Transportation Security Acquisition Reform Act:

TSA Generally Addressed Requirements, but Could Improve Reporting on Security-Related Technology

GAO-19-96: Published: Jan 17, 2019. Publicly Released: Jan 17, 2019.

Additional Materials:

Contact:

William Russell
(202) 512-8777
russellw@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Security technologies—such as body scanners and explosives detection systems—are a crucial and often expensive part of TSA's work.

To help ensure that TSA's technology purchases are strategic and efficient, Congress required TSA to justify technology acquisitions costing more than $30 million at least 30 days before awarding a contract.

This particular requirement stems from a 2014 law, but TSA did not submit its first justifications under the law until August 2018. While we found that TSA has generally been consistent with the law's requirements, we also recommended that TSA revise its policies to report more frequently under the law.

 

Picture of airport passengers going through TSA security screening.

Picture of airport passengers going through TSA security screening.

Additional Materials:

Contact:

William Russell
(202) 512-8777
russellw@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

Since 2016, the Transportation Security Administration (TSA) generally addressed Transportation Security Acquisition Reform Act (TSARA) requirements through its policies and procedures for acquisition justifications, baseline requirements, and management of inventory. TSA also, among other actions, submitted a technology investment plan and annual small-business contracting goals reports to Congress as required.

Since December 2014, TSA reported limited security-related technology (SRT) acquisitions to Congress under TSARA, submitting its first report in August 2018. TSARA contains a report and certification provision pursuant to which TSA is to submit information to Congress 30 days prior to the award of a contract for an SRT acquisition exceeding $30 million. Through July 2018, TSA obligated about $1.4 billion on SRT and associated services. TSA officials explained that none of these obligations—including 7 SRT orders, each in excess of $30 million—invoked the report and certification provision because the obligations did not align with TSA's implementation policy, which provides that the $30 million threshold relates to the contract ceiling of the initial SRT contract and not to individual task and delivery orders. Revising TSA's policy to include contracts for services that enhance the capabilities of SRT, including any orders for SRT and associated services in excess of $30 million, would better ensure that Congress has the information it needs to effectively oversee TSA's SRT acquisitions.

TSA has not effectively communicated internally its implementation decisions for what constitutes an SRT under TSARA. TSA officials described to GAO that SRT must be equipment that is public facing, but TSA's policy does not clearly state the parameters of what is considered an SRT. Without clear guidance, TSA staff may be unaware of these parameters and how they apply to future acquisitions under TSARA. For example, TSA acquisition program staff were initially unable to confirm for GAO whether the technologies TSA had acquired were SRTs and thus subject to TSARA. Updating TSA policy to include detailed parameters for what constitutes an SRT would better ensure consistency in applying the act.

Examples of Security-Related Technology

Examples of Security-Related Technology

Why GAO Did This Study

Enacted in December 2014, TSARA introduced legislative reforms to promote greater transparency and accountability in TSA's SRT acquisitions.

TSARA contains a provision that GAO submit two reports to Congress on TSA's progress in implementing TSARA. In February 2016, GAO issued the first report that found TSA had taken actions to address TSARA.

This second report examines TSA's (1) progress in addressing TSARA requirements since 2016, (2) reporting to Congress on SRT acquisitions, and (3) internal communication of its implementation decisions. GAO examined TSARA and TSA documents and guidance; analyzed TSA contract data and reports from TSARA's enactment in December 2014 through July 2018 and September 2018, respectively; and interviewed DHS and TSA officials on actions taken to implement TSARA. GAO also conducted interviews with TSA officials on parameters for reporting on SRT acquisitions.

What GAO Recommends

GAO recommends that TSA revise its policies for the report and certification provision of TSARA to include reporting on task and delivery orders and services associated with SRT, and clarify in policy what constitutes an SRT under TSARA. DHS generally concurred with the recommendations and described steps it plans to take to implement them.

For more information, contact William Russell at (202) 512-8777 or russellw@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The TSA Administrator should revise TSA's policy to require that TSA also submit information under TSARA's report and certification provision prior to the award of contracts and blanket purchase agreements for services associated with the operation of security-related technology, such as maintenance and engineering services, that exceed $30 million. (Recommendation 1)

    Agency Affected: Department of Homeland Security: Transportation Security Administration

  2. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The TSA Administrator should revise TSA's policy to require that TSA also submit information under TSARA's report and certification provision prior to the issuance of individual task and delivery orders for security-related technology acquisitions that exceed $30 million. (Recommendation 2)

    Agency Affected: Department of Homeland Security: Transportation Security Administration

  3. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The TSA Administrator should clarify and document what constitutes an SRT under TSARA as part of the planned update of TSA's TSARA implementation policy. (Recommendation 3)

    Agency Affected: Department of Homeland Security: Transportation Security Administration

 

Explore the full database of GAO's Open Recommendations »

Jul 1, 2019

Jun 25, 2019

Jun 12, 2019

May 6, 2019

Apr 15, 2019

Apr 4, 2019

Mar 26, 2019

Mar 11, 2019

Mar 7, 2019

Jan 31, 2019

Looking for more? Browse all our products here