Fast Facts

The Department of Homeland Security invests billions of dollars each year in major acquisition programs to assist in executing its many critical missions. We’ve previously found that DHS agencies had acquisition programs that did not meet requirements. Sometimes operational requirements were poorly defined, increasing the risk of not meeting the needs of end users in the field, such as emergency responders.

We looked at seven DHS agencies and found that some meet GAO-identified best practices for defining operational requirements and others do not.

We made 25 recommendations to DHS to improve its agencies’ methods for developing requirements.

The Department of Homeland Security invests billions in major acquisitions, such as equipment for the Transportation Security Administration’s Passenger Screening Program

Photo of people at an airport going through a metal detector and other screening equipment

Photo of people at an airport going through a metal detector and other screening equipment

Skip to Highlights
Highlights

What GAO Found

GAO has identified several best practices to ensure that operational requirements for acquisitions are well-defined and found some Department of Homeland Security's (DHS) components met them while others did not. These practices include a formal policy for developing requirements, an independent requirements organization, and an understanding of workforce needs and training. The table below shows GAO's assessment of seven of DHS's components against these practices.

GAO Assessment of Selected DHS Components Requirements Infrastructure

 

Policy

Independent organization

Workforce assessment

Training

Customs and Border Protection

Federal Emergency Management Agency

Immigration and Customs Enforcement

National Protection and Programs Directorate

Transportation Security Administration

U.S. Coast Guard

U.S. Citizenship and Immigration Services

Key: ● Practice is present ◒ Practice is in development or needs updating ○ Practice is not present

Source: GAO assessment of Department of Homeland Security (DHS) data. | GAO-18-550

Establishing a formal policy to guide the process is critical to developing well-defined requirements. However, only the Coast Guard has an approved policy for requirements development among the seven components reviewed. Without well-defined requirements, components are at risk of acquiring capabilities that will not meet mission needs. DHS officials told GAO that components have generally prioritized obtaining funding and starting programs over developing requirements.

Three components have a requirements development organization, separating requirements from acquisition in addressing capability gaps. Officials from components without such organizations told GAO that they have fewer major acquisitions and rely on DHS to assist in requirements development. DHS policy and best practices, however, maintain the importance of this separation regardless of the number of major acquisitions to guard against possible bias by acquisition officials toward a specific materiel solution.

Two components have assessed requirements development workforce needs, but both need to be updated; and one component has provided requirements development training and certification. Other component officials told GAO that they lack the resources necessary to take these steps. Best practices indicate that without an appropriately sized and trained workforce, components remain at risk of acquiring capabilities that fail to meet end user needs.

Why GAO Did This Study

GAO has previously found that DHS's components had acquisition programs that did not meet requirements and that those requirements were, in some cases, poorly defined. Poorly defined requirements increase the risk that acquisitions will not meet the needs of users in the field—for example, border patrol agents or emergency responders.

GAO was asked to examine DHS components' practices for developing requirements. This report addresses the policies, organizations, and workforce that selected DHS components use to develop requirements for their acquisition programs.

GAO selected seven DHS components with significant acquisition programs and a non-generalizable sample of programs—based on cost, component, and acquisition phase—as case studies. GAO analyzed policies and program documentation; and interviewed DHS and component officials, as well as end users of DHS programs. GAO compared components' practices to industry best practices and federal internal control standards.

Skip to Recommendations

Recommendations

GAO is making 25 recommendations, including to individual components to establish policies and independent organizations for requirements development, assess workforce needs, and establish training and certifications. DHS concurred with all the recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Homeland Security 1. The Secretary of DHS should ensure that the Commissioner of Customs and Border Protection through the Executive Assistant Commissioner for Operations Support finalizes and promulgates the Customs and Border Protection's draft policy for requirements development. (Recommendation 1)
Closed - Implemented
DHS concurred with this recommendation. Customs and Border Protection issued its requirements development directive in December 2019.
Department of Homeland Security 2. The Secretary of DHS should ensure that the Commissioner of Customs and Border Protection through the Executive Assistant Commissioner for Operations Support updates the 2013 workforce assessment to account for the independent requirements organization's current workforce needs. (Recommendation 2)
Open
DHS concurred with this recommendation. Customs and Border Protection provided an estimated completion date for their workforce assessment of September 30, 2020.
Department of Homeland Security 3. The Secretary of DHS should ensure that the Commissioner of Customs and Border Protection through the Executive Assistant Commissioner for Operations Support establishes component specific training for requirements development. (Recommendation 3)
Closed - Implemented
DHS concurred with this recommendation. As of August 2018, Customs and Border Protection has created its own requirements development training and started delivery of the courses to its workforce.
Department of Homeland Security 4. The Secretary of DHS should ensure that the Administrator of the Federal Emergency Management Agency establishes a policy for requirements development. (Recommendation 4)
Open
DHS concurred with this recommendation. The Federal Emergency Management Agency plans to establish a policy for requirements development by September 30, 2020, about one year after it completes changes to its governance processes.
Department of Homeland Security 5. The Secretary of DHS should ensure that the Administrator of the Federal Emergency Management Agency establishes an independent requirements development organization within the Federal Emergency Management Agency. (Recommendation 5)
Closed - Implemented
DHS concurred with this recommendation. The Federal Emergency Management Agency contracted with a Federally Funded Research and Development Center, an independent organization, in November 2018 to provide analytic support to develop requirements specifications and documentation.
Department of Homeland Security 6. The Secretary of DHS should ensure that the Administrator of the Federal Emergency Management Agency updates the 2016 workforce assessment to account for an independent requirements organization's workforce needs. (Recommendation 6)
Closed - Implemented
In August 2018, GAO issued a report that examined the operational requirements development practices of seven of the Department of Homeland Security's (DHS) components. We recommended that the Secretary of DHS should ensure that the Administrator of the Federal Emergency Management Agency update the 2016 workforce assessment to account for an independent requirements organization's workforce needs. DHS concurred with our recommendation. The Federal Emergency Management Agency through the Homeland Security Operational Analysis Center completed a workforce needs assessment for an independent requirements organization in July 2020. With such an assessment, the Federal Emergency Management Agency can establish the workforce needed for requirements development, properly mitigate capability gaps, and meet mission and end user needs.
Department of Homeland Security 7. The Secretary of DHS should ensure that the Administrator of the Federal Emergency Management Agency establishes component specific training for requirements development. (Recommendation 7)
Closed - Implemented
DHS concurred with this recommendation. As of November 2018, the Federal Emergency Management Agency has offered its own training for requirements development.
Department of Homeland Security 8. The Secretary of DHS should ensure that the Director of Immigration and Customs Enforcement establishes a policy for requirements development. (Recommendation 8)
Closed - Implemented
DHS concurred with this recommendation. In August 2020, Immigration and Customs Enforcement issued the Operational Requirements Development and Governance directive to implement the recommendation.
Department of Homeland Security 9. The Secretary of DHS should ensure that the Director of Immigration and Customs Enforcement establishes the planned independent requirements development organization within Immigration and Customs Enforcement. (Recommendation 9)
Closed - Implemented
DHS concurred with this recommendation. Immigration and Customs Enforcement established an independent requirements development organization within the Office of Policy and Planning in September 2020.
Department of Homeland Security 10. The Secretary of DHS should ensure that the Director of Immigration and Customs Enforcement conducts a workforce assessment to account for an independent requirements organization's workforce needs. (Recommendation 10)
Closed - Implemented
DHS concurred with this recommendation. Immigration and Customs Enforcement completed a workforce assessment to account for the needs of an independent requirements organization in February 2021.
Department of Homeland Security 11. The Secretary of DHS should ensure that the Director of Immigration and Customs Enforcement establishes component specific training for requirements development. (Recommendation 11)
Open
DHS concurred with this recommendation but has not yet taken action to implement it as of August 2020.
Department of Homeland Security 12. The Secretary of DHS should ensure that the Under Secretary of Homeland Security for the National Protection and Programs Directorate finalizes and promulgates the National Protection and Programs Directorate's draft policy for requirements development. (Recommendation 12)
Open
The National Protection and Programs Directorate changed its name to the Cybersecurity and Infrastructure Security Agency in January 2018. DHS concurred with this recommendation. The Cybersecurity and Infrastructure Security Agency estimates that it will have a final policy by September 30, 2020.
Department of Homeland Security 13. The Secretary of DHS should ensure that the Under Secretary of Homeland Security for the National Protection and Programs Directorate establishes the planned independent requirements development organization within the National Protection and Programs Directorate. (Recommendation 13)
Open
DHS concurred with this recommendation. In January 2018, the National Protection and Programs Directorate changed its name to the Cybersecurity and Infrastructure Security Agency. The Cybersecurity and Infrastructure Security Agency estimates that it will establish an independent requirements organization by September 30, 2020.
Department of Homeland Security 14. The Secretary of DHS should ensure that the Under Secretary of Homeland Security for the National Protection and Programs Directorate conducts a workforce assessment to account for an independent requirements organization's workforce needs. (Recommendation 14)
Open
DHS concurred with this recommendation. In January 2018, the National Protection and Programs Directorate changed its name to the Cybersecurity and Infrastructure Security Agency. The Cybersecurity and Infrastructure Security Agency estimates it will complete an assessment to account for an independent requirements organization's workforce needs by September 30, 2020.
Department of Homeland Security 15. The Secretary of DHS should ensure that the Under Secretary of Homeland Security for the National Protection and Programs Directorate establishes component specific training for requirements development. (Recommendation 15)
Closed - Implemented
DHS concurred with this recommendation. In January 2018, the National Protection and Programs Directorate changed its name to the Cybersecurity and Infrastructure Security Agency. As of August 2019, the Cybersecurity and Infrastructure Security Agency has offered its own training for requirements development.
Department of Homeland Security 16. The Secretary of DHS should ensure that the Administrator of the Transportation Security Administration through the Executive Assistant Administrator of Operations Support finalizes and promulgates the Transportation Security Administration's draft policy for requirements development. (Recommendation 16)
Closed - Implemented
DHS concurred with this recommendation. In September 2019, the Transportation Security Administration issued documented guidance on requirements development to implement the recommendation.
Department of Homeland Security 17. The Secretary of DHS should ensure that the Administrator of the Transportation Security Administration through the Executive Assistant Administrator of Operations Support conducts a workforce assessment to account for an independent requirements organization's workforce needs. (Recommendation 17)
Closed - Implemented
DHS concurred with this recommendation. The Transportation Security Administration completed a workforce needs assessment for its independent requirements organization in April 2020.
Department of Homeland Security 18. The Secretary of DHS should ensure that the Administrator of the Transportation Security Administration through the Executive Assistant Administrator of Operations Support establishes component specific training for requirements development. (Recommendation 18)
Closed - Implemented
DHS concurred with this recommendation. As of July 2019, the Transportation Security Administration has offered its own training for requirements development.
Department of Homeland Security 19. The Secretary of DHS should ensure that the Commandant of the U.S. Coast Guard through the Assistant Commandant for Capability conducts a workforce assessment of the U.S. Coast Guard's capabilities directorate. (Recommendation 19)
Closed - Implemented
DHS concurred with this recommendation. The U.S. Coast Guard completed a requirements workforce assessment of the capabilities directorate in November 2019.
Department of Homeland Security 20. The Secretary of DHS should ensure that the Director of the U.S. Citizenship and Immigration Services finalizes and promulgates the U.S. Citizenship and Immigration Services's draft policy for requirements development. (Recommendation 20)
Closed - Implemented
DHS concurred with this recommendation. On May 29, 2019, the U.S. Citizenship and Immigration Services issued a management directive, MD 107-001, that established a policy for requirements development.
Department of Homeland Security 21. The Secretary of DHS should ensure that the Director of the U.S. Citizenship and Immigration Services establishes the planned independent requirements development organization within U.S. Citizenship and Immigration Services. (Recommendation 21)
Open
DHS concurred with this recommendation. The U.S. Citizenship and Immigration Services estimates that it will establish an independent requirements development organization by September 30, 2020.
Department of Homeland Security 22. The Secretary of DHS should ensure that the Director of the U.S. Citizenship and Immigration Services conducts a workforce assessment to account for an independent requirements organization's workforce needs. (Recommendation 22)
Closed - Implemented
DHS concurred with this recommendation. U.S. Citizenship and Immigration Services completed a workforce needs assessment for an independent requirements organization in December 2019.
Department of Homeland Security 23. The Secretary of DHS should ensure that the Director of the U.S. Citizenship and Immigration Services establishes component specific training for requirements development. (Recommendation 23)
Closed - Implemented
DHS concurred with this recommendation. As of December 2019, U.S. Citizenship and Immigration Services has created its own requirements development training and started delivery of the courses to its workforce.
Department of Homeland Security 24. The Secretary of DHS should ensure that the Joint Requirements Council collaborate with components on their requirements development policies and, in partnership with the Under Secretary for Management, provide oversight to promote consistency across the components. (Recommendation 24)
Closed - Implemented
DHS concurred with this recommendation. In April 2020, DHS issued a policy directive that, among other actions, requires components' requirements development policies to be consistent with agency-level policy. In addition, components' policies must be shared with the Joint Requirements Council to further ensure alignment with DHS requirements development policy.
Department of Homeland Security 25. The Secretary of DHS should ensure that training for requirements development is consistent by establishing training and certification standards for DHS and the components' requirements development workforces. (Recommendation 25)
Closed - Implemented
DHS concurred with this recommendation. In May 2019, DHS established training standards for the requirements development workforce.

Full Report

GAO Contacts