Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: Terrorism

    23 publications with a total of 52 open recommendations including 12 priority recommendations
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: The Administrator of TSA should explore and pursue methods to assess the deterrent effect of TSA's passenger aviation security countermeasures; such an effort should identify FAMS—a countermeasure with a focus on deterring threats—as a top priority to address. (Recommendation 1)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. When we confirm what actions TSA has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of TSA should systematically evaluate the potential cost and effectiveness tradeoffs across countermeasures, as TSA improves the reliability and extent of its information on the effectiveness of aviation security countermeasures. (Recommendation 2)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: DHS concurred with this recommendation and in its September 2017 response to our report, DHS stated that TSA will continue efforts to improve both its analysis of information related to security effectiveness and its cost information, leading to better informed cost-benefit decisions for individual countermeasures. To address the intent of our recommendation, TSA will need to evaluate the costs and effectiveness of individual aviation security countermeasures and then use this information to systematically evaluate the potential cost and effectiveness tradeoffs across countermeasures. When we confirm what actions TSA has taken in response to this recommendation, we will provide updated information.
    Director: Michael J. Courts
    Phone: (202) 512-8980

    5 open recommendations
    Recommendation: To address gaps in State's crisis and evacuation preparedness, that the Secretary of State should take additional steps to ensure that overseas posts complete annual updates of their EAPs within required time frames, such as identifying posts that are late in completing their annual updates and continuing to follow up with those posts until they complete their annual EAP updates.

    Agency: Department of State
    Status: Open

    Comments: State concurred with the recommendation and indicated that the Department plans to address this recommendation by generating outreach e-mails to mission staff and expanding the audience for monthly overdue list for those posts overdue in certifying their Emergency Action Plans. GAO will continue to track State's progress in implementing this recommendation.
    Recommendation: To address gaps in State's crisis and evacuation preparedness, that the Secretary of State should establish a monitoring and tracking process to ensure that DS fully reviews and documents the review of key sections of EAPs submitted to it during the annual EAP review cycle.

    Agency: Department of State
    Status: Open

    Comments: State concurred with the recommendation and indicated that the Department plans to address this recommendation by adding a feature to their Post Emergency Guidance and Authorizing System due for release in 2018. This feature would consolidate their Emergency Action Plan (EAP) review and publication history for individual EAP sections into a single report for review and tracking. GAO will continue to track State's progress in implementing this recommendation.
    Recommendation: To address gaps in State's crisis and evacuation preparedness, that the Secretary of State should take steps to make the EAP more readily usable during emergency situations. For example, State could develop a more streamlined version of the EAP--consisting of key sections, checklists, and contact lists--that could be used by overseas post staff, in addition to the full EAP. In addition, for its new system planned for later this year, State could consider including requirements for streamlined EAPs.

    Agency: Department of State
    Status: Open

    Comments: State concurred with the recommendation and indicated that the Department plans to address this recommendation by incorporating a streamlined Emergency Action Plan format into their Post Emergency Guidance and Authorizing System due for release in 2018. GAO will continue to track State's progress in implementing this recommendation.
    Recommendation: To address gaps in State's crisis and evacuation preparedness, that the Secretary of State should take steps to ensure that overseas posts complete and report completion of required drills within mandated time frames.

    Agency: Department of State
    Status: Open

    Comments: State concurred with the recommendation and indicated that the Department plans to address this recommendation by incorporating the drill reporting requirement into their Post Emergency Guidance and Authorizing System due for release in 2018. GAO will continue to track State's progress in implementing this recommendation.
    Recommendation: To address gaps in State's crisis and evacuation preparedness, that the Secretary of State should take steps to ensure that overseas posts complete required lessons learned reports following authorized or ordered departures and submit the reports to State headquarters for analysis.

    Agency: Department of State
    Status: Open

    Comments: State concurred with the recommendation and indicated that the Department plans to address this recommendation by developing resources to guide embassies' efforts to conduct post-crisis lesson learned discussions, including a cable sent to embassies providing a list of questions for consideration. State indicated these steps should be completed by the end of fiscal year 2017. GAO will continue to track State's progress in implementing this recommendation.
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Justice
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Justice
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To ensure that C-TPAT program managers are provided consistent data from the C-TPAT field offices on security validations, the Commissioner of U.S. Customs and Border Protection should develop standardized guidance for the C-TPAT field offices to use in tracking and reporting information on the number of required and completed security validations.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: On April 28, 2017, CBP officials provided documentation--a common worksheet, instructions, and related standard operating procedures for C-TPAT field offices to use in tracking and reporting information to headquarters staff on security validations required and completed. We reviewed the information and interviewed C-TPAT officials in two field offices and C-TPAT's Plans and Operations Branch, which is responsible for overseeing these efforts, about the new procedures. In early August 2017, we asked for additional evidence that C-TPAT is ensuring one standard approach across its field offices for capturing and reporting security validations required and completed. The BBP liaison informed us that C-TPAT officials are to provide the additional evidence by the end of September 2017.
    Recommendation: To ensure the availability of complete and accurate data for managing the C-TPAT program and establishing and maintaining reliable indicators on the extent to which C-TPAT members receive benefits, the Commissioner of U.S. Customs and Border Protection should determine the specific problems that have led to questionable data contained in the Dashboard and develop an action plan, with milestones and completion dates, for correcting the data so that the C-TPAT program can produce accurate and reliable data for measuring C-TPAT member benefits.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: On July 28, 2017, CBP provided us with documentation, to include: a schedule of completed and planned activities related to refining data reporting system requirements, testing of preliminary results from new data runs, developing a reporting system for tracking security examination rates, and a copy of the results of a preliminary data run identifying shipment examination rates by mode of transportation and C-TPAT member Tier level. CBP staff informed us that the steps being taken to address this recommendation are to continue through the end of the 2017. In the interim, we are reviewing the documents CBP provided to determine what, if any, additional information we may need to assess progress in addressing this recommendation.
    Director: Tim Persons
    Phone: (202) 512-6412

    1 open recommendations
    Recommendation: The Secretary of Homeland Security--in consultation with the Federal Bureau of Investigation--should conduct a formal bioforensics capability gap analysis to identify scientific and technical gaps and needs in bioforensics capabilities to help guide current and future bioforensics investments and update its analysis periodically.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jenny Grover
    Phone: (202) 512-7141

    5 open recommendations
    Recommendation: To ensure effective evaluation of air marshal training, the TSA Administrator should direct OTD to implement a mechanism for regularly collecting and incorporating incumbent air marshals' feedback on the training they receive from field office programs.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To ensure effective evaluation of air marshal training, the TSA Administrator should direct OTD to take additional steps to improve the response rates of the training surveys it conducts.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to specify in policy who at the headquarters level has oversight responsibility for ensuring that field office Supervisory Air Marshals-in-Charge or their designees meet their responsibilities for ensuring that training completion records are entered in a timely manner.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to specify in policy who at the headquarters level is responsible for ensuring that headquarters personnel enter approved air marshals' training exemptions into the Federal Air Marshal Information System, and define the timeframe for doing so.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to develop and implement standardized methods, such as examinations and checklists, for determining whether incumbent air marshals continue to be mission ready in key skills.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Charles Michael Johnson, Jr.,
    Phone: (202) 512-7331

    2 open recommendations
    Recommendation: To improve management of and reporting on the Global Train and Equip program, the Secretary of Defense should take steps to ensure that documentation requested in project proposal packages is complete.

    Agency: Department of Defense
    Status: Open

    Comments: DOD concurred with this recommendation in its official comment letter included as an appendix in GAO-16-368, published in May 2016. As of June 2017, DOD had not provided us evidence that they have taken steps to ensure project proposal packages include all requested documentation. GAO will continue to monitor relevant DOD efforts in conducting related work.
    Recommendation: To improve management of and reporting on the Global Train and Equip program, the Secretary of Defense should take steps to develop a process for improving the timely completion and submission of required assessment reports to Congress.

    Agency: Department of Defense
    Status: Open

    Comments: At the time of our April 2016 report, DOD was required to complete annual assessment reports on the section 10 U.S.C. Section 2282 Global Train and Equip program. However, the Fiscal Year 2017 National Defense Authorization Act (NDAA) repealed the authorization for the Global Train and Equip program, including the annual reporting requirement, effective 270 days after the NDAA's enactment on December 23, 2016, or (September 19, 2017). In February 2017, DOD submitted its assessments for fiscal year 2016.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To further build on the efforts to improve emergency communications interoperability in the NCR, as part of its efforts to restructure the JFC, the Federal Emergency Management Agency Administrator should direct the Director of ONCRC to clearly articulate in a written agreement the roles and responsibilities of the participating agencies and specify how these agencies are to work together across agency boundaries.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David C. Trimble
    Phone: (202) 512-3841

    1 open recommendations
    Recommendation: To ensure that any future NNSA effort--through the OTH initiative or another process--to assess proliferation threats and the implications for DNN produces high-quality information, the NNSA Administrator should implement established methods, including literature reviews, structured interviews, and peer reviews.

    Agency: Department of Energy: National Nuclear Security Administration
    Status: Open

    Comments: NNSA is in the process of revising its threat assessment process. We are currently evaluating NNSA's actions.
    Director: Charles Michael Johnson, Jr.,
    Phone: (202) 512-7331

    2 open recommendations
    Recommendation: Given that countering violent extremism is a priority for the U.S. government in general and State's Bureau of Counterterrorism (CT Bureau), the Secretary of State should take steps to ensure that CVE program efforts abroad are evaluated.

    Agency: Department of State
    Status: Open

    Comments: In June 2017, the CT Bureau indicated that a third-party evaluation of the CVE program has been completed. The evaluation focused on process and programming, including all CVE projects funded between fiscal years 2012 and 2016 and resulted in two related but disparate sets of recommendations and findings. The CT Bureau indicated that it has begun incorporating the recommendations made in the evaluation into its overall CVE efforts.
    Recommendation: To improve State's CT Bureau's program management efforts, the Secretary of State should take steps to ensure the Bureau of Counterterrorism establishes specific time frames for addressing recommendations from program evaluations.

    Agency: Department of State
    Status: Open

    Comments: In June 2017, the CT Bureau indicated it is in the process of reviewing recommendations from the CVE evaluation, and will soon be assigning timelines to those recommendations that the bureau deems relevant and achievable. For other evaluations, the CT Bureau indicated that it has already acknowledged the need to assign specific timelines to evaluation recommendations and has adjusted accordingly.
    Director: Michael J. Courts
    Phone: (202) 512-8980

    3 open recommendations
    including 3 priority recommendations
    Recommendation: To enhance State's efforts to manage risks to residences, schools, and other soft targets overseas, the Secretary of State should direct the Bureau of Diplomatic Security (DS) to institute procedures to improve posts' compliance with requirements for conducting residential security surveys.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: To improve posts' compliance with residential survey requirements, State is developing a global standardized residential survey program that, according to DS, will give DS officials at State headquarters and security officers at posts the ability to access and audit security surveys for all residential holdings. As of April 2017, DS estimated a 12-month development cycle for this program beginning in February 2017. We will continue to monitor State's progress in implementing this recommendation.
    Recommendation: To enhance State's efforts to manage risks to residences, schools, and other soft targets overseas, the Secretary of State should direct DS to take steps to clarify existing standards and security-related guidance for residences. For example, DS could conduct a comprehensive review of its various standards and security-related guidance for residences and take steps to identify and eliminate gaps and inconsistencies.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: State conducted a review of existing standards and identified numerous gaps, inconsistencies, and standards receiving exceptions more than being followed. As of April 2017, State was in the process of updating these standards. We will continue to monitor State's progress in implementing this recommendation.
    Recommendation: To enhance State's efforts to manage risks to residences, schools, and other soft targets overseas, the Secretary of State should direct DS to develop procedures for ensuring that all residences at posts overseas either meet applicable standards or have required exceptions on file.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: To ensure residences meet applicable standards, State is developing a global standardized residential survey program that, according to DS, will give DS officials at State headquarters and security officers at posts the ability to access and audit security surveys for all residential holdings. DS has estimated a 12-month development cycle for this program beginning in February 2017. As of April 2017, DS had also launched a system to track exception requests and approvals. We will continue to monitor State's progress in implementing this recommendation.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    2 open recommendations
    Recommendation: To improve disposition reporting that would help states update and complete criminal history records, the Director of the FBI should task the FBI Advisory Policy Board to establish a plan with time frames and milestones for achieving its Disposition Task Force's stated goals.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To better equip states to meet the regulatory requirement to notify individuals of their rights to challenge and update information in their criminal history records, and to ensure that audit findings are resolved, the Director of the FBI--in coordination with the Compact Council-- should determine why states do not comply with the requirement to notify applicants and use this information to revise its state educational programs accordingly.

    Agency: Department of Justice: Federal Bureau of Investigation
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    2 open recommendations
    including 1 priority recommendation
    Recommendation: The Secretary of Homeland Security, in consultation with GSA, should develop and implement a strategy to address cyber risk to building and access control systems that, among other things: (1) defines the problem; (2) identifies roles and responsibilities; (3) analyzes the resources needed; and (4) identifies a methodology for assessing this cyber risk.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the Department has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of the General Services Administration should assess the building and access control systems that it owns in FPS-protected facilities in a manner that is fully consistent with FISMA and its implementation guidelines.

    Agency: General Services Administration
    Status: Open
    Priority recommendation

    Comments: As of October 2016, GSA recently provided documentation about its assessments of the control systems that the agency owns in FPS-protected facilities. We are reviewing this information to determine whether GSA has implemented the recommendation.
    Director: Stephen Caldwell
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: Within DHS, to promote efficiency and harmonize the various assessments to advance security and resilience across the spectrum of CI in a manner consistent with the Homeland Security Act of 2002, PPD-21, and the NIPP, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate work with other DHS offices and components to develop and implement ways that DHS can facilitate data sharing and coordination of vulnerability assessments to minimize the risk of potential duplication or gaps in coverage.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has taken action in response to GAO's September 2014 recommendation to develop a department-wide process to facilitate data sharing and coordination among the various DHS components that conduct or require vulnerability assessments, but has not fully implemented the recommendation. DHS first reported to GAO in August 2015 that its Office of Infrastructure Protection (IP) and the Sector Outreach and Programs Division Innovation Center had formed a vulnerability assessment working group comprised of a variety of federal stakeholders, both within and outside DHS, to enhance overall integration and coordination of vulnerability assessment efforts. In December 2015, DHS stated that IP was conducting pilot projects to expand access to its IPGateway portal--IP's system that houses infrastructure data and identifies facilities that have been assessed by IP. In a July 2016 update, DHS reported that IP had reached agreement with DHS components to expand access to its IP Gateway portal to those partners as a means to share IP's vulnerability assessment information and help coordinate assessment visits and related activities. DHS also noted in its update that IP had begun providing access to IP Gateway to components within DHS but did not provide a date as to when that step would be complete. These are positive steps toward implementing a systematic and integrated approach for facilitating data sharing and coordination of vulnerability assessments throughout the department. However, developing a department-wide process to facilitate data sharing and coordination among the DHS offices and components that conduct or require vulnerability assessments would better enable DHS to minimize the risk of potential duplication and gaps by its offices and components in the vulnerability assessments they conduct. Because DHS is still in the process of completing these steps, the recommendation has not yet been fully implemented.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to identify key CI security-related assessment tools and methods used or offered by SSAs and other federal agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to analyze the key CI security-related assessment tools and methods offered by sector-specific agencies (SSA) and other federal agencies to determine the areas they capture.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Recommendation: Regarding SSAs and other federal departments or agencies external to DHS with CI security-related responsibilities that offer or conduct vulnerability assessment tools and methods and building on our recommendation that DHS review its own vulnerability assessments, the Secretary of Homeland Security should direct the Under Secretary for the National Protection and Programs Directorate to work with SSAs and other federal agencies that have CI security responsibilities to develop and provide guidance for what areas should be included in vulnerability assessments of CI that can be used by DHS, SSAs, and other CI partners in an integrated and coordinated manner, among and across sectors, where appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2016, DHS has established a Cross-Sector Integration and Innovation Center in conjunction with the Office of Infrastructure Protection, and has designed, created, and launched a Cross-Agency Vulnerability Assessment Working Group portal on the Homeland Security Information Network-Critical Infrastructure (HSIN-CI). The Working Group, consisting of members from multiple departments and agencies, is collaborating to enhance the integration and coordination of vulnerability assessment efforts. This working group is intended to serve as an interagency forum to address several recommendations from GAO Report 14-507. However, the effort is ongoing and it is too early to determine if it will successfully address the recommendation.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    1 open recommendations
    Recommendation: To assess the progress of the Secure Flight program toward achieving its goals, the Transportation Security Administration's Administrator should develop additional measures to address key performance aspects related to each program goal, and ensure these measures clearly identify the activities necessary to achieve progress toward the goal.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions that DHS TSA has taken in response to this recommendation, we will provide updated information. Status last confirmed on 10/26/15.
    Director: Courts, Michael J
    Phone: (202) 512-8980

    5 open recommendations
    including 5 priority recommendations
    Recommendation: To improve the consistency and data reliability of Department of State risk management data, the Secretary of State should direct the Under Secretary for Management to identify and eliminate inconsistencies between and within the Foreign Affairs Manual, Foreign Affairs Handbook (FAH), and other guidance concerning physical security.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: State has taken steps to revise sections of the Foreign Affairs Manual and Foreign Affairs Handbook related to physical security through the Security Standards Committee. The committee, which is made up of DS and OBO officials, meet weekly to create and revise physical security standards, as needed. In addition, DS officials review all relevant sections of the FAM and FAH each year. However, as of March 2017, State has not provided evidence that it has conducted a comprehensive review of all physical security guidance to identify inconsistencies.
    Recommendation: To strengthen the applicability and effectiveness of the Department of State's physical security standards, the Secretary of State should work through DS or, in his capacity as chair, through the OSPB to clarify existing flexibilities in the FAH to ensure that security and life-safety updates to the OSPB standards and Physical Security Handbook are updated through an expedited review process.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: State is in the process of revising the OSPB Working Group Guidelines in the FAH to clarify existing flexibilities for and to formalize an expedited process for making security and life-safety updates to the OSPB standards and Physical Security Handbook. As of April 2017 this action had not been completed, and State now expects to complete this action by the end of calendar year 2017.
    Recommendation: To strengthen the applicability and effectiveness of the Department of State's physical security standards, the Secretary of State should work through DS or, in his capacity as chair, through the OSPB to develop a process to routinely review all OSPB standards and the Physical Security Handbook to determine if the standards adequately address evolving threats and risks.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: Although State has not developed a process to routinely review all OSPB standards and the Physical Security Handbook to determine if the standards adequately address evolving threats and risks, officials agree with the intent of the recommendation and are taking actions to address it. For example, State?s Security Standards Committee, which is made up of DS and OBO officials, meet weekly to create and revise physical security standards, as needed. In addition, DS officials conduct an annual review of all the relevant sections of the FAM and FAH, which includes the OSPB standards and the Physical Security Handbook. However, as of March 2017, State had not provided evidence proving that it specifically considers evolving threats and risks when reviewing OSPB standards and the Physical Security Handbook.
    Recommendation: To strengthen the applicability and effectiveness of the Department of State's physical security standards, the Secretary of State should work through DS or, in his capacity as chair, through the OSPB to develop a policy for the use of interim and temporary facilities that includes definitions for such facilities, time frames for use, and a routine process for reassessing the interim or temporary designation.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: State is taking a number of actions to regularly reassess the risk that various posts and facilities face. For example, Regional Security Officers are required to conduct a physical security review for every work facility at least once a year at high-threat, high-risk posts, and every three years at all other posts. State also now conducts an annual process, the Vital Presence Validation Process, to reassess the risk taken to operate at each of the high-threat, high-risk posts. However, as of March 2017, it is unclear whether temporary and interim facilities are being reviewed and reassessed during these or other processes.
    Recommendation: To strengthen the effectiveness of the Department of State's risk management policies, the Secretary of State should develop a risk management policy and procedures for ensuring the physical security of diplomatic facilities, including roles and responsibilities of all stakeholders and a routine feedback process that continually incorporates new information.

    Agency: Department of State
    Status: Open
    Priority recommendation

    Comments: State has created a working group to draft a revision to the risk management policy. As of April 2017, State anticipates that the update will be published in 2018.
    Director: David C. Trimble
    Phone: (202) 512-3841

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To ensure that the security of radiological sources at industrial facilities is reasonably assured, the Chairman of the Nuclear Regulatory Commission should conduct an assessment of the T&R process--by which licensees approve employees for unescorted access--to determine if it provides reasonable assurance against insider threats, including (1) determining why criminal history information concerning convictions for terroristic threats was not provided to a licensee during the T&R process to establish if this represents an isolated case or a systemic weakness in the T&R process; and (2) revising, to the extent permitted by law, the T&R process to provide specific guidance to licensees on how to review a employee's background. NRC should also consider whether certain criminal convictions or other indicators should disqualify an employee from T&R or trigger a greater role for NRC.

    Agency: Nuclear Regulatory Commission
    Status: Open
    Priority recommendation

    Comments: On December 14, 2016, the NRC provided Congress with a report detailing its review of the effectiveness of the requirements in 10 CFR Part 37 to determine whether any additional security measures, guidance updates, rulemaking changes, or licensee outreach efforts are appropriate. The completion of the 10 CFR Part 37 program review included insights into the effectiveness of the T&R process. Specifically, the review generated recommendations for enhancements in the area of T&R, including, among other things, increased controls for protection of information related to individuals having access to Category 1 and 2 quantities of radioactive materials; improved guidance related to information individuals must disclose when applying for unescorted access; development of sample forms or templates for use in T&R evaluations; and improved coordination efforts with the FBI to share potential terrorist threat information involving individuals seeking approval for new or continued unescorted access to Category 1 and 2 quantities of radioactive materials. However, certain aspects of the NRC staff's assessment of the T&R process remain ongoing. Specifically, on November 25, 2016, the staff closed Temporary Instruction (TI) 2800/042, "Evaluation of Trustworthiness and Reliability Determinations," and is using the information gained from the TI to consider additional enhancements to the T&R process. As part of this continuing effort, the NRC will evaluate the potential use of disqualifying criteria in making T&R determinations and the incorporation of additional insider mitigation program features, such as requiring the self-reporting of legal actions, into the T&R process to which the individual has been subject. The NRC expects this evaluation to be completed in December 2017.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    3 open recommendations
    including 2 priority recommendations
    Recommendation: To promote coordination as a practice to help avoid overlap, the Secretary of Homeland Security, the Attorney General, and the Director of ONDCP should work through the Information Sharing and Access Interagency Policy Committee (ISA IPC) or otherwise collaborate to develop a mechanism, such as performance metrics related to coordination, that will allow them to hold field-based information-sharing entities accountable for coordinating with each other and monitor and evaluate the coordination results achieved.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: The Department of Justice (DOJ), in coordination with the Department of Homeland Security (DHS) and the Office of National Drug Control Policy (ONDCP), has made progress toward addressing GAO's April 2013 recommendation but has not included all of the relevant field-based information sharing entities in its efforts. Through their involvement in an interagency policy committee within the Executive Office of the President, DHS, DOJ, and ONDCP have developed a mechanism to hold state and urban area fusion centers, Regional Information Sharing System (RISS) centers, and High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers accountable for coordinating their analytical and investigative activities. However, the agencies have not fully addressed the action because DOJ's Federal Bureau of Investigation's (FBI) Joint Terrorism Task Forces (JTTF) and Field Intelligence Groups (FIG), two of the five field-based entities included in GAO's April 2013 report, have not participated in the assessment on which the mechanism is based. In December 2015, DHS developed a field-based partners report in which DHS, DOJ and ONDCP reported data for state and urban area fusion centers, RISS centers, and HIDTA Investigative Support Centers. These data were focused on field-based collaboration, including governance, colocation, and other information sharing, analytic, and deconfliction-focused topics. However, the report did not include data for DOJ's JTTFs or FIGs. DOJ has noted that JTTFs and FIGs are different from the other entities because JTTFs are operational law enforcement investigative entities and FIGs provide intelligence support to FBI Field Offices. However, GAO's April 2013 report identified areas in which the missions and activities of JTTFs and FIGs overlapped with those of the other entities and that coordination with other field based entities was important to prevent unnecessary overlap and potential duplication. Considering the exclusion of two of the five entities, the agencies do not have a collective mechanism that can hold FIGS and JTTFs accountable for coordinating with the other field-based information sharing entities and allow the agencies to monitor progress and evaluate results across entities. Such a mechanism can help entities maintain effective relationships when new leadership is assigned and avoid unnecessary overlap in activities, which in turn can help entities to leverage scarce resources. As of March 2017, DOJ had provided no new updates. GAO will continue to monitor DOJ's progress in this area.
    Recommendation: To help identify where agencies and the field-based entities they support could apply coordination mechanisms to enhance information sharing and reduce inefficiencies resulting from overlap, the Secretary of Homeland Security, the Attorney General, and the Director of ONDCP should work through the ISA IPC or otherwise collaborate to identify characteristics of entities and assess specific geographic areas in which practices that could enhance coordination and reduce unnecessary overlap, such as cross-entity participation on governance boards and colocation of entities, could be further applied. The results of this assessment could be used by the agencies to provide recommendations or guidance to the entities to create coordinated governance boards or colocate entities, which can result in increased efficiencies through shared facilities and resources and reduced overlap through coordinated or collaborative products, activities, and services.

    Agency: Department of Justice
    Status: Open
    Priority recommendation

    Comments: The Department of Justice (DOJ), in coordination with the Department of Homeland Security (DHS) and the Office of National Drug Control Policy (ONDCP), has made progress toward addressing GAO's April 2013 recommendation but has not included all of the relevant field-based information sharing entities in its efforts. The three agencies have taken the necessary steps to assess the extent to which practices that can enhance coordination are being implemented at state and urban area fusion centers, Regional Information Sharing System (RISS) centers, and High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers through their involvement in an interagency policy committee within the Executive Office of the President. However, the assessment did not include DOJ's Federal Bureau of Investigation's (FBI) Joint Terrorism Task Forces (JTTF) or Field Intelligence Groups (FIG), two of the five field-based entities included in GAO's April 2013 report. In December 2015, DHS, DOJ, and ONDCP developed a field-based partners report in which DOJ and ONDCP collected and reported data elements for RISS centers and HIDTA Investigative Support Centers similar to those DHS uses in its annual fusion center assessment. These data were focused on field-based collaboration, including governance, colocation, and other information sharing, analytic, and deconfliction-focused topics. However, the report did not include data for DOJ's FBI JTTFs or FIGs. A collaborative assessment of where practices that enhance coordination can be applied to reduce overlap, collaborate, and leverage resources for all five field-based information-sharing entities would allow the agencies to provide recommendations or guidance to the entities on implementing these practices. As of March 2017, DOJ had provided no new updates. GAO will continue to monitor DOJ's progress in this area.
    Recommendation: To help ensure that an assessment of practices that could enhance coordination and reduce unnecessary overlap is shared and used to further enhance collaboration and efficiencies across agencies, the Program Manager, with input from the ISA IPC collaborating agencies, should report in the Information Sharing Environment (ISE) annual report to Congress the results of the assessment, including any additional coordination practices identified, efficiencies realized, or actions planned.

    Agency: Office of the Director of National Intelligence: Office of the Program Manager--Information Sharing Environment
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information. Status last updated August 31, 2017.
    Director: Larence, Eileen
    Phone: (202)512-6510

    1 open recommendations
    Recommendation: To ensure that USNCB and ICE are providing more comprehensive information to their respective foreign counterparts regarding registered sex offenders traveling internationally, the Attorney General and the Secretary of Homeland Security should take steps to help ensure that USNCB and ICE have information on the same number of registered sex offenders as well as the same level of detail on registered sex offenders traveling internationally. Such steps could include USNCB and ICE copying each other on their notifications to their foreign counterparts or USNCB receiving information directly from the CBP National Targeting Center (NTC).

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that U.S. National Central Bureau (USNCB) and U.S. Immigration and Customs Enforcement (ICE) did not have information on the same registered sex offenders or the same level of detail on registered sex offenders traveling internationally, which affected their ability to notify their respective foreign counterparts. In part, this is because the two agencies rely on different information sources and do not share information with one another. We recommended that DOJ and DHS develop mechanisms that would enable these two agencies to have access to the same information on traveling sex offenders. In August 2013, ICE provided documentation showing that it copied several U.S. Marshals Service (USMS) officials on notifications that ICE sent to other countries regarding registered sex offenders traveling internationally. However, ICE did not copy USNCB on these notifications. ICE explained that it thought sharing information on traveling sex offenders with USMS and relying on USMS to pass that information along to USNCB was the most efficient way to share information with USNCB. However, we analyzed notifications from ICE, USNCB, and USMS regarding sex offenders who initiated international travel in February 2014 and found that USMS only passed along about 30 percent of the notifications it received from ICE to USNCB. We provided the results of this analysis to all three agencies in July 2014. We met with relevant U.S. Customs and Border Protection (CBP), ICE, USMS, and USNCB officials in September 2014 to discuss options for ensuring that USNCB receives more comprehensive information regarding traveling sex offenders. ICE officials stated that since CBP is the source of the information ICE receives on traveling sex offenders, as well as one of the information sources for USMS, that it may be best for CBP to provide information directly to USNCB. USNCB officials also stated that their preference was to receive information directly from CBP, and it was their understanding that CBP and USNCB were in the process of developing an MOU that would allow for this. In October 2015, CBP confirmed that the MOU would enable CBP to share information with USNCB regarding traveling sex offenders. CBP also stated that the MOU had been approved by CBP and sent to USNCB for review. In an April 2016 update, CBP reported that the MOU had been tentatively approved by USNCB and is expected to be finalized and signed in July 2016. In August 2016, CBP stated that the completion date for the MOU was pushed back to September 30, 2016, to allow time for CBP and USNCB to negotiate additional edits. We followed up with CBP about the status of the MOU in February 2017. We are awaiting a response.
    Director: Farrell, Brenda S
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To improve the effectiveness of the implementation of the Joint Duty Program and to help ensure that institutional knowledge about the program transcends the individual tenure of each serving Joint Duty Program Chief, the Director of National Intelligence should develop a comprehensive strategic framework for the Joint Duty Program. This framework could include things such as (1) clearly defining its mission, (2) establishing performance goals, (3) developing quantifiable metrics for measuring progress toward achieving performance goals, (4) determining the financial resources necessary to accomplish the mission of the program, (5) using performance information and metrics to make decisions to improve the program, and (6) communicating results effectively with each of the IC elements.

    Agency: Office of the Director of National Intelligence
    Status: Open

    Comments: As of September 2017, the Office of the Director of National Intelligence has not implemented this recommendation.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To help reduce the risk of duplication by strengthening DHS's administration and oversight of these programs, and to better identify and reduce the risk of duplication through improved data collection and coordination, the FEMA Administrator should take steps, when developing non disaster grant management system (ND Grants) and responding to the May 2011 FEMA report recommendations on data requirements, to ensure that FEMA collects project information with the level of detail needed to better position the agency to identify any potential unnecessary duplication within and across the four grant programs, weighing any additional costs of collecting these data.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: As of March 2017, FEMA had taken steps to address GAO's February 2012 recommendation, but actions were not complete. For example, in fiscal year 2014, FEMA modified its existing grants data system to capture more robust project-level data--such as project budget data--for the Homeland Security Grant Program, which includes the State Homeland Security Grant Program and the Urban Areas Security Initiative. However, FEMA stated that it will not be able to use ND grants to cross-check for redundant projects across all preparedness grant programs until project-based applications are deployed for all preparedness grant programs in the system. For example, Port Security Grant Program and Transit Security Grant Program applications are not housed in the legacy grants data system that was modified to collect more specific project data. To mitigate this issue, FEMA reported that its program officers manually cross-check for redundant projects across all preparedness grant programs. Further, grant program policies call for applicants to coordinate across all preparedness grant stakeholders to help ensure unity of effort and avoid redundant investment proposals. Although future upgrades over several years to ND Grants are planned to eliminate duplication during the application process, FEMA believes the most efficient use of resources is to use current legacy systems to identify duplication in the meantime. Using this interim approach to collect more specific project-level data during the grant application process should help FEMA strengthen the administration and oversight of its grant programs until FEMA implements its long-term solution to upgrade ND Grants. However, implementing ND Grants as previously planned would better position FEMA to identify potentially unnecessary duplication within and across grant programs, as ND Grants was designed to have greater project-level enhancement capability than the legacy system.
    Director: Caldwell, Stephen L
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To strengthen the Coast Guard's efforts to ensure the security of OCS facilities and deepwater ports, the Commandant of the Coast Guard should make improvements to the Marine Information for Safety and Law Enforcement (MISLE) database or MISLE guidance to better ensure that all OCS facilities, both fixed and floating, are accurately and consistently identified and that the results of security inspections are consistently recorded to allow for better data analyses and management of the security inspections process.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2015, the Coast Guard updated its Marine Information for Safety and Law Enforcement (MISLE) Facilities User Guide to reflect an added feature to MISLE that allows users to identify if a vessel or facility is an OCS facility regulated under the Maritime Transportation Security Act (MTSA), 33 CFR 106. To ensure that this added feature is used in a consistent manner to accurately classify facilities that are regulated under 33 CFR 106, the Coast Guard is in the process of updating Navigation and Vessel Inspection Circular 05-03. In mid-November 2016, the Coast Guard liaison noted that the Coast Guard expects to issue the updated circular and complete related activities by the end of October 2017. On March 24, 2017, the Coast Guard liaison sent an email to notify GAO that the Coast Guard is still awaiting final decision on deployment of Homeport 2.0, prior to finalizing NVIC 5-03 and that the MISLE User Guide remains under development, with the estimated completion date (ECD) remaining as 10/31/17.
    Director: Gambler, Rebecca
    Phone: (202) 512-6912

    2 open recommendations
    Recommendation: To help ensure DHS is maximizing the benefits of its coordination efforts with northern border partners through interagency forums, documented agreements, and its resource planning process, the Secretary of Homeland Security should provide DHS-level guidance and oversight for interagency forums established or sponsored by its components to ensure that the missions and locations are not duplicative and to consider the downstream burden on northern border partners.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2011, we reviewed and reported the extent to which the Department of Homeland Security (DHS) had improved federal coordination of border security intelligence and enforcement operations with state, local, and Canadian law enforcement partners. We found, among other things, that DHS improved northern border security coordination through interagency forums and joint operations; however, partners raised concerns about the resources needed for the increasing number of interagency forums and that some efforts may be overlapping. In May 2011 and June 2012, DHS reported that it took action to coordinate law enforcement initiatives and advance communications interoperability and information sharing, while reducing duplicative activities. DHS also reported that the DHS Northern Border Strategy, released in June 2012, is intended to align internal DHS operations and provide a unified direction that will also help the department reduce duplicative activities. However, DHS's efforts to coordinate law enforcement initiatives and its Northern Border Strategy do not specifically address possible duplication of efforts and resource constraints that may be imposed by interagency forums. Further, DHS leadership has not yet determined how the strategy will be implemented. In October 2015, DHS officials stated that a statement of cooperation for a Cross-Border Law Enforcement Advisory Committee was signed by all five core members. The intent of the committee is to provide executive-level strategic guidance to cross-border law enforcement initiatives involving partnerships between U.S. and Canadian law enforcement agencies on the northern border. However, DHS officials stated that it will take at least a year to show how this committee will increase coordination and prevent duplication among interagency forums, including the IBET and BEST. Development of this committee is a positive step; however, it is too soon to assess the extent to which this committee helps prevent duplication of effort and strengthen coordination efforts along the northern border. As of August 31, 2017, DHS had not provided updated information to show how the committee increased coordination and prevented duplication among interagency forums. To fully address this recommendation, DHS needs to provide guidance specific to interagency forums established or sponsored by its components and conduct DHS-level oversight for those forums to ensure they are not duplicative and do not burden northern border partners.
    Recommendation: To help ensure DHS is maximizing the benefits of its coordination efforts with northern border partners through interagency forums, documented agreements, and its resource planning process, the Secretary of Homeland Security should provide regular DHS-level oversight of Border Patrol and ICE compliance with the provisions of the interagency memorandum of understanding (MOU), including evaluation of outstanding challenges and planned corrective actions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2011, we reviewed and reported on the extent to which the Department of Homeland Security (DHS) had made progress in addressing past coordination challenges between U.S. Border Patrol, an office within U.S. Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE), and across the Drug Enforcement Administration and Forest Service, according to northern border security partners. We found, among other things, that federal agency coordination to secure the northern border was improved, but partners cited ongoing challenges sharing information and resources for daily border security related to operations and investigations despite the efforts made to establish and update interagency agreements. In June 2012, DHS reported that the DHS Northern Border Strategy emphasizes the importance of partnerships and coordination and discusses the benefits that can be garnered through collaboration and information sharing. DHS also reported that a National Special Agent in Charge/Chief Patrol Agent Advisory Council was established to enhance collaboration between Border Patrol and ICE, which includes addressing historical points of contention between the two components. While the strategy emphasizes and encourages coordination between Border Patrol and ICE, it does not specifically address compliance with the interagency memoranda of agreement, evaluation of longstanding challenges, or any planned corrective actions. In addition, the advisory council established does not provide DHS-level oversight as it is composed of ICE and Border Patrol officials. In October 2015, DHS officials stated that the Cross-Border Law Enforcement Advisory Committee may provide DHS-level oversight because both CBP and ICE officials are members of the committee. However, as of August 31, 2017, DHS has not yet indicated how the committee may provide guidance and oversight to ensure Border Patrol and ICE compliance with the provisions of the interagency memorandum of understanding, and DHS could not provide timeframes for addressing this recommendation. To fully address this recommendation, DHS needs to take action to specifically address long-standing coordination challenges and enforce DHS-level oversight of Border Patrol and ICE compliance with the interagency memoranda of agreement.