Chief Information Officer Open Recommendations: Department of Labor

What GAO Found

In September 2025, GAO identified nine open recommendations under the purview of the Department of Labor (DOL) Chief Information Officer (CIO) from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management.

For example, GAO previously recommended that DOL update its policies to require the use of risk assessments to inform its security control tailoring process for its information systems, and to prioritize its plan of action and milestones. Further, GAO recommended that DOL fully implement event logging requirements per federal guidance.

GAO also recommended that DOL complete annual reviews of its IT portfolio consistent with federal requirements. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the department.

Why GAO Did This Study

CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others.

For more information, contact Nick Marinos at marinosn@gao.gov.