This is the accessible text file for GAO report number GAO-04-865R entitled 'Status of Key Recommendations GAO Has Made to DHS and Its Legacy Agencies' which was released on July 16, 2004. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States General Accounting Office: Washington, DC 20548: July 2, 2004: The Honorable Jim Turner: Ranking Member: Select Committee on Homeland Security: House of Representatives: Subject: Status of Key Recommendations GAO Has Made to DHS and Its Legacy Agencies: Dear Mr. Turner: Since the terrorist attacks of September 11, 2001, the federal government has undertaken numerous actions to enhance the nation's homeland security, including the creation of the Department of Homeland Security (DHS). One of the primary reasons for the establishment of DHS was to unify the vast national network of organizations and institutions involved in efforts to protect our nation. Since it began operations on March 1, 2003, DHS has faced enormous challenges to protect the nation from terrorism while it organizes itself into a coherent and integrated agency. As you know, we support Congress by reviewing various government programs and activities to help improve their performance and accountability. When our work identifies a significant need for action by the Congress or an agency, we develop recommended solutions. These recommendations identify actions we believe the department, agency, bureau, or office should implement to ensure government programs operate effectively and efficiently. We have issued numerous recommendations to DHS and its legacy agencies to improve the programs and activities they administer. This report responds to your request that we provide you with status information on key recommendations we have made to DHS and its legacy agencies. On June 30, 2004, we briefed your office on the results of our review. This report transmits information provided during that briefing, including (1) the status of key GAO recommendations issued to DHS, (2) timeframes DHS established for implementing key recommendations, and (3) challenges DHS faces in implementing such recommendations. This report is one in a series of GAO efforts to assess and baseline the progress and effectiveness of federal agency efforts to improve homeland security mission performance. We recently evaluated and reported on congressionally chartered commissions' recommendations, by mission area, related to homeland security.[Footnote 1] In addition, we have ongoing work on key departments' plans to implement the National Strategy for Homeland Security and the challenges they will face in doing so. Efforts to implement key recommendations from GAO, congressionally chartered commissions, or other homeland security experts, to incorporate critical actions into agency strategic plans, and to identify milestones, timelines, and challenges will provide measures by which to assess whether homeland security is being improved. Background: Under the Homeland Security Act of 2002,[Footnote 2] 22 federal agencies were merged into DHS, which officially began operations as a new department on March 1, 2003. To carry out its responsibilities, DHS is organized into four directorates and one division. The Border and Transportation Security (BTS) Directorate (BTS), which is responsible for maintaining the security of our nation's borders and transportation systems and enforcing the nation's immigration laws. Additionally, BTS manages and coordinates port-of-entry activities and oversees the protection of government buildings. The Emergency Preparedness and Response (EPR) Directorate, which is tasked with helping the nation prepare for catastrophes, whether natural disasters or the result of terrorist-related attacks. As such, EPR coordinates with first responders and oversees the federal government's national response and recovery strategy. The Information Analysis and Infrastructure Protection (IAIP) Directorate, which identifies and assesses threats to the homeland, maps those threats against vulnerabilities, issues warnings, and recommends measures necessary to protect the key resources and critical infrastructure of the United States. The Science and Technology (S&T) Directorate, which coordinates DHS's efforts in research and development. As such, S&T is responsible for organizing the scientific and technological resources of the United States to assist in preventing or mitigating the impact resulting from terrorist attacks against the United States or its allies. The Management Division, which is responsible for administering DHS's budget, financial management systems, procurement activities, human resources functions, information technology systems, facilities management, and performance measurement efforts. Scope and Methodology: To address the status of key recommendations we issued to DHS, the timeframes DHS established for implementing key recommendations,[Footnote 3] and related challenges, we reviewed 325 recommendations made in our unclassified and limited official use reports issued to DHS and its 22 legacy agencies between March 1, 1997, and March 1, 2004. We selected March 1, 2004, because it reflects the 1-year anniversary of the operational startup of DHS. We then consulted with the subject matter experts that made these recommendations to prioritize them according to the greatest risk. As a result, we identified 104 key recommendations that reflect actions we believe should be taken either to aid in securing the nation's homeland or to swiftly and appropriately respond to future terrorist attacks.[Footnote 4] We also met with DHS officials and obtained documentation on actions taken to implement key recommendations, timeframes established for the implementation of these recommendations, and related challenges facing DHS. We then analyzed this documentation and consulted with our subject matter experts to assess the status of each recommendation discussed in the documentation based on actions DHS reported taking. As part of this assessment, our subject matter experts reviewed documentation provided by DHS to verify that certain actions DHS reported taking to implement key recommendations were completed. In some cases, complete verification of actions taken would have required extensive follow-up audit work. Thus, in these cases, our experts reviewed documentation provided and discussed actions taken with agency officials. We conducted our work from January through June 2004 in accordance with generally accepted government auditing standards. Results: As of June 28, 2004, DHS had implemented 40 of 104 recommendations that we consider key to the agency's ability to effectively fulfill its homeland security mission. For a list of implemented recommendations, see enclosure II. DHS is currently addressing another 63 key recommendations. For a list of recommendations not yet fully implemented, see enclosure III. Additionally, GAO closed one key recommendation in August 2001, although action taken by one of DHS's legacy agencies did not fully address the intent of the recommendation prior to closure. Of the 104 key recommendations issued to DHS, 38 were issued prior to the agency's official formation on March 1, 2003. Of these, 20 have been fully implemented. The other 66 recommendations were issued after the creation of DHS. Of these 66, 20 have been fully implemented. More than half of the key recommendations--60--have been directed to BTS or its legacy agencies, which address border and transportation security as well as immigration enforcement. Of these, 27 have been fully implemented, while another 33 are currently being addressed by BTS. DHS's efforts to address the key recommendations have generated positive results toward improved mission effectiveness. For example, the 27 recommendations fully implemented within DHS's BTS directorate have resulted in a reduction in the vulnerabilities and inefficiencies of the land ports of entry inspection process. BTS has also benefited with respect to more timely and accurate information pertaining to the smuggling of aliens and the legal status of immigrants. Within the EPR directorate, the implementation of 3 of the key 6 recommendations have resulted in improved emergency response and related planning efforts. DHS provided documentation and other information to us describing specific actions taken by the agency or its legacy agencies to implement 55 of the 63 remaining key recommendations.[Footnote 5] This documentation provides information on timeframes for planned implementation of actions pertaining to 38 of the recommendations. For example, one document describes preparation of a National Plan for Critical Infrastructure and Key Resources Protection, with a completion date of December 17, 2004.[Footnote 6] DHS did not provide timeframes for 6 key recommendations because it maintains that it has taken action to fully implement these recommendations. Effective implementation of the remaining 63 key recommendations could also help to strengthen mission effectiveness. For example, effective implementation of the remaining 33 recommendations related to the BTS directorate could result in reducing the nation's current security vulnerabilities in such activities as passenger screening, border security, and ports of entry. Similarly, the implementation of the remaining 3 recommendations related to the EPR directorate could better position the federal government to provide essential services in the event of a disaster. While DHS is working to address the remaining 63 key recommendations, agency documents and other information DHS provided indicated that the agency faces challenges related to 24 of these recommendations, such as funding and other resource constraints. These challenges will need to be overcome for DHS to effectively address these recommendations. Agency Comments: We provided a draft copy of this report to DHS for comment. DHS provided formal written comments, which are presented in enclosure IV. In commenting on the draft report, DHS noted that it generally welcomed the insight and guidance our recommendations impart. DHS also stated that they would like us to work with its staff to develop a functional approach to consolidate and resolve open recommendations, allowing DHS to devote appropriate attention to current homeland security issues. The recommendations discussed in this report focus on homeland security issues that are key to DHS's ability to effectively fulfill its homeland security mission. Therefore, we believe implementation of these recommendations will help reduce current vulnerabilities in areas such as passenger screening, border security, and ports of entry. DHS also suggested that we consider closing recommendations that are no longer applicable due to evolving missions. In conducting this review, we considered the validity and applicability of all key recommendations yet to be implemented in light of DHS' mission and concluded that the recommendations are still valid. Additionally, DHS noted that we should take into account that some recommendations were previously targeted to legacy units (such as the such as the National Infrastructure Protection Center or the Critical Infrastructure Assurance Office) that are now dissolved or partially integrated into DHS. We agree that some legacy units no longer exist. However, while the entities no longer exist, their overall goals and objectives with respect to homeland security are still vital. Consequently, the responsibility for implementing the key recommendations in this report previously targeted to these entities now resides with DHS. We have and will continue to work with DHS to enhance the process and clarify the criteria for closing recommendations. We recognize the tremendous responsibility DHS has and the importance of the agency succeeding in its mission to ensure the safety and security of the nation's citizens. We continue to believe that effective implementation of our key recommendations can greatly assist DHS in achieving this goal. We plan no further distribution of this report until 30 days after the date of this report. At that time, we will send copies of this report to the Subcommittee on Homeland Security, Senate Appropriations Committee; Senate Governmental Affairs Committee; Subcommittee on Homeland Security, House Appropriations Committee; House Government Reform Committee; the Chairman, House Select Committee on Homeland Security; the Secretary of Homeland Security; the Director, Office of Management and Budget, and other interested parties. We will also make copies available to others on request. In addition, the report will be available on GAO's Web site at http:// www.gao.gov. If you or your staff have any questions about this report, please contact me at (202) 512-8777 or by e-mail at yimr@gao.gov or Debra Sebastian at (202) 512-9385 or by e-mail at sebastiand@gao.gov. Key contributors to this report were Amy Bernstein, Roosevelt R. Burns, R.E. Canjar, Amanda Rose, Gladys Toro, and Margaret A. Ullengren. Sincerely yours, Signed by: Randall A. Yim, Managing Director: Homeland Security and Justice Issues: Enclosures - IV: [End of section] Enclosure 1: Briefing to Ranking Member Turner: [See PDF for image] [End of slide presentation] [End of section] Enclosure II: List of Key GAO Recommendations to DHS That Have Been Fully Implemented: Directorate of Border and Transportation Security[B]: Report title: Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed; Key recommendation[A]: To address the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) as a governmentwide program and to minimize the risks facing the program, the Secretary of Homeland Security, in collaboration with cabinet officials from US-VISIT stakeholder departments and agencies, should establish and charter an executive body, chaired by the Secretary's designee, potentially co- chaired by the leadership from key stakeholder departments and agencies, and composed of appropriate senior-level representatives from DHS and each stakeholder organization, to guide and direct the US-VISIT program; Report number and date of issuance: GAO-03-1083 (September 19, 2003). Report title: Homeland Security: Limited Progress in Deploying Radiation Detection Equipment at U.S. Ports of Entry; Key recommendation[A]: In order to ensure that the Bureau of Customs and Border Protection (BCBP) deploys radiation detection equipment as efficiently and quickly as possible, the Commissioner of Customs should complete BCBP's plan for deploying radiation detection equipment at U.S. ports of entry, including total costs and schedules for all categories of entry points; Report number and date of issuance: GAO- 03-963 LOU (September 4, 2003). Report title: Land Border Ports of Entry: Vulnerabilities and Inefficiencies in the Inspections Process; Key recommendation[A]: In relation to land border ports of entry, the Commissioner of BCBP should review existing security arrangements and controls over persons referred for secondary inspections at all ports of entry and take steps to address any identified weaknesses; Report number and date of issuance: GAO-03-782NI (July 11, 2003). Report title: Land Border Ports of Entry: Vulnerabilities and Inefficiencies in the Inspections Process; Key recommendation[A]: In relation to land border ports of entry, the Commissioner of BCBP should develop and implement a field-training program that provides on-the-job training to new inspectors before they independently conduct inspections, and continuing training to all inspectors to sharpen their skills; Report number and date of issuance: GAO-03-782NI (July 11, 2003). Report title: Land Border Ports of Entry: Vulnerabilities and Inefficiencies in the Inspections Process; Key recommendation[A]: In relation to land border ports of entry, the Commissioner of BCBP should establish a standard list of essential equipment for all inspectors stationed at land border ports and ensure such equipment is provided; Report number and date of issuance: GAO-03-782NI (July 11, 2003). Report title: Land Border Ports of Entry: Vulnerabilities and Inefficiencies in the Inspections Process; Key recommendation[A]: BCBP should provide all border inspectors with continuing training on the detection of fraudulent documents and establish controls to ensure that such training is received at appropriate intervals; Report number and date of issuance: GAO-03-782NI (July 11, 2003). Report title: Foreign Military Sales: Actions Needed to Provide Better Controls over Exported Defense Articles; Key recommendation[A]: To strengthen the BCBP's role in controlling the export of Foreign Military Sales (FMS) shipments, the Secretary of Homeland Security should revise guidelines on seizure authority over FMS exports to clearly establish Customs inspectors' authority to seize FMS articles when exports violate laws or regulations; Report number and date of issuance: GAO-03-599 (June 5, 2003). Report title: Foreign Military Sales: Actions Needed to Provide Better Controls over Exported Defense Articles; Key recommendation[A]: To strengthen BCBP's role in controlling the export of FMS shipments, the Secretary of Homeland Security should establish guidelines for the proper recording and subtracting of FMS shipments against the appropriate export value, as defined by the interagency work group mentioned previously; Report number and date of issuance: GAO-03-599 (June 5, 2003). Report title: Foreign Military Sales: Actions Needed to Provide Better Controls over Exported Defense Articles; Key recommendation[A]: To strengthen BCBP's role in controlling the export of FMS shipments, the Secretary of Homeland Security should ensure each shipment matches the information provided in FMS's shipping document noted in the previous recommendation; Report number and date of issuance: GAO-03-599 (June 5, 2003). Report title: Rail Safety and Security: Some Actions Already Taken to Enhance Rail Security, but Risk-based Plan Needed; Key recommendation[A]: To help meet the requirement to secure all modes of transportation under the Aviation and Transportation Security Act, the Secretary of Homeland Security should work jointly with the Secretary of Transportation to develop a risk-based plan that specifically addresses the security of the nation's rail infrastructure. This plan should build upon the railroad industry's experience with rail infrastructure and the transportation of hazardous materials and establish time frames for implementing specific security actions necessary to protect hazardous material rail shipments. Among the areas that should be addressed in developing this plan are (1) the appropriate roles of the private sector and federal, state, and local governments; (2) minimum security standards for hazardous materials stored in transit in rail cars; and (3) the appropriate level of disclosure to local communities of the types and quantities of hazardous materials passing through or stored in transit in these communities; Report number and date of issuance: GAO-03-435 (April 30, 2003). Report title: Customs Service Modernization: Automated Commercial Environment Progressing, but Further Acquisition Management Improvements Needed; Key recommendation[A]: The Commissioner of the Customs Service should direct the Chief Information Officer (CIO) to immediately develop and implement each of the missing Software Engineering Institute Software Acquisition Capability Maturity Model practices for the key process areas discussed in this report and, until this is accomplished, report to its appropriations subcommittees quarterly on the progress of its efforts to do so; Report number and date of issuance: GAO-03-406 (February 28, 2003). Report title: Aviation Security: Vulnerabilities and Potential Improvements for the Air Cargo System; Key recommendation[A]: The Under Secretary of Transportation for Security should develop a comprehensive plan for air cargo security that includes priority actions identified on the basis of risk, costs of these actions, deadlines for completing those actions, and performance targets; Report number and date of issuance: GAO-03-344 (December 20, 2002). Report title: Customs Service Modernization: Management Improvements Needed on High-Risk Automated Commercial Environment Project; Key recommendation[A]: To improve Customs' Automated Commercial Environment (ACE) modernization management, the Customs Service Commissioner should direct the chief information officer, as the designated modernization executive, to develop and implement process controls for the Software Engineering Institute's Software Acquisition Capability Maturity Model level 2 key process areas and the level 3 acquisition risk management key process area; Report number and date of issuance: GAO-02-545 (May 13, 2002). Report title: Customs Service Modernization: Management Improvements Needed on High-Risk Automated Commercial Environment Project; Key recommendation[A]: To improve Customs' ACE modernization management, the Customs Service Commissioner should direct the chief information officer, as the designated modernization executive, to certify to Customs' House and Senate appropriations subcommittees, before building each ACE release (i.e., beginning detailed design and development), that the enterprise architecture has been sufficiently extended to provide the requisite enterprise design content and has been updated to ensure consistency and integration across business areas; Report number and date of issuance: GAO-02-545 (May 13, 2002). Report title: Defense Trade: Lessons to Be Learned from the Country Export Exemption; Key recommendation[A]: To strengthen enforcement activities, the Commissioner of the U.S. Customs Service should update, finalize, and disseminate its guidance on defense export inspection requirements to all inspectors; Report number and date of issuance: GAO-02-63 (March 29, 2002). Report title: Defense Trade: Lessons to Be Learned from the Country Export Exemption; Key recommendation[A]: To strengthen enforcement activities, the Commissioner of the U.S. Customs Service should assess the threat of illegal defense exports at all ports along the northern border and evaluate whether reallocation of its inspectors, additional training, or other actions are warranted to augment the capability of inspectors to enforce export regulations; Report number and date of issuance: GAO-02-63 (March 29, 2002). Report title: Information Technology Management: Coast Guard Practices Can Be Improved; Key recommendation[A]: In order to improve the Coast Guard's Information Technology management practices, the Secretary of Transportation should direct the Coast Guard Commandant to ensure that the appropriate officials implement appropriate corrective actions on the network security weaknesses that GAO identified; Report number and date of issuance: GAO-01-190 (December 12, 2000). Report title: Alien Smuggling: Management and Operational Improvements Needed to Address; Key recommendation[A]: The Commissioner of the Immigration and Naturalization Service (INS) should establish criteria for opening an anti-smuggling case to help ensure that INS' s anti- smuggling resources are focused on the highest-priority cases; Report number and date of issuance: GGD-00-103 (May 1, 2000). Report title: Alien Smuggling: Management and Operational Improvements Needed to Address Growing Problem; Key recommendation[A]: The Commissioner of INS should establish a cost- effective case tracking and management system of alien smuggling investigations that is automated, agencywide, and readily available to investigative personnel and program managers to facilitate the sharing of case information and prevent duplication of effort; Report number and date of issuance: GGD-00-103 (May 1, 2000). Report title: Alien Smuggling: Management and Operational Improvements Needed to Address Growing Problem; Key recommendation[A]: The Commissioner of INS should require that intelligence reports be prepared using a database format so the information can be systematically analyzed; Report number and date of issuance: GGD-00- 103 (May 1, 2000). Report title: Drug Control: INS and Customs Can Do More To Prevent Drug-Related Employee Corruption; Key recommendation[A]: The Attorney General should require the Commissioner of INS to comply with policies that require employment reinvestigations to be completed when they are due; Report number and date of issuance: GGD-99-31 (March 30, 1999). Report title: Drug Control: INS and Customs Can Do More To Prevent Drug-Related Employee Corruption; Key recommendation[A]: The Attorney General should direct the Commissioner of INS to strengthen internal controls at Southwest Border ports of entry and at Border Patrol checkpoints by establishing: (1) one or more methods to deprive drivers of their choice of inspection lanes at ports of entry; (2) a policy for the inspection of law enforcement officers or their vehicles at ports of entry and Border Patrol checkpoints; and (3) a recusal policy concerning the performance of inspections by immigration inspectors and Border Patrol agents where their objectivity may be in question; Report number and date of issuance: GGD-99-31 (March 30, 1999). Report title: Drug Control: INS and Customs Can Do More to Prevent Drug-Related Employee Corruption; Key recommendation[A]: The Secretary of the Treasury should direct the Commissioner of Customs to strengthen internal controls at Southwest Border ports of entry by establishing: (1) one or more methods to deprive drivers of their choice of inspection lanes; (2) a policy for inspection of law enforcement officers and their vehicles; and (3) a recusal policy concerning the performance of inspections by Customs inspectors where their objectivity may be in question; Report number and date of issuance: GGD-99-31 (March 30, 1999). Report title: Immigration Statistics: Information Gaps, Quality Issues Limit Utility of Federal Data to Policymakers; Key recommendation[A]: To reduce the uncertainty associated with statistical estimates of relevant demographic concepts other than immigration flow, fill information gaps for specific legal statuses, and address fragmented reporting, the Commissioner of INS and the Director of the Bureau of the Census should together further develop, test, and evaluate the three-card method that GAO devised for surveying foreign-born about their legal status; Report number and date of issuance: GGD-98-164 (July 31, 1998). Report title: INS Management: Follow-up on Selected Problems; Key recommendation[A]: To help achieve the reorganization goals, the INS Commissioner should determine whether staffing levels need to be adjusted for programs, field operations, and regional offices to accomplish their prescribed roles and responsibilities consistent with the respective mission and workloads for each office; Report number and date of issuance: GGD-97-132 (July 22, 1997). Report title: Criminal Aliens: INS' Efforts To Identify and Remove Imprisoned Aliens Need To Be Improved; Key recommendation[A]: The INS Commissioner should identify the causes of immigration agent attrition and take steps to ensure that staffing is adequate to achieve the Institutional Hearing Program's goals; Report number and date of issuance: T-GGD-97-154 (July 15, 1997). Report title: Criminal Aliens: INS' Efforts To Identify and Remove Imprisoned Aliens Need To Be Improved; Key recommendation[A]: The INS Commissioner should (1) develop a workload analysis model to identify the IHP resources needed in any period to achieve overall program goals and the portion of those goals that would be achievable with alternative levels of resources and (2) use the model to support its IHP funding and staffing requests. Such a model should consider several factors, including the number of foreign- born inmates, number of prisons that must be visited, number and types of IHP staff, length of time to process cases, and travel time and costs; Report number and date of issuance: T-GGD-97-154 (July 15, 1997). Directorate of Emergency Preparedness and Response[B]: Report title: Fire Safety: Comprehensive Information on Fire Incidences in Federal Facilities Is Lacking; Key recommendation[A]: The Administrator, U.S. Fire Administration, in conjunction with the Consumer Product Safety Commission, the General Services Administration, Occupational Safety and Health Administration, and other federal agencies identified as being relevant, should examine whether the systematic collection and analysis of data on fires in federal workspace is warranted. If they determine that data collection and analysis are warranted, data that should be considered for collection and analysis include: the number of fires in federal workspace; property damage, injuries, and deaths resulting from such fires; and the causes of these fires, including any products involved, if determined. In addition, the agencies should discuss, among other topics deemed relevant, the availability of resources for implementing any data collection system and any needed authority to facilitate federal agencies' cooperation in this effort; Report number and date of issuance: GAO-01-879 (August 20, 2001). Report title: Combating Terrorism: Federal Response Teams Provide Varied Capabilities; Opportunities Remain to Improve Coordination; Key recommendation[A]: To provide a sound analytical basis for developing appropriate federal consequence management responses, the Director of the Federal Emergency Management Agency (FEMA) should take steps to require that the Weapons of Mass Destruction Interagency Steering Group develop realistic scenarios involving chemical, biological, radiological, and nuclear agents and weapons with experts in the scientific and intelligence communities; Report number and date of issuance: GAO-01-14 (November 30, 2000). Report title: Combating Terrorism: Federal Response Teams Provide Varied Capabilities; Opportunities Remain to Improve Coordination; Key recommendation[A]: To build upon the experience and lessons learned by the federal response teams from the May 2000 exercise, the FEMA Director should sponsor periodic national-level consequence management field exercises involving federal, state, and local governments. Such exercises should be conducted together with national- level crisis management field exercises; Report number and date of issuance: GAO-01-14 (November 30, 2000). Directorate of Science and Technology[B]: Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: To complete and enhance Plum Island’s security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, correct physical security deficiencies by better securing the foot-and-mouth disease vaccine bank; Report number and date of issuance: GAO-03-847 (September 19, 2003). Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: To complete and enhance Plum Island’s security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, correct physical security deficiencies by better securing certain features of the physical infrastructure that supports the continued operation of the Plum Island Animal Disease Center; Report number and date of issuance: GAO-03-847 (September 19, 2003). Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: To complete and enhance Plum Island’s security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, reconsider the security risks at Plum Island, taking into account recent acts of disgruntled employees; Report number and date of issuance: GAO-03-847 (September 19, 2003). Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: To complete and enhance Plum Island’s security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, enhance incident response capability by increasing the size of the guard force; Report number and date of issuance: GAO-03-847 (September 19, 2003). Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: To complete and enhance Plum Island’s security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, limit access to pathogens by further developing and enforcing specific procedures, including internal control checks, to ensure that background checks of these individuals are updated regularly; Report number and date of issuance: GAO-03-847 (September 19, 2003). Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: To complete and enhance Plum Island’s security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, limit access to pathogens by further developing and enforcing specific procedures, including internal control checks, to ensure that cleaning, maintenance, and repair staff entering the biocontainment area are escorted at all times by individuals with completed background checks; Report number and date of issuance: GAO-03-847 (September 19, 2003). Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: To complete and enhance Plum Island’s security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, enhance incident response capability by developing and implementing a policy on how guards should deal with intruders and use weapons; Report number and date of issuance: GAO-03- 847 (September 19, 2003). Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: To complete and enhance Plum Island’s security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, correct physical security deficiencies by fully implementing the physical security measures; Report number and date of issuance: GAO-03-847 (September 19, 2003). Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: To complete and enhance Plum Island’s security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, consult with other laboratories to identify ways to mitigate the inherent difficulty of securing pathogens; Report number and date of issuance: GAO-03-847 (September 19, 2003). Management Division[B]: Report title: Information Technology: Homeland Security Needs to Improve Entry Exit System Expenditure Planning; Key recommendation[A]: To help ensure the effective management and acquisition of the entry exit system, the Secretary of Homeland Security should, through whatever entry exit program governance structure is established, direct the entry exit program manager to ensure that planned investment and acquisition management controls, including the development of a business case, are fully implemented in accordance with recognized best practices and relevant federal requirements and guidance; Report number and date of issuance: GAO-03-563 (June 9, 2003). [A] Key GAO recommendations reflect actions that must be taken either to aid in securing the nations homeland or to swiftly and appropriately respond to future terrorist attacks. [B] GAO reports issued prior to March 1, 2003, were directed to legacy agencies that are now part of this directorate. [End of table] [End of section] Enclosure III: Key Recommendations DHS Is Currently Addressing: Directorate of Border and Transportation Security[B]: Report title: Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To address the challenges associated with the development, implementation, and operation of the Computer-Assisted Passenger Prescreening System II (CAPPS II), the Secretary of Homeland Security should instruct the Administrator of the Transportation Security Administration (TSA) to develop policies and procedures outlining the CAPPS II passenger redress process that include defining the appeal rights of passengers and their ability to access and correct personal data; Report number and date of issuance: GAO-04-385 (February 12, 2004); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To address the challenges associated with the development, implementation, and operation of CAPPS II, the Secretary of Homeland Security should instruct the Administrator of TSA to develop policies and procedures detailing CAPPS II oversight mechanisms, including offices responsible for providing oversight, and reporting requirements for oversight information; Report number and date of issuance: GAO-04- 385 (February 12, 2004); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To address the challenges associated with the development, implementation, and operation of CAPPS II, the Secretary of Homeland Security should instruct the Administrator of TSA to develop results- oriented performance goals and measures to evaluate the program's effectiveness, including measures to assess performance of the system in generating reliable risk scores; Report number and date of issuance: GAO-04-385 (February 12, 2004); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To address the challenges associated with the development, implementation, and operation of CAPPS II, the Secretary of Homeland Security should instruct the Administrator of TSA to develop a strategy for mitigating the high risk associated with system and database testing that ensures (1) accuracy testing of commercial and government databases is conducted prior to the database being used and (2) appropriate stress testing is conducted to demonstrate the system can meet peak load requirements; Report number and date of issuance: GAO- 04-385 (February 12, 2004); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To address the challenges associated with the development, implementation, and operation of CAPPS II, the Secretary of Homeland Security should instruct the Administrator of TSA to develop a schedule for critical security activities, including finalizing the security policy, the security risk assessment, and system certification and accreditation; Report number and date of issuance: GAO-04-385 (February 12, 2004); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To address the challenges associated with the development, implementation, and operation of CAPPS II, the Secretary of Homeland Security should instruct the Administrator of TSA to use established plans to track development progress to ensure that promised functionality is being delivered on time and within established cost estimates; Report number and date of issuance: GAO-04-385 (February 12, 2004); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To address the challenges associated with the development, implementation, and operation of CAPPS II, the Secretary of Homeland Security should instruct the Administrator of TSA to develop plans identifying the specific functionality that will be delivered during each increment of CAPPS II, the specific milestones for delivering this functionality, and expected costs for each increment; Report number and date of issuance: GAO-04-385 (February 12, 2004); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To address the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) Program as a governmentwide program and to minimize the risks facing the program, the Secretary of Homeland Security, in collaboration with cabinet officials from US-VISIT stakeholder departments and agencies, should direct this executive body[C] to immediately take steps to (1) ensure that the human capital and financial resources are expeditiously provided to establish a fully functional and effective US-VISIT program office and associated management capability, (2) clarify the operational context within which US-VISIT must operate, and (3) decide whether proposed US-VISIT increments will produce mission value commensurate with costs and risks and disclose to the Congress planned actions based on this body's decisions; Report number and date of issuance: GAO-03-1083 (September 19, 2003); Timeframes reported by DHS: DHS notes that 4 months after GAO issued this recommendation, the US-VISIT Federal Stakeholders Advisory Board was chartered to provide oversight and strategic direction and to ensure that program plans, policies, funding, and business goals are aligned and moving forward for the US-VISIT program; Challenges reported by DHS: None provided. Report title: Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed; Key recommendation[A]: Directorate of Border and Transportation Security[B]: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately developing an analysis of incremental program costs, benefits, and risks, and providing this analysis to the executive body, to assist it in the body's deliberations and decision making; Report number and date of issuance: GAO-03-1083 (September 19, 2003); Timeframes reported by DHS: DHS notes that the cost, schedule, performance, and risks documents were completed and presented on November 25, 2003, to the DHS Investment Review Board. Approval via the Management Decision Memorandum was received in February 2004; Challenges reported by DHS: None provided. Report title: Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed; Key recommendation[A]: Directorate of Border and Transportation Security[B]: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately defining program office positional roles, responsibilities, and relationships; Report number and date of issuance: GAO-03-1083 (September 19, 2003); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed; Key recommendation[A]: Directorate of Border and Transportation Security[B]: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately developing and implementing a human capital strategy that provides for staffing these positions with individuals who have the requisite core competencies (knowledge, skills, and abilities); Report number and date of issuance: GAO-03-1083 (September 19, 2003); Timeframes reported by DHS: DHS believes that the agency will complete its human capital strategy by December 31, 2004. In the interim, DHS has engaged the Office of Personnel Management to assist in performing aspects of personnel management, such as drafting position descriptions and performance plans, which will contribute to the development of the agency's human capital strategy; Challenges reported by DHS: None provided. Report title: Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed; Key recommendation[A]: Directorate of Border and Transportation Security[B]: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately developing and implementing a plan for satisfying key Software Engineering Institute acquisition management controls, to include acquisition planning, solicitation, requirements development and management, project management, contractor tracking and oversight, evaluation, and transition to support; Report number and date of issuance: GAO-03-1083 (September 19, 2003); Timeframes reported by DHS: DHS believes that it will take more than 2 years after a dedicated leader is brought on board to the US-VISIT office to achieve key Software Engineering Institute acquisition management controls. A firm goal and timeline will be set after that person is hired. However, the agency has not specified a timeline for bringing that person on board; Challenges reported by DHS: None provided. Report title: Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed; Key recommendation[A]: Directorate of Border and Transportation Security[B]: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately developing and implementing a risk management plan and ensuring that all high risks and their status are reported regularly to the executive body; Report number and date of issuance: GAO-03-1083 (September 19, 2003); Timeframes reported by DHS: DHS notes that an executive Risk Review Board is currently being chartered and is projected to be in place by September 30, 2004; Challenges reported by DHS: None provided. Report title: Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed; Key recommendation[A]: Directorate of Border and Transportation Security[B]: Further, the Secretary of Homeland Security, through the Under Secretary for Border and Transportation Security, should direct the US-VISIT Program Director to expeditiously establish an effective program management capability, including immediately defining performance standards for each US-VISIT system increment that are measurable and reflect the limitations imposed by relying on existing systems for these system increments; Report number and date of issuance: GAO-03-1083 (September 19, 2003); Timeframes reported by DHS: DHS notes that US-VISIT has initiated a process to define performance standards that meet the criteria specified. US-VISIT is also defining performance measures for both internal managerial and external reporting purposes. DHS anticipates reportable criteria by September 30, 2004; Challenges reported by DHS: None provided. Report title: Homeland Security: Limited Progress in Deploying Radiation Detection Equipment at U.S. Ports of Entry; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To apply lessons learned from its initial deployments of portal monitors and other radiation detection equipment and ensure their effective application, the Bureau of Customs and Border Protection (BCBP) should consider deploying sufficient isotope identifiers to each port of entry so that inspectors can immediately respond to alarms without having to retrieve equipment from another location; Report number and date of issuance: GAO-03-963 LOU (September 4, 2003); Timeframes reported by DHS: DHS notes that it plans to fully implement this recommendation by December 30, 2004; Challenges reported by DHS: In implementing this recommendation, DHS notes that it is facing funding and deployment support challenges. For example, due to funding constraints, there are times when an isotope identifier must be retrieved from one location to be used at another location. Additionally, DHS reports that logistical issues associated with deploying equipment must be addressed. Such issues include ensuring equipment is distributed to proper personnel and that adequate training is in place and provided to those who require it. Report title: Homeland Security: Limited Progress in Deploying Radiation Detection Equipment at U.S. Ports of Entry; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To apply lessons learned from its initial deployments of portal monitors and other radiation detection equipment and ensure their effective application, BCBP should consider, establish, and implement minimum training requirements so that all inspectors have a clear understanding of the capabilities and limitations of the radiation detection equipment; Report number and date of issuance: GAO-03-963 LOU (September 4, 2003); Timeframes reported by DHS: DHS believes that it has fully implemented this recommendation and provided GAO with documentation to support this position on June 24, 2004. GAO is currently evaluating this documentation; Challenges reported by DHS: None provided. Report title: Homeland Security: Limited Progress in Deploying Radiation Detection Equipment at U.S. Ports of Entry; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To apply lessons learned from its initial deployments of portal monitors and other radiation detection equipment and ensure their effective application, BCBP should consider, as it proceeds to deploy radiation detection equipment to air cargo facilities, analyze opportunities at airports to deploy portal monitors to cover multiple international mail, package, and air cargo facilities so that fewer portal monitor locations are needed to cover a greater proportion of goods entering the United States; Report number and date of issuance: GAO-03-963 LOU (September 4, 2003); Timeframes reported by DHS: DHS plans to complete implementation of this recommendation by December 30, 2004; Challenges reported by DHS: According to a DHS official, implementation of this recommendation is a multistaged process, requiring continuing analysis to develop lessons learned as DHS moves through each stage. The official also noted that the long-term nature of the deployment process is a challenge for DHS. For instance, there are a large number of ports involved for which large-scale equipment must be disbursed appropriately. Report title: Homeland Security: Limited Progress in Deploying Radiation Detection Equipment at U.S. Ports of Entry; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To apply lessons learned from its initial deployments of portal monitors and other radiation detection equipment and ensure their effective application, BCBP should consider, for the final three categories of deployment, continuing to proactively engage local government and private entities that must be consulted before deploying portal monitors early in the deployment process in order to minimize delays resulting from protracted negotiations; Report number and date of issuance: GAO-03-963 LOU (September 4, 2003); Timeframes reported by DHS: DHS believes that it has fully implemented this recommendation and provided GAO with documentation to support this position on June 24, 2004. GAO is currently evaluating this documentation; Challenges reported by DHS: None provided. Report title: Homeland Security: Limited Progress in Deploying Radiation Detection Equipment at U.S. Ports of Entry; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To obtain the assistance of other federal agencies and national laboratories that could help, in the long term, to overcome technical and deployment issues in adapting radiation detection equipment to the border environment, the Secretary of Homeland Security should establish a working group composed of agencies and entities involved in the research and deployment of radiation detection equipment. This working group should include, but not be restricted to, representatives from BCBP, TSA, the DHS Science and Technology Directorate, the Department of Defense (DOD), the Department of Energy (DOE), and DOE's national laboratories. The working group should serve as a forum for exchanging information on testing and performance of radiation detection equipment, the conditions at U.S. ports of entry, the challenges to deploying radiation detection equipment, and ways to overcome those challenges. The working group, meeting as often as needed, should also provide guidance to radiation detection experts for research and development of new radiation detection technologies to ensure that those efforts provide solutions to current challenges; Report number and date of issuance: GAO-03-963 LOU (September 4, 2003); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Border Security: New Policies and Procedures Are Needed to Fill Gaps in the Visa Revocation Process; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To strengthen the visa revocation process as an antiterrorism tool, the Secretary of Homeland Security should, in conjunction with the Secretary of State and the Attorney General, develop specific policies and procedures for the interagency visa revocation process to ensure that notification of visa revocations for suspected terrorists and relevant supporting information is transmitted from State to immigration and law enforcement agencies, and their respective inspection and investigation units, in a timely manner; Report number and date of issuance: GAO-03- 798 (June 18, 2003); Timeframes reported by DHS: GAO is currently reviewing the status of this recommendation in relation to a request by the Subcommittee on National Security, Emerging Threats, and Intergovernmental Relations, House Committee on Government Reform and plans to report on its status by July 6, 2004; Challenges reported by DHS: DHS notes that it is challenged in implementing this recommendation because it involves extensive interagency coordination with both the Department of State as well as the Department of Justice. Report title: Border Security: New Policies and Procedures Are Needed to Fill Gaps in the Visa Revocation Process; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To strengthen the visa revocation process as an antiterrorism tool, the Secretary of Homeland Security should, in conjunction with the Secretary of State and the Attorney General, develop a specific policy on actions that immigration and law enforcement agencies should take to investigate and locate individuals whose visas have been revoked for terrorism concerns and who remain in the United States after revocation; Report number and date of issuance: GAO-03-798 (June 18, 2003); Timeframes reported by DHS: GAO is currently reviewing the status of this recommendation in relation to a request by the Subcommittee on National Security, Emerging Threats, and Intergovernmental Relations, House Committee on Government Reform and plans to report on its status by July 6, 2004; Challenges reported by DHS: DHS notes that it is challenged in implementing this recommendation because it involves extensive interagency coordination with both the Department of State as well as the Department of Justice. Additionally, once the policy is developed, funding issues could be a concern for DHS and other law enforcement agencies responsible for implementing the policy. Report title: Border Security: New Policies and Procedures Are Needed to Fill Gaps in the Visa Revocation Process; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To strengthen the visa revocation process as an antiterrorism tool, the Secretary of Homeland Security should, in conjunction with the Secretary of State and the Attorney General, determine if persons with visas revoked on terrorism grounds are in the United States and, if so, whether they pose a security threat; Report number and date of issuance: GAO-03-798 (June 18, 2003); Timeframes reported by DHS: GAO is currently reviewing the status of this recommendation in relation to a request by the Subcommittee on National Security, Emerging Threats, and Intergovernmental Relations, House Committee on Government Reform and plans to report on its status by July 6, 2004; Challenges reported by DHS: DHS notes that it is challenged in implementing this recommendation because it involves extensive interagency coordination with both the Department of State as well as the Department of Justice. Report title: Land Border Ports of Entry: Vulnerabilities and Inefficiencies in the Inspections Process; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In relation to land border ports of entry, the Commissioner of BCBP should develop an inspections-related immigration intelligence program for the field, and in doing so, consider (1) defining the roles and responsibilities of intelligence units at headquarters and in the field regarding the collection, analysis, and use of intelligence information; (2) reassessing the need for intelligence officers at each field location; (3) coordinating the integration and sharing of intelligence information among locations; and (4) ensuring that inspectors have the time and opportunity to access and review intelligence information, including via routine briefings and access to NetLEADS; Report number and date of issuance: GAO-03-782NI (July 11, 2003); Timeframes reported by DHS: DHS plans to complete implementation of this recommendation by December 30, 2004; Challenges reported by DHS: DHS reports that it is difficult to assess resource and other field intelligence needs given the significant organizational restructuring resulting from the establishment of Customs and Border Protection and Immigration and Customs Enforcement. Report title: Foreign Military Sales: Actions Needed to Provide Better Controls over Exported Defense Articles; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To strengthen BCBP's role in controlling the export of Foreign Military Sales (FMS) shipments, the Secretary of Homeland Security should establish a centralized system to identify where specific FMS agreements are filed to prohibit multiple port filings; Report number and date of issuance: GAO-03-599 (June 5, 2003); Timeframes reported by DHS: CBP expects to develop and establish an electronic repository for FMS case information that will allow for the transmission of database information on FMS. CBP expects it to become part of the Automated Commercial Environment by September 30, 2007; Challenges reported by DHS: DHS notes that ensuring adequate funding and programming resources for actions necessary to implement this recommendation, such as establishing an electronic repository for FMS case information, has been difficult. However, DHS believes the recommendation could be implemented earlier than September 30, 2007, if additional funding is provided sooner. Report title: Customs Service Modernization: Automated Commercial Environment Progressing, but Further Acquisition Management Improvements Needed; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The Commissioner of the Customs Service should take steps, as appropriate in light of Customs' merger into the Department of Homeland Security, to have future ACE expenditure plans specifically address any proposals or plans, whether tentative or approved, for extending and using ACE infrastructure to support other homeland security applications, including any impact on ACE of such proposals and plans; Report number and date of issuance: GAO-03-406 (February 28, 2003); Timeframes reported by DHS: CBP notes that this recommendation is of an ongoing nature and is not conducive to a hard target completion date. For example, on February 14, 2004, CBP initiated a coordinating meeting with the US-VISIT program seeking agreement on avenues for sharing and integration. CBP expects that once these results are formalized, the agency would expect to establish further milestone dates responsive to GAO's recommendation; Challenges reported by DHS: DHS reports that large automation projects typically require actions to be taken over a long-term period, thus, it believes implementation of this recommendation will require sustained efforts over the long-term. Report title: Customs Service Modernization: Automated Commercial Environment Progressing, but Further Acquisition Management Improvements Needed; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The Commissioner of the Customs Service should direct the Chief Information Officer (CIO) to develop and implement the missing human capital management practices discussed in this report, and until this is accomplished, report to its appropriations committees quarterly on the progress of its efforts to do so; Report number and date of issuance: GAO-03-406 (February 28, 2003); Timeframes reported by DHS: DHS plans to complete implementation of this recommendation by September 30, 2004; Challenges reported by DHS: DHS reports that it is challenged in implementing this recommendation by the technical nature of the project and the significant number of personnel required to support the Customs and Border Protection modernization effort. Report title: Customs Service Modernization: Automated Commercial Environment Progressing, but Further Acquisition Management Improvements Needed; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The Commissioner of the Customs Service should direct the CIO to establish an independent verification and validation function to assist Customs in overseeing contractor efforts, such as testing; Report number and date of issuance: GAO-03-406 (February 28, 2003); Timeframes reported by DHS: DHS plans to complete implementation of this recommendation by August 30, 2004; Challenges reported by DHS: None provided. Report title: Homeland Security: INS Cannot Locate Many Aliens Because It Lacks Reliable Address Information; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In order to promote compliance with the change of address notification requirements through publicity and enforcement and to improve the reliability of its alien address data, the Attorney General should direct the INS Commissioner to evaluate alternative approaches and their associated costs for obtaining or assembling complete alien address information, particularly for those aliens who do not comply with the change of address notification requirement; Report number and date of issuance: GAO-03-188 (November 21, 2002); Timeframes reported by DHS: DHS believes it has implemented this recommendation. Thus, it did not provide any future timeframes for completing this recommendation. GAO has requested that DHS provide it with documentation to demonstrate that DHS has implemented a process for getting complete and updated alien address information into DHS systems; Challenges reported by DHS: DHS notes that ensuring adequate funding for actions taken related to this recommendation is a challenge. Report title: Homeland Security: INS Cannot Locate Many Aliens Because It Lacks Reliable Address Information; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In order to promote compliance with the change of address notification requirements through publicity and enforcement and to improve the reliability of its alien address data, the Attorney General should direct the INS Commissioner to establish written procedures and controls to ensure that alien address information in all automated databases is complete, consistent, accurate, and current; Report number and date of issuance: GAO-03-188 (November 21, 2002); Timeframes reported by DHS: DHS believes it has implemented this recommendation. Thus, it did not provide any future timeframes for completing this recommendation. GAO has requested that DHS provide it with documentation to demonstrate that Customs and Immigration Services has developed procedures and controls to ensure that an alien's address information is updated appropriately in all related databases; Challenges reported by DHS: DHS notes that ensuring adequate funding for actions taken related to this recommendation is a challenge. Report title: Homeland Security: INS Cannot Locate Many Aliens Because It Lacks Reliable Address Information; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In order to promote compliance with the change of address notification requirements through publicity and enforcement and to improve the reliability of its alien address data, the Attorney General should direct the INS Commissioner to identify and implement an effective means to publicize the change of address notification requirement nationwide. As part of its publicity effort, INS should make sure that aliens have information on how to comply with this requirement, including where information may be available and the location of change of address forms; Report number and date of issuance: GAO-03-188 (November 21, 2002); Timeframes reported by DHS: DHS believes it has implemented this recommendation. Thus, it did not provide any future timeframes for completing this recommendation. GAO is requesting that DHS provide it with documentation to demonstrate that publicity efforts to make aliens aware of the notification requirement have been implemented; Challenges reported by DHS: DHS notes that ensuring adequate funding for actions taken related to this recommendation is a challenge. Report title: Customs Service Modernization: Management Improvements Needed on High-Risk Automated Commercial Environment Project; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To improve Customs' ACE modernization management, the Customs Service Commissioner should direct the chief information officer, as the designated modernization executive, to immediately develop and implement a Customs Modernization Office (CMO) human capital management strategy that provides both near-and long-term solutions to CMO's human capital capacity limitations, including defining the office's skill and capacity needs in terms that will allow Customs to attract qualified individuals and that will provide sufficient rewards and training, linked to performance, to promote their retention; Report number and date of issuance: GAO-02-545 (May 13, 2002); Timeframes reported by DHS: None provided; Challenges reported by DHS: DHS reports that it is challenged in implementing this recommendation by the technical nature of the project and the significant number of personnel required to support the Customs and Border Protection modernization effort. Report title: Alien Smuggling: Management and Operational Improvements Needed to Address Growing Problem; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The INS Commissioner should establish performance measures for the anti-smuggling efforts and intelligence program with which to gauge program effects; Report number and date of issuance: GGD-00-103 (May 1, 2000); Timeframes reported by DHS: None provided; Challenges reported by DHS: DHS notes that it is challenged in implementing this recommendation by ensuring that appropriate resources, including funding and personnel, are available. Report title: Criminal Aliens: INS's Efforts to Identify and Remove Imprisoned Aliens Need to Be Improved; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The INS Commissioner should establish a nationwide data system containing the universe of foreign-born inmates reported to INS by the Bureau of Prisons and the state departments of corrections and use this system to track the Institutional Hearing Program status of each inmate; Report number and date of issuance: T-GGD-97-154 (July 15, 1997); Timeframes reported by DHS: None provided; Challenges reported by DHS: DHS notes that it is challenged in implementing this recommendation by ensuring that appropriate resources, including funding and personnel, are available. Directorate of Emergency Preparedness and Response[B]: Report title: Continuity of Operations: Improved Planning Needed to Ensure Delivery of Essential Government Services; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To ensure that agencies can continue operations in emergencies and are prepared for the governmentwide exercise planned for May 2004, the Secretary of Homeland Security should direct the Under Secretary for Emergency Preparedness and Response to take steps to ensure that agencies that do not have continuity of operations (COOP) plans develop them by May 1, 2004; Report number and date of issuance: GAO-04-160 (February 27, 2004); Timeframes reported by DHS: On June 24, 2004, DHS provided GAO with a list of actions it has taken and plans to take in relation to this recommendation. For example, DHS noted that as part of an exercise it developed, Forward Challenge 2004, which was held from May 12 through May 15, 2004, participating department and agencies' COOP were successfully activated and tested. DHS also noted that it has developed a COOP manager's course which it plans to pilot from June 29 to July 1, 2004. Additionally, DHS has scheduled 10 additional courses from June 2004 through January 2005. GAO is currently evaluating this information to determine the continued status of this recommendation; Challenges reported by DHS: None Provided. Report title: Continuity of Operations: Improved Planning Needed to Ensure Delivery of Essential Government Services; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The Secretary should direct the Under Secretary to take steps to improve the oversight of COOP planning by conducting assessments of agency continuity plans that include independent verification of agency-provided information, as well as an assessment of the essential functions identified and their interdependencies with other activities; Report number and date of issuance: GAO-04-160 (February 27, 2004); Timeframes reported by DHS: DHS reports that its Readiness Reporting System will be used to assist it in assessing agency contingency plans. DHS further notes that it plans to initially deploy this system in fiscal year 2005. Finally, DHS reported that it would conduct an independent validation of each departments' and agency's self- assessment after deployment of the Readiness Reporting System; Challenges reported by DHS: None provided. Report title: Continuity of Operations: Improved Planning Needed to Ensure Delivery of Essential Government Services; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The Secretary should direct the Under Secretary to take steps to improve the oversight of COOP planning by ensuring that agencies correct the deficiencies in individual COOP plans identified here, as well as those identified in previous assessments; Report number and date of issuance: GAO-04-160 (February 27, 2004); Timeframes reported by DHS: DHS noted that it developed an exercise, Forward Challenge, to assist departments and agencies in improving individual COOP. As a result, DHS is working with those departments and agencies to complete after-action reports and will work with those agencies to improve their COOP capabilities. DHS further reports that the Forward Challenge after-action reports will be completed by September 30, 2004, and will include recommendations for measures to improve COOP capability. DHS also noted that it has developed a COOP manager's course which it plans to pilot from June 29 to July 1, 2004. Additionally, DHS has scheduled 10 additional courses from June 2004 through January 2005; Challenges reported by DHS: None provided. Directorate of Information Analysis and Infrastructure Protection[B]: Report title: Homeland Security: Voluntary Initiatives Are Under Way at Chemical Facilities, but the Extent of Security Preparedness Is Unknown; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In order to ensure that chemical facilities take action to review and address security vulnerabilities, the Secretary of Homeland Security and the Administrator of the Environmental Protection Agency (EPA) should jointly develop, in consultation with the Office of Homeland Security, a comprehensive national chemical security strategy that is both practical and cost effective. This national strategy should specify the roles and responsibilities of each federal agency partnering with the chemical industry; Report number and date of issuance: GAO-03-439 (March 14, 2003); Timeframes reported by DHS: Homeland Security Presidential Directive Number 7 (HSPD-7) requires DHS to produce a comprehensive, integrated National Plan for Critical Infrastructure and Key Resources Protection to outline national goals, objectives, milestones, and key initiatives by December 17, 2004. DHS states that this plan will consist of an overview as well as supplements addressing each critical infrastructure sector. As such, DHS notes that the chemical sector- specific plan will describe the roles and responsibilities of all sector stakeholders, including federal agencies; Challenges reported by DHS: DHS indicated that it does not face any challenges in implementing actions on this recommendation. Report title: Homeland Security: Voluntary Initiatives Are Under Way at Chemical Facilities, but the Extent of Security Preparedness Is Unknown; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In order to ensure that chemical facilities take action to review and address security vulnerabilities, the Secretary of Homeland Security and the Administrator of EPA should jointly develop, in consultation with the Office of Homeland Security, a comprehensive national chemical security strategy that is both practical and cost effective. This national strategy should develop appropriate information sharing mechanisms; Report number and date of issuance: GAO-03-439 (March 14, 2003); Timeframes reported by DHS: DHS reports that a chemical information sharing and analysis center is currently active and serves as the primary information sharing mechanism within the chemical sector. DHS also notes that the National Infrastructure Protective Plan with its supporting sector-specific plans should be completed by December 2004. DHS reports that the chemical sector -specific plan will describe the information sharing mechanisms and processes within the chemical sector; Challenges reported by DHS: DHS indicated that it does not face any challenges in implementing actions on this recommendation. Report title: Homeland Security: Voluntary Initiatives Are Under Way at Chemical Facilities, but the Extent of Security Preparedness Is Unknown; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In order to ensure that chemical facilities take action to review and address security vulnerabilities, the Secretary of Homeland Security and the Administrator of EPA should jointly develop, in consultation with the Office of Homeland Security, a comprehensive national chemical security strategy that is both practical and cost effective. This national strategy should identify high-risk facilities based on factors including the level of threat and collect information on industry security preparedness; Report number and date of issuance: GAO-03-439 (March 14, 2003); Timeframes reported by DHS: DHS notes that the National Infrastructure Protective Plan with its supporting sector -specific plans should be completed by December 2004. As such, the chemical sector-specific plan will describe the process to be used in prioritizing and assessing the vulnerability of chemical facilities within the chemical sector. DHS further reports that HSPD-7 requires them to report annually, beginning in December 2004, on the status of DHS's efforts to identify, prioritize, and coordinate the protection of critical infrastructure and key resources within the chemical sector; Challenges reported by DHS: DHS indicated that it does not face any challenges in implementing actions on this recommendation. Report title: Homeland Security: Voluntary Initiatives Are Under Way at Chemical Facilities, but the Extent of Security Preparedness Is Unknown; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In order to ensure that chemical facilities take action to review and address security vulnerabilities, the Secretary of Homeland Security and the Administrator of EPA should jointly develop, in consultation with the Office of Homeland Security, a comprehensive national chemical security strategy that is both practical and cost effective. This national strategy should develop a legislative proposal, in consultation with industry and other appropriate groups, to require these chemical facilities to expeditiously assess their vulnerability to terrorist attacks and, where necessary, require these facilities to take corrective action; Report number and date of issuance: GAO-03-439 (March 14, 2003); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Critical Infrastructure Protection: Challenges for Selected Agencies and Industry Sectors; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To assist the administration in establishing CIP priorities for all major federal agencies, critical infrastructure sectors, and the Department of Homeland Security, the Director of the National Infrastructure Protection Center (NIPC) should determine the status and identify additional actions needed to improve the quality and quantity of information being provided by information sharing and analysis centers (ISACs), and of plans made by the new department's Information Analysis and Infrastructure Protection directorate and the ISACs to enhance the current information-sharing process; Report number and date of issuance: GAO-03-233 (February 28, 2003); Timeframes reported by DHS: DHS believes that it has completed actions on this recommendation. Thus, DHS did not provide any specific timeframes for future completion. GAO is currently evaluating DHS's information sharing and plans to report on the issue by July 9, 2004; Challenges reported by DHS: DHS indicated that it does not face any challenges in implementing actions on this recommendation. Report title: Critical Infrastructure Protection: Challenges for Selected Agencies and Industry Sectors; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To help ensure that private-sector ISACs continue efforts to improve their critical infrastructure protection (CIP) activities, the Secretary of Energy, the Secretary of Commerce, and the Administrator of EPA, through their lead agency responsibilities for the energy, electricity, information, communication, and water industry sectors, should assess the need for grants, tax incentives, regulation, or other public policy tools to encourage increased private-sector CIP activities and greater sharing of intelligence and incident information between the sectors and the federal government. After lead agency responsibilities for the information and telecommunications sector are transitioned to the Department of Homeland Security, the Secretary of that department would become responsible for that sector; Report number and date of issuance: GAO-03-233 (February 28, 2003); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. Report title: Critical Infrastructure Protection: Challenges for Selected Agencies and Industry Sectors; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To assist the administration in establishing CIP priorities for all major federal agencies, critical infrastructure sectors, and the Department of Homeland Security, the Director of the Critical Infrastructure Assurance Office should determine the status of, and identify additional actions needed to improve the federal government's efforts and progress in implementing, federal CIP policy, including identifying the federal government's critical assets, completing vulnerability assessments for these assets, remedying identified vulnerabilities, and incorporating these assets into continuity of operations plans; Report number and date of issuance: GAO-03-233 (February 28, 2003); Timeframes reported by DHS: HSPD-7 requires all Federal departments and agencies to develop plans for protecting the physical and cyber critical infrastructure and key resources that they own or operate. These plans must address identification, prioritization, protection, and contingency planning, including the recovery and reconstitution of essential capabilities. OMB is requiring that all federal agencies and departments submit such plans by July 31, 2004; Challenges reported by DHS: DHS indicated that it does not face any challenges in implementing actions on this recommendation. Report title: Critical Infrastructure Protection: Significant Challenges in Developing National Capabilities; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The Attorney General should task the FBI Director to require the NIPC[D] Director to develop a comprehensive written plan for establishing analysis and warning capabilities that integrates existing planning elements and includes a description of the relationship between the long-term goals and objectives and the annual performance goals; Report number and date of issuance: GAO-01-323 (April 25, 2001); Timeframes reported by DHS: DHS reports that the U.S. Computer Emergency Readiness Team (U.S. CERT) was created in September 2003 and serves as the national focal point for computer security efforts, including the analysis and reduction of cyber threats and vulnerabilities; the dissemination of cyber threat warning information; and the coordination of incident response. GAO acknowledges that U.S. CERT has been established, but that its establishment alone does not fully address the recommendation and further analysis is needed; Challenges reported by DHS: DHS indicated that it does not face any challenges in implementing actions on this recommendation. Report title: Critical Infrastructure Protection: Significant Challenges in Developing National Capabilities; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The Attorney General should task the FBI Director to require the NIPC[E] Director to develop a comprehensive written plan for establishing analysis and warning capabilities that integrates existing planning elements and includes a description of how program evaluations could be used to establish or revise strategic goals, along with a schedule for future program evaluations; Report number and date of issuance: GAO-01-323 (April 25, 2001); Timeframes reported by DHS: DHS reports that the U.S. Computer Emergency Readiness Team (U.S. CERT) was created in September 2003 and serves as the national focal point for computer security efforts, including the analysis and reduction of cyber threats and vulnerabilities; the dissemination of cyber threat warning information; and the coordination of incident response. GAO acknowledges that U.S. CERT has been established, but that its establishment alone does not fully address the recommendation and further analysis is needed; Challenges reported by DHS: DHS indicated that it does not face any challenges in implementing actions on this recommendation. Report title: Critical Infrastructure Protection: Significant Challenges in Developing National Capabilities; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The Attorney General should task the FBI Director to require the NIPC[E] Director to develop a comprehensive written plan for establishing analysis and warning capabilities that integrates existing planning elements and includes approaches (or strategies) and the various resources needed to achieve the goals and objectives; Report number and date of issuance: GAO-01-323 (April 25, 2001); Timeframes reported by DHS: DHS reports that the U.S. Computer Emergency Readiness Team (U.S. CERT) was created in September 2003 and serves as the national focal point for computer security efforts, including the analysis and reduction of cyber threats and vulnerabilities; the dissemination of cyber threat warning information; and the coordination of incident response. GAO acknowledges that U.S. CERT has been established, but that its establishment alone does not fully address the recommendation and further analysis is needed; Challenges reported by DHS: DHS indicated that it does not face any challenges in implementing actions on this recommendation. Report title: Critical Infrastructure Protection: Significant Challenges in Developing National Capabilities; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The Attorney General should task the FBI Director to require the NIPC[E] Director to develop a comprehensive written plan for establishing analysis and warning capabilities that integrates existing planning elements and includes milestones and performance measures; Report number and date of issuance: GAO-01-323 (April 25, 2001); Timeframes reported by DHS: DHS reports that the U.S. Computer Emergency Readiness Team (U.S. CERT) was created in September 2003 and serves as the national focal point for computer security efforts, including the analysis and reduction of cyber threats and vulnerabilities; the dissemination of cyber threat warning information; and the coordination of incident response. GAO acknowledges that U.S. CERT has been established, but that its establishment alone does not fully address the recommendation and further analysis is needed; Challenges reported by DHS: DHS indicated that it does not face any challenges in implementing actions on this recommendation. Report title: Critical Infrastructure Protection: Significant Challenges in Developing National Capabilities; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To ensure that NIPC[E] develops the response, investigative and crisis management capabilities required by Presidential Decision Directive (PDD) 63, the Attorney General should direct the FBI Director to direct the NIPC Director to (1) formalize relationships between NIPC and other federal entities, including DOD and the Secret Service, and private sector Information Sharing and Analysis Centers (ISAC) so that a clear understanding of what is expected from the respective organization exists, (2) develop a plan to foster the two-way exchange of information between NIPC and the ISACs, and (3) ensure that the Key Asset Initiative is integrated with other similar federal activities; Report number and date of issuance: GAO-01-323 (April 25, 2001); Timeframes reported by DHS: DHS anticipates completing the HSPD-7 mandated National Plan for Critical Infrastructure by December 2004, which DHS states it will provide clarification on roles and relationships of federal agencies with regard to critical infrastructure protection and ensure that the key asset initiative is integrated with other similar federal activities; Challenges reported by DHS: DHS indicated that it does not face any challenges in implementing actions on this recommendation. Directorate of Science and Technology[B]: Report title: The Department of Homeland Security Needs to Fully Adopt a Knowledge-Based Approach to Its Counter-MANPADS Development Program; Key recommendation[A]: Directorate of Border and Transportation Security[B]: The Secretary of Homeland Security should fully adopt the knowledge-based approach, including the use of exit criteria, to help ensure that key decisions in DHS's effort to develop and demonstrate a counter man-portable air defense systems (MANPADS) are based on sufficient information; Report number and date of issuance: GAO-04- 341R (January 30, 2004); Timeframes reported by DHS: DHS reports that implementation of this recommendation is being conducted in two phases. The first phase is scheduled to occur from January through July 2004. The second phase will take place from August 2004 to January 2006; Challenges reported by DHS: DHS notes that it faces several challenges in implementing this recommendation, including (1) ensuring the contractor meets rigorous system performance requirements, (2) integrating the defense systems into commercial aircraft, (3) obtaining Federal Aviation Administration certification, (4) ensuring that there is an appropriate maintenance plan for the program, (5) fully evaluating and testing the system, and (6) conducting appropriate lifecycle cost analysis. Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To complete and enhance Plum Island's security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, correct physical security deficiencies by addressing the specific security shortcomings identified by GAO's Office of Special Investigations; Report number and date of issuance: GAO-03-847 (September 19, 2003); Timeframes reported by DHS: DHS has addressed several components of this recommendation such as key control and enhanced security of overnight accommodations. On June 28, 2004, a DHS official informed GAO that the fire brigade is fully operational. GAO is currently working to verify this information; Challenges reported by DHS: The background checks GAO has recommended require access to the Federal Bureau of Investigation's database, and no permanent arrangement has been made that provides Plum Island Animal Disease Center (PIADC) the needed access or working relationships (and reimbursement for services) to accomplish these checks on an ongoing basis. Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To complete and enhance Plum Island's security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, enhance incident response capability by resolving the issue of the guards' authority to carry firearms and make arrests; Report number and date of issuance: GAO-03-847 (September 19, 2003); Timeframes reported by DHS: DHS will implement this recommendation by assigning responsibility to its Federal Protective Service (FPS). On June 28, 2004, a DHS official informed GAO that an initial FPS officer was placed on-site at the island. Additional personnel are to be assigned by the fall of 2004. GAO will work with DHS to verify information provided as of June 28, 2004, and to determine the continued status of this recommendation; Challenges reported by DHS: While security guards at PIADC currently carry firearms, DHS notes that they do not have the authority to make arrests. This recommendation will not be fully implemented until the guard force has the authority to make arrests. DHS reports that placing such officers on-site is a complex action involving several DHS offices and the General Services Administration. Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To complete and enhance Plum Island's security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, revise, as necessary, security and incident response plans to reflect any redefined, risks, threats, and assets; Report number and date of issuance: GAO-03-847 (September 19, 2003); Timeframes reported by DHS: The site security plan and the incident response plan have been revised to reflect redefine risks, threats, and assets. However, this plan will not be finalized until FPS is on site at PIADC. As mentioned above, On June 28, 2004, a DHS official informed GAO that an initial FPS officer was placed on-site at the island. Additional personnel are to be assigned by the fall of 2004. GAO will work with DHS to verify information provided as of June 28, 2004, and to determine the continued status of this recommendation; Challenges reported by DHS: This recommendation will not be fully implemented until such resources are on-site at PIADC. DHS reports that placing such officers on-site is a complex action involving several DHS offices and the General Services Administration. Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To complete and enhance Plum Island's security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, consult with appropriate state and local law enforcement and intelligence agencies to revisit the threats specific to PIADC; Report number and date of issuance: GAO-03-847 (September 19, 2003); Timeframes reported by DHS: None provided; Challenges reported by DHS: DHS reports that it is not facing any challenges in implementing this recommendation. Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To complete and enhance Plum Island's security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, enhance incident response capability by conducting exercises with local law enforcement to test the efficiency and effectiveness of Plum Island's response capability; Report number and date of issuance: GAO- 03-847 September 19, 2003); Timeframes reported by DHS: DHS is working to place FPS personnel on- site at the PIADC. On June 28, 2004, a DHS official informed GAO that an initial FPS officer was placed on-site at the island. Additional personnel are to be assigned by the fall of 2004. GAO will work with DHS to verify that Plum Island's response capabilities are enhanced through exercises conducted with local law enforcement; Challenges reported by DHS: This recommendation will not be fully implemented until FPS resources are on-site at PIADC. DHS reports that placing such officers on-site is a complex action involving several DHS offices and the General Services Administration. Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To complete and enhance Plum Island's security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, enhance incident response capability by developing an incident response plan that includes precise detail about what to do in the event an incident occurs that exceeds the capability of the security system, such as a terrorist attack; Report number and date of issuance: GAO- 03-847 (September 19, 2003); Timeframes reported by DHS: DHS has prepared a site security plan, including the Incident Response Plan, which can be finalized and approved when FPS arrives at PIADC. On June 28, 2004, a DHS official informed GAO that an initial FPS officer was placed on-site at the island. Additional personnel are to be assigned by the fall of 2004. GAO will work with DHS to verify that an incident response plan has been enhanced and can be implemented; Challenges reported by DHS: This recommendation will not be fully implemented until such resources are on-site at PIADC. DHS reports that placing such officers on-site is a complex action involving several DHS offices and the General Services Administration. Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To complete and enhance Plum Island's security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, enhance incident response capability by completing an agreement with local law enforcement agencies to ensure backup assistance when needed; Report number and date of issuance: GAO-03-847 (September 19, 2003); Timeframes reported by DHS: DHS is working to place FPS personnel on- site at the PIADC. On June 28, 2004, a DHS official informed GAO that an initial FPS officer was placed on-site at the island. Additional personnel are to be assigned by the fall of 2004. GAO will work with DHS to verify that agreements are in place for obtaining backup law enforcement assistance; Challenges reported by DHS: This recommendation will not be fully implemented until such resources are on-site at PIADC. DHS reports that placing such officers on-site is a complex action involving several DHS offices and the General Services Administration. Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To complete and enhance Plum Island's security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, limit access to pathogens by further developing and enforcing specific procedures, including internal control checks, to ensure that all individuals involved in laboratory activities in the biocontainment area--including students and regardless of citizenship--have been approved, in accordance with the law; Report number and date of issuance: GAO-03-847 (September 19, 2003); Timeframes reported by DHS: To partially address this recommendation, DHS has established and implemented an escort procedure within the bio- containment area. On June 28, 2004, a DHS official informed GAO that an initial FPS officer was placed on-site at the island. Additional personnel are to be assigned by the fall of 2004. GAO will work with DHS to verify that access to the laboratory bio-containment area is limited to those who have been approved for access in accordance with the law; Challenges reported by DHS: DHS escort procedures in the bio- containment area require that assigned escorts stay in continuous contact with uncleared persons. To allow access to the island by foreign visitors, DHS's Office of Security performs background checks. PIADC does not have access to the necessary databases to do the checks themselves. Once FPS is on-site at the island, access to the databases can be established and all visitor names can be checked at PIADC. DHS reports that placing such officers on-site is a complex action involving several DHS offices and the General Services Administration. Report title: Combating Bioterrorism: Actions Needed to Improve Security at Plum Island Animal Disease Center; Key recommendation[A]: Directorate of Border and Transportation Security[B]: To complete and enhance Plum Island's security arrangements, the Secretary of Homeland Security should, in consultation with the Secretary of Agriculture, enhance incident response capability by defining an adequate response time for law enforcement to respond to incidents; Report number and date of issuance: GAO-03-847 (September 19, 2003); Timeframes reported by DHS: The incident response plan can be finalized and approved when FPS is on board at PIADC and has agreed that the provisions in the draft are acceptable and sufficient for the memorandum of agreement, which DHS proposes to enter into with local law enforcement. The draft plan's actions are in effect in the interim; Challenges reported by DHS: This recommendation will not be fully implemented until FPS resources are on-site at PIADC and FPS has agreed that the provisions in the draft are acceptable and sufficient and training exercises have been completed to determine adequate response time. DHS reports that placing such officers on-site is a complex action involving several DHS offices and the General Services Administration. Management Division[B]: Report title: Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In developing its enterprise architecture, the Secretary of Homeland Security should work with the Attorney General of the United States; the Secretary of Defense; the Director, Office of Management and Budget; the Director, Central Intelligence Agency; and other appropriate federal, state, and city authorities and the private sector to ensure that the enterprise architecture efforts incorporate the existing information-sharing guidance that is contained in the various national strategies and the information-sharing procedures required by the Homeland Security Act to be established by the President; Report number and date of issuance: GAO-03-760 (August 27, 2003); Timeframes reported by DHS: According to DHS, Version 2.0 of the homeland security enterprise architecture will be completed in September 2004. DHS states that this version will feature sustained business involvement and increased state and local participation, with significant emphasis on information sharing, interoperability, and information technology integration. It will also demonstrate how stakeholders fit into the information flow that enables them to actively participate in securing the homeland; Challenges reported by DHS: None provided. Report title: Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In developing its enterprise architecture, the Secretary of Homeland Security should work with the Attorney General of the United States; the Secretary of Defense; the Director, Office of Management and Budget; the Director, Central Intelligence Agency; and other appropriate federal, state, and city authorities and the private sector to ensure that the enterprise architecture efforts establish a clearinghouse to coordinate the various information-sharing initiatives to eliminate possible confusion and duplication of effort; Report number and date of issuance: GAO-03-760 (August 27, 2003); Timeframes reported by DHS: DHS reports that the Chief Information Officer is exploring the costs and benefits associated with a Web- based application to gather information on information-sharing initiatives in a more structured manner and to simplify the data collection burden on other levels of governments. Additionally, DHS notes that it will establish a program management office responsible for crystallizing a vision, defining a comprehensive strategy, and monitoring performance toward achieving the information sharing goals of the National Homeland Security Strategy. However, DHS did not provide a timeframe for completing these efforts; Challenges reported by DHS: None provided. Report title: Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In developing its enterprise architecture, the Secretary of Homeland Security should work with the Attorney General of the United States; the Secretary of Defense; the Director, Office of Management and Budget; the Director, Central Intelligence Agency; and other appropriate federal, state, and city authorities and the private sector to ensure that the enterprise architecture efforts fully integrate states and cities in the national policy-making process for information sharing and take steps to provide greater assurance that actions at all levels of government are mutually reinforcing; Report number and date of issuance: GAO-03-760 (August 27, 2003); Timeframes reported by DHS: DHS reports that it established a state and local working group by partnering with the National Association of State Chief Information Officers and has been an active participant in the development of DHS's enterprise architecture; DHS further notes that it will coordinate its activities with the Information Sharing Program Management Office. This office will be responsible for establishing policy and utilizing the enterprise architecture to ensure compliance when information technology modernization initiatives are implemented. However, DHS did not provide a timeframe for the completion of this effort; Challenges reported by DHS: None provided. Report title: Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In developing its enterprise architecture, the Secretary of Homeland Security should work with the Attorney General of the United States; the Secretary of Defense; the Director, Office of Management and Budget; the Director, Central Intelligence Agency; and other appropriate federal, state, and city authorities and the private sector to ensure that the enterprise architecture efforts identify and address the perceived barriers to federal information sharing; Report number and date of issuance: GAO- 03-760 (August 27, 2003); Timeframes reported by DHS: DHS reports that it intends to address barriers and obstacles to information sharing in the risk management section of its Enterprise Architecture (version 2.0) and in guidance to related projects. However, DHS did not provide a timeframe for completing this action; Challenges reported by DHS: None provided. Report title: Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened; Key recommendation[A]: Directorate of Border and Transportation Security[B]: In developing its enterprise architecture, the Secretary of Homeland Security should work with the Attorney General of the United States; the Secretary of Defense; the Director, Office of Management and Budget; the Director, Central Intelligence Agency; and other appropriate federal, state, and city authorities and the private sector to ensure that the enterprise architecture efforts include the use of survey methods or related data collection approaches to determine, over time, the needs of private and public organizations for information related to homeland security and to measure progress in improving information sharing at all levels of government; Report number and date of issuance: GAO-03-760 (August 27, 2003); Timeframes reported by DHS: None provided; Challenges reported by DHS: None provided. [A] Key GAO recommendations reflect actions that must be taken either to aid in securing the nation's homeland or to swiftly and appropriately respond to future terrorist attacks. [B] GAO reports issued prior to March 1, 2003, were directed to legacy agencies that are now part of this directorate/division. [C] GAO also recommended that the Secretary of Homeland Security, establish and charter an executive body to guide and direct the US Visit Program, which DHS completed. For the full recommendation related to this executive body, see enclosure II. [D] Upon transfer of the NIPC from the Department of Justice to DHS, DHS became responsible for implementation of this recommendation. [End of table] [End of section] Enclosure IV: Comments from the Department of Homeland Security: [See PDF for image] [End of figure] [End of section] FOOTNOTES [1] See U.S. General Accounting Office, Homeland Security: Selected Recommendations from Congressionally Chartered Commissions and GAO, GAO-04-591 (Washington, D.C.: Mar. 31, 2004). [2] P.L. 107-296 (Nov. 25, 2002). [3] We believe that the implementation of these recommendations is key to the agency's ability to effectively fulfill its homeland security mission. [4] Since March 1, 2003, we have and will continue to issue recommendations, many of which are key to DHS's ability to effectively fulfill its homeland security mission. For example, in May 2004, we issued Overstay Tracking: A Key Component of Homeland Security and a Layered Defense that cites recommendations that are relevant to the evaluation of DHS's new U.S. Visitor and Immigrant Status Indicator Technology program, see GAO-04-82, May 21, 2004. This report and its recommendations as well as others like it are not included in the results of our review since they are outside the scope of our work. [5] In commenting on our reports, which contained the other 8 recommendations, DHS generally indicated concurrence with the recommendations. [6] This plan addresses the recommendations contained in our report, Critical Infrastructure Protection: Significant Challenges in Developing National Capabilities, GAO-01-323, (Washington, D.C.: Apr. 25, 2001).