, and updated the cost estimate for the Plan in June 2013. However, these estimates do not fully meet cost-estimating best practices. In November 2011, GAO reported that the Plan's original cost estimate met some, but not all, cost-estimating best practices. Specifically, CBP had not conducted a sensitivity analysis and a risk and uncertainty analysis to determine a level of confidence in the original estimate, nor did CBP compare the original cost estimate with an independent estimate. For the cost estimate that CBP provided for the IFT in February 2012 and RVSS in March 2012, CBP partially documented the data used in the cost model for the IFT's LCCE (but needs to provide additional data and document management approval) and fully documented the cost model for the RVSS' LCCE. Developing a well-documented cost estimate is a best practice. CBP also conducted a sensitivity analysis and risk and uncertainty analysis to determine the level of confidence in both LCCEs so that contingency funding could be established relative to quantified risk. In addition, CBP's June 2013, CBP revised the cost estimate for the Plan does not fully address our concerns. For example, the IFT and RVSS compose over 90 percent of the Plan's cost in the June 2013 cost estimate; however, CBP has not independently verified its cost estimates for these two programs with independent cost estimates and reconciled any differences. Such action would help CBP better ensure the reliability of each system's cost estimate. Furthermore, the remainder of the June 2013 cost estimate is not fully documented for the Plan's other five programs, consistent with best practices. For example, the estimates for the other five programs are not fully documented because they are provided as summary program costs without detailed descriptions, such as including back-up documentation for labor hours. In November 2015, CBP had yet to update its LCCEs for two of its highest cost programs under the plan. In May 2016, CBP officials stated that the DHS's Cost Analysis Division had started piloting DHS's Independent Cost Estimate capability on the RVSS program in fiscal year 2016. According to CBP officials, this pilot test within CBP is an opportunity to assist DHS in developing its Independent Cost Estimate capability and that CBP selected the RVSS program for the pilot because the RVSS program is at a point in its planning and execution process where it can benefit most from having an independent cost estimate performed as these technologies are being deployed along the southwest border, beyond Arizona. As of October 2016, CBP officials stated that the RVSS schedule and analysis, as well as the results of the independent program cost estimate pilot is expected to be completed at the end of fiscal year 2017. CBP officials stated that they will provide information on the final reconciliation of the independent cost estimate and the RVSS program cost estimate once the pilot has been completed. Further, CBP officials have yet to detail similar plans for the IFT program. As updated life-cycle cost estimates have yet to be completed and independent cost estimates have not been conducted, GAO cannot determine the extent to which the agency is following best practices when updating the life-cycle cost estimates. Moreover, to fully address our recommendation, a LCCE for the Plan that fully addresses best practices is needed to ensure that the estimate is comprehensive, accurate, well-documented, and credible to help the agency and Congress fully understand the impacts of integrating the Plan's various programs.
    Director: Goldstein, Mark L
    Phone: (202)512-6670

    2 open recommendations
    Recommendation: The Federal Communications Commission should explore options for assessing how the three types of low-power television stations have affected the communities they serve and have contributed to FCC's policy goals of localism and diversity. Such an assessment could include evaluating what existing data FCC could use and what additional data should be collected to inform such an assessment.

    Agency: Federal Communications Commission
    Status: Open

    Comments: In Apri 2014, FCC officials indicated that FCC will issue a Notice of Proposed Rulemaking on issues relating to the future of low-power television and translator stations. In addition, FCC officials noted that the upcoming spectrum incentive auction and spectrum repack will affect low-power television stations, since these stations have secondary spectrum rights to full-power stations. When the notice of proposed rulemaking is issued, we will assess the extent to which it addresses this recommendation.
    Recommendation: The Federal Communications Commission should work with Congress, as necessary, to determine what the long-term role of Class A stations should be, whether additional low-power television stations should be permitted to apply for Class A status, and what criteria stations must meet to qualify for such status. Such criteria could include attributes that contribute to FCC's goals of serving underserved communities and enhancing localism and diversity, such as providing locally produced programming and programming otherwise unavailable to communities.

    Agency: Federal Communications Commission
    Status: Open

    Comments: In Apri 2014, FCC officials indicated that FCC will issue a Notice of Proposed Rulemaking on issues relating to the future of low-power television and translator stations. In addition, FCC officials noted that the upcoming spectrum incentive auction and spectrum repack will affect low-power television stations, since these stations have secondary spectrum rights to full-power stations. When the notice of proposed rulemaking is issued, we will assess the extent to which it addresses this recommendation.
    Director: Caldwell, Stephen L
    Phone: (202) 512-9610

    1 open recommendations
    Recommendation: To facilitate better agency understanding of the potential need and feasibility of expanding electronic verification of seafarers, to improve data collection and sharing, and to comply with the Inflation Adjustment Act, the Secretary of Homeland Security should direct the Commandant of the Coast Guard and Commissioner of CBP to jointly establish an interagency process for sharing and reconciling records of absconder and deserter incidents occurring at U.S. seaports.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) concurred and stated that U.S. Customs and Border Protection (CBP) and the Coast Guard would begin to assess the appropriate offices within each component involved in the review and to establish a working group to evaluate the current reporting process within each component, and between CBP and Coast Guard. Further, DHS noted that it was working to co-locate the Coast Guard's ICC Coastwatch and CBP's National Targeting Center-Passenger and that this would help to eliminate many of the absconder-and deserter- reporting inconsistencies GAO identified between Coast Guard and CBP. In January 2013, CBP and Coast Guard officials reported that they had studied the CBP and Coast Guard data and found that multiple factors had likely contributed to the data variances, including differences in definitions for absconders/deserters among CBP and Coast Guard field units, and the method in which field units had recorded and reported absconder and deserter incidents. Officials reported that the two agencies were planning to develop an interagency memorandum of agreement (MOA) with field guidance for reporting absconder and deserter incidents. Officials reported that they expected to finalize and implement the MOA and field guidance by November 30, 2013. In July 2014, CBP described a new process in place for interagency data reconciliation, reporting that this action was taken in lieu of previously discussed plans to develop an interagency MOU. In December 2015, CBP reported that it expected to complete the effort by March 2016. In March 2016, CBP report that it expected to complete the effort by September 2016. CBP officials reported that the Coast Guard and CBP determined that the absconder data variances were caused by the agencies using different reporting criteria. Officials reported that the two agencies were preparing a memo and guidance to issue to field units by August 31, 2016. Officials reported that the recommendation would be fully implemented by September 30, 2016. In September 2016, CBP reported that it expected to implement the effort by December 31, 2016. In December 2016, CBP reported that the agency had drafted a memo to coincide with new Coast Guard procedure for conducting asymmetric migration vetting and deconfliction. CBP was also working to require all ports of entry to report all maritime asymmetric migration events directly to Coastwatch or a Targeting Framework event. However, on October 18, 2016, the DHS Deputy Secretary issued Department Policy Regarding Investigative Data and Event Deconfliction Policy Directive 045-04 that sets forth DHS policy for investigative data and event deconfliction and the use of related deconfliction systems in the course of certain law enforcement activity. As a result of the newly published Directive, DHS requires that CBP develop and implement related policy, by January 17, 2017. The policy directive requires DHS components to develop a policy applicable to components having equities in Investigative Data and Event Deconfliction. The policy will focus on more effective coordination of investigative activity to ensure officer safety by identifying links between ongoing criminal investigations. The Policy also requires that CBP components, at a minimum, conduct deconfliction thru the Deconfliction and Information Coordination Endeavor, Regional Information Sharing Systems Officer Safety Event Deconfliction System, Secure Automated Fast Event Tracking Network or Case Explorer systems. CBP and Coast Guard are now looking at a directive which makes it a port responsibility to deconflict case related information. The timeline for drafting and finalizing that directive is January 2017. Because of this change in direction, CBP and Coast Guard are requesting an extension to March 31, 2017 to finalize and disseminate the new policy.
    Director: Melvin, Valerie C
    Phone: (202)512-6304

    3 open recommendations
    Recommendation: To enhance VA's effort to successfully fulfill its forthcoming plans for the outpatient scheduling system replacement project and the HealtheVet program, the Secretary of Veterans Affairs should direct the CIO to ensure implementation of a requirements management plan that reflects leading practices for requirements development and management. Specifically, implementation of the plan should include analyzing requirements to ensure they are complete, verifiable, and sufficiently detailed to guide development, and maintaining requirements traceability from high-level operational requirements through detailed low-level requirements to test cases.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In written comments on our report, VA concurred with this recommendation and in August 2014, identified initial actions the department had taken in response. Specifically, as part of its plans to issue a request for proposals to acquire a replacement scheduling system under its Medical Appointment Scheduling System (MASS) project, VA developed a Business Requirements Document that defines its specific business needs, capabilities, features, and constraints. Additionally, the department reported that it intends to manage and document requirements using processes supported by a Web-based tool called Rational Doors. In August 2015, VA's Office of Acquisition, Logistics, and Construction awarded a contract for the MASS project. However, in April 2016, the department paused MASS to evaluate an alternative project to enhance its legacy scheduling system. Subsequently, in early 2017, the department restarted the MASS project. Nevertheless, as of June 2017, the department had not developed a requirements management plan for MASS. Thus, the MASS project has not yet reached the point where the effectiveness of the requirements management activities we recommended can be assessed.
    Recommendation: To enhance VA's effort to successfully fulfill its forthcoming plans for the outpatient scheduling system replacement project and the HealtheVet program, the Secretary of Veterans Affairs should direct the CIO to adhere to the department's guidance for system testing including (1) performing testing incrementally and (2) resolving defects of average and above severity prior to proceeding to subsequent stages of testing.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: In written comments on our report, VA concurred with this recommendation and stated that testing was managed using documented, repeatable processes that are included in the department's ProPath Web-based tool. According to the Acting Deputy Chief Information Officer for Product Development, the Medical Appointment Scheduling System (MASS) project is expected to incorporate Agile software development practices, including the use of incremental testing. In August 2015, the department awarded a contract for the MASS project that included task orders for the development of test plans. However, in April 2016, the department paused MASS to evaluate an alternative to enhance its legacy scheduling system. In early 2017, the department restarted the MASS project, but as of June 2017, had not developed a test plan for MASS. Thus, the project has not yet reached the point where adherence to the department's system testing guidance can be assessed.
    Recommendation: To enhance VA's effort to successfully fulfill its forthcoming plans for the outpatient scheduling system replacement project and the HealtheVet program, the Secretary of Veterans Affairs should direct the CIO to ensure that the policies and procedures VA is establishing to provide meaningful program oversight are effectively executed and that they include (1) robust collection methods for information on project costs, benefits, schedule, risk assessments, performance metrics, and system functionality to support executive decision making; (2) the establishment of reporting mechanisms to provide this information in a timely manner to department IT oversight control boards; and (3) defined criteria and documented policies on actions the department will take when development deficiencies for a project are identified.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: The Department of Veterans Affairs concurred with this recommendation and identified various actions it has taken in response. Specifically, the department awarded a contract for its Medical Appointment Scheduling System (MASS) project in August 2015. However, in April 2016, it paused MASS to evaluate an alternative to enhance its legacy scheduling system. In June 2017, VA reported that the MASS project had been resumed and indicated that it would adhere to the department's Veteran-focused Intake Process (VIP), which is intended to ensure oversight, accountability, and traceability of all program activity. Also, the department reported that MASS had met its first VIP milestone, Critical Decision 1, in January 2017. However, key future activities, including product development and testing, have not yet been demonstrated, while VIP milestones (e.g., Critical Decision 2), have not yet been met. Thus, MASS has not reached the point where the effectiveness of project oversight can be fully assessed.
    Director: Rusco, Franklin W
    Phone: (202)512-4597

    2 open recommendations
    Recommendation: To increase Interior's assurance that it is accurately measuring oil and gas produced on federal lands and waters, and to help ensure that Interior's production accountability inspection program consistently addresses key areas affecting measurement accuracy and that BLM meets its inspection goals, the Secretary of the Interior should establish goals for (1) witnessing onshore oil and gas meter calibrations, (2) witnessing onshore and offshore gas sample collections, (3) comparing onshore reported British Thermal Units (BTU) values with gas analyses, and (4) inspecting onshore and offshore orifice plates and meter tubes.

    Agency: Department of the Interior
    Status: Open

    Comments: As of August 2014, BLM had not established goals for witnessing oil meter provings or gas meter calibrations. Officials stated that it would be too challenging to coordinate, as BLM inspectors would have to meet oil and gas company officials on site to witness the gas sample collection. BLM has also not established goals for comparing BTU analyses with gas analyses, though an official stated that comparisons do occur during an in office records review. For witnessing inspections of orifice plates and meter tubes, BLM officials again stated that coordinating these activities with companies would be cumbersome. Officials stated that inspectors do typically inspect the orifice plate when it is pulled for inspection by a company official during a gas meter calibration. For meter tubes, BLM has not taken any actions. BLM officials stated that when updating its oil and gas measurement regulations, it may address some of these issues. Interior officials set a time frame of 2016 to complete this effort.
    Recommendation: To increase Interior's assurance that it is accurately measuring oil and gas produced on federal lands and waters, and to improve the consistency of Interior's management of its onshore production and inspection program, the Secretary of the Interior should direct BLM to review and revise, as appropriate, its oversight of field and state offices and train managers involved in BLM's inspection and enforcement program to ensure adequate and appropriate review of personnel, processes, and production, consistent with standards for internal controls.

    Agency: Department of the Interior
    Status: Open

    Comments: In December 2014, Interior officials stated it had a completion rate of 96 percent for its two part training class called Oil and Gas Field Managers Training. Interior officials have not taken any steps to review and revise, as appropriate, its oversight of field and state offices and have not provided a time frame for when they might take any actions.