Skip to main content

Chief Information Officer Open Recommendations: Department of the Treasury

GAO-25-108541 Published: Aug 21, 2025. Publicly Released: Aug 28, 2025.
Jump To:
Skip to Highlights

Highlights

What GAO Found

In August 2025, GAO identified 21 open recommendations under the purview of the Department of the Treasury's Chief Information Officer (CIO), including one that is relevant to a component-level CIO, from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management. In addition, GAO has designated one of the 21 as a priority recommendation.

For example, GAO previously recommended that Treasury take additional steps to fully implement federal cloud security requirements. Further, GAO recommended that Treasury fully address key practices for the implementation of a cybersecurity workforce action plan.

GAO also previously recommended that the department ensure IT portfolio management is completed consistent with federal requirements. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the department.

Why GAO Did This Study

CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others.

For more information, contact Nick Marinos at marinosn@gao.gov.

Full Report

GAO Contacts

Nick Marinos
Managing Director
Information Technology and Cybersecurity

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

Chief information officersCybersecurityLabor forceIT acquisitionsInformation technologyContinuous monitoringBest practicesInformation securityFederal agenciesPrivacy