Chief Information Officer Open Recommendations: Department of Education

What GAO Found

In September 2025, GAO identified 30 open recommendations under the purview of the Department of Education's (Education) Chief Information Officer (CIO), from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management. In addition, GAO has designated one of the 30 as a priority recommendation.

For example, GAO previously recommended that the Office of Federal Student Aid update its cost estimation guidance for its acquisition programs to incorporate the best practices called for in the GAO Cost Estimating and Assessment Guide. Further, GAO recommended that Education develop policies and procedures to gain assurance that Federal Family Education Loan lenders have appropriate security and privacy controls in place, and that these controls are regularly tested and monitored.

GAO also previously recommended that the department fully implement all event logging requirements as directed by the Office of Management and Budget. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the department.

Why GAO Did This Study

CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others.

For more information, contact Nick Marinos at marinosn@gao.gov.