Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

    As of July 21, 2018, GAO has issued 1,579 products with 4,873 open recommendations.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Federal Agency: "Department of Homeland Security"

    156 publications with a total of 366 open recommendations including 18 priority recommendations
    Director: Timothy J. DiNapoli
    Phone: (202) 512-4841

    4 open recommendations
    Recommendation: The Secretary of the Homeland Security should: assess why reverse auctions that are conducted using existing contract vehicles have only one bidder at higher rates than reverse auctions conducted on the open market; determine what factors indicate that conducting reverse auctions is appropriate when using existing contract vehicles; and provide this information to contracting officials so that they can consider it when developing their acquisition strategies.(Recommendation 8)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should: document and provide information to contracting officials that describes available reverse auction providers and platforms, and any associated fee structures; and provide guidance, as appropriate, to contracting officials to ensure that they compare the options that are available to them when considering whether to use reverse auctions. (Recommendation 9)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should determine if it would be advantageous for the agency to enter into contracts with third-party reverse auction providers. (Recommendation 10)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should obtain timely information on how much the agency is paying for reverse auction services. (Recommendation 11)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: William Russell
    Phone: (202) 512-6360

    1 open recommendations
    Recommendation: The Administrator of TSA should instruct the Office of Global Strategies to improve TSA's ability to identify all public charter operations requiring inspection in Cuba and develop and implement a tool that corroborates and validates flight schedule data to more reliably track air carriers' public charter operations between the United States and Cuba. (Recommendation 1)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: The Commissioner of CBP should ensure that its operational components systematically collect and analyze data on departing law enforcement officers and use this information to inform retention efforts. (Recommendation 1)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretary of DHS should take steps to develop and document a plan that fully addresses best practices with regards to reduction of backlogged FOIA requests. (Recommendation 4)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    2 open recommendations
    Recommendation: The Secretary of Homeland Security should conduct a baseline assessment of the department's cybersecurity workforce that includes (1) the percentage of personnel with IT, cybersecurity, or other cyber-related job functions who hold certifications; (2) the level of preparedness of other cyber personnel without existing credentials to take certification exams; and (3) a strategy for mitigating any gaps identified with appropriate training and certification for existing personnel. (Recommendation 7)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should submit a report of the department's baseline assessment of its existing cybersecurity workforce to the appropriate congressional committees of jurisdiction. (Recommendation 8)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: The Administrator of FEMA should evaluate why regions are not completing the Regional Administrator's Validation and Recommendations for each element of the current IA regulatory factors and take corrective steps, if necessary.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Diana Maurer
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To help ensure that the agency's existing directive on policy revisions is followed, the Director should require in policy and practice that the directives control point be notified when the Office of the Chief Counsel provides advice to offices that is likely to result in policy changes. (Recommendation 2)

    Agency: Department of Homeland Security: United States Secret Service
    Status: Open

    Comments: We found that the Secret Service ceased to adhere to its longstanding reimbursement policy and overpaid campaign committees for special agents' seats on charter flights. In addition, we found that this change was not fully reviewed or vetted as required by the agency's directive on policy revisions. To help ensure that these changes are reviewed or vetted in the future, we recommended that the Director of the Secret Service require in policy and practice that the directives control point be notified when the Office of the Chief Counsel provides advice to offices that is likely to result in policy changes. As of July 2018, Secret Service has developed a policy calling for the Office of the Chief Counsel to notify the Office of Strategic Planning and Policy's directives control point in circumstances in which legal advice or opinion that is likely to result in policy changes is provided. While this action partially addresses our recommendation, it remains open as we monitor the Secret Service's implementation of this policy in practice.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: The Under Secretary for Management should update DHS's acquisition management policy to require components to submit a certification of funds memorandum when a major acquisition program re-baselines in response to a breach. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Under Secretary for Management should require the Office of Program Accountability and Risk Management to assess the results of major acquisition programs' post-implementation reviews and identify opportunities to improve performance across the acquisition portfolio. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Administrator of FEMA should work with regional emergency communications coordination working group members to reach consensus on and implement an ongoing mechanism to encourage nationwide collaboration across these groups, considering the costs of one or more suitable methods, such as a national-level working group that uses virtual or other means of coordination, as appropriate. (Recommendation 1)

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Marie A. Mak
    Phone: (202) 515-4841

    3 open recommendations
    Recommendation: The Secretary of Homeland Security should work with Congress to add information to its annual congressional budget justification to show O&S funding requests for major acquisition programs within current program/project activity accounts. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Secretary of Homeland Security should work with Congress to include O&S data in monthly execution reports at a major acquisition program level within current program/project activity accounts. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The DHS Chief Financial Officer should reverse the exclusion of O&S funding at a major acquisition program level in its Future Years Homeland Security Program report for all components. (Recommendation 3)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Cindy Brown Barnes
    Phone: (202) 512-7215

    7 open recommendations
    Recommendation: To ensure that all eligible Coast Guard servicemembers are provided the opportunity to complete the Transition Assistance Program (TAP), the Commandant of the Coast Guard should issue an updated Commandant Instruction that establishes policies and procedures to improve the reliability and completeness of TAP data by including when and by whom data should be recorded and updated. (Recommendation 1)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Department of Homeland Security agreed with our recommendation and reported that a Commandant Instruction had been drafted, which will include a policy on the duties and requirements for recording TAP data. The Commandant Instruction is anticipated to be issued by October 31, 2018. We will consider this recommendation closed when the Commandant Instruction is officially issued.
    Recommendation: To ensure that all eligible Coast Guard servicemembers are provided the opportunity to complete the Transition Assistance Program (TAP), the Commandant of the Coast Guard should establish a formal performance goal with a measurable target for participation rates in VOW Act-mandated portions of TAP. (Recommendation 2)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with our recommendation and reported that the Coast Guard, Department of Defense (DOD), and other partners collaborated to identify measurable and specific performance goals that are compliant with VOW requirements. In addition, the these goals will be measured using the DOD's TAP-IT Enterprise tracking system once it becomes fully functional to the Coast Guard by October 31, 2018. We will close this recommendation when DHS provides documentation of its measures and goals.
    Recommendation: To ensure that all eligible Coast Guard servicemembers are provided the opportunity to complete the Transition Assistance Program (TAP), the Commandant of the Coast Guard should monitor the extent to which Coast Guard servicemembers participate in TAP within prescribed time frames. (Recommendation 3)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Department of Homeland Security agreed with our recommendation and reported the Coast Guard expects to fully transition to DOD's TAP-IT Enterprise System by October 31, 2018. Once the transition has been completed, the agency anticipates Coast Guard will be able to track member attendance for all TAP components and monitor servicemember participation within the prescribed timeframes. We will consider this recommendation closed when the Coast Guard provides documentation of its ability to monitor TAP participation for servicemembers who are within 90 days of separation.
    Recommendation: To ensure that all eligible Coast Guard servicemembers are provided the opportunity to complete the Transition Assistance Program (TAP), the Commandant of the Coast Guard should monitor the extent to which Coast Guard servicemembers who elect to participate in additional 2-day classes are afforded the opportunity to attend. (Recommendation 4)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Department of Homeland Security agreed with our recommendation and reported the Coast Guard expects to fully transition to DOD's TAP-IT Enterprise System by October 31, 2018. Once the transition has been completed, the agency anticipates the Coast Guard will be able to track member attendance for all TAP components. We will consider this recommendation closed when the Coast Guard provides documentation of its ability to monitor TAP participation in the additional 2-day classes.
    Recommendation: To ensure that all eligible Coast Guard servicemembers are provided the opportunity to complete the Transition Assistance Program (TAP), the Commandant of the Coast Guard should issue an updated Commandant Instruction that defines the roles and responsibilities of the personnel who administer the program and ensure servicemembers' participation. (Recommendation 5)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Department of Homeland Security agreed with our recommendation and reported that a Commandant Instruction has been drafted, which will identify the duties of personnel who administer TAP. The Commandant Instruction is anticipated to be issued by October 31, 2018. We will consider this recommendation closed when the Commandant Instruction is officially issued.
    Recommendation: To ensure that all eligible Coast Guard servicemembers are provided the opportunity to complete the Transition Assistance Program (TAP), the Commandant of the Coast Guard should, once reliable data are available by installation or unit, enable unit commanders and the higher-level commanders to whom they report to access TAP performance information specifically for the units they oversee so that they can monitor compliance with all TAP requirements. (Recommendation 6)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Department of Homeland Security agreed with our recommendation and reported the Coast Guard expects to fully transition to DOD's TAP-IT Enterprise System by October 31, 2018, which is expected to facilitate tracking of servicemember attendance within all TAP components. The agency also stated that following the transition and release of the new Commandant Instruction, Commanding Officers will be able to monitor their compliance with TAP performance and requirements. Both these efforts are expected to be completed by October 31, 2018. We will consider this recommendation closed when the Commandant Instruction has been issued and documentation is provided of the ability to track performance information by unit.
    Recommendation: To ensure that all eligible Coast Guard servicemembers are provided the opportunity to complete the Transition Assistance Program (TAP), the Commandant of the Coast Guard should, once reliable data are available, share TAP information with DOD and other interagency partners, such as data on participation in required TAP courses and additional 2-day classes. (Recommendation 7)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: The Department of Homeland Security agreed with our recommendation and reported the Coast Guard expects to fully transition to DOD's TAP-IT Enterprise System by October 31, 2018. Following the transition, officials anticipate they will be able to share data and statistics with TAP's interagency partners. We will consider this recommendation closed when documentation is provided that TAP data are provided to interagency partners.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    Recommendation: The Director of ICE should take steps to document and implement its review process to ensure accuracy in its budget documents.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of ICE should take steps to assess ICE's adult bed rate methodology to determine the most appropriate way to project the adult bed rate, including any inflation rates used.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of ICE should take steps to update ICE's adult bed rate methodology by incorporating necessary changes based on its assessment, and ensure the use of appropriate inflation rates and the removal of family beds from all calculations.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of ICE should take steps to determine the most appropriate way to project the ADP for use in the congressional budget justification and document the methodology and rationale behind its ADP projection. As part of that determination, ICE should consider the extent to which a statistical model could be used to accurately forecast ADP.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of ICE should take steps to ensure that ICE's budget estimating process more fully addresses cost estimating best practices.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: The Commissioner of U.S. Customs and Border Protection (CBP) should, in consultation with the Executive Director of CBP's Laboratories and Scientific Services Directorate (LSSD) and the Laboratory Directors, assess volume and risk at each port of entry to determine those with the greatest need for resources, use this information as a basis for staff allocations, and document its risk-based, staff allocation process to ensure that CBP and LSSD priorities can be accomplished as effectively and efficiently as possible. (Recommendation 1)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In its written comments to our report, dated March 5, 2018, DHS stated that CBP plans to establish a working group to assess LSSD risk and resource allocations, analyze and assess its current program to support analysis and triage of suspected chemical parcels and determine whether the program can be expanded for 24/7 operations. The Department indicated that CBP plans to then finalize and implement any necessary changes to policies and procedures by the end of fiscal year 2018.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: The Director of ICE should ensure that trainings provided by VSP agents to consular officers are developed and implemented with required frequency and content. (Recommendation 1)

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: ICE concurred with this recommendation and said it would take steps to implement it. When we confirm what actions ICE has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of ICE should develop and implement outcome-based performance measures to evaluate the effectiveness of the VSP and assess whether the program is achieving its objectives. (Recommendation 2)

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: ICE concurred with this recommendation and said it would take steps to implement it. When we confirm what actions ICE has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of ICE should incorporate PATRIOT data into the VSP's site selection process for the posts it is considering for expansion. (Recommendation 3)

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: ICE concurred with this recommendation and said it would take steps to implement it. When we confirm what actions ICE has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Director of ICE should incorporate remote models of VSP operations in the program's site selection process. (Recommendation 4)

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: ICE concurred with this recommendation and said it would take steps to implement it. When we confirm what actions ICE has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: The CBP Commissioner should develop and implement an evaluation plan to be used to assess the overall performance of the RSP and DAP, which could include, among other things, measurable objectives, performance criteria, evaluation methodologies, and data collection plans to inform future program decisions. (Recommendation 1)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: DHS concurred with this recommendation and stated it would take steps to implement it. When we confirm what actions DHS has taken in response to this recommendation, we will provide updated information.
    Director: Kimberly Gianopoulos
    Phone: (202) 512-8612

    1 open recommendations
    Recommendation: The Secretary of Homeland Security should ensure that the Commissioner of CBP, in collaboration with partner agencies, finalizes an interagency approach to the post-core management of ACE that includes (1) processes for prioritizing enhancements to ACE and for sharing ACE operations and maintenance and development costs, including the costs of suggested enhancements among partner agencies that may benefit, and (2) time frames for implementing such processes. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Nick Marinos
    Phone: (202) 512-9342

    1 open recommendations
    Recommendation: The Secretary of Homeland Security, in cooperation with the co-SSAs as necessary, should take steps to consult with respective sector partner(s), such as the SCC, and NIST, as appropriate, to develop methods for determining the level and type of framework adoption by entities across their respective sectors. (Recommendation 7)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    6 open recommendations
    including 2 priority recommendations
    Recommendation: The Secretary of Homeland Security should develop procedures on how to identify and code vacant cybersecurity positions. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with the recommendation but has not yet provided sufficient evidence that it has implemented the recommendation. We will continue to monitor the situation.
    Recommendation: The Secretary of Homeland Security should identify the individual in each component who is responsible for leading that component's efforts in identifying and coding cybersecurity positions. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with the recommendation but has not yet provided sufficient evidence that it has implemented the recommendation. We will continue to monitor the situation.
    Recommendation: The Secretary of Homeland Security should establish and implement a process to periodically review each component's procedures for identifying component cybersecurity positions and maintaining accurate coding. (Recommendation 3)

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with the recommendation but has not yet provided sufficient evidence that it has implemented the recommendation. We will continue to monitor the situation.
    Recommendation: The Secretary of Homeland Security should ensure the DHS Office of Chief Human Capital Officer collects complete and accurate data from its components on all filled and vacant cybersecurity positions when it conducts its cybersecurity identification and coding efforts. (Recommendation 4)

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: DHS agreed with this priority recommendation. By June 29, 2018, DHS plans to issue memorandums to its components that include instructions, guidance, and plans to address this recommendation by periodically reviewing compliance and cybersecurity workforce data concerns with component leads to ensure data accuracy. If implemented, DHS's planned actions would fully address this recommendation.
    Recommendation: The Secretary of Homeland Security should develop guidance to assist DHS components in identifying their cybersecurity work categories and specialty areas of critical need that align to the National Initiative for Cybersecurity Education framework. (Recommendation 5)

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: DHS agreed with this priority recommendation. By June 29, 2018, DHS plans to issue memorandums to its components that include instructions, guidance, and plans to address this recommendation by disseminating a reporting schedule for identifying cybersecurity critical needs. If implemented, DHS's planned actions would fully address this recommendation.
    Recommendation: The Secretary of Homeland Security should develop plans with time frames to identify priority actions to report on specialty areas of critical need. (Recommendation 6)

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with the recommendation but has not yet provided sufficient evidence that it has implemented the recommendation. We will continue to monitor the situation.
    Director: Kimberly Gianopoulos
    Phone: (202) 512-8612

    2 open recommendations
    Recommendation: The Commissioner of CBP should take steps to evaluate the effectiveness of CBP's IPR enforcement efforts, such as by improving its metrics to track the overall effectiveness of its IPR enforcement efforts, evaluating selected activities to enhance IPR enforcement, and developing a process to assess and share information on port-led initiatives to enhance IPR enforcement (Recommendation 1)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commissioner of CBP, in consultation with ICE, should assess what, if any, additional information would be beneficial to share with the private sector and, as appropriate, take action to enhance information sharing, where possible, such as by proposing regulatory revisions or requesting additional legal authorities from Congress. (Recommendation 2)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    4 open recommendations
    Recommendation: The Commandant should direct the Chief Information Officer and the Chief Acquisition Officer to expeditiously and judiciously pursue the acquisition of a new EHR system. (Recommendation 1)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In April 2018, the Coast Guard stated that they continue to follow the Non-Major Acquisition Process (NMAP) and have designated the Electronic Health Records Acquisition (eHRa) as a non-major acquisition, governed by the Executive Oversight Council (EOC) on February 13, 2016. On February 6, 2018, the Coast Guard EOC approved eHRa to enter the Obtain phase. According to Coast Guard, the forward progress of eHRa has accelerated due to increased involvement and support from Coast Guard, Department of Homeland Security, and Department of Defense senior leadership. Coast Guard further added that since schedule development is an Obtain phase activity, an estimated completion date is unsubstantiated at this time. Therefore, until Coast Guard can demonstrate that they will be expeditiously pursuing the eHRa acquisition, this recommendation will remain open.
    Recommendation: The Commandant should direct the Chief Information Officer and the Chief Acquisition Officer to ensure established processes required for the future acquisition or development of an EHR are effectively implemented and adequately documented. (Recommendation 2)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: On February 6, 2018, the Coast Guard Executive Oversight Council approved eHRa to enter the Obtain phase. In April 2018, Coast Guard stated that since schedule development is an Obtain phase activity, an estimated completion date is unsubstantiated at this time. Therefore, this recommendation will remain open until we can confirm the actions taken by the Coast Guard to ensure that the established processes required for the eHRa acquisition are effectively implemented and adequately documented.
    Recommendation: The Commandant should direct the Chief Information Officer and the Chief Acquisition Officer to establish and fully implement project governance boards for the future EHR effort that include the Chief Information Officer. (Recommendation 3)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In December 2017, the Coast Guard stated that the NMAP manual, established governance boards for eHRA that include both the Chief Acquisition Officer and the Chief Information Officer (CIO) as members or representatives. On February 6, 2018, the Coast Guard EOC approved eHRa for entry into the Obtain phase. In April 2018, Coast Guard stated that since schedule development is an Obtain phase activity, an estimated completion date for eHRa is unsubstantiated at this time. Therefore, this recommendation will remain open until Coast Guard can demonstrate that project governance boards for eHRa are fully implemented throughout the project.
    Recommendation: The Commandant should direct the Chief Information Officer and the Chief Acquisition Officer to document any lessons learned from the discontinued IHiS project, share them with the new project management team, and ensure lessons learned are utilized for the future EHR effort. (Recommendation 4)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In April 2018, Coast Guard provided three lessons learned from the IHiS project, including that IT investments at Coast Guard need adequate program/project management and governance oversight. When we confirm whether the agency has taken additional action to share and utilize these lessons learned, we will provide updated information.
    Director: Jacqueline M. Nowicki
    Phone: (617) 788-0580

    1 open recommendations
    Recommendation: The Secretary of Homeland Security, in collaboration with other agencies, through the planned interagency working group or another mechanism, should identify further opportunities to more effectively publicize resources to reach additional colleges. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation, noting that it would continue to collaborate with its partners to further publicize resources available to colleges. It also highlighted several of the Department's current and planned resources for its related Campus Resilience Program.
    Director: David Trimble
    Phone: (202) 512-3841

    2 open recommendations
    Recommendation: The Commissioner of CBP should develop a monitoring system to help ensure that CBP officials comply with license verification policies and procedures. (Recommendation 1)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP agreed with this recommendation. CBP is currently working to implement this recommendation, and told GAO that the corrective actions utilized to close recommendation 2 will drive the exact actions to implement recommendations 1 and 3.
    Recommendation: The Commissioner of CBP should develop a system that better identifies shipments of radiological material that pose the greatest risk and revise CBP's policies and procedures as necessary to verify licenses for these shipments. (Recommendation 3)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP agreed with this recommendation. As of June 2018, CBP is currently working to implement this recommendation, and told GAO that the corrective actions utilized to close recommendation 2 will drive the actions to implement recommendations 1 and 3.
    Director: Allison Bawden
    Phone: (202) 512-6806

    4 open recommendations
    Recommendation: The Assistant Administrator for Recovery should design and implement the necessary processes and procedures to ensure a uniform and consistent approach for tracking first-level appeals data to better integrate regional trackers with the Public Assistance Appeals and Audits Branch's (PAAB) own first-level appeals tracker. (Recommendation 1)

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Assistant Administrator for Recovery should design and implement the necessary controls to ensure the quality of the first-level appeals data collected at and reported from the regional offices to PAAB. (Recommendation 2)

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Assistant Administrator for Recovery should develop a detailed workforce plan that documents steps for hiring, training, and retaining key appeals staff. The plan should also address staff transitions resulting from deployments to disasters. (Recommendation 3)

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Assistant Administrator for Recovery should work with Regional Administrators in all 10 regional offices, to establish and use goals and measures for processing first-level PA appeals to monitor performance and report on progress. (Recommendation 4)

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Timothy J. DiNapoli
    Phone: (202) 512-4841

    4 open recommendations
    Recommendation: The Coast Guard should ensure that the data it collects during commercial fishing vessel incident investigations, including the fishery in which the commercial fishing vessel is involved, is accurately captured. (Recommendation 1)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Coast Guard should form a working group with National Institute for Occupational Safety and Health (NIOSH) and the National Marine Fisheries Service to determine an efficient means to establish a reliable estimate of the population of commercial fishing vessels actively fishing, landing, and selling their catch; the fishery in which a vessel operates; and key vessel characteristics including, but not limited to, vessel age and length. (Recommendation 2)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: Once reliable data are available, the Coast Guard, or another agency identified by the working group, should assess the rates of commercial fishing vessel accidents, injuries, and fatalities to determine whether certain factors--including vessel length and region of operation, among other things--affect these rates. (Recommendation 3)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Coast Guard should issue regulations or guidance to clarify and implement the alternative-to-class approach. (Recommendation 4)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    4 open recommendations
    Recommendation: The Administrator of TSA should address limitations in TSA's data system, such as by adding a data element that identifies individuals as surface inspectors, to facilitate ready access to information on all surface inspector activities. (Recommendation 1)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of TSA should ensure that surface inspector activities align more closely with higher-risk modes by incorporating the results of surface transportation risk assessments, such as the Transportation Sector Security Risk Assessment, when it plans and monitors surface inspector activities, and that TSA documents its rationale for decisions to prioritize activities in lower-risk modes over higher-risk ones, as applicable. (Recommendation 2)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of TSA should identify and prioritize high-risk entities and locations for TSA's Risk Mitigation Activities for Surface Transportation (RMASTs). (Recommendation 3)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of TSA should define clear and measurable objectives for the RMAST program. (Recommendation 4)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: The Assistant Administrator for the Office of Global Strategies should ensure that data regarding the root causes of security deficiencies and corrective actions are consistently captured in accordance with TSA guidance. (Recommendation 1)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Assistant Administrator for the Office of Global Strategies should update TSA's data systems to include more specific categories for TSA's data on the root causes and corrective actions related to security deficiencies. (Recommendation 2)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Chris Currie
    Phone: (404) 679-1875

    4 open recommendations
    Recommendation: The FEMA Assistant Administrator for Recovery should complete a workforce staffing assessment that identifies the appropriate number of staff needed at joint field offices, Consolidated Resource Centers, and in FIMA's hazard mitigation cadre to implement the new delivery model nationwide. (Recommendation 1)

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency: Office of Response and Recovery: Assistant Administrator for Recovery
    Status: Open

    Comments: FEMA concurred with this recommendation and said it would take steps to implement it. As of January 2018, officials in the Field Operations Directorate had begun to incorporate experiences and lessons learned from the 2017 hurricane season. Officials plan to reevaluate the appropriate number of staff needed in the Public Assistance and Hazard Mitigation cadres, and present recommendations to senior leadership, by the end of June 2019.
    Recommendation: The FEMA Assistant Administrator for Recovery should establish system testing criteria, such as a "definition of done," to assess FAC-Trax as it is developed; define the roles and responsibilities of all participants; and develop the sequence and schedule for integration of other systems with FAC-Trax to more fully satisfy systems testing and integration controls. (Recommendation 3)

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency: Office of Response and Recovery: Assistant Administrator for Recovery
    Status: Open

    Comments: FEMA concurred with this recommendation and said it would take steps to implement it. As of January 2018, officials have updated the FAC-Trax System Integration Plan to define the roles and responsibilities, sequence, and schedule for integration of FAC-Trax to interface with two key systems. Officials also established a "definition of done," to assess FAC-Trax as it is developed. Officials plan to continue such actions to support integration with other systems, including state grants management systems. Officials expect to complete these actions by the end of June 2018.
    Recommendation: The FEMA Assistant Administrator for Recovery, in coordination with the Associate Administrator of the Federal Insurance and Mitigation Administration, should implement procedures to standardize planning for addressing PA hazard mitigation at the joint field offices, for example, by requiring FEMA and state officials to develop a memorandum of understanding outlining how they will prioritize and address hazard mitigation following a disaster as it did through prior policy. (Recommendation 4)

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency: Office of Response and Recovery: Assistant Administrator for Recovery
    Status: Open

    Comments: FEMA concurred with this recommendation and said it would take steps to implement it. As of January 2018, officials reported completing actions to analyze hazard mitigation data and develop solutions to improve program implementation, such as updated planning procedures for PA hazard mitigation. According to FEMA officials, these proposed solutions are being refined and tested. Officials plan to present recommendations to FEMA senior leadership and update policies and procedures, as necessary, by the end of June 2018.
    Recommendation: The FEMA Assistant Administrator for Recovery, in coordination with the Associate Administrator of the Federal Insurance and Mitigation Administration, should develop performance measures and associated objectives for the new delivery model to better align with FEMA's strategic goal for hazard mitigation in the recovery process. (Recommendation 5)

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency: Office of Response and Recovery: Assistant Administrator for Recovery
    Status: Open

    Comments: FEMA concurred with this recommendation and said it would take steps to implement it. As of January 2018, officials reported completing activities to develop disaster-specific mitigation performance measures that align with strategic goals and analyzed available data to identify the drivers of mitigation in events of various sizes. Officials plan to complete actions, including proposing refined performance measures to FEMA senior leadership, by the end of June 2018.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of Homeland Security should direct that OEC examine the composition and functioning of SAFECOM to determine whether all relevant stakeholder groups are adequately represented and their views adequately expressed and considered through memberships in the organizations, executive committees, subcommittees, working groups, or other means. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    5 open recommendations
    Recommendation: The Commandant of the Coast Guard should either develop new performance goals to address mission activity gaps, or explain in the Coast Guard's Annual Performance Report (APR) why certain aspects of mission performance are measured while others are not. (Recommendation 1)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In October 2017, the Coast Guard concurred with our recommendation and stated that it will add new measures in future Annual Performance Reports (APRs) and explain what is measured and what is not, as appropriate. In February 2018, the Coast Guard provided GAO with its updated fiscal year 2017 APR. After reviewing the fiscal year 2017 APR we found that it did provide an explanation on why the Coast Guard's two performance goals related to its drug interdiction mission focus on cocaine interdiction, and do not capture performance data for any other illegal drugs. The explanation is consistent with the intent of our recommendation. However, the APR did not include additional goals or an explanation why certain aspects of mission performance are measured while others are not for the 4 other performance goals we previously identified as not fully addressing all related mission activities. In order to fully implement the recommendation as intended, in instances in which performance goals do not fully address all of the respective mission activities, the Coast Guard's APR should include an explanation of the Coast Guard's rationale for why certain aspects of mission performance are measured while others are not.
    Recommendation: The Commandant of the Coast Guard, in coordination with the Secretary of Homeland Security, should make the Coast Guard's future Annual Performance Reports publicly available on the Coast Guard's website. (Recommendation 2)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In October 2017, the Coast Guard concurred with this recommendation and stated that it would make its future Annual Performance Report (APR) available on its public website. In February 2018, the Coast Guard reported that the fiscal year 2017 APR was completed and signed. As of May 22, 2018, the Coast Guard's fiscal year 2017 APR was posted to the Coast Guard's public website where archived budget-related documents are stored. While we acknowledge the efforts of the Coast Guard to place the FY2017 APR on its website, the APR is not easily accessible. Specifically, the APR can only be found under the budget archives section of the site and was not found when searching the terms "Annual Performance Report" or "performance." A user would have to know the exact location of the APR to access it. The intent of this recommendation was to increase the transparency of Coast Guard's planned performance and actual results, and make such information more available and accessible. The current placement of the APR does not address this intent. To close this recommendation as implemented, the APR should be easily found on the Coast Guard's public website.
    Recommendation: The Commandant of the Coast Guard, should coordinate with the Secretary of Homeland Security, and assess the extent to which documentation on performance data reliability, including Performance Measure Definition Forums and DHS and Coast Guard APRs, contain appropriate information on known data reliability limitations, and update these documents, as needed, based on the results of the assessment. (Recommendation 3)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In October 2017, the Coast Guard concurred with this recommendation and stated that it will add a discussion of limitations for each measure as an appendix to future Annual Performance Reports. In February 2018, the Coast Guard reported that its fiscal year 2017 Annual Performance Report (APR) had been completed and includes an appendix with definitions for each measure, including a discussion of limitations. Adding a discussion of limitations for each measure as an appendix to the fiscal year 2017 APR is a step in the right direction; however, to close this recommendation as fully implemented, the Coast Guard would need to provide us with documentation that performance data limitations are described, assessed, and reported in Coast Guard and DHS documentation-specifically Performance Measure Definition Forms and Coast Guard and DHS APRs-intended to provide assurance of data reliability to internal and external audiences. Assessing the extent to which performance data limitations are documented and reported in PMDFs and DHS and Coast Guard APRs could provide the Coast Guard with greater assurance that its reporting of limitations is comprehensive. In addition, updating these documents, as needed, based on the results of the assessments would provide greater transparency regarding the reliability and validity of the Coast Guard's performance data and assist decision makers in determining the extent to which performance data fully reflects the Coast Guard's ability to meet its missions. We will continue to monitor the Coast Guard's efforts to address this recommendation.
    Recommendation: The Commandant of the Coast Guard should develop and document, in its APR or elsewhere, corrective actions for unmet performance goals that are measurable and include time frames for implementation. (Recommendation 4)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In October 2017, the Coast Guard concurred with our recommendation. In its response, it stated that while not every missed annual performance target warrants a corrective action plan, it will develop a correct actions in appropriate program plans where merited. In November 2017, the Coast Guard stated that they expect to complete annual performance plans for its mission programs in April 2018 that will include initiatives to be undertaken to address significant mission gaps. In February 2018, the Coast Guard confirmed that it was on track for completing these performance plans in April 2018. We will continue to monitor the Coast Guard's efforts to address this recommendation.
    Recommendation: The Commandant of the Coast Guard should document, in its APR or elsewhere, its efforts to monitor and evaluate the implementation of corrective actions for unmet performance goals. (Recommendation 5)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In October 2017, the Coast Guard concurred with this recommendation and stated that it will include in future plans a discussion of corrective action plan status changes from the previously published plans, as appropriate. In November 2017, the Coast Guard reported that it had developed a template for presenting initiatives in annual plans for its mission programs. According to the Coast Guard, the template provides for a discussion of implementation progress and status. Mission program plans are expected to be completed in April 2018. In February 2018, the Coast Guard confirmed that it was on track for completing these performance plans in April 2018. We will continue to monitor the Coast Guard's efforts to address this recommendation.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Commissioner of U.S. Customs and Border Protection should, with regard to the updated Security Policy and Procedures Handbook, include the ISC's Risk Management Process for Federal Facilities requirement to assess all undesirable events, consider all three factors of risk, and document deviations from the standard.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Commissioner of U.S. Customs and Border Protection, with regard to the updated Security Policy and Procedures Handbook, should include data collection and analysis requirements for monitoring the performance of CBP's physical security program.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve agencies' physical security programs' alignment with the ISC Risk Management Process for Federal Facilities and Standards for Internal Control in the Federal Government for information and monitoring, the Commissioner of U.S. Customs and Border Protection, should revise the assumptions used in the plan to address the backlog to balance assessments with competing priorities, such as updating the policy manual and reviewing new construction design, to develop a feasible time frame for completing the assessment backlog.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    3 open recommendations
    Recommendation: The Commandant of the Coast Guard should establish and follow a sound air station optimization process similar to its process for analyzing boat stations to allow it to comprehensively analyze its need for air stations and air facilities and determine what changes may be needed. (Recommendation 1)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In 2017, GAO reported that a 2014 Coast Guard contracted analysis of selected air stations and air facilities identified overlap and unnecessary duplication but it did not comprehensively review all air stations and air facilities. The analysis determined that certain air facilities (Newport, Oregon, and Charleston, South Carolina) provided overlapping search and rescue coverage, some of which was unnecessarily duplicative. Coast Guard officials used the results of this analysis to support proposed closures of the air facilities in the President's Fiscal Year 2014 Budget. However, shortly before their planned closure date, the Coast Guard encountered strong opposition to the closures at the local, state, and Congressional levels, and did not close them. The Coast Guard agreed with GAO's recommendation that it establish and follow a sound air station optimization process and comprehensive analysis to determine what changes may be needed. In its December 2017 60-Day letter response, DHS said the Coast Guard will utilize the FY 2020 Planning, Programming, Budget, and Execution cycle to identify efficiencies in air station optimization and that the cycle is proceeding as planned. However, the response did not say whether the Coast Guard will act on findings and permanently close stations identified as overlapping, unnecessarily duplicative, and unnecessary, if any are identified.
    Recommendation: The Commandant of the Coast Guard should establish a plan with target dates and milestones for closing boat stations that it has determined, through its 9-step process and subsequent analysis, provide overlapping search and rescue coverage and are unnecessarily duplicative. (Recommendation 2)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In 2017, GAO reported that the Coast Guard has a sound process for analyzing its boat stations that includes clear and specific steps for analyzing the need for stations using terms that can be readily defined and measured. A 2013 analysis of Coast Guard stations identified unnecessary duplication and recommended certain stations that could be permanently closed without negatively affecting the Coast Guard's ability to meet its 2-hour search and rescue response standard and other mission requirements; however, as of August 2017 the Coast Guard had not closed any stations, nor developed a plan with time frames for closing stations even though Coast Guard leaders said the results of the analysis remain valid. Closing unneeded stations has historically been difficult due to public concern about the effect of closures on local communities and other factors. In some cases over the years, Congress has intervened and enacted federal laws that have affected Coast Guard's proposed closures. Nevertheless, the Coast Guard agreed with GAO's recommendation that it establish a plan with target dates and milestones for closing stations. In its December 2017 60-Day letter response, DHS said the Coast Guard Office of Boat Forces continues to evaluate the optimal number, location, and configuration of stations to better meet mission requirements, and is finalizing analysis of operational needs in Coast Guard Districts One (D1) and Five (D5).
    Recommendation: The Commandant of the Coast Guard should take action to close the stations identified according to its plan and target dates. (Recommendation 3)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In 2017, GAO reported that the Coast Guard has not taken action to implement the results of its analyses which recommended station closures even though it has completed requirements to pursue some station closures. For example, a 2013 analysis of Coast Guard stations identified unnecessary duplication and recommended certain stations that could be permanently closed without negatively affecting the Coast Guard's ability to meet its 2-hour search and rescue response standard and other mission requirements. However, as of August 2017 the Coast Guard had not closed any stations, nor developed a plan with time frames for closing stations even though Coast Guard leaders said the results of the analysis remain valid. GAO reported that the Coast Guard had not closed stations because past efforts to close stations (eight attempts since 1973) were met with resistance from affected communities and instances where the Congress intervened. Nevertheless, the Coast Guard agreed with GAO's recommendation that it establish a plan with target dates and milestones for closing stations. In its December 2017 60-Day letter response, DHS said that once analyses of the need for and locations of boat stations are completed for Coast Guard Districts One and Five, the Coast Guard will commence Congressional engagement and public outreach regarding any operational changes to D1 and D5 stations, if any, including processing feedback from stakeholders before making final decisions on recommended changes.
    Director: Carol Harris
    Phone: (202) 512-4456

    13 open recommendations
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes and implements specific time frames for determining key strategic implementation details, including how the program will transition from the current state to the final TIM state. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes a schedule that provides planned completion dates based on realistic estimates of how long it will take to deliver capabilities. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes new time frames for implementing the actions identified in the organizational change management strategy and effectively executes against these time frames. (Recommendation 3)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The TSA Administrator should ensure that the TIM program management office defines and documents the roles and responsibilities among product owners, the solution team, and any other relevant stakeholders for prioritizing and approving Agile software development work. (Recommendation 4)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes specific prioritization levels for current and future features and user stories. (Recommendation 5)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The TSA Administrator should ensure that the TIM program management office implements automated Agile management testing and deployment tools, as soon as possible. (Recommendation 6)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The TSA Administrator should ensure that the TIM program management office updates the Systems Engineering Life Cycle Tailoring Plan to reflect the current governance framework and milestone review processes. (Recommendation 7)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The TSA Administrator should ensure that the TIM program management office establishes thresholds or targets for acceptable performance-levels. (Recommendation 8)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The TSA Administrator should ensure that the TIM program management office begins collecting and reporting on Agile-related cost metrics. (Recommendation 9)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The TSA Administrator should ensure that the TIM program management office ensures that program velocity is measured and reported consistently. (Recommendation 10)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The TSA Administrator should ensure that the TIM program management office ensures that unit test coverage for software releases is measured and reported accurately. (Recommendation 11)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that appropriate DHS leadership reaches consensus on needed oversight and governance changes related to the frequency of reviewing Agile programs, and then documents and implements associated changes. (Recommendation 12)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct the Under Secretary for Management to ensure that DHS-level oversight bodies review key Agile performance and cost metrics for the TIM program and use them to inform management oversight decisions. (Recommendation 14)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: The Commissioner of CBP should develop and implement a policy and related guidance for documenting arrangements with landowners, as needed, on Border Patrol's maintenance of roads it uses to conduct its operations, and share these documented arrangements with its sectors. (Recommendation 1)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In October 2017, CBP concurred with our recommendation and in response stated that it will issue guidance to sector personnel in regards to maintenance of assets on private land. In March 2018, CBP reported that as of January 29, 2018, Facilities Management and Engineering Office and Border Patrol were working collaboratively to develop new processes, adapt existing guidance to current organizational needs, and utilize lessons learned to make the guidance successful for the organization. Draft processes, policy, and guidance have been developed and are being worked through the subject matter experts for update and finalization. Additionally, recurring calls with the real estate and environmental team Border Patrol headquarter representative, Sector representatives, and program management have been developed to help ensure transparent and clear communication of requirements, clearance status, and upcoming contract activities. CBP estimates that their efforts to address this recommendation will be completed at the end of September 2018. We will continue to monitor CBP's efforts to address this recommendation.
    Recommendation: The Commissioner of CBP should clearly document the process and criteria for making decisions on funding non-owned operational requirements and communicate this process to Border Patrol sectors. (Recommendation 2)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In September 2017, CBP concurred with our recommendation and stated that it will use the Capability Gap Analysis Process to validate its access and mobility requirements on a national level. The national priorities will be determined through requirements planning at Border Patrol stations. CBP noted that it will outline the process and criteria for making decisions on funding for non-owned operational requirements and communicate this process to Border Patrol sectors. In March 2018, CBP reported that as of January 29, 2018, Facilities Management and Engineering Office and Border Patrol were working collaboratively to develop new processes, adapt existing guidance to current organizational needs, and utilize lessons learned to make the guidance successful for the organization. Draft processes, policy, and guidance have been developed and are being worked through the subject matter experts for update and finalization. Additionally, recurring calls with the real estate and environmental team Border Patrol headquarter representative, Sector representatives, and program management have been developed to help ensure transparent and clear communication of requirements, clearance status, and upcoming contract activities. CBP estimates that their efforts to address this recommendation will be completed at the end of September 2018. We will continue to monitor CBP's efforts to address this recommendation.
    Recommendation: The Commissioner of CBP should assess the feasibility of options for addressing the maintenance of nonfederal public roads. This should include a review of data needed to determine the extent of its reliance on non-owned roads for border security operations. (Recommendation 3)

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In September 2017, CBP concurred with this recommendation and stated that it will review data on the extent of Border Patrol's use of non-owned roads for border security operations and will develop a strategy that outlines options and assesses the feasibility of maintaining roads, as appropriate. In March 2018, CBP reported that its Facilities Management and Engineering Office, the Office of Chief Counsel, and Border Patrol have been working collaboratively to develop a risk-based strategy that outlines the options for addressing the maintenance of non-federal public lands. The focus of their discussions have been centered around the feasibility of CBP utilizing a grant type program for the maintenance of non-federal public lands which has never been used by CBP previously. The Office of Chief Counsel is assessing the risks and limitations posed to the agency within state law compared to federal law and its authorities. The group's goal is to identify the approach that would provide for maximum efficiency in maintaining non-federal public roads weighing the operational risks, environmental challenges, and legal factors while limiting or eliminating any liabilities to CBP. CBP reported that the other option being considered is to sustain a steady state with no change to the current process in place that has been utilized in the past. We will continue to monitor CBP's efforts to address this recommendation.
    Director: Timothy J. DiNapoli
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To enhance management attention to closing out contracts, the Secretary of Homeland Security should develop a means, either at the agency or the component level, to track where the contracts are in the closeout process, and establish goals and performance measures for closing contracts. (Recommendation 3)

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Asif A. Khan
    Phone: (202) 512-9869

    2 open recommendations
    Recommendation: The DHS Under Secretary for Management should develop and implement effective processes and improve guidance to reasonably assure that future AAs fully follow AOA process best practices and reflect the four characteristics of a reliable, high-quality AOA process. (Recommendation 1)

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS stated that it remains committed to its financial system modernization program and that it agrees that effective processes and guidance are necessary to assure best practices. DHS also stated that it implemented this recommendation through its issuance of guidance and instructions in 2016. However, the documentation provided by DHS did not fully address our recommendation. DHS provided additional documentation which is under review.
    Recommendation: The DHS Under Secretary for Management should improve the Risk Management Planning Handbook and other relevant guidance for managing risks associated with financial management system modernization projects to fully incorporate risk management best practices, including (1) defining thresholds to facilitate review of performance metrics to determine when risks become unacceptable; (2) identifying and analyzing risks to include periodically reconsidering risk sources, documenting risks specifically related to the lack of sufficient, reliable cost and schedule information needed to help properly manage and oversee the project, and timely disposition of IV&V contractor-identified risks; (3) developing risk mitigation plans with specific risk-handling activities, the costs and benefits of implementing them, and contingency plans for selected critical risks; and (4) implementing risk mitigation plans to include establishing periods of performance for risk-handling activities and defining time intervals for updating and certifying the accuracy and completeness of information on risks in DHS's risk register. (Recommendation 2)

    Agency: Department of Homeland Security
    Status: Open

    Comments: In comments on our report, DHS concurred with this recommendation and described actions it will take, and has taken, to revise and publish an updated handbook. We are currently in the process of reviewing the handbook DHS provided to us in December 2017.
    Director: Grover, Jennifer A
    Phone: 202-512-7141

    1 open recommendations
    Recommendation: The Commandant of the Coast Guard should complete a comprehensive cost estimate for a limited service life extension of the Polar Star that follows cost estimating best practices before committing to this approach for bridging the potential capability gap. (Recommendation 1)

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: GAO recommended that the Coast Guard complete a comprehensive cost estimate for a limited service life extension of the Polar Star that follows cost estimating best practices before committing to this approach for bridging the potential polar icebreaking capability gap. The Coast Guard concurred with our recommendation. It reported that it had initiated an integrated product team to review requirements for a Polar Star Service Life Extension Program, informed by engineering survey and analysis, to develop a notional work list for execution. From this proposed work, the Coast Guard reported it will evaluate several options for completing the Polar Star Service Life Extension to balance external constraints, including budget limitations, operational schedule, and commercial shipyard/organic workforce limitations. The Coast Guard reported plans to complete the cost estimate by June 30, 2018 to inform future Polar Star Acquisition events. As of 11/27/17 DHS reiterated the planned completion of the cost estimate to be by June 30,2018.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: The Administrator of TSA should explore and pursue methods to assess the deterrent effect of TSA's passenger aviation security countermeasures; such an effort should identify FAMS—a countermeasure with a focus on deterring threats—as a top priority to address. (Recommendation 1)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. When we confirm what actions TSA has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Administrator of TSA should systematically evaluate the potential cost and effectiveness tradeoffs across countermeasures, as TSA improves the reliability and extent of its information on the effectiveness of aviation security countermeasures. (Recommendation 2)

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: DHS concurred with this recommendation and in its September 2017 response to our report, DHS stated that TSA will continue efforts to improve both its analysis of information related to security effectiveness and its cost information, leading to better informed cost-benefit decisions for individual countermeasures. To address the intent of our recommendation, TSA will need to evaluate the costs and effectiveness of individual aviation security countermeasures and then use this information to systematically evaluate the potential cost and effectiveness tradeoffs across countermeasures. When we confirm what actions TSA has taken in response to this recommendation, we will provide updated information.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretaries of Agriculture, Commerce, Defense, Homeland Security, Energy, HHS, Interior, Labor, State, Transportation, Treasury, and VA; the Attorney General of the United States; the Administrators of EPA, GSA, and SBA; the Director of OPM; and the Chairman of NRC should take action to, within existing OMB reporting mechanisms, complete plans describing how the agency will achieve OMB's requirement to implement automated monitoring tools at all agency-owned data centers by the end of fiscal year 2018.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) concurred with our recommendation and described planned actions to implement it. Specifically, the department stated that it is reviewing optimization alternatives, including evaluating the option to move to a cloud deployment model over the next few years. In addition, DHS stated that it expects to have an optimization plan that includes, among other things, resource requirements and a schedule to achieve monitoring compliance for agency-owned tiered data centers by April 2018. We will continue to monitor the department's efforts to address the recommendation.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To ensure that current pilot programs related to electronic advance data provide insights that help in assessing USPS's effectiveness at providing mail targeted by CBP for inspection, the Secretary of Homeland Security should direct the Commissioner of CBP to, in conjunction with USPS, (1) establish measureable performance goals for pilot programs and (2) assess the performance of the pilots in achieving these goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2018, CBP has indicated that they are working with USPS to reconcile differences in the ways the agencies measure the percentage of targeted items USPS provides to CBP as well as developing a performance dashboard to track targeting activity. CBP anticipates implementing this recommendation by October 31, 2018.
    Recommendation: To provide information on the costs and benefits of collecting electronic advance data for use in targeting inbound international mail for screening, the Secretary of Homeland Security should direct the Commissioner of CBP to, in conjunction with USPS, evaluate the relative costs and benefits of collecting electronic advance data for targeting mail for inspection in comparison to other methods.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2018, CBP has indicated that they are working internally to develop a strategy for evaluating the relative costs and benefits of collecting electronic advance data for targeting mail for inspection. CBP anticipates implementing this recommendation by October 31, 2018.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    2 open recommendations
    Recommendation: To better ensure that USCIS officers effectively adjudicate applications for refugee status, the Director of USCIS should conduct regular quality assurance assessments of refugee application adjudications across USCIS's Refugee Affairs Division and International Operations Division.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: U.S. Citizenship and Immigration Services (USCIS) provided documentation that USCIS officials conducted a quality assurance assessment of refugee adjudications in July 2017 and analyzed the results. USCIS officials stated that they have plans to conduct an additional quality assurance assessment in summer 2018. To fully address this recommendation, USCIS should conduct regular quality assurance assessments of refugee application adjudications.
    Recommendation: To provide reasonable assurance that USRAP applicant fraud prevention and detection controls are adequate and effectively implemented, the Secretaries of Homeland Security and State should conduct regular joint assessments of applicant fraud risk across USRAP.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that the Department of State and DHS's U.S. Citizenship and Immigration Services (USCIS) have not jointly assessed applicant fraud risks across the U.S. Refugee Admissions Program (USRAP), consistent with federal internal control standards and leading practices for fraud risk management. Specifically, we reported that although State and USCIS perform a number of fraud risk management activities and have responded to individual instances of applicant fraud in the program, these efforts do not position State and USCIS to assess fraud risks program-wide for USRAP or know if their controls are appropriately targeted to the areas of highest risk in the program. Therefore, we recommended that the Secretaries of Homeland Security and State conduct regular joint assessments of applicant fraud risk across USRAP. USCIS concurred with our recommendation. In response, USCIS reported that it will work together with State to conduct joint risk assessments by jointly developing a risk assessment framework. According to USCIS and State documentation, the departments finalized a joint framework in January 2018 and USCIS reported that the agencies plan to conduct the first joint assessment of fraud risks across USRAP by September 30, 2018. To fully address the recommendation, State and USCIS should jointly conduct regular fraud risk assessments across USRAP.
    Director: Kimberly M. Gianopoulos
    Phone: (202) 512-8612

    2 open recommendations
    Recommendation: To strengthen CBP's ability to assess and respond to compliance risks across the FTZ program, the Commissioner of CBP should conduct a risk analysis of the FTZ program using data across FTZs, including an analysis of the likelihood and significance of compliance violations and enforcement actions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and identified steps it intends to take in response to the recommendation. Specifically, CBP stated that it will conduct a risk analysis across the FTZ program. In its 60-day response letter, CBP stated that the risk analysis can begin one year after the initial deployment of its process for collecting compliance review summaries. CBP provided an estimated completion of date of March 31, 2019 for this recommendation. When we confirm the steps CBP has taken to address this recommendation, we will provide updated information.
    Recommendation: To strengthen CBP's ability to assess and respond to compliance risks across the FTZ program, the Commissioner of CBP should utilize the results of the program-wide risk analysis to respond to identified risks, such as updating risk assessment tools and developing best practices for CBP's FTZ compliance review and risk categorization system.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP concurred with this recommendation and identified steps it intends to take in response to the recommendation. Specifically, CBP responded that it will finalize a compliance review handbook that incorporates risk assessment tools and best practices for FTZ compliance reviews and risk categorization. In its 60-day response letter, CBP stated that this third recommendation will be completed in sequence, following the completion of the first two recommendations. After completing a risk analysis (recommendation 2), CBP stated that any identified trends, as well as best practices, will be provided to the field and will be incorporated into the compliance review handbook. CBP provided an estimated completion of date of September 30, 2019 for this recommendation. When we confirm the steps CBP has taken to address this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    3 open recommendations
    Recommendation: To enhance CBP's identification of high-risk cargo shipments and its enforcement of the ISF rule, the Commissioner of CBP should enforce the ISF rule requirement that carriers provide CSMs to CBP when targeters identify CSM noncompliance.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: On February 26, 2018, the CBP liaison informed GAO that to create a system to enforce container status messages (CSM) would involve complex programing and funding and could result in over a billion messages. The liaison added that ports have the authority to enforce CSMs and the plan is for the Office of Field Operations (OFO) to remind the ports to do so and to provide guidance. On June 13, 2018, the CBP liaison stated that on April 12, 2018, CBP published a final rule that broadened the definition of Importer Security Filing (ISF) to remove the ambiguity with regard to who is responsible for ISF-5 filings. In addition, CBP drafted an updated CSM enforcement memo (to be issued to field offices by the end of June 2018) to reiterate guidance that enforcement actions against carriers for CSM violations are authorized. Enforcement will begin no sooner than November 14, 2018. Estimated completion date remains as August 31, 2018. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Recommendation: To enhance CBP's identification of high-risk cargo shipments and its enforcement of the ISF rule, the Commissioner of CBP should evaluate the ISF enforcement strategies used by ATUs to assess whether particular enforcement methods could be applied to ports with relatively low submission rates.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: On June 13, 2018, the CBP liaison informed GAO that CBP is discussing enforcement strategies during monthly conference calls held by the National Targeting Center-Cargo with all Advance Targeting Units (ATU) in order to identify the factors that are impacting ports with lower Importer Security Filing (ISF) compliance rates and to share best practices. CBP also updates ISF Frequently Asked Questions on its CBP.GOV website to facilitate information exchange. The estimated completion date is August 31,2018. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Recommendation: The Commissioner of CBP should identify and collect additional performance information on the impact of the ISF rule data, such as the identification of shipments containing contraband, to better evaluate the effectiveness of the ISF program.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In March 2018, the CBP liaison informed GAO that offices within CBP are collaborating on a plan to assess additional performance metrics to evaluate the effectiveness of the ISF program. On June 13, 2018, the CBP liaison stated that CBP staff continue to work on additional performance metrics to evaluate the effectiveness of the ISF program and noted, in particular, are analyzing data to: (1) identify the number of unmanifested containers and determine how/if they were mitigated before arrival; (2) determine the number of times C-TPAT companies were identified and given targeting benefits, but did not receive the same treatment based on manifest information; and (3) identify the number of times potential terrorism matches were made against an ISF entities vs. the number of times not matched using the same manifest data. The new estimated completion date is August 31, 2018. This recommendation will remain open until CBP's planned actions are completed and meet the intent of GAO's recommendation.
    Director: Chris Currie
    Phone: (404) 679-1875

    5 open recommendations
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to document policies and procedures to address potential Surge Capacity Force misconduct.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We found that the Federal Emergency Management Agency (FEMA) had developed and documented misconduct policies and procedures for most employees, but not its entire workforce. Specifically, FEMA had not documented misconduct policies and procedures for Surge Capacity Force members, who may augment FEMA's workforce in the event of a catastrophic disaster. As a result, we recommended that FEMA document policies and procedures to address potential Surge Capacity Force misconduct. In September 2017, FEMA officials reported taking action to address this recommendation. Specifically, FEMA distributed a memorandum to Federal Coordinating Officers and Federal Disaster Recovery Coordinators providing guidance on how and to whom to report allegations of misconduct by Surge Capacity Force members, coordination efforts regarding investigations, and how to address the member's duty status during the course of an investigation. FEMA stated that it will further address this recommendation by updating the FEMA Human Capital Plan for the Surge Capacity Force. FEMA expects to complete this effort by June 30, 2018. This recommendation will remain open until the Human Capital Plan is updated.
    Recommendation: In order to improve employee misconduct policies and procedures, the Secretary of Homeland Security should direct the FEMA Administrator to document Reservist disciplinary options and appeals policies and procedures that are currently in practice at the agency.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We found that the Federal Emergency Management Agency's (FEMA) policies and procedures for Reservist employees did not outline disciplinary options to address misconduct or address the appeals process available for Reservists. As a result, we recommended that FEMA document Reservist disciplinary options and appeals policies and procedures that are currently in practice at the agency. In September 2017, FEMA reported that the Office of Response and Recovery was drafting an addendum to the FEMA Reservist program manual. FEMA expects to complete this action by December 31, 2017. This recommendation will remain open until the addendum is complete.
    Recommendation: In order to better identify and address trends in employee misconduct, the Secretary of Homeland Security should direct the FEMA Administrator to improve the quality and usefulness of the misconduct data it collects by implementing quality control measures, such as adding additional drop-down fields with standardized entries, adding unique case identifier fields, developing documented guidance for data entry, or considering the adoption of database software.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We found limitations related to the quality and usefulness of employee misconduct data collected by the Federal Emergency Management Agency's (FEMA). For example, we found data collection differed across the agency, there was limited standardization of data fields, and a lack of documented guidance on data entry. As a result, we recommended that FEMA improve its employee misconduct data by implementing quality control measures or considering the adoption of database software that would help standardize data collection across FEMA. In September 2017, FEMA officials reported they had secured funding to purchase hardware and software for a case management system to track misconduct complaints. If implemented, this system should improve FEMA's ability to more efficiently and effectively manage and track case information. FEMA estimates that it will complete this action by March 31, 2018. This recommendation will remain open until the new case management system is in place and operational.
    Recommendation: In order to better identify and address trends in employee misconduct, the Secretary of Homeland Security should direct the FEMA Administrator to, once the quality of the data is improved, conduct routine reporting on employee misconduct trends.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We found that the Federal Emergency Management Agency (FEMA) did not regularly conduct trend analysis on misconduct cases, and that quality of the data restricted the agency's ability to identify and address trends. As a result, we recommended that, once steps were taken to improve the quality of the data, FEMA should conduct routine reporting on employee misconduct trends. In September 2017, FEMA officials reported they were procuring a case management system to track misconduct complaints. If implemented, this system should improve FEMA's ability to analyze misconduct data and identify and report on trends. FEMA estimates that it will complete this action by March 31, 2018. This recommendation will remain open until FEMA generates trend analysis and reports from the new system.
    Recommendation: In order to ensure that all allegations of employee misconduct referred by DHS OIG are reviewed and addressed, the Secretary of Homeland Security should direct the FEMA Administrator to develop reconciliation procedures to consistently track referred cases.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We found that the Federal Emergency Management Agency (FEMA) did not establish effective procedures to ensure that all misconduct cases referred to FEMA by the Department of Homeland Security Office of Inspector General (DHS OIG) were accounted for and subsequently reviewed and addressed. As a result, we recommended that FEMA develop reconciliation procedures to consistently track referred cases. In September 2017, FEMA officials reported they had secured funding to purchase hardware and software for a case management system to track misconduct complaints. In addition, officials reported that they are working with DHS OIG to coordinate case management coding across systems. FEMA estimates that it will complete these actions by March 31, 2018. If implemented, the new system should improve FEMA's ability to track OIG referred cases. In order to fully address this recommendation, FEMA must complete these steps and also demonstrate that reconciliation procedures are in place.
    Director: Kimberly Gianopoulos
    Phone: (202) 512-8612

    2 open recommendations
    Recommendation: To strengthen CBP's trade enforcement efforts, the Commissioner of CBP should direct the Office of Trade to include performance targets, when applicable, in addition to performance measures in its Priority Trade Issue strategic and annual plans.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of January 2018, CBP sent us Priority Trade Issues annuals plans and stated that the Office of Trade had completed FY2018 Priority Trade Issue annual plans for all seven Priority Trade Issues and included performance targets in these plans. We reviewed the plans and most did not have performance targets. In addition, CBP did not provide us with finalized Priority Trade Issues strategic plans, which were in draft at the time of our audit.
    Recommendation: To strengthen CBP's trade enforcement efforts, the Commissioner of CBP should direct the Office of Trade and the Office of Field Operations to develop a long-term hiring plan that articulates how CBP will reach its staffing targets for trade positions set in the Homeland Security Act and the agency's resource optimization model.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of January 2018, CBP has not developed a long-term hiring plan. CBP stated that both the Office of Trade (OT) and Office of Field Operations (OFO) are taking steps to address hiring gaps which include evaluating approaches to hiring and evaluating and selecting candidates. OFO was in the process of developing a formal hiring plan for trade positions under its purview, such as import specialists, and stated that it expects to work on the plan throughout calendar year 2018. OT developed a re-alignment strategy with recommendations for addressing hiring needs for regulatory audit positions and indicated that it is looking at various hiring authorities to find candidates for these positions; however, this realignment strategy does not apply the other trade positions, such as national import specialists, under its purview.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    5 open recommendations
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the specific staff or positions currently within the department's IT acquisition cadre; and (2) assessing whether these staff and positions address all of the specialized skills and knowledge needed, as outlined in OMB's Office of Federal Procurement Policy's guidance for developing an IT acquisition cadre.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has established time frames for (1) identifying the specific staff or positions currently within the department's IT acquisition cadre; and (2) assessing whether these staff and positions address all of the specialized skills and knowledge needed. The department is in the process of conducting this assessment. We will continue to monitor DHS's efforts to implement the plan we recommended.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to direct the Chief Information Officer to establish time frames and implement a plan for (1) identifying the department's future IT skillset needs as a result of DHS's new delivery model, (2) conducting a skills gap analysis, and (3) resolving any skills gaps identified.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The department is in the process of implementing its plan for (1) identifying the department's future IT skillset needs as a result of DHS's new delivery model, and (2) conducting a skills gap analysis. We will continue to monitor and evaluate the Department's progress in conducting this skills gap analysis and resolving any gaps identified.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update the department's acquisition policies and guidance to be consistent in identifying that the DHS CIO is to certify investments' incremental development activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS updated its agile development policy to specify that the DHS CIO is responsible for certifying investments' incremental development activities, which is consistent with the Department's Acquisition Management Instruction. However, the department has not yet updated its Systems Engineering Life Cycle Instruction and Guidebook to be consistent in specifying that this is the responsibility of the DHS CIO. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update DHS headquarters', Customs and Border Protection's, and U.S. Coast Guard's processes to track, for all contracts and agreements, the IT investment with which each is associated (as applicable).

    Agency: Department of Homeland Security
    Status: Open

    Comments: Customs and Border Protection has implemented a process to track the investment associated with each contract and agreement. However, DHS headquarters and the U.S. Coast Guard are still in the process of establishing such a process or mechanism. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Recommendation: To ensure that DHS effectively implements FITARA, the Secretary of Homeland Security should direct the Under Secretary for Management to update and implement the process DHS uses for assessing the risks of major IT investments to ensure that the CIO rating reported to the Dashboard fully reflects the CIO's assessment of each major IT investment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation. We will continue to monitor and evaluate the Department's progress in implementing this recommendation.
    Director: Marie Mak
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To ensure that IGCEs contain key information consistent with good cost estimating practices, the Secretaries of Defense and Homeland Security should take steps to ensure that IGCE guidance is followed by, for example, providing training or issuing reminders to officials.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS agreed with the recommendation and stated that it will take steps to determine why guidance on independent government cost estimates is not followed. In July, DHS reported that the Office of the Chief Procurement Officer(OCPO) reached out to the nine DHS contracting activities soliciting feedback on why program officials may not be developing IGCEs in accordance with existing policies. Feedback was received in late May 2017. OCPO is currently evaluating the feedback and identifying consistent themes which will lead to the development of IGCE policy compliance measures.
    Recommendation: To ensure that IGCEs are optimized as a tool in the procurement planning process, the Secretaries of Defense, Education, Health and Human Services, Homeland Security, Housing and Urban Development, and Labor should take steps to ensure that, when appropriate, contracting staff document differences between IGCE and final contract award value in the contract file.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS agreed with the recommendation. In July 2017, DHS reported that the Office of the Chief Procurement Officer (OCPO) disseminated a new draft policy on this issue and solicited feedback from the Component's contracting activities. The Components provided feedback on the draft policy and OCPO is currently adjudicating their comments and will incorporate, as appropriate.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    5 open recommendations
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP to assess and document how the alternative technological solutions being considered will fully meet operational needs related to ultralight aircraft.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and stated that it plans to assess and document requirements related to ultralight aircraft threats and how technological solutions will address these requirements as part of U.S. Customs and Border Protection Air and Marine Operations air domain awareness efforts. DHS plans to complete these efforts by July 2018.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP and the Director of ICE to jointly establish and monitor performance measures and targets related to cross-border tunnels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and stated that U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement will review available information and develop performance measures and targets as deemed appropriate by February 2018.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commissioner of CBP to establish and monitor performance targets related to ultralight aircraft.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred and stated that within U.S. Customs and Border Protection, Air and Marine Operations and the U.S. Border Patrol are developing a joint performance measure and targets for interdicting ultralight aircraft. DHS plans to complete these efforts by October 2017.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the U.S. Customs and Border Protection (CBP)-U.S. Immigration and Customs Enforcement (ICE) tunnel committee to convene and establish standard operating procedures for addressing cross-border tunnels, including procedures for sharing information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS did not concur with this recommendation. However, CBP and ICE agreed that strengthening operational procedures may be beneficial and stated that they will jointly review procedures and discuss revising and/or consolidating the procedures. We continue to believe that the recommendation is valid and will monitor DHS's efforts to address it.
    Recommendation: To help ensure that efforts to address smuggling through cross-border tunnels, ultralight aircraft, panga boats, and recreational vessels are effective and that managers and stakeholders have the information needed to make decisions, the Secretary of Homeland Security should direct the Commandant of the Coast Guard, Commissioner of CBP, and the Director of ICE to establish and monitor Regional Coordinating Mechanisms performance measures and targets related to panga boat and recreational vessel smuggling.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS did not concur with this recommendation. DHS stated that that it believes that by establishing common terminology to address our first recommendation, the RECOMs will have more reliable, usable analyses to inform their maritime interdiction efforts. However, DHS did not believe that performance measures and targets related to smuggling by panga boats would provide the most useful strategic assessment of operations to prevent all illicit trafficking, regardless of area of operations or mode of transportation. DHS also cited the recent creation of the DHS Office of Policy, Strategy, and Plans that is to work with U.S. Coast Guard, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, and other components and offices to better evaluate the effectiveness of all operations that work to prevent the illegal entry of goods and people into the country, as appropriate. We continue to believe that the recommendation is valid and will monitor DHS's efforts to address it.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To facilitate the removal of underutilized vehicles, the Secretary of Homeland Security should direct the Commissioner of Customs and Border Protection to develop a written plan for how CBP will use newly available usage data to improve its utilization assessment processes. Such a plan would define utilization criteria that reflect CBP's mission and describe how CBP will review and individually justify vehicles that do not meet the utilization criteria established by either DHS or CBP.

    Agency: Department of Homeland Security
    Status: Open

    Comments: Customs and Border Protection has drafted a utilization and assessment and justification process. This includes utilization criteria such as a mileage performance measure. CBP officials intend to issue a formal analysis with a final plan during the Summer of 2018
    Director: Maurer, Diana C
    Phone: (202) 512-8777

    2 open recommendations
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to develop a cohesive strategy that includes measurable outcomes for CVE activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they are identifying concrete outputs and outcomes for CVE efforts outlined in the 2016 Strategic Implementation Plan. CVE Task Force officials also stated that they plan to develop short-term, medium-term, and long-term outcomes for these efforts. The Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Recommendation: To help identify what domestic CVE efforts are to achieve and the extent to which investments in CVE result in measureable success, the Secretary of Homeland Security and the Attorney General--as heads of the two lead agencies responsible for coordinating CVE efforts--should direct the CVE Task Force to establish and implement a process to assess overall progress in CVE, including its effectiveness.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 2017, CVE Task Force officials stated that they have begun consulting with departments and agencies that have already invested in CVE program assessment and are developing a research-based framework for designing and assessing CVE metrics. The CVE Task Force plans to report to the White House Homeland Security Advisor on their implementation progress in January 2018. GAO will continue to monitor the CVE Task Force's progress in this area.
    Director: Michele Mackin
    Phone: (202) 512-4841

    3 open recommendations
    Recommendation: To mitigate the risk of poor acquisition outcomes and strengthen the department's investment decisions, the Secretary of Homeland Security should direct the Undersecretary for Management to update the acquisition policy to require that major acquisition programs' technical requirements are well defined and key technical reviews are conducted prior to approving programs to initiate product development and establishing Acquisition Program Baselines, in accordance with acquisition best practices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it planned to initiate a study to assess how to better align its processes for technical reviews and acquisition decisions. Upon completion of the study, DHS plans to update its acquisition policies, as appropriate.
    Recommendation: To mitigate the risk of poor acquisition outcomes and strengthen the department's investment decisions, the Secretary of Homeland Security should direct the Undersecretary for Management to update the acquisition policy to specify that acquisition decision memorandums clearly document the rationale of decisions made by DHS leadership, such as, but not limited to, the reasons for allowing programs to deviate from the requirement to obtain department approval for certain documents at Acquisition Decision Events and the results of considerations or trade-offs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it had begun expanding the content included in Acquisition Decision Memorandums (ADM) to include greater detail and that future ADMs would address the status of the acquisition documentation. DHS also said it had updated the guidance for writing ADMs in a handbook for Office of Program Accountability and Risk Management staff, thus making progress toward satisfying the recommendation. However, we did not close the recommendation because the updated guidance was not incorporated into the department's official acquisition policy, which may limit DHS's ability to implement the changes consistently over time. We will continue to review ADMs to assess whether the department's actions address the intent of this recommendation.
    Recommendation: To mitigate the risk of poor acquisition outcomes and strengthen the department's investment decisions, the Secretary of Homeland Security should direct the Undersecretary for Management to update the acquisition policy to specify at what point minimum standards for KPPs should be met, and clarify the performance data that should be used to assess whether or not a performance breach has occurred.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it had updated guidance related to its performance breaches in a handbook for Office of Program Accountability and Risk Management staff, thus moving toward satisfying the intent of this recommendation. Specifically, DHS identified that programs' KPPs should be met and verified no later than initial operational test and evaluation conducted prior to Acquisition Decision Event 3, the point at which DHS leadership approves the program to transition into sustainment. If programs have not met a KPP by this point, they will be required to declare a performance breach and submit a remediation plan documenting the root cause of the breach, along with how and when the breach will be resolved. However, we did not close the recommendation because the department's official acquisition policy has yet to be updated. DHS will fully address this recommendation when it incorporates the changes into its acquisition policy to ensure that the updated guidance on performance breaches is communicated and implemented consistently throughout the department.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To improve the usefulness of airport wait time data that CBP currently reports on its public website, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to report airport wait time data for different categories of travelers.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of May 1, 2018, CBP has modified its current public website to differentiate airport wait times for U.S. citizens and non-U.S. citizens (https://awt.cbp.gov/). According to CBP, it has also developed and tested a new website to provide wait times in real-time rather than the historical daily view that is currently shown on its public website. According to the agency, it is evaluating the accuracy of the real-time data, and estimates that it will deploy the new public website by July 31, 2018.
    Director: Gambler, Rebecca S
    Phone: (202) 512-6912

    6 open recommendations
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a mechanism to oversee agencies' completion of training on additional verification in accordance with SAVE MOA provisions and program policies.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In March 2017, we found that USCIS does not track or monitor whether SAVE users have completed training and therefore does not have reasonable assurance that users have mastered SAVE policies and procedures prior to accessing the system. We recommended that USCIS develop and implement a mechanism to oversee agencies' completion of training on additional verification in accordance with SAVE provisions and program policies. The USCIS Verification Division reported that it intends to have a plan to address providing additional training for SAVE users developed by December 31, 2017. The SAVE Program will then offer training events for agencies on the new material reflecting the agency user requirements for additional verification as well as system enhancements. The estimated completion date for these activities is September 30, 2018.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should provide notifications to user agencies when a case is ready for the user agency to review.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: We found that from fiscal years 2012 through 2015, USCIS exceeded its targets for providing agencies with timely SAVE responses, but agencies and benefit applicants were not always aware the SAVE response has been returned to them and therefore may be delayed in processing benefit determinations. We recommended that USCIS provide notifications to user agencies when a SAVE case is ready for the user agency to review. SAVE Program officials reported that they will develop an Automated Case Response Alerts feature for second and third-level responses with expected completion of the planning by December 31, 2017 and full implementation by the end of September, 2018.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a documented, risk-based approach to monitoring and compliance, including (1) a risk-based approach to selecting behaviors to monitor; (2) standards for what triggers compliance actions for the selected behaviors; and (3) a risk-based process for how USCIS will prioritize and select agencies for compliance actions.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In March 2017, we reported that the SAVE Monitoring and Compliance (M&C) Division does not have a documented, risk-based strategy that addresses a risk-based approach to selecting behaviors or memorandum of agreement (MOA) provisions to monitor, compliance standards for selected behaviors, and a risk-based process for how to prioritize and select agencies for compliance actions. In May 2017, USCIS reported that the Verification Division will create risk assessment standard operating procedures that include a risk based approach that incorporates GAO standards. The activities will include the development of a risk intake form; the development of an impact analysis form; and the completion of a master risk register and tracker spreadsheet. The Verification Division will also conduct risk assessments on all current and pending behaviors monitored by SAVE M&C, as well as existing policies, by September 30, 2017. Before the end of the calendar year, the Verification Division will hold meetings with colleagues to identify additional risks and gaps to better inform risk assessments. The Verification Division will create and/or amend policies and behaviors monitored by SAVE M&C based on risk assessment outcomes, to include the development and testing of new behavior reports, which fully implement monitoring of all behaviors after testing. USCIS estimates completing these activities by March 31, 2018.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and communicate a process for user agencies to update contact information.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In March 2017, we found that the SAVE program's list of user agency points of contact (POCs) was not kept up to date and the SAVE program did not have a systematic process for ensuring the POCs are current and accurate, which presents challenges when contacting agencies for site visits or desk reviews. We recommended that USCIS develop and communicate a process for user agencies to update contact information. In December 2017, USCIS reported that SAVE was on track with its planning and prioritization work to improve user administration, including more effective ways to update contact information. However, because this system enhancement will be completed as part of a larger SAVE Modernization effort that is not scheduled for completion until December 2018, the estimated date of completion is December 31, 2018.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should identify the root causes of agencies' noncompliance with SAVE MOA provisions and program policies and tailor agency recommendations to those identified causes.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In March 2017, we found that SAVE Monitoring and Compliance (M&C) does not consistently identify the root cause of noncompliance and develop or tailor recommendations specific to each agency and cause as part of its compliance activities. As a result, we recommended that USCIS identify the root causes of agencies' noncompliance with SAVE Memorandum of Agreement (MOA) provisions and program policies and tailor agency recommendations to those identified causes. In December, 2017, USCIS reported that the Verification Division expects to complete its review of current policies and behavior reports to identify areas for improvement by December 31, 2017. In addition, it will undertake a variety of activities to determine the root causes for agency non-compliance. These activities will include reviewing all past compliance assistance activities, conducting interviews with SAVE Program account managers, and increasing engagements with agencies through phone calls, desk reviews, and site visits (including virtual site visits). These efforts should be completed by March 31, 2018, followed by the development of a template of tailored responses for all SAVE M&C behaviors. USCIS expects to complete these activities by June 30, 2018.
    Recommendation: To improve management and oversight of the SAVE program, the director of USCIS should develop and implement a process for ensuring user agencies implement corrective actions such as through a system of escalating compliance assistance actions and follow-up.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In March 2017, we reported that SAVE Monitoring and Compliance (M&C) monitoring and oversight efforts have generally not improved agency compliance with SAVE Memorandum of Agreement (MOA) provisions. This is in part because SAVE M&C does not engage in escalating compliance assistance actions for those agencies that remain noncompliant and because SAVE M&C does not ensure agencies take corrective actions after receiving recommendations. We recommended that USCIS develop and implement a process for ensuring user agencies implement corrective actions, such as through a system of escalating compliance assistance actions and follow-up. In March 2017, USCIS reported that the Verification Division will identify ways to incorporate improved escalating compliance assistance models into its procedures. This will include ongoing monitoring of agency use to ensure SAVE customer agencies comply with SAVE program requirements. In May 2017, UCIS reported that SAVE M&C is developing a Quality Control Review approach that includes the requested GAO escalations and follow-up compliance actions. These activities are expected to be completed by March 30, 2018.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To ensure that the Coast Guard makes effective use of its resources, specifically regarding its budget, the Secretary of DHS should direct the Commandant of the Coast Guard to periodically update standard support levels to account for actual expenditures so that the Coast Guard follows best practices and to provide decision makers an understanding of the actual depot-level maintenance funds required for Coast Guard assets.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In January 2018 Coast Guard officials explained that the agency began submitting actual depot maintenance expenditures from fiscal year 2017 for the Fast Response Cutter and National Security Cutter to CG-9 (the acquisitions directorate). For assets in sustainment the Coast Guard is updating its Naval Engineering Manual to require that standard support levels and actual expenditures be reviewed every 5 years. The Coast Guard expects the updated Naval Engineering Manual to be approved and signed by December 2018.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To ensure Border Patrol has the best available information to inform future investments in TI and resource allocation decisions among TI and other assets Border Patrol deploys in the furtherance of border security operations, and to ensure that key parties within Border Patrol's Requirements Management Process are aware of their roles and responsibilities within the process, the Chief of the Border Patrol should develop metrics to assess the contributions of pedestrian and vehicle fencing to border security along the southwest border using the data Border Patrol already collects and apply this information, as appropriate, when making investment and resource allocation decisions.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open
    Priority recommendation

    Comments: DHS agreed with the recommendation and stated that it planned to develop and incorporate metrics into Border Patrol's Requirements Management Process. To fully implement it, the Border Patrol should complete its efforts to develop metrics for assessing the contributions of pedestrian and vehicle fencing to border security operations and apply these metrics when making resource allocation decisions. As of December 2017, DHS planned to update the Requirements Management Process by fiscal year 2019.
    Recommendation: To ensure Border Patrol has the best available information to inform future investments in TI and resource allocation decisions among TI and other assets Border Patrol deploys in the furtherance of border security operations, and to ensure that key parties within Border Patrol's Requirements Management Process are aware of their roles and responsibilities within the process, the Chief of the Border Patrol should develop and implement written guidance to include roles and responsibilities for the steps within its requirements process for identifying, funding, and deploying tactical infrastructure assets for border security operations.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open
    Priority recommendation

    Comments: DHS agreed with this recommendation and stated that it planned to develop written guidance to include roles and responsibilities within the Requirements Management Process. To fully implement the recommendation, the Border Patrol should complete its efforts to update the Process, which should include incorporating roles and responsibilities for the steps within the Process for identifying, funding, and deploying tactical infrastructure assets for border security operations. As of December 2017, DHS planned to update the Requirements Management Process by 2019.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should develop and document procedures for Predator B coordination among supported agencies in all operating locations.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of July 17, 2018, we are awaiting a response from U.S. Customs and Border Protection to our request for an update.
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should update and maintain guidance for recording Predator B mission information in its data collection system.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of July 17, 2018, we are awaiting a response from U.S. Customs and Border Protection to our request for an update.
    Recommendation: To improve its efforts to coordinate Predator B operations among supported agencies and assess the effectiveness of its Predator B and tactical aerostat programs, the Commissioner of CBP should provide training to users of CBP's data collection system for Predator B missions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of July 17, 2018, we are awaiting a response from U.S. Customs and Border Protection to our request for an update.
    Director: Joe Kirschbaum
    Phone: (202) 512-9971

    1 open recommendations
    Recommendation: As DHS, through FEMA, plans to respond to a pandemic, the Secretary of Homeland Security should direct the Administrator of FEMA to use FEMA's existing coordination mechanisms with DOD and HHS to explore opportunities to improve their preparedness and response to a pandemic if DOD's capabilities are limited.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: DHS concurred with this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    1 open recommendations
    Recommendation: To ensure the availability of complete and accurate data for managing the C-TPAT program and establishing and maintaining reliable indicators on the extent to which C-TPAT members receive benefits, the Commissioner of U.S. Customs and Border Protection should determine the specific problems that have led to questionable data contained in the Dashboard and develop an action plan, with milestones and completion dates, for correcting the data so that the C-TPAT program can produce accurate and reliable data for measuring C-TPAT member benefits.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In July 2017, CBP provided us (GAO) with documentation, to include: a schedule of completed and planned activities related to refining data reporting system requirements, testing of preliminary results from new data runs, developing a reporting system for tracking security examination rates, and a copy of the results of a preliminary data run identifying shipment examination rates by mode of transportation and C-TPAT member Tier level. In October 2017, CBP staff informed us that the steps being taken to address this recommendation were to continue through January 2018. In February 2018, we received updated information from the CBP liaison informing us that, although CBP had taken steps to refine and enhance the data system, there were problems with the importing of some data from an older system into the updated system (C-TPAT Dashboard) and, consequently, CBP changed the estimated completion date for addressing this recommendation to the end of July 2018.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    2 open recommendations
    Recommendation: To enhance its ability to fulfill its role as the facilitator of cross-sector collaboration and best-practices sharing, the Secretary of Homeland Security should direct the Assistant Secretary of Infrastructure Protection, Office of Infrastructure Protection, to explore with key critical infrastructure partners, whether and what opportunities exist to harmonize federally-administered screening and credentialing access control efforts across critical infrastructure sectors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help ensure that SCO uses its time and resources to pursue the most efficient and effective screening and credentialing harmonization goals on behalf of the department, the Secretary of Homeland Security should direct the Deputy Assistant Secretary for Screening Coordination, Office of Policy, to establish goals and objectives to support its broader strategic framework for harmonization.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Kay Brown
    Phone: (202) 512-7215

    3 open recommendations
    Recommendation: To better ensure FEMA's regional activities effectively support individuals with disabilities, the Secretary of Homeland Security should direct the FEMA Administrator to take steps to establish written procedures for how regions should involve the Office of Disability Integration and Coordination in clarifying disability integration staff's roles, evaluating staff performance, and setting expectations for how staff communicate with headquarters and the regions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA agreed with this recommendation and FEMA's Office of Disability Integration and Coordination is in the process of establishing a working group that will clarify and codify the roles, responsibilities, and expectations among the various agency offices and personnel involved in carrying out the agency's disability integration mission. GAO will monitor the progress of these efforts. FEMA expects to complete these efforts by December 31, 2017. At that time, GAO will await documentation of the agency's procedures for carrying out its disability integration mission.
    Recommendation: To better position FEMA to expand access to key training on incorporating access and functional needs into emergency planning for state, local, and voluntary organization emergency management officials, the Secretary of Homeland Security should direct the FEMA Administrator to evaluate alternative cost-effective methods for delivering its course on access and functional needs, such as via virtual classes.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA agreed with this recommendation and reported that it will explore options for updating one of its existing online courses--IS-368 "Including People with Disabilities and Other with Access and Functional Needs in Disaster Operations"--to tailor the content for a broader audience, including members of the public. The agency also reported that it will evaluate the need for alternative cost-effective methods for delivering other courses on inclusive emergency management it currently offers, such as its classroom course, "Integrating Access and Functional Need into Emergency Planning." The agency anticipates completing these efforts by December 31, 2017. When these efforts are complete, GAO will await documentation that the agency has evaluated its delivery of key training on incorporating access and functional needs into emergency planning.
    Recommendation: To help ensure its key training on incorporating access and functional needs into emergency planning reaches a sufficiently wide audience, the Secretary should direct the FEMA Administrator to collect information about the potential pool of participants, set general goals for the number of state and local emergency managers that will take this course, and implement the delivery methods needed to meet these goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA agreed with this recommendation and reported that it will work with its regional staff to map potential training participants in each state and set goals for delivery of the course to state and local emergency managers. The agency also reported that it may be able to use data in the State Preparedness Report and states' self-reporting on the need for training on integrating the needs of people with access and functional needs into emergency management. GAO will monitor the progress of these efforts. The agency anticipates completing these efforts by December 31, 2017.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    7 open recommendations
    including 2 priority recommendations
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should develop metrics for assessing adherence to applicable principles in carrying out statutorily required functions.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: In January 2018, DHS stated that they are in the process of updating NCCIC Strategic Objectives. In doing so, DHS will determine the applicability of key performance indicators (KPI) and performance targets enabling NCCIC to assess its effectiveness in achieving its mission. The target date for completion of these activities is September 2018.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should establish methods for monitoring the implementation of cybersecurity functions against the principles on an ongoing basis.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: In January 2018, DHS stated that it is in the process of updating NCCIC Strategic Objectives. DHS reported that it will align and verify each of its programs goals and reestablish performance reviews to ensure mission effectiveness. The target date for completion of these activities is September 2018.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should integrate information related to security incidents to provide management with more complete information about NCCIC operations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, DHS stated that it was taking steps to enable the successful implementation of the new National Cyber Incident Scoring Schema (NCISS), which is intended to aid NCCIC Watch Operations in helping facilitate the timely, actionable, and relevant dissemination of information to leadership. In September 2017, DHS provided evidence indicating that the NCISS guidelines were incorporated into the incident reporting systems. Based on the information provided, we plan to validate the extent of implementation through additional observation.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should determine the necessity of reducing, consolidating, or modifying the points of entry used to communicate with NCCIC to better ensure that all incident tickets are logged appropriately.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In January 2018, NCCIC reported collaborating with the Network System Deployment (NSD) on the development and deployment of a Unified Workflow Information System. DHS reported that this system is intended to serve as NCCIC's central data system for stakeholder ticket creation and tracking. We will review the output of Unified Workflow Information System's development process once the system is implemented.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should develop and implement procedures to perform regular reviews of customer information to ensure that it is current and reliable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In January 2018, DHS reported that it has authored and finalized the NCCIC Homeland Security Information Network (HSIN)Community of Interest User Maintenance Standard Operating Procedures (SOP). The SOP indicates that user audits will be conducted on a periodic basis, to determine user activity and whether customer information is valid. DHS also reported that the NCCIC continues to gather requirements and to develop its customer relationship management (CRM) tool that will support regular reviews and updates to customer information. The CRM tool implementation is to be determined.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should take steps to ensure the full representation of the owners and operators of the nation's most critical cyber-dependent infrastructure assets.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In January 2018, DHS reported that the Office of Cybersecurity and Communications (CS&C) has developed a Catalog of CS&C Services as a resource to critical infrastructure partners. This guide is intended to promote NCCIC operational offerings and information sharing programs, as well as incorporate other CS&C programs and services to critical infrastructure owners and operators. However, it is unclear how the services catalog will ensure full representation of the owners and operators of the nation's most critical cyber-dependent infrastructure assets.
    Recommendation: To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, the Secretary of the Department of Homeland Security should establish plans and time frames for consolidating or integrating the legacy networks used by NCCIC analysts to reduce the need for manual data entry.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2017, DHS reported that CS&C had created a draft road map, which included information on DHS enterprise alignment among its components. Related to this enterprise alignment, DHS reported that it continues to develop resource requirements and a proposed schedule for network consolidation.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    2 open recommendations
    Recommendation: The Commandant of the Coast Guard should update Commandant Instruction M6000.1F, Coast Guard Medical Manual, to classify gambling disorder as an addiction and not as an impulse control issue.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: The Commandant of the Coast Guard should update Commandant Instruction M1000.10, Coast Guard Drug and Alcohol Abuse Program, to explicitly include gambling disorder.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To better ensure the effectiveness of CBP's predeparture programs, the Commissioner of U.S. Customs and Border Protection should develop and implement a system of performance measures and baselines to evaluate the effectiveness of CBP's predeparture programs and assess whether the programs are achieving their stated goals.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: U.S. Customs and Border Protection's (CBP) Office of Field Operations (OFO) reported that it established a working group comprised of designated program officials from CBP's Admissibility and Passenger Programs; National Targeting Center; Planning, Program Analysis, and Evaluation; and, Preclearance offices to develop and implement a system of performance measures and baselines to evaluate the effectiveness of CBP's predeparture programs. As of July 2017, CBP reported that the working group had developed three performance measures for its predeparture programs. According to OFO officials, fiscal year 2018 will be the first complete year that each of these measures is calculated using a standardized and repeatable methodology and will thus be used as a baseline year. The baselines developed during fiscal year 2018 will then be used in future assessments of program effectiveness. Specifically, as of May 2018, CBP reported to GAO that it is collecting the fiscal year 2018 data relevant to these measures. To fully address this recommendation to develop and implement performance measures and baselines for evaluating its predeparture programs, GAO will review documentation from CBP, when available, on the fiscal year 2018 baselines and CBP's planned evaluation of fiscal year 2019 data against those baselines.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should strengthen the methodology for calculating recidivism such as by using an alien's apprehension history beyond one fiscal year and excluding aliens for whom there is no record of removal and who may remain in the United States.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: DHS did not concur with this recommendation. DHS noted that the U.S. Customs and Border Protection (CBP) Consequence Delivery System Program Management Office (CDS PMO) uses annual recidivism rate calculations to measure annual change, which is not intended to be, or used, as a performance measure for CDS. We continue to believe that DHS should strengthen its methodology for calculating recidivism. DHS noted in its comments on our report that the recidivism rate is used as a performance measure by U.S. Border Patrol and DHS. Additionally, strengthening the recidivism rate methodology would not preclude its use for CDS as a measure of annual change, and would provide Border Patrol a more complete assessment of the rate of change in recidivism. In January 2018, CDS-PMO officials stated that the office started reporting nationwide the recidivism rates for multiple years to U.S. Border Patrol sectors for situational awareness. However, the methodology for this reported recidivism rate does not exclude aliens for who there is no record of removal. To fully implement this recommendation, DHS needs to further strengthen its recidivism rate methodology by excluding aliens for whom there is no record of removal. Further, DHS needs to demonstrate that it is using this updated methodology on a recurring basis and for CDS performance measurement purposes.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should collect information on reasons agents do not apply the CDS guides' Most Effective and Efficient consequences to assess the extent that agents' application of these consequences can be increased and modify development of CDS guides, as appropriate.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: DHS concurred with this recommendation and stated that each year the Consequence Delivery System Program Management Office (CDS PMO) will interview subject matter experts from each U.S. Border Patrol sector to discuss the situations where the most effective and efficient consequence is not applied to include in the annual development of their CDS guide. The CDS PMO first collected this information during the CDS guide annual development process for fiscal year 2018. According to the CDS PMO, subject matter experts at each sector indicated that the reasons they did not always apply the most effective and efficient consequences related to limitations of federal partner agencies (e.g., subjects did not meet the guidelines for prosecution as determined by the U.S. Attorney's Office). To fully address this recommendation, the CDS PMO needs to demonstrate that it has institutionalized this process by implementing it for consecutive years.
    Recommendation: To better inform on the effectiveness of CDS implementation and border security efforts, the Chief of Border Patrol should revise CDS guidance to ensure consistent and accurate methodologies for estimating Border Patrol costs across consequences and to factor in, where appropriate and available, the relative costs of any federal partner resources necessary to implement each consequence.

    Agency: Department of Homeland Security: United States Customs and Border Protection: Office of the Commissioner: U.S. Border Patrol
    Status: Open

    Comments: DHS concurred with this recommendation. In March 2017, U.S. Border Patrol revised its Consequence Delivery System Program Management Office (CDS PMO) cost estimating guide. For example, consistent with our recommendation, the guide advises sectors on how to calculate the annual salary of each agent or non-agent by job series or rank. However, in contrast to our recommendation that the guidance ensure consideration of relative costs to federal partner resources where appropriate and available, the guide instructs the sectors to not factor costs attributable to post-apprehension activities, which are activities associated with federal partners such as U.S. Immigration and Customs Enforcement and U.S. Marshals Service. In April 2018, CDS PMO officials stated that they have used some of GAO's cost estimates reported in GAO-17-66 as examples of federal partner costs, but did not specify how exactly they applied these estimates. To fully address this recommendation, CDS PMO should include in its guide language that sectors estimate the relative costs of any federal partners where appropriate and available, including estimates beyond what GAO reported in January 2017. Or, if CDS PMO has concluded that factoring in relative costs of partner resources is not appropriate or such costs are not available, CDS PMO should provide evidence supporting its determination.
    Recommendation: The Secretary of Homeland Security should direct the Assistant Secretary of Immigration and Customs Enforcement and Commissioner of Customs and Border Protection to collaborate on sharing immigration enforcement and removal data to help Border Patrol account for the removal status of apprehended aliens in its recidivism rate measure.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with the recommendation. In May 2017, U.S Immigration and Customs Enforcement's (ICE) Enforcement and Removal Operations directorate provided immigration enforcement and removal data on a one-time basis to U.S. Customs and Border Protection's U.S. Border Patrol. In March 2018, U.S. Border Patrol officials requested that ICE provide these data on a quarterly basis. In April 2018, ICE agreed and reported that it was collaborating with U.S. Border Patrol to determine parameters for this data sharing. To fully implement this recommendation, ICE and U.S. Border Patrol need to implement their plans to share the data on a recurring basis.
    Director: Tim Persons
    Phone: (202) 512-6412

    1 open recommendations
    Recommendation: The Secretary of Homeland Security--in consultation with the Federal Bureau of Investigation--should conduct a formal bioforensics capability gap analysis to identify scientific and technical gaps and needs in bioforensics capabilities to help guide current and future bioforensics investments and update its analysis periodically.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Alicia Puente Cackley
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To improve the transparency and accountability over the compensation paid to WYO companies and set appropriate compensation rates, the FEMA administrator should take into account WYO company characteristics that may impact companies' expenses and profits when developing the new compensation methodology and rates.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: According to FEMA officials, FEMA is responding to this recommendation as part of its development of a final rule on WYO compensation practices, required by the Biggert-Waters Act.
    Director: David Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Homeland Security should direct the department's CIO to identify one high-cost function it could collect detailed cost, technical, and business information for and modify existing processes to collect and review this information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the department reported that it had identified e-mail as a high cost function, and that it would begin modifying existing processes to collect and review cost, technical, and business information. The agency expects to complete the effort in 2017. We plan to continue to monitor the department's efforts.
    Director: Currie, Christopher P
    Phone: (202) 512-8777

    2 open recommendations
    Recommendation: To better assess the impact of the fire grants program, the Secretary of Homeland Security should direct the FEMA Administrator to establish measurable performance targets linked to AFG and SAFER program goals, such as the desired percentage of awardees who used grants to achieve compliance with equipment standards.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, in January 2018 FEMA provided us with a draft of their Fiscal Year 2017 Assistance to Firefighters Grant (AFG) Annual Report to Congress. This draft contains measurable performance targets for AFG program metrics. The Fiscal Year 2017 draft report features comparisons of targets metrics against actual results from completed grant projects. According to FEMA, this enables the agency to better measure outcomes and assesses trends in program performance over time. However, the Fiscal Year 2017 draft report does not contain similar measures for the Staffing for Adequate Fire and Emergency Response (SAFER) program. According to officials, there is no longer a requirement to report SAFER measures to Congress. FEMA's Grant Programs Directorate are collecting this information internally for program management purposes, and are assessing the extent such performance measures are needed going forward. We believe maintaining such performance measures could enhance the quality and utility of FEMA's performance assessments and provide stakeholders a yardstick against which the national investments in the programs can be evaluated.
    Recommendation: To enhance FEMA's efforts to assess and integrate the fire grant programs' contributions to national preparedness, the Secretary of Homeland Security should direct the FEMA Administrator to use the National Preparedness Goal's definition of critical infrastructure as the basis of collecting information from applicants and using the National Critical Infrastructure Prioritization Program list to measure fire grant programs' performance in addressing national priorities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, in January 2018 FEMA provided us with a draft of their Fiscal Year 2017 Assistance to Firefighters Grant (AFG) Annual Report to Congress. The Fiscal Year 2017 draft anticipates reporting on the percentage of grantee organizations located within a 5- and 10-mile radius of a critical infrastructure buffer, as defined by the classified National Critical Infrastructure Protection Program list. Once FEMA is able to report on the percentages, we believed using this measure could enhance FEMA's efforts to assess and integrate the fire grant programs' contributions to national preparedness.
    Director: Jenny Grover
    Phone: (202) 512-7141

    3 open recommendations
    Recommendation: To ensure effective evaluation of air marshal training, the TSA Administrator should direct OTD to implement a mechanism for regularly collecting and incorporating incumbent air marshals' feedback on the training they receive from field office programs.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In September 2016, we reported that the Transportation Security Administration (TSA) conducted surveys to obtain feedback from air marshal candidates and newly graduated air marshals on the effectiveness of their training, but did not systematically collect training feedback from incumbent air marshals on field-based training. We recommended that TSA's Office of Training and Development implement a mechanism for regularly collecting and incorporating incumbent air marshals' feedback on the training they receive from field office programs. In July 2017, TSA reported that its Office of Training and Development developed a survey (Field Office Recurrent Training Survey) that is intended to measure the effectiveness of FAMS training curriculum, field office training personnel, and training facilities. Additionally, in November 2016, TSA resumed the field office training assessments to evaluate field office training programs and their instructors. As part of these assessments, TSA sends surveys to supervisors and air marshals in the field with questions on the effectiveness of the field office's training program. To fully address this recommendation, TSA should also incorporate incumbent air marshals' feedback on the recurrent training they receive in the field.
    Recommendation: To ensure effective evaluation of air marshal training, the TSA Administrator should direct OTD to take additional steps to improve the response rates of the training surveys it conducts.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In September 2016, we reported that the response rates for federal air marshals training surveys were consistently low. The Transportation Security Administration (TSA) uses the survey results to identify training gaps and determine how to appropriately address them. We recommended that TSA take additional steps to improve the response rates of the surveys it conducts. In response to our recommendation, TSA's Office of Training and Development added the training surveys to the On-line Learning Center, which provides a tracking mechanism for program managers to ensure that personnel complete the surveys. In July 2017, TSA reported that the first class of air marshals to graduate from the new hire training and their supervisors would not receive the training surveys until sometime between April and June 2017. GAO will review documentation from TSA, when available, on the response rates for surveys administered in 2017 and 2018.
    Recommendation: To provide reasonable assurance that air marshals are complying with recurrent training requirements and have the capability to carry out FAMS's mission, the TSA Administrator should direct FAMS to develop and implement standardized methods, such as examinations and checklists, for determining whether incumbent air marshals continue to be mission ready in key skills.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In September 2016, we reported that the Federal Air Marshal Service (FAMS) requires incumbent air marshals to demonstrate their proficiency in marksmanship by achieving a minimum score on the practice pistol course every quarter; however, for the remaining recurrent training courses, FAMS does not assess air marshals' knowledge or performance against a similarly identified level of proficiency. As a result, we recommended that the Transportation Security Administration (TSA) develop and implement standardized methods, such as examinations and checklists, for determining whether air marshals continue to be mission ready in key skills. In July 2017, TSA reported that an Integrated Project Team convened in the summer of 2016 to develop a mission ready assessment measure for incumbent air marshals. In response to the team's recommendations, TSA's Office of Training and Development senior leadership requested that the team continue their work, including benchmarking against other agencies. TSA anticipated that the project team would reconvene at the end of fiscal year 2017. GAO will review documentation from TSA, when available, on the Integrated Project Team's recent efforts. To fully address our recommendation, TSA should develop and implement standardized methods for determining whether air marshals continue to be mission ready.
    Director: Seto Bagdoyan
    Phone: (202) 512-6722

    1 open recommendations
    Recommendation: To strengthen USCIS's EB-5 Program fraud risk management, the Director of USCIS should develop a fraud risk profile that aligns with leading practices identified in GAO's Fraud Risk Framework.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In November 2016, Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS)stated that the program would implement GAO's recommendation to develop a fraud risk profile and anticipated completion by September 30, 2017. In April 2017, USCIS provided an update including supporting documentation which reported that USCIS had contracted with an outside consultant to, among other things, develop a fraud risk profile that aligns with leading practices identified in GAO's Fraud Risk Framework. In January 2018, USCIS provided another update and stated that the expected completion date had been moved to June 2018.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: If DHS's proposed CBRNE program consolidation is approved by Congress, the Secretary of Homeland Security should direct the Assistant Secretary for the Office of Policy to use, where appropriate, the key mergers and organizational transformation practices identified in our previous work to help ensure that a CBRNE consolidated office benefits from lessons learned from other organizational transformations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We found that key mergers and organizational transformation practices identified in previous GAO work could benefit the Department of Homeland Security (DHS) if Congress approves the proposed CBRNE consolidation. As a result, we recommended that should Congress approve DHS's CBRNE consolidation plan, the department use key mergers and organizational transformation practices identified in previous GAO work. In an October 2017 memorandum to Congress, DHS announced its intention to proceed with CBRNE consolidation and to consult with Congress on authorizations needed to fully implement the changes. In its memo, DHS stated that it remained committed to evaluating GAO's identified practices when implementing the consolidation. We will update the status of this recommendation as additional information is made available.
    Director: Fennell, Anne-marie Lasowski
    Phone: (202) 512-3841

    1 open recommendations
    Recommendation: To help ensure that the Corps and FEMA carry out the national leveesafety- related activities required in the Water Resources Reform and Development Act of 2014, the Secretary of Defense should direct the Secretary of the Army to direct the Chief of Engineers and Commanding General of the U.S. Army Corps of Engineers and that the Secretary of Homeland Security direct the FEMA Administrator to develop a plan, with milestones, for implementing these activities, using existing resources or requesting additional resources as needed. This plan could be posted on the Corps' website and monitored for progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2018, GAO is assessing the actions taken by the agency to implement this recommendation.
    Director: Andrew Von Ah
    Phone: (213) 830-1011

    4 open recommendations
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to document the processes and analyses for assessing and, as appropriate, for managing the difference between program costs and collections and document resulting decisions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2017, DHS established cost recovery guidance in coordination with the DHS Fee Governance Council and relevant DHS components. Consistent with our recommendation, the guidance documents processes for managing the difference between program costs and collections. For example, the guidance directs that if a fee is set at a rate that does not achieve full cost recovery, DHS components must provide an explanation for the difference and recommendation for adjusting the fee(s), as well as document any reasons for not pursuing the recommended actions. Additionally, the guidance requires that the Fee Governance Council hold a biennial meeting to discuss any fees that do not achieve full cost recovery and to discuss best practices, lessons-learned, and challenges. To fully implement this recommendation, DHS needs to demonstrate that the department and its components have implemented the cost recovery guidance.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to establish processes for managing unobligated carryover balances, to include targets for minimum and maximum balances for programs that lack such processes and targets.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2017, DHS established guidance for carryover balances for fee accounts in coordination with the DHS Fee Governance Council and relevant DHS components. This guidance contains processes for managing unobligated carryover balances, including setting targets for minimum and maximum balances. For example, the guidance directs that for fee accounts where revenue is specifically associated with processing a given workload, the maximum carryover balance target should be sufficient to cover the essential spending that is required to complete the processing and delivery of the pending workload. To fully implement this recommendation, DHS needs to demonstrate that the department and its components have implemented the guidance for carryover balances for fee accounts.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to conduct reviews to identify any management and operational deficiencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2017, DHS established guidance on biennial fee reviews in coordination with the DHS Fee Governance Council and relevant DHS components. This guidance requires that each component complete a biennial fee review for all programs for which it has been granted fee authority to determine whether changes to existing fee levels are required, determine whether new fees need to be established, and to identify any management and operational deficiencies. The guidance states that components were to develop and implement procedures and internal controls to comply with the guidance by December 1, 2017. To fully implement our recommendation, DHS must demonstrate that components have implemented the guidance and are conducting biennial fee reviews accordingly to identify any management and operational deficiencies.
    Recommendation: To ensure effective management and oversight of DHS programs receiving fees and other collections, and to ensure that component management take the following actions for each fee and other collections program that they administer, the Secretary of Homeland Security should direct the DHS Chief Financial Officer to use some means, such as the DHS Fee Governance Council, to take action to track and report on management and operational deficiencies--including reasons supporting any decisions to not pursue recommended actions--identified in fee reviews or through other means.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2017, DHS established guidance on biennial fee reviews that requires that each component complete a biennial fee review for all programs for which it has been granted fee authority. Consistent with our recommendation, the guidance requires the DHS Office of Chief Financial Officer to then compile, assess, and report on the components' reviews, deficiencies, and any resulting recommendations the components made. Additionally, the guidance requires that the Office of Chief Financial Officer and component Chief Financial Officers take necessary steps to implement the recommendations and track and report on the progress of deficiencies and recommendations. Component Chief Financial Officers are to provide quarterly updates to the Office of Chief Financial Officer on all outstanding deficiencies and recommendations until they are closed. To fully implement our recommendation, DHS needs to demonstrate that the Office of Chief Financial Officer and component Chief Financial Officers have implemented the guidance and are tracking and reporting on management and operational deficiencies-including reasons supporting any decisions to not pursue recommended actions.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To improve the effectiveness, transparency, and accountability of the ECPC's efforts, the Secretary of Homeland Security, as the administrative leader of the ECPC, should establish a mechanism to track progress by the ECPC's member agencies in implementing the ECPC's recommendations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions DHS has taken in response to this recommendation, we will provide updated information.
    Director: Kimberly M. Gianopoulos
    Phone: (202) 512-8612

    3 open recommendations
    including 3 priority recommendations
    Recommendation: To better manage the AD/CV duty liquidation process, CBP should issue guidance directing the Antidumping and Countervailing Duty Centralization Team to (a) collect and analyze data on a regular basis to identify and address the causes of liquidations that occur contrary to the process or outside the 6-month time frame mandated by statute, (b) track progress on reducing such liquidations, and (c) report on any effects these liquidations may have on revenue.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: CBP concurred with this recommendation and said it would take steps to implement it. As of December 2017, CBP had issued guidance to its Centers for Excellence and Expertise (Centers) requiring them to calculate the revenue implication of liquidations that occur outside the 6 month time frame mandated by statute. CBP's 2017 self-inspection program found that the rate of compliance to liquidate AD/CV duty entries in a timely manner declined from 89 percent in 2016 to 50 percent in 2017 after improving from about 76 percent in 2015. CBP attributed a number of factors for the decline, including a lack of oversight and staff knowledge of AD/CV duty policies and procedures. The self inspection report indicated that CBP staff were not consistently using a data-management portal that could facilitate CBP's ability to avoid these untimely liquidations. In October 2017, CBP issued updated guidance that places primary responsibility for identifying and liquidating AD/CV duty entries on the Centers. CBP's updated guidance requires the use of processing and oversight reports within CBP's Automated Commercial Environment to manage AD/CV duty liquidation processing in place of the data management portal. CBP said that that these changes will make the processing of AD/CV duties more efficient and accurate. In November 2017 CBP conducted a national webinar for the Centers and port of entry staff that process AD/CV duty entries. As of December, 2017, CBP was in the process of producing an on-demand video covering a variety of AD/CV duty topics. To fully implement this action, CBP needs to collect and analyze data on a regular basis to identify and address the causes of these liquidations in order to reduce revenue loss.
    Recommendation: To improve risk management in the collection of AD/CV duties and to identify new or changing risks, CBP should regularly conduct a comprehensive risk analysis that assesses both the likelihood and the significance of risk factors related to AD/CV duty collection. For example, CBP could construct statistical models that explore the associations between potential risk factors and both the probability of nonpayment and the size of nonpayment when it occurs.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: CBP concurred with this recommendation and said it would take steps to implement it. As of December 2017, CBP was taking steps so it could conduct the type of risk analysis GAO recommended in July 2016. CBP had created a base model and was taking steps to add to the model's existing data sets with data that are more recent in time and larger in scope. This will enable CBP to have a more informed analysis and to test additional risk factors for significance. CBP expects to complete this process by the end of March, 2018. CBP officials said that full implementation of the model will not take place until the end of fiscal year 2018 due to the complexity of the project, which among other things, will require them to automate the process of incorporating additional risk factor data into the model. Regularly conducting a comprehensive risk analysis of factors related to AD/CV duty non-collection could enhance CBP's capacity to collect additional revenue. For example, according to CBP officials, it could be used be used to assess a requirement for additional security in the form of bonds as part of an enhanced bonding requirement if carefully tailored in order to avoid a legal challenge.
    Recommendation: To improve risk management in the collection of AD/CV duties, CBP should, consistent with U.S. law and international obligations, take steps to use its data and risk assessment strategically to mitigate AD/CV duty nonpayment, such as by using predictive risk analysis to identify entries that pose heightened risk and taking appropriate action to mitigate the risk.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: CBP concurred with this recommendation and said it would take steps to implement it. As of December 2017, CBP has partially addressed this recommendation. CBP has discussed several options with the Commercial Customs Operations Advisory Committee to help mitigate the risk of nonpayment, including monitoring the extent to which accumulated AD/CV duties can be paid for using corresponding bonds. However, further steps cannot be taken until CBP completes its risk model. The model will use predictive risk analysis to identify entries that pose a heightened risk of nonpayment and take appropriate action to mitigate the risk. Developing a risk analysis model to use in mitigating AD/CV duty nonpayment could enhance CBP's capacity to collect additional revenue. For example, according to CBP officials, it could be used to assess a requirement for additional security in the form of bonds as part of an enhanced bonding requirement if carefully tailored to avoid a legal challenge.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To help ensure that whistleblower retaliation reports are addressed efficiently and effectively, the Secretary of Homeland Security should direct the Under Secretary of DHS's National Protection and Programs Directorate's (NPPD), the Assistant Secretary for Infrastructure Protection, and the Director of the Infrastructure Security Compliance Division (ISCD) to develop a documented process and procedures to address and investigate whistleblower retaliation reports that could include existing practices, such as the Department of Labor's Occupational Safety and Health Administration's recommended practices, in developing the process and procedures.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, in September 2016 they initiated development of a standard operating procedure for addressing and investigating whistleblower retaliation complaints. According to ISCD officials, the procedure will consider OSHA's guidance, once available, when developing this set of procedures. On January 10, 2018, a senior ISCD official stated that the standard operating procedures are to be approved in late winter/early spring 2018. ISCD officials stated that they will provide the standard operating procedures to us for review when they are approved. We will update the status of this recommendation after this additional information is received from DHS.
    Director: Carol C. Harris
    Phone: (202) 512-4456

    8 open recommendations
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of the Department of Homeland Security (DHS) should direct the Director of USCIS to direct the USCIS Chief Information Officer (CIO), in coordination with the DHS CIO and the Chief of the Office of Transformation Coordination (OTC), to review and update, as needed, existing policies and guidance and consider additional controls to complete planning for software releases prior to initiating development and ensure software meets business expectations prior to deployment.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, the U.S. Citizenship and Immigration Services (USCIS) within the Department of Homeland Security (DHS) had taken steps to address this recommendation. In particular, in June 2017, USCIS provided an updated policy, dated April 2017, governing planning and deploying software releases. USCIS also demonstrated partial compliance with that policy. For example, it provided some release planning review documentation for recent releases that are required by the updated policy, including readiness review memos for releases 7.2 and 8.1. However, USCIS did not demonstrate that the program responsible for developing the USCIS Electronic Immigration System (USCIS ELIS) was consistently following its updated policy. For example, USCIS did not demonstrate that the program was completing all planning activities prior to initiating development, as called for in its updated policy. Moreover, the agency did not demonstrate compliance with its previous policy for all software releases planned and deployed since our July 2016 report. We will continue to work with USCIS to monitor actions the agency is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to consistently implement the principles of the framework adopted for Agile software development.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software releases, dated April 2017, along with release planning artifacts specific to USCIS ELIS. The updated policy included an appendix devoted to generally accepted agency practices and applying Agile principles in the agency. However, USCIS had not clearly indicated if USCIS ELIS was to implement the practices described in the policy. For example, the updated policy did not require program compliance with the generally accepted agency practices. Moreover, supporting artifacts from the release planning process did not always define a commitment to a particular development methodology or set of development practices. For example, the team process agreements, which describe how members of individual teams will work with each other, did not indicate if developers were to adhere to the practices described in updated USCIS policy. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to define and consistently execute appropriate roles and responsibilities for individuals responsible for development activities consistent with its selected development framework.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in June 2017, USCIS provided updated policy, dated April 2017, governing the development of software releases and release planning artifacts. The updated policy and release documentation defined some roles and responsibilities that were previously only described by USCIS in its informal November 2014 management model, such as the authority and responsibility of a product owner. However, program documentation and policy did not define all of the roles and responsibilities. For example, program documentation and policy did not define the roles and responsibilities of a facilitator, or Scrum Master, which is a position identified in leading practices for software development using Scrum, the development methodology previously identified by the program. In addition, USCIS did not demonstrate that it had defined and committed to an updated development methodology for software releases. Such a defined methodology will impact expectations for the roles and responsibilities in software development. Without such a defined methodology or approach to Agile software development, it is not clear if roles and responsibilities defined by previously documented approach to Agile software development are still applicable for the current development approach. Moreover, documentation associated with program releases and updated policy did not define all of the roles and responsibilities for positions described by USCIS in its May 2017 written response to GAO. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to identify all system users and involve them in release planning activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, DHS and USCIS had not provided information demonstrating that the department has addressed this recommendation. In October 2016, DHS provided a written response stating that the USCIS Office of Information Technology and Office of Transformation Coordination were working closely with the various USCIS directorates to obtain and integrate feedback through regular review sessions with the end users and through additional end user testing. However, as of July 2017, DHS and USCIS have not provided new information about the status of this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to write user stories that identify user roles, include estimates of complexity, take no longer than one sprint to complete, and describe business value.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had provided GAO with documentation intended to demonstrate that the agency had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software releases along with release planning artifacts specific to USCIS ELIS and an Independent Verification and Validation assessment. The agency also provided a series of backlogs that captured user stories for some software releases. In addition, the Independent Verification and Validation assessment indicated that the program was tracking user story quality as part of assessing whether value was continuously discovered and aligned to the mission. However, the assessment report provided to GAO indicated a negative trend for this outcome. Moreover, USCIS policy no longer set expectations regarding user story development. In addition, supporting artifacts from the release planning process did not always define a commitment to a particular development methodology, which is turn impacts the expectations for writing user stories. Finally, backlogs provided by USCIS did not cover all releases in development since our July 2016 report and did not include enough detail to assess all aspects of the user story process (e.g., story size and user involvement). We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To provide reasonable assurance that the program executes Agile software development for USCIS ELIS consistent with its own policies and guidance and follows applicable leading practices, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update, as needed, existing policies and guidance and consider additional controls to monitor program performance and report to appropriate entities through the collection of reliable metrics.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided updated policy governing the development of software that called for teams to prepare an Operations Monitoring Plan or dashboard showing the practices, tools, and measures that will monitor applications in production. The agency also provided a series of documents from internal systems and processes intended to monitor performance, such as a product dashboard for analyzing code quality (i.e., SonarQube) and a report from its Independent Verification and Validation team. However, the program was undergoing a re-baseline and had yet to document updated cost, schedule, and performance expectations against which to monitor. Moreover, the agency did not demonstrate that other metrics, such as customer satisfaction and team velocity, were being reliably collected. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To help manage the USCIS ELIS system, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update existing policies and guidance and consider additional controls to conduct unit and integration, and functional acceptance tests, and code inspection consistent with stated program goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, USCIS had taken steps to address this recommendation. For example, in May 2017, USCIS provided artifacts from internal systems in place to monitor software development performance. These metrics monitored aspects of testing, such as code quality and code coverage. However, the program did not provide an updated Test and Evaluation Master Plan, which is a document it will produce as part of its ongoing effort to re-baseline. A Test and Evaluation Master Plan sets the testing expectations for the program as agreed upon with its stakeholders in DHS and USCIS. The updated plan will provide a basis for further evaluation of the steps DHS and USCIS have taken to address this recommendation. Moreover, the agency did not demonstrate that functional acceptance tests were being conducted in accordance with stated program goals. For example, the agency did not provide acceptance criteria or the associated tests demonstrating that user stories passed the defined acceptance criteria. We will continue to work with USCIS to obtain additional documentation about actions it is taking to address this recommendation.
    Recommendation: To help manage the USCIS ELIS system, the Secretary of DHS should direct the Director of USCIS to direct the USCIS CIO, in coordination with the DHS CIO and the Chief of OTC, to review and update existing policies and guidance and consider additional controls to develop complete test plans and cases for interoperability and end user testing, as defined in the USCIS Transformation Program Test and Evaluation Master Plan, and document the results.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of July 2017, DHS and USCIS had not provided information demonstrating that they had addressed this recommendation. In October 2016, DHS provided a written response indicating that an internal process for revisiting the USCIS ELIS Test and Evaluation Master Plan had been initiated, with participation from all relevant stakeholder groups. A Test and Evaluation Master Plan sets the testing expectations for the program as agreed upon with its stakeholders in DHS and USCIS. The updated plan will provide a basis for further evaluation of the steps DHS and USCIS have taken to address this recommendation. The letter also stated that USCIS had begun to work on a policy for new interoperability test procedures. Moreover, the letter added that end user testing is a continuing activity, including providing feedback of observed issues into the development queue, with the slow launch of the naturalization capabilities in USCIS ELIS being a model. However, as of July 2017, DHS and USCIS had not provided new information about the status of this recommendation. We will continue to work with DHS and USCIS to obtain additional documentation about actions they are taking to address this recommendation.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To better position the Coast Guard to effectively plan its Arctic operations, the Commandant of the Coast Guard should develop measures, as appropriate, for gauging how the agency's actions have helped to mitigate the Arctic capability gaps.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2016, we reviewed and reported on the U.S. Coast Guard's efforts in the Arctic. We found that the Coast Guard had taken actions to implement its Arctic strategy and conduct Arctic operations, which may help the Coast Guard to better understand and mitigate identified Arctic capability gaps. Further, we found that the Coast Guard was tracking, or had plans to track, its various activities in the Arctic, but that it had not developed measures to systematically assess how its actions have helped to mitigate Arctic capability gaps. We recommended that the Coast Guard develop measures, as appropriate, for gauging how the agency's actions have helped to mitigate the Arctic capability gaps. In response to our recommendation, in August 2016, the Coast Guard reported that specific measures for some activities would be developed and included as part of the Coast Guard's update to its implementation plan for its Arctic strategy. In March 2017, the Coast Guard reported that it completed an annual review of its implementation plan in January 2017. However, officials stated that technology updates and modifications to its tracking tool are required to better represent the completion percentage. To fully address this recommendation, the Coast Guard will need to finalize the development of its measures to gauge how its actions have helped to mitigate Arctic capability gaps.
    Recommendation: To better position the Coast Guard to effectively plan its Arctic operations, the Commandant of the Coast Guard should design and implement a process to systematically assess the extent to which actions taken agency-wide have helped mitigate the Arctic capability gaps for which it has responsibility.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In June 2016, we reviewed and reported on the U.S. Coast Guard's efforts in the Arctic. We found that the Coast Guard had taken actions to implement its Arctic strategy and conduct Arctic operations, which may help the Coast Guard to better understand and mitigate identified Arctic capability gaps. Further, we found that the Coast Guard was tracking, or had plans to track, its various activities in the Arctic, but that it had not systematically assessed how its actions have helped to mitigate Arctic capability gaps. We recommended that the Coast Guard design and implement a process to systematically assess the extent to which actions taken agency-wide have helped mitigate the Arctic capability gaps for which it has responsibility, so that it will better understand the status of these gaps and be better positioned to effectively plan its Arctic operations. In August 2016, the Coast Guard reported that through its annual review of its implementation plan for its Arctic Strategy, that it will systematically assess how its actions have mitigated capability gaps for which it is the lead agency under the Implementation Framework for the National Strategy for the Arctic Region. In March 2017, the Coast Guard reported that it completed an annual review of its implementation plan in January 2017 which resulted in the consolidation, removal, and addition of Arctic initiatives. Further, officials stated that the Coast Guard will continue to work with the Arctic Executive Steering Committee to provide information for the tracking and measurement of national capabilities, needs and gaps, and impacts in the Arctic Region. To fully address this recommendation, the Coast Guard will need to assess how its actions have helped to mitigate Arctic capability gaps, and provide documentation that identifies the progress it has made in helping to mitigate Arctic capability gaps.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    2 open recommendations
    Recommendation: To better ensure that FAMS uses its resources to cover the highest-risk flights, in addition to considering risk when determining how to divide FAMS's international flight coverage resources among international destinations, the Director of FAMS should incorporate risk into FAMS's method for initially setting its annual target numbers of average daily international and domestic flights to cover.

    Agency: Department of Homeland Security: Transportation Security Administration: Office of Law Enforcement - Federal Air Marshal Service
    Status: Open

    Comments: In May 2016, we found that FAMS officials considered risk when selecting specific domestic and international flights to cover, but they did not consider risk when deciding how to initially divide their annual resources between domestic and international flights. Rather, each year FAMS considered two variables--travel budget and number of air marshals--to identify the most efficient way to divide the agency's resources between domestic and international flights. As a result, we recommended that FAMS incorporate risk into FAMS's method for initially setting its annual target numbers of average daily international and domestic flights to cover. In March 2017, TSA officials reported that FAMS was continuing to identify ways to refine the methodology FAMS uses to allocate resources between international and domestic flights. Specifically, TSA officials noted that FAMS was considering ways to incorporate information on the travel patterns of known or suspected terrorists, trends in TSA PreCheck passenger data, airport screening capabilities, and other factors. FAMS officials also reported that, as part of this effort, they were reviewing their International Concept of Operations. It is unclear how these steps will address the recommendation. To fully address this recommendation, FAMS should incorporate risk into its method for initially setting its annual target numbers of average daily international and domestic flights to cover.
    Recommendation: To better ensure that FAMS uses its resources to cover the highest-risk flights, the Director of FAMS should conduct and document a risk assessment--systematically collecting information on and assigning value to current risks--to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas.

    Agency: Department of Homeland Security: Transportation Security Administration: Office of Law Enforcement - Federal Air Marshal Service
    Status: Open

    Comments: In May 2016, we reported that FAMS's choice of domestic geographic focus areas and resource allocation levels were based on professional judgment, not risk assessment. With regard to the geographic focus areas, for example, FAMS officials explained that they did not conduct a risk assessment to inform this decision, but rather selected these areas in consultation with 30 subject matter experts from various offices within TSA based on their intuitive, qualitative perceptions of threats, vulnerabilities, potential impacts, history, and the demographics of the areas. Without fully incorporating risk when determining such priorities, FAMS cannot reasonably ensure it is targeting its resources to the highest-risk flights. As a result, we recommended that FAMS conduct and document a risk assessment--systematically collecting information on and assigning value to current risks--to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas. In March 2017, TSA officials explained that they were continuing to develop their "risk-by-flight" initiative--a long-term effort to develop a method of assigning each domestic flight a relative risk score to assist in identifying high-risk flights. At the time of our report in 2016, FAMS officials estimated that the risk-by-flight tool would probably be ready for use within 7 to 10 years. In March 2017, TSA officials stated that they had developed a prototype Risk-Based Resource Deployment Decision Aid, which they refer to as R2D2. TSA officials further reported that the DHS Science and Technology Directorate had contracted for the development of a risk engine--based on the R2D2 data--to assign risk values to all U.S.-carrier domestic and international flights. TSA officials reported that this contract runs through early 2018. To fully address this recommendation, FAMS should conduct and document a risk assessment to further support FAMS's domestic resource allocation decisions, including the identification of high-priority geographic areas.
    Director: Jennifer Grover
    Phone: (202) 512-7141

    3 open recommendations
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should update the Risk Assessment of Airport Security to reflect changes to its risk environment, such as those updates reflected in Transportation Sector Security Risk Assessment (TSSRA) and JVA findings, and share results of this risk assessment with stakeholders on an ongoing basis.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In May 2016, we reported that the Transportation Security Administration (TSA) had made progress in assessing all three components of risk-threat, vulnerability, and consequence-by, among other things, developing its Comprehensive Risk Assessment of Perimeter and Access Control Security (Risk Assessment of Airport Security). However, we found that TSA had not updated this assessment to reflect changes in the air security risk environment nor had it identified timeframes for doing so. Consequently, we recommended that TSA update the Risk Assessment of Airport Security to reflect changes to its risk environment. In November 2016, TSA issued a memo identifying time frames and processes for updating the Risk Assessment. Specifically, the agency stated that it would update the Risk Assessment every 3 to 5 years, depending on the availability of supporting data. According to TSA, 3 years is the minimum time frame needed to collect full assessment data across all airports and to begin identifying trends and patterns of risk within civil aviation security, to produce an updated Risk Assessment. If additional information from the Transportation Sector Security Risk Assessment (TSSRA) or from Special Emphasis Inspections is required, additional time may be required to develop the Risk Assessment. In August 2017, TSA reported that it was identifying the necessary internal stakeholders from relevant offices to form a working group which, when formed, is to begin outlining and planning updates to the Risk Assessment of Airport Security. According to TSA, the update is to reflect refinements intended to address, among other things, the insider threat-the potential of rogue aviation workers exploiting their credentials, access, and knowledge of security procedures for throughout the airport for personal gain or to inflict damage. TSA estimates that the process to update the Risk Assessment of Airport Security will take 12 months.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should develop and implement a method for conducting a system-wide assessment of airport vulnerability that will provide a more comprehensive understanding of airport perimeter and access control security vulnerabilities.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In May 2016, we reported that the Transportation Security Administration (TSA) had not comprehensively assessed the vulnerability of airports system-wide through its joint vulnerability assessment (JVA) process-its primary measure for assessing vulnerability at commercial airports-and recommended that TSA develop and implement a method for conducting a system-wide assessment of airport vulnerability. In response, TSA stated that it was limited in the number of JVAs it could conduct because of resource constraints. As of January 2018, TSA reported it was restructuring its risk-based airport vulnerability assessment efforts to focus on outcome-focused compliance through additional data analysis and greater collaboration between the agency and regulated entities. TSA expects these efforts to result in, among other things, a revised Voluntary Disclosure Program, regulated entity self-audits, and joint testing. TSA also stated that it will use its Advanced Threat Local Allocation Strategy (ATLAS) program, launched in October 2017, to better direct TSA resources to areas of identified risk within regulated airports. According to TSA, ATLAS uses data from various sources to identify potentially vulnerable public and secured areas in an airport and to direct TSA screening assets to those areas to conduct random, unpredictable, and intelligence-drive airport worker screening activities. ATLAS is scheduled to be implemented at 118 airports by May 2018. TSA estimates it will complete efforts to address this recommendation by Sept. 30, 2018.
    Recommendation: To help ensure TSA's actions in overseeing and facilitating airport security are based on the most recent available risk information that assesses vulnerabilities system-wide and evaluates security events, and that these actions are orchestrated according to a strategic plan that reflects the agency's goals and objectives and its progress in meeting those goals, the Administrator of TSA should update the 2012 Strategy for airport security to reflect changes in risk assessments, agency operations, and the status of goals and objectives. Specifically, this update should reflect: (1) information from the Risk Assessment of Airport Security, as well as information contained in the most recent TSSRA and JVAs; (2) new airport security-related activities; (3) the status of TSA efforts to address goals and objectives; and (4) finalized outcome-based performance measures and performance levels--or targets--for each relevant activity and strategic goal.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In May 2016, we reported that the Transportation Security Administration (TSA) had not updated its National Strategy for Airport Perimeter and Access Control Security (Strategy) to reflect actions it has subsequently taken to assess the airport security risk environment, oversee and facility airport security, and address Strategy goals and objectives. In November 2016, TSA reported establishing a working group to begin the process of updating the Strategy and to compare the 2012 Strategy to TSA's operating environment. In November 2016, TSA provided a memo identifying time frames and processes for updating the Strategy every 3 to 5 years, contingent on updates to the Comprehensive Risk Assessment of Perimeter and Access Control Security (Risk Assessment of Airport Security), which is key to informing the Strategy. In August 2017, TSA completed an interim update to the Strategy, which identifies, among other things: goals and objectives for detecting, preventing, deterring, and responding to security breaches; draft performance measures; applicable TSA programs and activities, including those involving other government agencies and industry; risk environment; estimates of related TSA security costs; and potential challenges to ensuring airport perimeter and access control security. According to TSA officials, once the Risk Assessment of Airport Security is completed-scheduled for late summer of 2018-they will update the Strategy as necessary to reflect changes in risk.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To enhance the monitoring of holding facilities, the Secretary of Homeland Security should direct Border Patrol and ICE to develop and implement a process to assess their time in custody data for all individuals in holding facilities, including: (1) identifying and addressing potential data quality issues; and (2) identifying cases where time in custody exceeded guidelines and assessing the factors impacting time in custody.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To strengthen the transparency of the complaints process, the Secretary of Homeland Security should direct CBP and ICE to develop and issue guidance on how and which complaint mechanisms should be communicated to individuals in custody at holding facilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To facilitate the tracking of holding facility complaints, the Secretary of Homeland Security should include a classification code in all complaint tracking systems related to DHS holding facilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To provide useful information for compliance monitoring, the Secretary of Homeland Security should direct CBP and ICE to develop and implement a process for analyzing trends related to holding facility complaints across their respective component.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michelle Sager
    Phone: (202) 512-6806

    4 open recommendations
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to conduct a systematic analysis of the information generated from FEMA's readiness assessments to determine the extent of regional office efforts to help states implement the NDRF, including conducting education and outreach.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, its Office of Readiness Assessment (ORA) launched the 2016 bi-annual FEMA Readiness Assessment Program in April 2016, which includes NDRF related assessment discussions in five FEMA regions. We met with officials in April 2017, who told us that ORA plans to incorporate into this year's assessments, a retrospective review of NDRF findings and progress made in implementing the NDRF since 2013. In July 2017, FEMA told us they are coordinating classes focused on the NDRF in which participants from the private sector, state and county governments, and state and county emergency management officials work with various federal agency personnel to share best practices and lessons learned from previous disasters. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to develop best practices and lessons learned with regard to conducting NDRF education and outreach to states based on the analysis of readiness assessments and create a mechanism to disseminate and share those best practices and lessons learned to FEMA regional offices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, its Recovery Support Function Leadership Group initiated an information management workgroup, which shares best practices information as one of its objectives. The workgroup has piloted the use of an existing interagency portal as a potential platform for improved information sharing. We met with officials in April 2017, who told us that FEMA will incorporate its 2016 readiness review findings and best practices from regional Federal Disaster Recovery Coordinators for stakeholder outreach and education into the final platform build-out. In July 2017, FEMA told us they continue to populate their document library with lessons learned and best practices as well as work on training and outreach to local and state authorities regarding where they can obtain NDRF educational materials. FEMA states they are working to provide an integrated system for dissemination of best practices and lessons learned to FEMA regional offices. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to clarify with regional offices and Federal Disaster Recovery Coordinators (FDRCs) the role of the regional implementation plans in FDRC performance plans and how they will be used to assess NDRF regional implementation efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, to achieve greater integration of FEMA's field leadership components, FEMA's Field Operations Directorate (FOD) convened a Field Leadership Working Group of senior subject matter experts to conduct a mission analysis of FEMA's Field Leadership function (which includes Federal Disaster Recovery Coordinators as well as Federal Coordinating Officers and Incident Management Assistance Teams team leads). According to FEMA, the Working Group was preparing a Field Leader Manual for review by FOD leadership. However, in November 2017, FEMA informed us that as a result of record deployments of to support Hurricanes Harvey, Irma, and Maria, FEMA senior leadership will reevaluate the Field Leader Manual. According to FEMA, they have begun conducting various after action activities to better understand all aspects of the FEMA's field leadership, including their management, training, recruitment and retention. In February 2018, FEMA told us that they are waiting on the finalization of the Field Leader Directive before beginning the final review of the Field Leader Manual. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Recommendation: To enable a more effective approach in working with states to adopt the NDRF, the Secretary of Homeland Security should direct the Administrator of FEMA to align the annual FDRC performance expectations with clearly defined organizational goals and priorities, consistent with key management practices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and said it would take steps to implement it. According to FEMA, the Field Leadership Working Group will implement the elements of this recommendation alongside efforts to clarify the role of the regional National Disaster Recovery Framework implementation plans. In November 2017, FEMA informed us that as a result of record deployments of to support Hurricanes Harvey, Irma, and Maria, FEMA senior leadership will reevaluate the Field Leader Manual. According to FEMA, they have begun conducting various after action activities to better understand all aspects of the FEMA's field leadership, including their management, training, recruitment and retention. In February 2018, FEMA told us that they are waiting on the finalization of the Field Leader Directive before beginning the final review of the Field Leader Manual. We will continue to monitor this to see what additional actions the agency takes in response to this recommendation.
    Director: David A. Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: To address obsolete IT investments in need of modernization or replacement, the Secretaries of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, State, the Treasury, Transportation, and Veterans Affairs; the Attorney General; and the Commissioner of Social Security should direct their respective agency CIOs to identify and plan to modernize or replace legacy systems as needed and consistent with OMB's draft guidance, including time frames, activities to be performed, and functions to be replaced or enhanced.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The agency agreed with the recommendation and in an March 2018 update stated that their implementation of the recommendation depended on OMB issuing their draft guidance on legacy systems. While OMB has not yet issued its guidance on legacy systems, its report to the President and high value asset memo (M-17-09) include similar requirements. As such, we continue to believe that agencies should identify and plan to modernize or replace legacy systems, including time frames, activities to be performed, and functions to be replaced or enhanced. We will continue to monitor the implementation of this recommendation.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    3 open recommendations
    Recommendation: To improve transparency in allocating its limited resources, and to help ensure that its resource allocation decisions are the most effective ones for fulfilling its missions given existing risks, the Commandant of the Coast Guard should document how the risk assessments conducted were used to inform and support its annual asset allocation decisions.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: On December 14, 2016, the Coast Guard noted that the FY 2017 Strategic Planning Direction (SPD) was issued, which addresses GAO's recommendation and requested closure of this recommendation. However, in reviewing the SPD, it was not clear how asset allocations were changed to reflect actual asset performance by the field units. GAO asked for further details. In February 2018, the Coast Guard liaison stated that Coast Guard management made a decision to not to address this recommendation within the annual Strategic Planning Direction (SPD) or Operational Planning Direction (OPD) products as previously planned, but rather within the Standard Operational Planning Process/Global Force Management Process Guide. The liaison further stated that both of these documents are currently under revision and expected to be completed by March 31, 2018, and that copies of the documents will be provided to GAO once completed.
    Recommendation: To ensure that high priority mission activities are fully supported with the appropriate number of staff possessing the requisite mix of skills and abilities, the Commandant of the Coast Guard should develop a systematic process that prioritizes manpower requirements analyses for units that are the most critical for achieving mission needs.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: On December 14, 2016, the Coast Guard noted that it submitted two FY 2019 Resource Proposals to staff and equip the Manpower Requirements Determination Division to conduct the analysis as described in the recommendation. In April, 2016, the Coast Guard liaison stated that, resources permitting, the Coast Guard is to address the following steps: (1) Validate the "unit-type" list so that it encompasses the vast majority of active duty and civilian billets in a logical framework that can be readily analyzed, review/update the list as changes (e.g., asset mix, organizations) occur. (2) Develop the requirements for the envisioned Manpower Analysis & Simulation Tool (MAST). (3) Prioritize unit list according to strategic alignment and risk assessments. (4)Conduct the manpower requirements analyses (MRA) in accordance with established priorities. In February 2018, the Coast Guard provided a status update for each of the four actions steps, as follows: (1) The update to the "unit-type" list has been completed. (2) An FY 2020 Resource Proposal was submitted, but did not score high enough to be included in the budget submission. The Coast Guard is exploring resource neutral options. (3) The updated prioritization process is to be included in the next update to the Staffing Logic and Manpower Requirements Manual, estimated in the 3rd quarter of 2018. (4) Development of the MRAs is ongoing.
    Recommendation: To improve the strategic allocation of assets, the Commandant of the Coast Guard should incorporate field unit input, such as information on assets' actual performance from Operational Performance Assessment Reports and Planning Assessments, to inform more realistic asset allocation decisions--in addition to asset performance capacities currently used--in the annual Strategic Planning Directions to more effectively communicate strategic intent to field units.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: On December 14, 2016, the Coast Guard noted that the Atlantic Area and Pacific Area Commands' Operational Planning Directions (OPDs) were approved and provided to their field units and that the OPDs took into account the actual performance of the assets in the allocation of asset hours to field units in line with GAO's recommendation. However, in reviewing the planning documents, it was not clear how asset allocations were changed to reflect actual asset performance by the field units. GAO asked for further details. In February 2018, the Coast Guard liaison stated that Coast Guard management made a decision to not to address this recommendation within the annual Strategic Planning Direction (SPD) or Operational Planning Direction (OPD) products as previously planned, but rather within the Standard Operational Planning Process/Global Force Management Process Guide. The liaison further stated that both of these documents are currently under revision and expected to be completed by March 31, 2018, and that copies of the documents will be provided to GAO once completed.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To ensure that good practices are shared within agencies, the Secretaries of Defense, Veterans Affairs, the Interior, Homeland Security, and Energy, and the Environmental Protection Agency should develop guidance that encourages local officials to examine purchase card spend patterns to identify opportunities to obtain savings and to share information on such efforts. Where applicable, we further recommend that these agencies determine the feasibility for broader application of these efforts across the agency or organization.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The department concurred with this recommendation and updated its purchase card manual November 2016 to encourage components to perform additional spend analysis for the identification of strategic sourcing opportunities, but it is unclear how results of analysis will be communicated for broader application across the agency. The department is also working with industry partners to increase the level of shared data for purchase card transactions and will develop a plan to communicate these data across the agency to support information sharing and increases strategic sourcing opportunities.
    Director: Michael J. Courts
    Phone: (202) 512-8980

    1 open recommendations
    Recommendation: To strengthen DHS's ability to fulfill legislative requirements for the VWP and protect the security of the United States and its citizens, the Secretary of Homeland Security should take steps to improve DHS's timeliness in reporting to Congress, within the statutory time frame, the department's determination of whether each VWP country should continue participating in the program and any effects of the country's participation on U.S. law enforcement and security interests.

    Agency: Department of Homeland Security
    Status: Open

    Comments: Since 2016, DHS has issued several reports on VWP countries to Congress that have addressed several of the overdue reports identified in GAO-16-498, but some gaps remain. In June 2018, DHS reported plans to deliver additional reports to address these gaps. In its initial response, DHS reported that the department had taken steps to ensure timely reporting to Congress and committed to providing Congress with advance notification of any delays in delivering future reports. As of June 2018, to fully address this recommendation, DHS needs to issue reports to Congress on VWP countries that have not been covered within the last two years. GAO will continue to monitor DHS efforts.
    Director: Andrew Von Ah
    Phone: (213) 830-1011

    4 open recommendations
    Recommendation: To ensure the quality of the risk assessments used to inform its future QHSR processes, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to ensure future QHSR risk assessment methodologies reflect key elements of successful risk assessment methodologies, such as being: (1) Documented, which includes documenting how risk information was integrated to arrive at the assessment results, (2) Reproducible, which includes producing comparable, repeatable results, and (3) Defensible, which includes communicating any implications of uncertainty to users of the risk results.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2016, the Office of Policy's Office of Strategy, Plans, Analysis and Risks completed initial meetings with government and non-government subject matter experts to refine risk analyses for the upcoming 2018 QHSR. Representatives from the department's component and headquarters staff are to take part in the Department's Risk Modeling and Analysis Steering Committee by reviewing, documenting and approving proposed new methodologies planned to help identify and prioritize threats and hazards. This effort is intended to lead to a documented, reproducible, and defensible assessment, according to the DHS officials. As of November 2017, this recommendation remains open until DHS provides information allowing us to verify that the risk analysis contains these elements.
    Recommendation: To enable the use of risk information in supporting resource allocation decisions, guiding investments, and highlighting the measures that offer the greatest return on investment, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to refine its risk assessment methodology so that in future QHSRs it can compare and prioritize homeland security risks and risk mitigation strategies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk, with support from the RAND Corporation, proposed a methodology to assess threats, hazards, and vulnerabilities impacting U.S. homeland security. In addition, the department's Risk Modeling and Analysis Executive Steering Committee was to review and approve the proposed methodology. The methodology is intended to enable the Department of Homeland Security to compare and prioritize homeland security risks and risk mitigation strategies, according to DHS officials. As of November 2017, the recommendation will remain open until DHS provides information that enables us to verify that the methodology allows such comparisons.
    Recommendation: To ensure proper management of the QHSR stakeholder consultation process, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to identify and implement stakeholder meeting processes to ensure that communication is interactive when project planning for the next QHSR.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk finalized a draft stakeholder outreach plan to include use of the Office of Management and Budget's Max electronic collaboration website to engage with federal, state, and local stakeholders. The OMB-MAX website is available to government and non-government offices and allows the posting of documents, articles, and links, as well as facilitating collaborative editing of documents and participant interaction threads, according to DHS officials. In addition, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk is exploring the use of different tools to facilitate more interactive stakeholder engagement. For example, DHS's Office of Partnerships and Engagement is to facilitate additional engagement with external subject matter experts, arrange interagency coordination, and organize review and approval with parties of the homeland security enterprise in order to coordinate and approve the development of the 2018 QHSR. As of November 2017, this recommendation remains open until DHS provides information enabling us to verify that interactive communication approaches are implemented.
    Recommendation: To ensure proper management of the internal QHSR stakeholder consultation process, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to clarify component detailee roles and responsibilities when project planning for the next QHSR.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of June 2016, the Office of Policy's Office of Strategy, Plans, Analysis, and Risk (SPAR) drafted a memorandum for the Deputy Secretary to solicit Component subject matter experts. The memorandum specifies component detailee roles and responsibilities, to include serving in an advisory, consultation, and coordination role, according to DHS officials. SPAR was to lead an integrated group of analysts and strategic planners that are to be supported and augmented by the subject matter experts. The experts and detailees were to serve as members of study teams analyzing key threats, trends, and strategy and policy alternatives associated with issues and challenges relating to DHS's mission and objectives. A second memorandum requesting additional detailee support was to be issued in November 2016, prior to the formal review phase of the new QHSR which was to begin in January 2017. As of November 2017, this recommendation will remain open until DHS provides information allowing us to verify that clarified detailee roles and responsibilities are finalized and implemented.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    4 open recommendations
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to define the scope, implementation strategy, and schedule of the agency's overall modernization approach, with related goals and measures for effectively overseeing the effort. At a minimum, the agency should update its IT strategic plan and complete its modernization plan.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with this recommendation, and reported on actions taken to update its IT Modernization Plan such as conducting cross-functional work sessions to establish an actionable implementation roadmap in line with agency priorities. However, as of May 2018, we have not yet obtained evidence that FEMA has fully updated its IT strategic plan and completed its modernization plan to address the weaknesses identified in our report. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA's IT systems can adequately support its ability to respond to major disasters, the Secretary of DHS should direct the FEMA Administrator to establish time frames for current and future IT workforce planning during its modernization efforts and ensure all regions and offices are included in these initiatives.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department stated that FEMA completed the assessment of skills gap and identified and prioritized the skills required to staff and sustain the core competencies required to successfully implement FEMA's IT modernization efforts. However, as of May 2018, the department had not provided relevant support to show this assessment established time frames for current and future IT workforce planning during its modernization efforts and all regions and offices were included in these intiatives. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure that FEMA adequately manages the selected emergency management systems, the FEMA Administrator should direct the DAIP, EMMIE, and IPAWS program offices, in conjunction with the FEMA CIO, to implement a system integration plan that include all systems to be integrated with the system, roles and responsibilities for all relevant participants, the sequence and schedule for every integration step, and how integration problems are to be documented and resolved.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with, and has taken steps to implement our recommendation. For example, the department reported that the system owner for DAIP, EMMIE, and IPAWS programs have updated their respective system integration plans to address the risks identified within the recommendation. In addition, the agency provided documentation such as the IPAWS Integrated Logistics Support Plan, as well as the quality control plan, and test execution plans for both the DAIP and EMMIE programs. However, in August 2017, the department stated that details on the roles and responsibilities for all relevant participants, the sequence and schedule for every integration step, and how integration problems are to be documented and resolved are unavailable and the elements will be included in system integration documents upon the conclusion of future systems integration activities, if any. When the agency has taken ensured these elements will be included in system integration documents, we will provide updated information.
    Recommendation: As part of the effort of improving IT management at the three programs, the FEMA Administrator should direct the CIO to ensure that FEMA policy for managing IT programs includes guidance for implementing the key management practices.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: The Department of Homeland Security concurred with the recommendation. In June 2016, FEMA reported that the CIO is reviewing existing policies and guidance to identify gaps and revisions necessary to mature FEMA IT management practices. Subsequently, in its November 2016 update, FEMA reported that the System Owner for DAIP, EMMIE, and IPAWS have updated their respective IT management program and plans and coordinated with the FEMA CIO to address the risks identified within the recommendation. However, as of May 2018, the department had not provided supporting that these actions had been completed including evidence that its policy for management IT programs includes guidance for implementing key management practices. We will continue to its progress in implementing this recommendation.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To enhance DHS leadership's ongoing efforts to improve the affordability of the department's major acquisition portfolio, and to ensure adequate communication with Congress, the Secretary of the Department of Homeland Security should ensure that the fiscal year 2017 Future Years Homeland Security Program report, which DHS must submit to Congress at or about the same time as the President's fiscal year 2018 budget request, reflects the results of any tradeoffs stemming from the acquisition affordability reviews recommended above.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the fiscal year 2017 Future Years Homeland Security Program (FYHSP) report would reflect decisions made in response to our second recommendation. DHS expected to release the FYHSP report shortly after the President's fiscal year 2018 budget request in May 2017. However, the transition to a new administration delayed the release of the FYHSP report. Once available, GAO will evaluate the FYHSP report to determine whether DHS has met the intent of this recommendation.
    Recommendation: To enhance DHS leadership's ongoing efforts to improve the affordability of the department's major acquisition portfolio, and to help ensure programs secure stable funding that matches resources to requirements, the Secretary of the Department of Homeland Security should require components to establish formal, repeatable processes for addressing major acquisition affordability issues, similar to the process the Transportation Security Administration has established.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that DHS headquarters would ensure all components are updating their cost estimates each year to inform the annual resource allocation process by March 31, 2017. However, DHS did not establish a requirement that components do so through formal, repeatable processes for addressing major acquisition affordability issues, similar to the process the Transportation Security Administration has established. As of August 2017, seven of DHS's components were in the process of establishing formal, repeatable processes for addressing affordability issues, but had not completed these efforts. GAO will continue to review the components' progress to determine whether the components' actions meet the intent of this recommendation.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To help FPS enhance its strategic human capital planning efforts, the Secretary of Homeland Security should direct the Under Secretary of NPPD to work with the Director of FPS to identify time frames for developing human capital performance measures with targets that are explicitly aligned to FPS's stated human capital goals.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS stated that NPPD is working with FPS to develop a recruitment and retention strategy that will include performance measures. This strategy will be complete by December 31, 2016. However, NPPD and FPS have not yet identified timeframes for developing performance measures for other human capital areas identified in FPS's human capital plan, such as leadership and knowledge management and building a results-oriented performance culture. Furthermore, because the recruitment and retention strategy is still under development, it is unclear whether the performance measures will have targets that are explicitly aligned to FPS's stated human capital goals. FPS plans to finalize all actions associated with this recommendation by March 2017.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To more fully leverage critical infrastructure expertise and address responsibilities to identify critical electrical infrastructure assets as called for in the National Infrastructure Protection Plan, the Secretary of Homeland Security and the Secretary of Energy direct responsible officials to review FERC's electrical infrastructure analysis and collaborate to determine whether further assessment is needed to adequately identify critical electric infrastructure assets, potentially to include additional elements of criticality that might be considered.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In a June 2016 update to our proposed recommendation, DHS reported that the National Protection and Programs Directorate (NPPD) will increase collaborative outreach activities with FERC staff that will include a review of identified critical substations developed by FERC. The intended outcome of this review is to inform DHS activities regarding identification and prioritization of critical infrastructure assets for use during steady state and response activities. NPPD is also to inform FERC of its criticality modeling capabilities through the National Infrastructure Simulation and Analysis Center (NISAC) to enhance engagement with FERC's electric power subject matter expertise and inform future capability developments regarding response to and recovery from events such as electromagnetic pulse.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To further build on the efforts to improve emergency communications interoperability in the NCR, as part of its efforts to restructure the JFC, the Federal Emergency Management Agency Administrator should direct the Director of ONCRC to clearly articulate in a written agreement the roles and responsibilities of the participating agencies and specify how these agencies are to work together across agency boundaries.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: David Powner
    Phone: (202) 512-9286

    1 open recommendations
    Recommendation: The Secretaries of the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; the Attorney General of the United States; the Administrators of the Environmental Protection Agency, General Services Administration, National Aeronautics and Space Administration, and U.S. Agency for International Development; the Director of the Office of Personnel Management; the Chairman of the Nuclear Regulatory Commission; and the Commissioner of the Social Security Administration should take action to improve progress in the data center optimization areas that we reported as not meeting OMB's established targets, including addressing any identified challenges.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security (DHS) agreed with our recommendation, and has taken initial steps to implement it. In April 2016, the department stated in correspondence to GAO that its Office of the Chief Information Officer (OCIO) developed a scorecard to track progress for each of the data center optimization areas. According the department's scorecard, the department reported meeting 3 of 10 optimization targets, but did not meet the remaining 7 targets. DHS's OCIO noted that they would update this scorecard quarterly in alignment with Federal Data Center Consolidation Initiative data collection. DHS's OCIO expected to complete implementation of this recommendation by November 30, 2016. However, in August 2016, the Office of Management and Budget (OMB) announced changes to the optimization metrics that we analyzed in our report. Specifically, OMB dropped seven of the metrics we originally reviewed, added three new metrics, and retained two (facility utilization and power usage effectiveness). OMB further clarified that the two retained metrics applied only to agency-owned tiered data centers. We are no longer tracking agency progress against the seven metrics that were dropped, and only monitoring progress against the two metrics that were retained. Subsequently, as of June 2018, the department reports on OMB's IT Dashboard that it does not yet meet the targets for facility utilization and power usage efficiency. We will continue to monitor and evaluate the department's progress in implementing this recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    8 open recommendations
    Recommendation: To ensure that the HRIT investment receives necessary oversight and attention, the Secretary of Homeland Security should direct the Under Secretary of Management to ensure that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT, including approving key program management documents, such as HRIT's operational plan, schedule, and planned cost estimate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS provided documentation demonstrating that the HRIT executive steering committee is consistently involved in overseeing and advising HRIT in response to our recommendation. However, the department had not yet ensured that the steering committee was approving all key program management documents. For example, while the steering committee had approved the investment's fiscal year 2016-2018 operational plan and an updated schedule estimate for HRIT, the committee had not yet approved a life-cycle cost estimate for the investment. DHS officials stated that the department is in the process of developing a life-cycle cost estimate for the four acquisition programs that are currently included in HRIT.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to update and maintain a schedule estimate for when DHS plans to implement each of the strategic improvement opportunities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS developed a schedule estimate for addressing HRIT's strategic improvement opportunities. We will continue to monitor this recommendation to ensure that the department maintains this schedule estimate.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to develop a complete life-cycle cost estimate for the implementation of HRIT.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS officials stated that the department is in the process of developing a life-cycle cost estimate for the four acquisition programs that are currently included in HRIT.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to document and track all costs, including components' costs, associated with HRIT.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS concurred with this recommendation and is working to implement it. We will continue to monitor this recommendation to ensure that the department tracks all costs associated with implementing HRIT's updated strategic improvement opportunities.
    Recommendation: To address HRIT's poor progress and ineffective management, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Human Capital Officer to direct the HRIT investment to update and maintain the department's human resources system inventory.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS provided an updated human resources systems inventory that it developed in response to our recommendation. According to officials, the list is reviewed and updated on an annual basis or as-needed when a system is deployed or retired. We will continue to monitor this recommendation to ensure that DHS is maintaining this inventory.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to establish a time frame for deciding whether PALMS will be fully deployed at the Federal Emergency Management Agency (FEMA) and the U.S. Coast Guard (USCG), and determine an alternative approach if the learning and/or performance management capabilities of PALMS are deemed not feasible for the U.S. Immigration and Customs Enforcement, FEMA, the Transportation Security Administration, or USCG.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, in February 2017, DHS determined that implementing PALMS's performance management capabilities across the department was not feasible because the system did not meet all of the components' needs. Accordingly, DHS decided to discontinue its implementation of the performance management aspects of PALMS. Subsequently, the department developed an alternative approach to delivering performance management capabilities, through the use of a shared services solution. DHS leadership approved this approach in June 2017, and as of November 2017, DHS plans to implement this solution by September 2020. Regarding learning management, ICE officials decided to implement the PALMS's learning management capabilities. However, in April 2017, DHS officials reported that the department decided not to deploy PALMS's learning management capabilities at FEMA, TSA, and USCG because it was more cost effective for these components to use their existing learning management systems. Since PALMS was not deployed across the entire department, as originally intended, in September 2017 DHS committed to implementing an alternative solution to providing a department-wide learning management capabilities solution through the use of a shared services solution. As of November 2017, the department plans to deliver these capabilities by April 2020. However, it is unclear how the shared service solution will be better or different than the PALMS learning management capabilities.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to document PALMS's progress and milestone reviews, including all issues and corrective actions discussed.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS is documenting certain PALMS progress reviews. We have requested documentation related to U.S. Secret Service's deployment of PALMS to determine whether the Service conducted and documented a milestone review prior to deploying the system.
    Recommendation: To improve the Performance and Learning Management System (PALMS) program's implementation of IT acquisition best practices, the Secretary of Homeland Security should direct the Under Secretary of Management to direct the Chief Information Officer to direct the PALMS program office to establish a comprehensive risk log that maintains an aggregation of all up-to-date risks (including both government- and vendor-identified)and associated mitigation plans. Additionally, within the comprehensive risk log, the PALMS program office should (1) identify and document planned completion dates for each risk mitigation step (where appropriate), and (2) prioritize the risks by determining each risk's relative priority and overall risk level.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS updated its PALMS risk register. However, this register was not comprehensive. We will continue to follow up with DHS officials on this recommendation.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    1 open recommendations
    Recommendation: To promote greater visibility over the extent of hazing in the Coast Guard to better inform actions to address hazing, the Commandant of the Coast Guard should evaluate the prevalence of hazing in the Coast Guard.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: DHS concurred with this recommendation in its written comments on our report. As of January 2018, the Coast Guard has surveyed servicemembers on hazing and plans to, but has not yet conducted an evaluation of prevalence. We will continue to monitor the Coast Guard's efforts and update this recommendation as more information becomes available.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To enable FEMA to and more effectively respond to disasters, the Secretary of Homeland Security should direct the FEMA Administrator to develop a workforce strategy to manage and improve retention that includes a process for systematically gathering attrition data and a plan to retain IMAT Cadre-of On-Call Response Employees.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, FEMA provided an update on the status of actions taken in response to our report. In the update, FEMA officials said they had issued a new FEMA Human Capital Strategic Plan for fiscal years 2016-2020 that includes an objective to build a scalable and skilled workforce with associated measures including a decrease in attrition rate for permanent full time employees, and an increase in disaster workforce through improvements in the recruitment and retention of incident management employees. FEMA also stated that pay issues and work-life balance have been identified as contributing to retention on National Type I and Regional Type II IMATs. FEMA is actively addressing the pay issues. FEMA provided a brief summary of the actions being taken--which includes development of a policy that provides information on establishing base pay under the new pay system, movement within the pay bands, and merit-based increases is in development. Until completion of the action items, this recommendation will remain open. FEMA officials plan to provide a status update in July 2018.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To enable more sophisticated and comprehensive awareness of states' NIMS implementation, the Secretary of Homeland Security should direct the FEMA Administrator to develop policies and procedures for regional staff to review after-action reports from preparedness exercises within their region, and headquarters staff to review these evaluations in order to have a better understanding of NIMS implementation.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In March 2017, FEMA officials provided an update on the status of actions taken in response to our report. In the update, FEMA officials said the National Integration Center (NIC) is holding consultative sessions with state and local emergency managers to ensure the revised National Incident Management System (NIMS) doctrine and implementation objectives is operationally sound from the perspective of FEMA's stakeholders. They expect to complete this effort by September 30, 2017. Pending completion of this effort, the recommendation will remain open. Last update requested on 12/15/2017.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    8 open recommendations
    Recommendation: The Secretary of Homeland Security should direct Network Security Deployment (NSD) to determine the feasibility of enhancing NCPS's current intrusion detection approach to include functionality that would detect deviations from normal network behavior baselines.

    Agency: Department of Homeland Security
    Status: Open

    Comments: March 2018 Update: In Jan. 2018, DHS officials stated that they have continued pilot activities that will enable DHS to identify suspicious network activity based on anomalous behavior and reputation and have collected lessons learned that are being tracked by the department's National Cybersecurity Protection System (NCPS) Program Management Office. Officials added that DHS had identified a contractor to support the transition of the pilot, awarded a contract, and had begun system engineering, design, and development efforts under the contract. However, the department did not have an estimated date on the completion of a draft plan for how the transition would be implemented. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct NSD to determine the feasibility of developing enhancements to current intrusion detection capabilities to facilitate the scanning of traffic not currently scanned by NCPS.

    Agency: Department of Homeland Security
    Status: Open

    Comments: March 2018 update: In Jan. 2018, DHS officials stated that all Internet Service Providers (ISP) are currently scheduled to have solutions implemented by the third quarter of fiscal year 2018. Officials added that DHS is performing research to determine potential architectural, technical, and policy mitigation strategies that could provide the department with encrypted traffic protection and situational awareness. We will continue to monitor DHS's progress in addressing this recommendation.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to consider the viability of using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, as an input into the development and management of intrusion detection signatures.

    Agency: Department of Homeland Security
    Status: Open

    Comments: March 2018 update: In Jan. 2018, DHS officials stated that enhancements were made so that Continuous Diagnostics and Mitigation program (CDM) data can be viewed with the Cyber Indicators Analysis Program (CIAP). Officials stated that the CDM data now may be combined with known vulnerability findings from the department's National Cybersecurity Assessments and Technical Services (NCATS) team and known threats collected from the CIAP system to further prioritize signature development as necessary. DHS officials stated that they are waiting for CDM data to become available so the applicability of the data can be determined.
    Recommendation: The Secretary of Homeland Security should direct US-CERT to develop a timetable for finalizing the incident notification process, to ensure that customer agencies are being sent notifications of potential incidents, which clearly solicit feedback on the usefulness and timeliness of the notification.

    Agency: Department of Homeland Security
    Status: Open

    Comments: March 2018 Update: In Jan. 2018, DHS officials stated that the department's National Cybersecurity and Communications Integration Center (NCCIC) had started an alternative analysis process to review potential technologies on the market and anticipated having a final report by May 2018. The NCCIC is also undergoing a business process improvement effort to analyze its current incident management process. DHS officials further stated that NCCIC is planning to field a single platform that will consolidate legacy business and mission applications to support cross functional collaboration and leadership visibility.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop metrics that clearly measure the effectiveness of NCPS's efforts, including the quality, efficiency, and accuracy of supporting actions related to detecting and preventing intrusions, providing analytic services, and sharing cyber-related information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: March 2018 update: In Jan. 2018, DHS officials stated that the Office of Cyber Security and Communications (CS&C) will begin reporting on a new Government Performance and Results Act (GPRA) measure that is focused on the extent to which the department's National Cybersecurity Protection System (NCPS) intrusion detection and prevention capabilities detect or prevent nation state threat activity. The new measure is also included as a supporting measure in a new Agency Priority Goal for fiscal years 2018 and 2019, which focuses on federal cybersecurity outcomes. This recommendation will remain open until we are able to review the developed metrics and the subsequent data they are to measure.
    Recommendation: The Secretary of Homeland Security should direct the Office of Cybersecurity and Communications to develop clearly defined requirements for detecting threats on agency internal networks and at cloud service providers to help better ensure effective support of information security activities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: March 2018 update: DHS has provided GAO with documentation pertaining to this recommendation. We are in the process of evaluating the evidence submitted to determine whether it adequately addresses the recommendation.
    Recommendation: The Secretary of Homeland Security should direct NSD to develop processes and procedures for using vulnerability information, such as data from the Continuous Diagnostics and Mitigation program as it becomes available, to help ensure DHS is using a risk-based approach for the selection/development of future NCPS intrusion prevention capabilities.

    Agency: Department of Homeland Security
    Status: Open

    Comments: March 2018 update: In Jan. 2018, DHS officials stated that the Network Security Deployment (NSD) is continuing to enhance the data correlation model of the department's National Cybersecurity Protection System (NCPS) and the Continuous Diagnostics and Mitigation (CDM) program and that work is expected to continue as additional federal agencies begin to exchange information with the CDM Federal Dashboard in the second quarter of fiscal year 2018. DHS officials further stated that as more data becomes available from the CDM program, the data correlation model will continue to be reviewed and enhanced. In order to close this recommendation, we would need to review this model and determine how, if at all, the vulnerability information was used as part of a risk-based approach to intrusion prevention.
    Recommendation: The Secretary of Homeland Security should direct NSD to work with their customer agencies and the Internet service providers to document secure routing requirements in order to better ensure the complete, safe, and effective routing of information to NCPS sensors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: March 2018 update: In Jan. 2018, DHS officials stated that the agency worked with the Office of Management and Budget, the General Services Administration, and Office of American Innovations on an update to the Trusted Internet Connections Reference Architecture. The document, expected to be delivered in draft by June 2018, will address agency challenges with traffic routing and performance issues. This recommendation will remain open until we have been able to review the information.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help ensure that actions taken to improve the test and evaluation process address identified challenges, the Administrator of TSA should finalize all aspects of the third party testing strategy before implementing further third party testing requirements for vendors to enter testing.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In its response to this recommendation, the Department of Homeland Security concurred and identified initial planned actions to implement the finalize third party strategy. Subsequently, in the Spring of 2016, the TSA Office of Security Capabilities finalized its third party tester application and approval process; established quality conformance standards for potential third party testers; and gathered and considered industry feedback on potential third party test strategy consequences among other actions. Collectively, TSA established and published program requirements and procedures for the third party test strategy. In late 2016, TSA formally delayed its planned implementation of the third-party testing program by a calendar year to now be completed by December 31, 2017. TSA cited a need to conduct additional assessments, coordination challenges, and larger TSA security equipment related initiatives as the reasons for the delay. As part of its regular recommendation status reporting to GAO, TSA in the Spring 2017, noted that it is on track to meet the intent of the recommendation by the later revised date. TSA noted it had recently updated its qualification process by which qualified product lists will be populated and has already incorporated various aspects of third party testing for legacy security equipment qualification.
    Director: Lori Rectanus
    Phone: (202) 512-2834

    4 open recommendations
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on a joint strategy and finalizing it in order to define and articulate a common understanding of expected outcomes and align the two agencies' activities and core processes to achieve their related missions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2018, FPS reported taking some actions to address this recommendation. The recommendation remains open pending agencies reaching an agreed upon outcome.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should establish a plan with timeframes for reaching agreement on the two agencies' respective roles and responsibilities for federal facility security, and update and finalize the two agencies' MOA accordingly.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In February 2018, FPS reported working with GSA toward reaching an agreement on roles and responsibilities and finalizing the MOA.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop a process to ensure that compatible policies and procedures, including those for information sharing, are communicated at the regional level so that regional officials at both agencies have common information on how to operationalize the two agencies' collaborative efforts.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of November 2017, FPS stated that it will begin the process for issuing joint field guidance with GSA once the MOA is signed.
    Recommendation: Given the collaboration challenges that FPS and GSA face in protecting federal facilities, GAO is making four recommendations to the Secretary of Homeland Security and the Administrator of the General Services Administration. FPS and GSA headquarters officials should develop mechanisms to monitor, evaluate, and report on their collaborative efforts to protect federal facilities in order to identify possible areas for improvement and to reinforce accountability.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of November 2017, FPS reported that it will begin the process for appointing an FPS-GSA liaison once the MOA is signed.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    2 open recommendations
    including 2 priority recommendations
    Recommendation: To provide reasonable assurance that USCIS's fraud prevention controls are adequate and effectively implemented, and ensure that asylum officers and FDNS immigration officers have the capacity to detect and prevent fraud, the Secretary of Homeland Security should direct USCIS to conduct regular fraud risk assessments across the affirmative asylum application process.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: In October 2016, DHS indicated that USCIS had established a working group and collected fraud trend information from all eight asylum offices that will be used to inform the development of a risk assessment framework. As of January 2017, USCIS reported that the Asylum Division is continuing to develop the risk assessment framework and is working on an initial draft. According to USCIS, the Asylum Division, in cooperation with other relevant internal stakeholders such as USCIS's Fraud Detection and National Security Directorate completed a draft asylum fraud risk assessment in September 2017, which is under internal review within USCIS. As of April 2018, USCIS anticipates that the review process will be completed by September 30, 2018. Regularly assessing fraud risks across the affirmative asylum process would provide USCIS more complete information on risks that may affect the integrity of the process and therefore help USCIS target its fraud prevention efforts to those areas that are of highest risk.
    Recommendation: To provide reasonable assurance that USCIS's fraud prevention controls are adequate and effectively implemented, and ensure that asylum officers and FDNS immigration officers have the capacity to detect and prevent fraud, the Secretary of Homeland Security should direct USCIS to identify and implement tools that asylum officers and FDNS immigration officers can use to detect potential fraud patterns across affirmative asylum applications.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: In February 2016, DHS indicated that USCIS had allotted fiscal year 2016 funds in support of initial acquisition activities for tools to detect potential fraud patterns across affirmative asylum applications. According to USCIS, FDNS identified a hardware solution and began acquisition planning for this hardware in September 2016. However, in December 2017, USCIS reported that Asylum Division leadership met with internal stakeholders in September 2017 to collaborate on the development of a solution that would allow for the use of internal USCIS capability and resourcing. As a result of that meeting, USCIS reported that it has begun work internally on a prototype tool. As of April 2018, USCIS expects to complete the development of the tool by September 30, 2018. Identifying and implementing new tools to detect fraud patterns would help USCIS ensure that asylum officers and FDNS immigration officers have the capacity to detect and prevent asylum fraud.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    2 open recommendations
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretary of Homeland Security should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear sectors' cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has released updated sector-specific plans for the chemical, commercial facilities, communications, critical manufacturing, dams, emergency services, information technology, and nuclear reactors sectors. The plans include a section on measuring effectiveness based on the plan development guidance. The plans provide expected metrics to track the progress of sector activities and state that the outcomes will be reported through the National Annual Reporting process as well as through the quadrennial plan update. Because the metrics are new and annual reporting has not yet occurred, DHS has not provided evidence of metrics data collected and reported to address the challenges. We will continue to follow-up to determine how performance measures have been implemented and what reporting is available based on those measures.
    Recommendation: To better monitor and provide a basis for improving the effectiveness of cybersecurity risk mitigation activities, informed by the sectors' updated plans and in collaboration with sector stakeholders, the Secretaries of Homeland Security and Transportation (as co-SSAs) should direct responsible officials to develop performance metrics to provide data and determine how to overcome challenges to monitoring the transportation systems sector's cybersecurity progress.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The co-Sector-Specific Agencies (SSAs) for the Transportation Systems Sector, DHS (TSA and Coast Guard) and the Department of Transportation, provided an update on efforts to develop sector cybersecurity metrics. The update described measures under consideration such as tracking the number of sector stakeholders receiving cybersecurity products, monitoring the usefulness of products through satisfaction surveys, and tracking attendance at sector events and seminars encompassing cybersecurity. The co-SSAs plan to report sector cyber activities, progress, and relevant metrics annually through the Critical Infrastructure National Annual Report and through quadrennial updates to the sector-specific plan. The latest sector-specific plan was released in 2015. The proposed metrics have not been formalized in a strategy or plan. We will continue to monitor and evaluate efforts to formalize and implement the proposed metrics to determine whether they address the intent of the recommendation.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    2 open recommendations
    Recommendation: To improve the Coast Guard's management of initiatives to increase the recruitment and accessions of women into the officer corps, the Commandant of the Coast Guard should develop an oversight framework that includes or incorporates (consistent with applicable law): (1) Service-wide program goals for initiatives directed at female officers' recruitment, such as goals related to the composition of the applicant pool; (2) Performance measures linked to program goals; and (3) Resource allocations linked to program goals.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Recommendation: To improve the Coast Guard's management of initiatives to increase the recruitment and accessions of women into the officer corps, the Commandant of the Coast Guard should conduct evaluations for key recruitment initiatives to help ensure these initiatives are achieving their intended purpose.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken any actions necessary to implement it.
    Director: Timothy M. Persons
    Phone: (202) 512-6412

    2 open recommendations
    Recommendation: To help ensure that biosurveillance-related funding is directed to programs that can demonstrate their intended capabilities, and to help ensure sufficient information is known about the current Gen-2 system to make informed cost-benefit decisions about possible upgrades and enhancements to the system, the Secretary of Homeland Security should direct the Assistant Secretary for Health Affairs and other relevant officials within the Department to not pursue upgrades or enhancements to the current BioWatch system until the Office of Health Affairs (OHA): (1) establishes technical performance requirements, including limits of detection, necessary for a biodetection system to meet a clearly defined operational objective for the BioWatch program by detecting attacks of defined types and sizes with specified probabilities; (2) assesses the Gen-2 system against these performance requirements to reliably establish its capabilities; and (3) produces a full accounting of statistical and other uncertainties and limitations in what is known about the system's capability to meet its operational objectives.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help reduce the risk of acquiring immature detection technologies, the Secretary of Homeland Security should direct the Assistant Secretary for Health Affairs, in coordination with the Under Secretary for Science and Technology, to use the best practices outlined in this report to inform test and evaluation actions for any future upgrades or changes to technology for BioWatch.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Michele Mackin
    Phone: (202) 512-4841

    3 open recommendations
    Recommendation: To improve coordination and communication between FEMA OCPO and region mission support officials region mission support officials, the FEMA Administrator should establish a plan to ensure that the agreement is reviewed on an annual basis as intended.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In commenting on this report, DHS concurred with this recommendation. According to FEMA officials, the Office of Procurement Operations has since formed a team that will address this recommendation. We will provide updated information as it becomes available.
    Recommendation: To improve coordination and communication between FEMA Office of the Chief Procurement Officer (OCPO) and region mission support officials region mission support officials, the FEMA Administrator should direct OCPO and the regional administrators to revisit the 2011 service level agreement to: add details about the extent of operational control headquarters and regional supervisors should exercise to minimize potential competing interests experienced by regional contracting officers; further detail headquarters and regional supervisors' roles and responsibilities for managing regional contracting officers to improve coordination and communication; and ensure that the agreement reflects any new requirements, including recent changes in training that may require travel funds.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In commenting on this report, DHS concurred with this recommendation. According to FEMA officials, the Office of Procurement Operations has since formed a team that will address this recommendation. We will provide updated information as it becomes available.
    Recommendation: To address PKEMRA, the Secretary of Homeland Security should take action to address the requirements of Section 692 to implement subcontractor limitations or request that Congress amend the law to delete Section 692.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In 2016, DHS took steps to ask Congress to repeal PKEMRA Section 692, which prohibits the use of subcontracts for more than 65 percent of the cost of cost-reimbursement type contracts that exceed the simplified acquisition threshold. DHS submitted a legislative change proposal to the Office of Management and Budget (OMB), who approves such proposals before they are submitted to Congress. OMB approved the proposed change for PKEMRA Section 692 in April 2016. We will provide additional updates as information becomes available.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    1 open recommendations
    Recommendation: To help ensure that agencies' policies and oversight are fully consistent with The Attorney General's Guidelines Regarding the Use of Confidential Informants, the Assistant Secretary of ICE and the Commandant of USCG should update their respective agencies' informant policies and corresponding monitoring processes to explicitly address the Guidelines' provisions on oversight of informants' illegal activities.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: In December 2016, ICE issued a memo regarding changes to its policies for the registration and suitability of confidential informants. The memo included updated forms to oversee those aspects of confidential informant oversight. In April 2017, ICE officials informed GAO that the agency planned for a working group to update the Informants Handbook and the Undercover Operations Handbook, but as of April 2018, ICE did not yet have planned dates for when the working group would complete these updates. When the updated handbooks are available for GAO's review, we will assess the extent to which they address our recommendation.
    Director: Gambler, Rebecca S
    Phone: (202) 512-8777

    2 open recommendations
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should plan and conduct regular future fraud risk assessments of the EB-5 Program.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: U.S. Citizenship and Immigration Services (USCIS) is responsible for administering the Employment-Based Fifth Preference Immigrant Investor Program (EB-5 Program). In 2015, we reported that USCIS had collaborated with its interagency partners to assess fraud and national security risks in the program in fiscal years 2012 and 2015, but that these assessments were onetime efforts that did not have documented plans to conduct regular future risk assessments, in accordance with fraud prevention practices, which could help inform efforts to identify and address evolving program risks. To strengthen the program's fraud prevention, detection, and mitigation capabilities, we recommended that USCIS plan and conduct regular fraud risk assessments. USCIS concurred with the recommendation, stating that it would continue to conduct at least one fraud, national security, or intelligence assessment on an aspect of the program annually. In September 2015, USCIS stated that the agency would conduct its next fraud, national security, and intelligence assessment in fiscal year 2016 and one assessment annually thereafter. In August 2016, USCIS reported to GAO that it had conducted a national security assessment, the draft of which was under review by management, to be finalized by September 30, 2016. In November 2017, USCIS reported that the assessment work had been completed and the program office was awaiting a final briefing with the USCIS Front Office and potentially the Department. As of January 2018, the assessment was still awaiting USCIS Front Office reivew and approval. USCIS estimated that the final USCIS and DHS approvals would be complete by June 2018. To fully address this recommendation, USCIS should plan and conduct regular fraud risk assessments of the EB-5 Program.
    Recommendation: To strengthen USCIS's EB-5 Program fraud prevention, detection, and mitigation capabilities, and to more accurately and comprehensively assess and report program outcomes and the overall economic benefits of the program, the Director of USCIS should track and report data that immigrant investors report, and the agency verifies on its program forms for total investments and jobs created through the EB-5 Program.

    Agency: Department of Homeland Security: United States Citizenship and Immigration Services
    Status: Open

    Comments: In 2015, we reported on U.S. Citizenship and Immigration Services's (USCIS) capacity to verify job creation and to use a valid and reliable methodology to report the economic benefits of its Employment-Based Fifth Preference Immigrant Investor (EB-5) Program. We reported that USCIS had increased its capacity to verify job creation by increasing the size and expertise of its workforce and by providing clarifying guidance and training, among other actions. However, we reported that USCIS's methodology for reporting program outcomes and overall economic benefits of the EB-5 Program was not valid and reliable because it may understate or overstate program benefits in certain instances, as it was based on the minimum program requirements of 10 jobs and a $500,000 investment per investor, instead of the number of jobs and investment amounts collected by USCIS on individual EB-5 Program forms. To more accurately and comprehensively assess and report the overall economic benefits of the program, we recommended that USCIS track and report data that immigrant investors report on its program forms for total investments and jobs created. USCIS concurred and stated that the agency would develop a plan to collect and aggregate additional data regarding EB-5 investment amounts and job creation, including revising USCIS data systems and processes, as appropriate. In September 2015, USCIS reported to GAO that internal stakeholders met to discuss EB-5 data requirements in August 2015, and they were reviewing the fields in the database used for maintaining EB-5 and other immigration program data to define data entry requirements and discuss any system changes needed to reliably aggregate data regarding EB-5 program investment amounts and job creation. In August 2016, USCIS reported that officials had identified the assets needed to develop a case management system to meet the complex data needs of the EB-5 program and estimated that development would be completed by the end of fiscal year 2017. In September 2017, USCIS reported to GAO that the program office continues to work on developing a system that will provide the ability to reliably aggregate data regarding investment amounts and job creation through the EB-5 program. USCIS estimates that it will develop this system by March 31, 2018. To fully implement this recommendation, USCIS should develop a system that will enable it to accurately and comprehensively assess and report the overall economic benefits of the program.
    Director: Kimberly Gianopoulos
    Phone: (202)512-8612

    1 open recommendations
    Recommendation: To strengthen agency performance measurement related to deterring child smuggling, the Secretary of Homeland Security should instruct DHS's U.S. Immigration and Customs Enforcement to establish annual performance targets associated with the performance measures it has established for its Transnational Criminal Investigative Units.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In its comments on the report in July 2015, the Department of Homeland Security stated that it concurred with this recommendation, and that it would work with host nation partners to establish goals to measure these units' investigative activities and capacity development. In September 2015, DHS noted that it planned to use law enforcement data to measure TCIU success rates and inform efforts going forward. In November 2017 DHS officials told GAO that the department planned to develop performance targets associated with the performance measures it has established for these units. However, as of January 2018, DHS has not yet completed this effort.
    Director: Chris Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: In addition, to better manage compliance among high-risk chemical facilities and demonstrate program results, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for the Office of Infrastructure Protection, and the Director of ISCD to develop documented processes and procedures to track noncompliant facilities and ensure they implement planned measures as outlined in their approved site security plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, ISCD is nearing finalization of the updated CFATS Inspection Standard Operating Procedure (SOP) and has made progress on the new CFATS Enforcement SOP. Once completed, expected in 2018, these two documents collectively will formally document the processes and procedures currently being used to track noncompliant facilities and ensure they implement planned measures as outlined in their approved site security plans, according to ISCD officials. We will update the status of this recommendation after additional information is received from DHS.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    6 open recommendations
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to develop and implement TVPRA training for OFO officers at airports who have substantive contact with UAC.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Office of Field Operations (OFO) within U.S. Customs and Border Protection (CBP), in collaboration with U.S. Immigration and Customs Enforcement, conducted a "Train-the-Trainer" conference in August 2015 that focused on juvenile and unaccompanied alien children (UAC). The conference, among other things, addressed screening requirements for UAC consistent with Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA). CBP officers who received this additional training were then responsible for training other officers who process UAC at the ports of entry. According to CBP, while the conference was comprehensive, it did not fully encompass CBP's needs. In June 2016, CBP reported that OFO, Office of Chief Counsel, and a headquarters-level working group on UAC issues were finalizing a revised Form CBP-93 and with that were developing a detailed, relevant Train-the-Trainer course for officers responsible for TVPRA at all CBP ports of entry. In December 2016, CBP notified GAO that OFO, in coordination with CBP's Office of Training and Development, was concluding the design and embarking on the development phase of a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." This course will be an annual requirement for all OFO officers. In April 2017, CBP reported that OFO was no longer pursuing a separate Train-the-Trainer course for CBP officers at air ports of entry. However, CBP continues to develop a new UAC training course. The new course is a collaborative effort between OFO and USBP, in consultation with CBP's Office of Chief Counsel, and in partnership with CBP's Office of Training and Development (OTD) to develop, deconflict, and revise training consistent with requirements under TVPRA, specifically outlining rules to identify and screen UAC, among other things. As of April 2018, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP needs to ensure that OFO officers at airports who have substantive contact with UAC complete this training.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to revise the Form 93 to include indicators or questions that agents and officers should ask UAC to better assess (1) a child's ability to make an independent decision to withdraw his or her application for admission to the United States and (2) credible evidence of the child's risk of being trafficked if returned to his or her country of nationality or last habitual residence.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2015, CBP officials stated that CBP formed a working group in headquarters with representatives from the department's Office of Policy and Office for Civil Rights and Civil Liberties to examine the screening process for UAC. In addition, CBP officials noted that CBP is in the process of convening a similar group in the field. According to CBP officials, the working group meets weekly and is coordinating with nongovernmental organizations and the United Nations High Commissioner for Refugees, among others. As of June 30, 2016, CBP reported that CBP's Office of Field Operations and U.S. Border Patrol have finalized and routed the Form CBP-93 to the OFO Executive Assistant Commissioner and United States Border Patrol Chief for final approval. As of April 2018, the revised CBP Form 93 is still under review and CBP officials estimate that the review process will be completed by June 30, 2018. To fully address this recommendation, CBP should revise the Form 93 to include indicators or questions that CBP officers and Border Patrol agents should ask UAC relative to their ability to make an independent decision and regarding the potential risk of the UAC being trafficked if returned to their country of nationality or last habitual residence.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to provide guidance to Border Patrol agents and OFO officers that clarifies how they are to implement the TVPRA requirement to transfer to HHS all Mexican UAC who have fear of returning to Mexico owing to a credible fear of persecution.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In commenting on a draft of our report, DHS indicated that CBP's U.S. Border Patrol (USBP) and Office of Field Operations (OFO) would issue further guidance to agents and officers emphasizing TVPRA transfer procedures for UAC who are nationals or habitual residents of Canada or Mexico and who are victims of a severe form of trafficking in persons. In September 2015, CBP reported that USBP and OFO estimated implementing this additional guidance by the end of calendar year 2015. In January 2016, CBP reported to GAO that, since June 2015, a headquarters level working group had been reviewing CBP's screening process for UAC. According to CBP officials, the activities of this working group will influence the guidance that will be deployed to Border Patrol agents and OFO officers and that USBP and OFO would be working together to develop additional guidance to the field by September 2016. In December 2016, CBP notified GAO that Border Patrol and OFO have partnered with CBP's Office of Training and Development, as well as the Office of Chief Counsel, to develop a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." According to CBP, this course will be an annual requirement for all CBP agents and officers. As of April 2018, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP should ensure that this distance learning training module on how to implement the Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA) criteria is developed and implemented, as required by CBP policy, to all Border Patrol agents and OFO officers.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to develop and implement guidance on how Border Patrol agents and OFO officers are to implement the TVPRA requirement to transfer to HHS all Canadian and Mexican UAC who are victims of a severe form of trafficking in persons.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In commenting on a draft of our report, DHS indicated that CBP's U.S. Border Patrol (USBP) and Office of Field Operations (OFO) would issue further guidance to agents and officers emphasizing TVPRA transfer procedures for UAC who are nationals or habitual residents of Canada or Mexico and who are victims of a severe form of trafficking in persons. In September 2015, CBP reported that USBP and OFO estimated implementing this additional guidance by the end of calendar year 2015. In January 2016, CBP reported to GAO that, since June 2015, a headquarters level working group has been reviewing CBP's screening process for UAC. According to CBP officials, the activities of this working group will influence the guidance that will be deployed to Border Patrol agents and OFO officers and that USBP and OFO would be working together to develop additional guidance to the field by September 2016. In December 2016, CBP notified GAO that Border Patrol and OFO have partnered with CBP's Office of Training and Development as well as the Office of Chief Counsel to develop a distance learning course, tentatively entitled "Processing, Holding, and Transfer of Unaccompanied Alien Children by CBP." According to CBP, this course will be an annual requirement for all CBP agents and officers. As of April 2018, CBP estimates that they will finalize the training module by June 2018. To fully address this recommendation, CBP should ensure that this distance learning training module on how to implement the Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA) criteria is developed and implemented, as required by CBP policy, to all Border Patrol agents and OFO officers.
    Recommendation: To better ensure that DHS complies with TVPRA requirements for training, screening, and transferring UAC to HHS, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to ensure that Border Patrol agents document the basis for their decisions when assessing screening criteria related to (1) an unaccompanied alien child's ability to make an independent decision to withdraw his or her application for admission to the United States, and (2) whether UAC are victims of a severe form of trafficking in persons.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of December 2015, CBP officials reported that an internal working group charged with assessing UAC screening procedures was considering issues related to independent decision-making and appropriate documentation as it develops a revised screening tool. As of June 30, 2016, CBP reported that CBP's Office of Field Operations (OFO) and U.S. Border Patrol (BP) had finalized and routed a revised CBP Form 93 to the OFO Executive Assistant Commissioner and United States Border Patrol Chief for final approval. As of August 31, 2016, the revised CBP Form 93 was still under review and CBP officials estimated that the review process would be completed by December 31, 2016. In January 2017, CBP notified GAO that the expected completion date for the revised form was April 2017, and that direction to Border Patrol agents on the new form would be delivered by June 2017. In June 2017, CBP told GAO that Border Patrol and other CBP partners were continuing to determine which changes were necessary to the CBP Form 93 and estimated that these efforts would not be completed until December 31, 2017. As of April 2018, CBP reported that these efforts would not be completed until June 2018. To fully address this recommendation, CBP should ensure that Border Patrol agents document the basis for their decisions when assessing screening criteria related to (1) an unaccompanied alien child's ability to make an independent decision to withdraw his or her application for admission to the United States, and (2) whether UAC are victims of a severe form of trafficking in persons.
    Recommendation: To increase the efficiency and improve the accuracy of the interagency UAC referral and placement process, the Secretaries of Homeland Security and Health and Human Services should jointly develop and implement a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In September 2015, DHS stated that the department was collaborating with HHS on finalizing a Memorandum of Agreement (MOA) regarding UAC procedures. According to DHS, the MOA is meant to provide a framework for interagency coordination on the responsibilities of the parties in coordinating and establishing procedures, shared goals, and interagency cooperation with respect to UAC. In February 2016, DHS and HHS finalized the MOA. The MOA states that DHS and HHS agree to establish a Joint Concept of Operations (JCO) that should be completed no later than one year following the signing of the MOA. According to the MOA, the JCO should include, among other things, standard protocols for consistent interagency cooperation on the care, processing, and transport of UAC during both steady state operations, as well as in the event the number of UAC exceeds the standard capabilities of the departments to process, transport, and/or shelter with existing resources. As of August 2017, HHS and DHS are still in the process of drafting the JCO. In February 2018, HHS reported to GAO that HHS had submitted a draft to DHS on October 6, 2017. According to HHS, DHS submitted their revised comments to HHS on that draft on January 24, 2018, and it is under review within HHS. In May 2018, DHS reported that DHS and HHS are finalizing the JCO with an estimated date of completion of July 31, 2018. To fully address the recommendation, DHS and HHS will need to ensure that the JCO, once finalized and implemented, includes a documented interagency process with clearly defined roles and responsibilities, as well as procedures to disseminate placement decisions, for all agencies involved in the referral and placement of UAC in HHS shelters.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    3 open recommendations
    Recommendation: To help the department effectively manage spending on mobile devices and services, the Secretary of Homeland Security should ensure an inventory of mobile devices and services is established department-wide (i.e., all components' devices and associated services are accounted for).

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security has taken steps to implement this recommendation. Specifically, it developed inventories for the two components we reviewed. The department stated that it had identified all components' devices. However, as of January 2018, it had not provided evidence that all the components had inventories of unique devices and associated services. We will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To help the department effectively manage spending on mobile devices and services, the Secretary of Homeland Security should ensure a reliable department-wide inventory of mobile service contracts is developed and maintained.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security has taken steps to implement the recommendation, but more needs to be done. Specifically, in May 2017, the department developed an enterprise-wide inventory of mobile service contracts; however, it has not demonstrated that it has effectively maintained the inventory. Specifically, in January 2018, the department provided its August 2017 and November 2017 mobile service contract inventory reports, which account for all of the department's components except the U.S. Secret Service. We will continue to monitor the department's efforts to fully implement the recommendation.
    Recommendation: To help the department effectively manage spending on mobile devices and services, the Secretary of Homeland Security should ensure procedures to monitor and control spending are established department-wide. Specifically, ensure that (1) procedures include assessing devices for zero, under, and over usage; (2) personnel with authority and responsibility for performing the procedures are identified; and (3) the specific steps to be taken to perform the process are documented.

    Agency: Department of Homeland Security
    Status: Open

    Comments: The Department of Homeland Security has not implemented the recommendation. In January 2018, the department's Information Technology Services Office described steps the department was taking. Specifically, the office stated that the department plans to establish an enterprise-wide policy in fiscal year 2018, and that procedures will be derived from the policy. The office added that the department's Chief Information Officer Product and Services Delivery Management Office convened a working group to draft a mobility implementation plan, which the Information Technology Services Office said will address the procedures in the recommendation. We will continue to monitor the department's efforts to implement the recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    3 open recommendations
    Recommendation: To improve Transformation Program governance, the Secretary of DHS should direct the Under Secretary for Management to ensure that the Acquisition Review Board is effectively monitoring the Transformation Program's performance and progress toward a predefined cost and schedule; ensuring that corrective actions are tracked until the desired outcomes are achieved; and relying on complete and accurate program data to review the performance of the Transformation Program against stated expectations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of August 2017, the Department of Homeland Security (DHS) had demonstrated that it had taken steps to address this recommendation, but additional steps were needed. Since we issued this recommendation in May 2015, the Office of Program Accountability and Risk Management (PARM), which serves as the Acquisition Review Board (ARB) executive secretariat and is to oversee DHS's acquisition portfolio, in coordination with the Office of the Chief Information Officer, has actively increased program oversight. For example, beginning in May 2015, the U.S. Citizenship and Immigration Services (USCIS) demonstrated that it submitted data supporting cost, schedule, and technical performance metrics to DHS on a monthly basis. The ARB has also held a number of meetings to discuss the Transformation Program and issued associated Acquisition Decision Memoranda with related action items. In addition, in February 2016, PARM demonstrated that DHS developed a procedure to help ensure acquisition decision memorandum actions, including corrective actions, are tracked until the desired outcomes are achieved. However, as of August 2017, the USCIS Transformation Program was in breach of its previously approved schedule expectations and was taking a strategic pause in developing new software while working to re-baseline cost and schedule expectations. During this strategic pause, the program is working to complete various action items assigned by the Acquisition Review Board, including completing an updated Release Roadmap and submitting it to PARM no later than December 29, 2017; updated Lifecycle Cost Estimate and providing it to the Cost Analysis Division no later than December 29, 2017; updated Test and Evaluation Master Plan and submitting it to the Office of Test and Evaluation no later than January 31, 2018; and an updated Acquisition Program Baseline and providing it to PARM no later than December 29, 2017. We will continue to monitor DHS?s efforts to re-baseline the USCIS Transformation Program and the Acquisition Review Board's efforts to monitor the Transformation Program's performance and progress toward a predefined cost and schedule; ensure that corrective actions are tracked until the desired outcomes are achieved; and rely on complete and accurate program data to review the performance of the Transformation Program against stated expectations until and after a new baseline is established.
    Recommendation: To improve Transformation Program governance, the Secretary of DHS should direct the DHS Under Secretary for Management, in coordination with the Director of US Citizenship and Immigration Services, to ensure that the Executive Steering Committee is effectively monitoring the Transformation Program's performance and progress toward a predefined cost and schedule and relying on complete and accurate program data to review the performance of the Transformation Program against stated expectations.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of August 2017, the Department of Homeland Security (DHS) had demonstrated that it had taken steps to address this recommendation, but additional steps were needed. More specifically, as of July 2016, the U.S. Citizenship and Immigration Services (USCIS) Transformation program office provided evidence that the Executive Steering Committee (ESC) continued to discuss cost, schedule, and operational performance metrics as part of the program's ESC meetings. However, as of August 2017, the USCIS Transformation Program was in breach of its previously approved schedule expectations and was taking a strategic pause in developing new software while working to re-baseline its cost and schedule expectations. During this strategic pause, the program is working to complete various action items assigned by the Acquisition Review Board, including completing an updated Release Roadmap and submitting it to the Office of Program Accountability and Risk Management (PARM) no later than December 29, 2017; updated Lifecycle Cost Estimate and providing it to the Cost Analysis Division no later than December 29, 2017; updated Test and Evaluation Master Plan and submitting it to the Office of Test and Evaluation no later than January 31, 2018; and an updated Acquisition Program Baseline and providing it to PARM no later than December 29, 2017. In addition, according to the program?s August 2017 Acquisition Decision Memorandum, the ESC has been transformed into a component-only body with no headquarters involvement, and the program was to establish a Program Management Integrated Product Team, which was to meet bi-weekly beginning in September 2017. We will continue to monitor DHS's efforts to re-baseline the USCIS Transformation Program, the impact of changes to the ESC, and the ESC?s efforts to effectively monitor the Transformation Program's performance and progress toward a predefined cost and schedule and rely on complete and accurate program data to review the performance of the Transformation Program against stated expectations until and after a new program baseline is established.
    Recommendation: To help ensure that assessments prepared by the Office of the Chief Information Officer in support of the department's updates to the federal IT Dashboard more fully reflect the current status of the Transformation Program, the Secretary of DHS should direct the department's Chief Information Officer to use accurate and reliable information, such as operational assessments of the new architecture and cost and schedule parameters approved by the Under Secretary of Management.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of September 2017, the Department of Homeland Security (DHS) had demonstrated that it had taken steps to address this recommendation, but additional steps were needed. In particular, in February 2016, the DHS Office of the Chief Information Officer (OCIO), in coordination with the Office of Program Accountability and Risk Management (PARM), had consolidated the department's Investment Management System and Next Generation Periodic Reporting System tools into a single enterprise information management and repository system named Investment Evaluation, Submission, and Tracking (INVEST). According to the department, this effort should improve the reliability of the metrics used by OCIO's Enterprise Business Management Office (EBMO), as well as the other line of business and component program offices, and ensure data integrity. The data reported in INVEST include cost, schedule, and operational performance metrics that are to align with the OMB's Information Technology (IT) Dashboard reporting requirements. In addition, as of September 2017, the program was listed as a high-risk program on the federal IT dashboard, in contrast to its April 2015 rating of medium risk. However, as of August 2017, the program was in breach of its previously approved schedule expectations and was taking a strategic pause in developing new software while working to re-baseline its cost and schedule expectations. We will continue to monitor DHS?s efforts to re-baseline the USCIS Transformation Program and the Office of the Chief Information Officer's efforts to use accurate and reliable information to update the federal IT dashboard until and after a new program baseline is established.
    Director: Michele Mackin
    Phone: (202) 512-4841

    2 open recommendations
    Recommendation: To improve DHS's management of major acquisition programs, the Secretary of Homeland Security should ensure future baselines for all of TSA's major acquisition programs capture the overall historical record of change.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the Transportation Security Administration (TSA) will begin to incorporate an addendum to future Acquisition Program Baselines (APB) that will provide a single source to show the changes to cost, schedule, and performance metrics, beginning with the initial program baseline and showing traceability of all interim approved versions to the current APB. DHS estimated it would complete this effort April 30, 2016. As of August 2017, DHS leadership had approved updated versions of the two APBs that were the basis for this recommendation. Both included addendums with metrics from prior APBs, but raised questions about traceability to the current cost, schedule, and performance metrics. GAO will assess the updated APBs as a part of its annual review of select DHS major acquisition programs to determine whether the department has addressed the recommendation.
    Recommendation: To more accurately communicate DHS's funding plans for USCG's major acquisition programs, the Secretary of Homeland Security should ensure the funding plans presented to Congress in fiscal year 2015 are comprehensive and clearly account for all operations and maintenance funding DHS plans to allocate to each of the USCG's major acquisition programs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that the U.S. Coast Guard and the DHS Chief Financial Officer will develop a plan to address this recommendation by September 30, 2015, then work together to fully implement the plan. DHS estimated it would complete this effort March 31, 2016. However, the USCG encountered technical challenges during this process and was unable to implement the plan by that time. The U.S. Coast Guard has revised the estimated completion date, and now anticipates it will be able to address this recommendation in fiscal year 2020.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    3 open recommendations
    Recommendation: To ensure the ICE TACCOM program is effectively managed, the Assistant Secretary of ICE should develop a program plan to ensure that the agency establishes the appropriate documentation of resource needs, program goals, and measures to monitor the performance of its deployed radio systems.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve ICE training efforts, the Assistant Secretary of ICE should develop and implement a plan to address any skills gaps for ICE agents related to understanding the new digital radio systems and interagency radio use protocols.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To improve ICE training efforts, the Assistant Secretary of ICE should develop a mechanism to verify that all ICE radio users receive radio training.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Immigration and Customs Enforcement
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    1 open recommendations
    Recommendation: Finally, to ensure that the Coast Guard is making progress in developing alternative measures that provide more accurate indicators of operational performance in a timely manner, the Coast Guard should establish time frames and interim milestones for developing and implementing these alternative measures for use prior to CRC testing. These measures could then be used for both the NSCs, as well as for other cutters, such as the Offshore Patrol Cutter, that currently use or plan to use the traditional DAFHP performance measure.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In August 2015, the Coast Guard stated that its analysis of alternative measures for use prior to testing the NSCs to use the crew rotational concept was ongoing and did not provide a date for completion. On January 24, 2017, the Coast Guard noted that, in the process of analyzing an alternative to DAFHP, it found that while its data management system collects the necessary data, the system didn't have an efficient way of aggregating the data for analysis. The first step to develop an appropriate measure is to improve the data management system through a software change. Once the change is complete, the system will be evaluated and tested to ensure that an aggregated report of discrete Coast Guard Cutter activity is accurate and reliable. After examining the results from the software change, the Coast Guard will evaluate an alternative to DAFHP. However, all analyses to date indicate DAFHP remains an important measure for personnel operations tempo and cutter scheduling and will not be eliminated as an available measure. The Coast Guard updated the estimated completion date for this recommendation to July 2018. On August 22, 2017, the Coast Guard noted that it is discontinuing efforts to utilize CRC as a crewing model; however, it will continue progress toward implementing this recommendation by July 2018.
    Director: Marie A. Mak
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To ensure a consistent and more collaborative approach to the protection of critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury; as well as the Attorney General of the United States, who have lead and stakeholder responsibilities for the eight programs within the critical technologies portfolio, should take steps to promote and strengthen collaboration mechanisms among their respective programs while ongoing initiatives are implemented and assessed. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs' intent, any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. Relevant efforts by DHS to finalize memoranda of understanding with other agencies and by the Export Enforcement Coordination Center to share information and data across the export control enforcement community are ongoing. As of Sept 2017, DHS did not identify relevant actions to coordinate on critical technologies among other agencies.
    Director: Mark L. Goldstein
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: The Secretary of Homeland Security, in consultation with GSA, should develop and implement a strategy to address cyber risk to building and access control systems that, among other things: (1) defines the problem; (2) identifies roles and responsibilities; (3) analyzes the resources needed; and (4) identifies a methodology for assessing this cyber risk.

    Agency: Department of Homeland Security
    Status: Open

    Comments: When we confirm what actions DHS has taken in response to this recommendation, we will provide updated information.
    Director: Chris P. Currie
    Phone: (404) 679-1875

    1 open recommendations
    Recommendation: To enhance the Secretary of Homeland Security's ability to assess national preparedness and provide management oversight of federal interagency efforts to close previously identified capability gaps, the Secretary of Homeland Security should direct the Administrator of FEMA--in coordination and collaboration with the National Security Council Staff and other federal departments and agencies--to collect information on and regularly report to the Secretary the status of federal interagency implementation of corrective actions identified (1) through prior national-level exercises and (2) following real-world incidents, specifically major disasters.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In November 2016, FEMA officials reported that the agency had developed an approach for collecting and reporting on the status of federal interagency corrective actions from Level I disasters to add to the current practice of reporting on national level exercises. According to officials, the proposed approach was under review and the agency plans to coordinate with the other federal departments and agencies before submitting their proposal to DHS for final approval. In August 2017, FEMA's National Preparedness Directorate reported an expected completion date of December 29, 2017. Pending completion of this effort, this recommendation remains open. Last update requested as of 12/15/2017.
    Director: Melvin, Valerie C
    Phone: (202) 512-6304

    3 open recommendations
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to improve reporting of FOIA costs by including salaries, employee benefits, non-personnel direct costs, indirect costs, and costs for other offices.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In responding to our recommendation, DHS said it has developed a spreadsheet that is to be used by its components to track FOIA costs. However, as of September 2017, DHS has not yet provided information containing such details as when its components will be required to use the spreadsheet and if the spreadsheet is to track all the categories of costs discussed in our report. We plan to update the status of this recommendation when DHS provides documentation that further explains, and confirms the department's use of, the spreadsheet.
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to direct USCIS and Coast Guard to fully implement the recommended FOIA processing system capabilities and the section 508 requirement.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In response to our recommendation, DHS issued a memo to all of the department's FOIA officers in March 2015 which focused on ensuring that each component's FOIA processing systems are 508 compliant. However, as of September 2017, DHS has not yet provided us with evidence that the U.S. Citizenship and Immigration Services and the Coast Guard have implemented system capabilities that are 508 compliant. When DHS provides information concerning its actions taken to make the systems compliant, we will update the status of the recommendation.
    Recommendation: To improve the management of DHS FOIA requests, the Secretary of DHS should direct the Chief FOIA Officer to determine the viability of re-establishing the service-level agreement between the U.S. Citizenship and Immigration Services (USCIS) and U.S. Immigration and Customs Enforcement to eliminate duplication in the processing of immigration files. If the benefits of doing so would exceed the costs, re-establish the agreement.

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS has stated that it is taking steps to determine if the U.S. Immigration and Customs Enforcement and the U.S. Citizenship and Immigration Services will re-establish the service-level agreement to process FOIA requests related to immigration files. In addition, the department has stated that duplication no longer exists in the processing of these type of requests. However, DHS has not yet provided evidence, such as a cost-benefit analysis, that could demonstrate the steps it is taking regarding the service-level agreement. Further, GAO has not yet received evidence from the department to support its assertion that duplication no longer exists in the processing of immigration files. We will update the status of this recommendation when DHS provides documentation.
    Director: Gomez, Jose A
    Phone: (202) 512-3841

    1 open recommendations
    Recommendation: To promote forward-looking construction and rebuilding efforts while FEMA phases out most subsidies, the Secretary of the Department of Homeland Security should direct FEMA to consider amending NFIP minimum standards for floodplain management to incorporate, as appropriate, forward-looking standards, similar to the minimum standard adopted by the Hurricane Sandy Rebuilding Task Force.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In November 2017, the Department of Homeland Security reaffirmed that they agreed with this recommendation and would implement it after implementing the statutory mandates in the Biggert-Waters Flood Insurance Reform Act of 2012. The Department estimated that it would begin implementing our recommendation in January 2020 and complete the implementation in December 2020.
    Director: J. Christopher Mihm
    Phone: (202) 512-6806

    1 open recommendations
    Recommendation: Recognizing that moving toward a more customer-oriented culture within federal agencies is likely to be a continuous effort, the Commissioner of U.S. Customs and Border Protection should, to improve CBP's customer service standards: (1) ensure standards include performance targets or goals, (2) ensure standards include performance measures.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: In January 2017, CBP sent an email stating that the agency has done all it can to fully implement the recommendation at this time. Because CBP does not have performance goals or targets for customer service standards this recommendation remains open. In April 2016, CBP provided us with customer service survey questions they use to collect data. Based on our review of that information, we were unable to confirm CBP had established performance targets and goals for the data being collected. As we stated in the report, performance goals should be in a quantifiable and measurable form to define the level of performance to be achieved for program activities each year. Although CBP is collecting new customer service data based on survey responses, without predetermined performance targets that align with a customer service standard it is not clear what or if internal targets or customer needs are being met. In June 2017, we emailed CBP for an update on the status of this recommendation. Once a response is received we will update this recommendation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    2 open recommendations
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should assess the extent to which ICE has appropriate internal controls for tracking and managing detention facility costs and develop additional controls as necessary.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of June 2018, no additional relevant information had been provided on the status of ICE efforts to address this recommendation. In February 2015, the Department of Homeland Security (DHS) reported that Immigration and Customs Enforcement (ICE) had created a spend plan tool to help track costs for each detention facility. In addition, DHS reported that ICE headquarters and field offices were coordinating to determine the resources needed to track and manage detention facilities costs. To fully address this recommendation, ICE should assess the extent to which the spend plan tool is an appropriate internal control for tracking and managing detention facilities costs and whether additional controls are necessary.
    Recommendation: To enhance ICE's ability to analyze and manage detention facility costs, ensure transparency and accountability in the management of detention facilities, and strengthen the oversight mechanisms that ensure detention facilities provide safe, secure, and humane confinement, the Director of U.S. Immigration and Customs Enforcement should document the reasons facilities cannot be transitioned to the most recent standards.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: The Department of Homeland Security (DHS) did not concur with this recommendation. As of May 2018, ICE reported that they had changed their policy such that different iterations of performance standards are assigned to facilities according to facility type (e.g., service processing center, contract detention facility, dedicated intergovernmental service agreement, etc.) rather than by individual facility. However, ICE has yet to provide documentation regarding this change in policy. To fully address this recommendation, ICE should provide documentation regarding changes in policy that determine which performance standards apply to different types of facilities, or document the reasons detention facilities cannot be transitioned to the most recent national detention standards.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    3 open recommendations
    including 3 priority recommendations
    Recommendation: The Secretary of Homeland Security should designate the headquarters consolidation program a major acquisition, consistent with DHS acquisition policy, and apply DHS acquisition policy requirements.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: In alignment with GAO's recommendation, on September 16, 2014, DHS issued an Acquisition Decision Memorandum designating the DHS-funded portions of the headquarters consolidation program as a Major Acquisition Program to be overseen by the departmental Acquisition Review Board (ARB). DHS made further progress implementing this recommendation by conducting and documenting an ARB of the program on November 15, 2016. The ARB process provided DHS greater oversight of headquarters consolidation, and provided a forum for officials to consider a wide range of issues affecting consolidation efforts, such as funding and project scope. However, DHS and General Services Administration (GSA) were required to revise their cost and schedule estimates subsequent to the ARB's review. In addition, as of April 2018, DHS, in coordination with GSA, had not submitted the report to Congress on DHS Headquarters Consolidation mandated by Pub. L. No. 114-150. GAO will reassess the status of this recommendation after cost and schedule estimates are finalized and DHS and GSA submit the required report to Congress, i.e., when there is more certainty about the future direction of the project overall and DHS's funded portion in particular.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to conduct the following assessments and use the results to inform updated DHS headquarters consolidation plans: (1) a comprehensive needs assessment and gap analysis of current and needed capabilities that take into consideration changing conditions, and (2) an alternatives analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the project and prioritizes options to account for funding instability.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of April 2018, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Required information includes a comprehensive assessment of property and facilities utilized by DHS in the National Capital Region, and an analysis that identifies the costs and benefits of leasing and construction alternatives for the remainder of the consolidation project. In January 2018, DHS and GSA reported that they had prepared alternatives analyses, updated plans, and cost and schedule estimates for DHS headquarters consolidation, but needed to reexamine these efforts relative to new Administration priorities and budget circumstances. GAO will review the latest information on DHS headquarters consolidation efforts when it is provided to Congress, and will assess the materials in the context of this recommendation at that time. Continued DHS and GSA attention to following leading capital planning practices is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Recommendation: In order to improve transparency and allow for more informed decision making by congressional leaders and DHS and GSA decision-makers, before requesting additional funding for the DHS headquarters consolidation project, after revising the DHS headquarters consolidation plans, the Secretary of Homeland Security and the Administrator of the General Services Administration should work jointly to develop revised cost and schedule estimates for the remaining portions of the consolidation project that conform to GSA guidance and leading practices for cost and schedule estimation, including an independent evaluation of the estimates.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: The Department of Homeland Security Headquarters Consolidation Accountability Act of 2015 (Pub. L. No. 114-150) was enacted on April 29, 2016. Among other things, the act requires DHS, in coordination with GSA, to submit information to Congress about DHS headquarters consolidation efforts not later than 120 days of enactment. As of April 2018, DHS and GSA had not submitted the information to Congress required by Pub. L. No. 114-150. Required information includes updated cost and schedule estimates for the consolidation project that are consistent with GAO's recommendations in GAO-14-648. Furthermore, the act requires the Comptroller General to evaluate the cost and schedule estimates not later than 90 days after their submittal to Congress. In January 2018, DHS and GSA reported that they had prepared alternatives analyses, updated plans, and cost and schedule estimates for DHS headquarters consolidation, but needed to reexamine these efforts relative to new Administration priorities and budget circumstances. GAO will review the latest DHS headquarters consolidation cost and schedule estimates when they are provided to Congress, and will assess the materials in the context of this recommendation at that time. Continued DHS and GSA attention to following leading cost and schedule estimation practices is critical given the project's multi-billion dollar cost and impact on future departmental operations.
    Director: Jennifer A. Grover
    Phone: (202) 512-7141

    1 open recommendations
    Recommendation: To assess the progress of the Secure Flight program toward achieving its goals, the Transportation Security Administration's Administrator should develop additional measures to address key performance aspects related to each program goal, and ensure these measures clearly identify the activities necessary to achieve progress toward the goal.

    Agency: Department of Homeland Security: Transportation Security Administration
    Status: Open

    Comments: In July 2014, we reported on the Transportation Security Administration's (TSA) Secure Flight program, which was created to identify commercial airline passengers who may pose a security risk before they board aircraft by matching passenger data with data from the Terrorist Screening Database (TSDB)--the government's consolidated list of known and suspected terrorists. We found that Secure Flight did not have program performance measures that would allow the program to fully assess progress toward achieving all of its goals. For example, to show progress toward goals related to accurately match passengers to lists derived from the TSDB (e.g., the No Fly and Selectee lists), Secure Flight did not have measures to assess the extent to which the Secure Flight System is missing passengers who are actual matches to these lists. We recommended that TSA establish additional performance measures that adequately indicate progress toward Secure Flight program goals. In the Spring of 2018, a TSA contractor completed work on a data set for testing the Secure Flight system. The data set allows Secure Flight to determine how changes to the Secure Flight system will affect the number passengers accurately matched to No Fly, Selectee, PreCheck and any other lists used for screening (including the extent to which individuals on lists may be missed). TSA reported that it plans to use the data set to assess the accuracy of system matching before any technical change to the Secure Flight System, and to conduct bi-annual tests of the data set against the current version of the TSDB to identify and resolve any discrepancies. Given these actions, TSA should have more complete information to measure progress toward achieving program goals related to accuracy. However, TSA has two additional goals, unrelated to the accuracy of the Secure Flight system, that address risk-based security capabilities and protecting passengers' personal information; this recommendation will remain open until Secure Flight identifies how it will measure progress toward these goals.
    Director: Brenda S. Farrell
    Phone: (202) 512-3604

    1 open recommendations
    Recommendation: To help ensure that all employees are treated fairly and receive the protections established in the executive order, the Secretary of Homeland Security should direct the Commandant, U.S. Coast Guard, to revise the Coast Guard instruction for military personnel to specify that military personnel may be represented by counsel or other representatives at their own expense.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of December 2017, we have no updated information from the Coast Guard on this recommendation and it remains open. As of summer 2016, in response to our recommendation, the Commandant of the Coast Guard issued a policy message stating that individuals may have counsel or other representative present at the service member's own expense. According to a Coast Guard official, this message serves as interim guidance until the personnel security manual can be finalized. As of August 2017, this official estimated that the manual will be updated in the early part of fiscal year 2018. This recommendation will remain open until the Coast Guard finalizes the update to its manual in accordance with our recommendation.
    Director: Daniel Garcia-Diaz
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: As FEMA determines the scope of its efforts to revise its existing guidance, the Secretary of the Department of Homeland Security (DHS) should direct the Administrator of FEMA to update existing guidance to include additional information on and options for mitigating the risk of flood damage to agricultural structures to reflect recent farming developments and structural needs in vast and deep floodplains.

    Agency: Department of Homeland Security
    Status: Open

    Comments: To obtain information for updating existing guidance, FEMA engaged a contractor to conduct two studies. The first study from the contractor provided information on the types of flood damage agricultural buildings and contents can sustain, NFIP mitigation measures, and insurance available to farmers. The second study identified the number and types of agricultural structures and the legislation, regulations, and programs affecting them; analyzed the feasibility of mitigation options for these structures across different types of floodplains; and explored rating guidelines and potential mitigation techniques to reduce risk or rates for agricultural structures. In response, FEMA has engaged the contractor to develop new policy options, guidance, and training. We will continue to monitor the development of new guidance and policy options.
    Director: Michele Mackin
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help the Coast Guard improve the long-term outlook of its portfolio, the Commandant of the Coast Guard should develop a 20-year fleet modernization plan that identifies all acquisitions needed to maintain the current level of service and the fiscal resources necessary to build the identified assets. The plan should also consider trade-offs if the fiscal resources needed to execute the plan are not consistent with annual budgets.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: Based on this recommendation, Congress has requested that the Coast Guard develop a 20-year plan that identifies all acquisitions needed to maintain the Coast Guard's current level of service and the financial commitment necessary to achieve this plan. As a part of a series of testimonies in June and July 2017, we found that Coast Guard officials stated they are developing a 20-year Capital Investment Plan (CIP), but the timeframe for completion is unknown. The Coast Guard does, however, submit a 5-year CIP annually to Congress that projects acquisition funding needs for the upcoming 5 years. GAO found the CIPs do not match budget realities in that tradeoffs are not included. In the 20-year CIP, GAO would expect to see all acquisitions needed to maintain current service levels and the fiscal resources to build the identified assets as well as tradeoffs in light of funding constraints.
    Director: Gregory C. Wilshusen
    Phone: (202) 512-6244

    4 open recommendations
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to work with federal and nonfederal partners to ensure that the maritime risk assessment includes cyber-related threats, vulnerabilities, and potential consequences.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, USCG stated that the National Maritime Strategic Risk Assessment (NMSRA) was still being finalized. The agency stated that they expected this to be completed by July 2017. Once completed, we will analyze the results of the NMSRA in order to validate the extent to which its contents implement our recommendation.
    Recommendation: To enhance the cybersecurity of critical infrastructure in the maritime sector, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to use the results of the risk assessment to inform how guidance for area maritime security plans, facility security plans, and other securityrelated planning should address cyber-related risk for the maritime sector.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, USCG stated that it had developed a draft Navigation and Vessel Inspection Circular (NVIC) to provide guidance on assessment methods that assist vessel and facility owners and operators identify and address cybersecurity vulnerabilities. USCG stated that the draft NVIC would be published in the Federal Register for 60 days, to enable maritime stakeholders to review and provide comment. Once USCG provides us a final copy of the NVIC, we will analyze it to determine if it provides guidance for addressing cyber-related risk in the maritime sector.
    Recommendation: To help ensure the effective use of Port Security Grant Program funds to support the program's stated mission of addressing vulnerabilities in the maritime port environment, the Secretary of Homeland Security should direct the FEMA Administrator, in coordination with the Coast Guard, to develop procedures for officials at the field review level (i.e., captains of the port) and national review level (i.e., the National Review Panel and FEMA) to consult cybersecurity subject matter experts from the Coast Guard and other relevant DHS components, if applicable, during the review of cybersecurity grant proposals for funding.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, FEMA officials stated they would provide GAO an update on the status of the recommendation by July 2017. Once provided, we will analyze the information we receive and update status of implementation efforts.
    Recommendation: To help ensure the effective use of Port Security Grant Program funds to support the program's stated mission of addressing vulnerabilities in the maritime port environment, the Secretary of Homeland Security should direct the FEMA Administrator, in coordination with the Coast Guard, to use any information on cyberrelated threats, vulnerabilities, and consequences identified in the maritime risk assessment to inform future versions of funding guidance for grant applicants and reviews at the field and national levels.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, FEMA officials stated they would provide GAO an update on the status of the recommendation by July 2017. Once provided, we will analyze the information received and update status of implementation efforts.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    4 open recommendations
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should establish an updated performance target for completing application vetting and a process to modify that target, as needed, based on factors such as changes in the number of trusted traveler program applications and available resources.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the agency is transitioning to a new vetting platform, which will allow them to more fully assess application data. The estimated completion date is December 30, 2015.
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should assess the feasibility of practices to expedite the interview process, which could include assessing the potential trade-offs, costs, and benefits associated with any proposed practices, such as those currently proposed or implemented at specific enrollment centers, and implement those practices CBP determines to be feasible.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the Office of Field Operations, Trusted Traveler Programs (TTP) Division intends to complete the recommendation and provide a summary of findings and recommended best practices by December 30, 2015.
    Recommendation: To help assess and improve the timeliness of the trusted traveler application adjudication process, the Commissioner of CBP should develop a mechanism to track enrollment interview appointment availability data over time.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: According to CBP, the agency has initiated a redesign of the Global Online Enrollment System (GOES), to include GOES scheduling. A report on this effort, expected to further establish the project deliverables, level of effort, milestones and estimated completion timeline, is scheduled to be completed by December 30, 2015.
    Recommendation: To better ensure that the trusted traveler eligibility criteria and applicant adjudication processes are consistently implemented in accordance with CBP policy at all enrollment centers and by partner countries, the Commissioner of CBP should establish a mechanism or mechanisms in GES to allow CBP officers to efficiently document the types of interview questions asked and the nature of applicant responses, when appropriate, and then use this information to monitor the implementation of the interview process.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information. Status last updated October 16, 2015.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    2 open recommendations
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2017, the Department of Homeland security (DHS) reported that it is regularly tracking and maintaining a comprehensive inventory of software licenses using automated tools and metrics. DHS also reported that the regular and comprehensive automated software monitoring across DHS will be implemented on the completion of the Continuous Diagnostics and Mitigation tool is rolled out to each DHS Component. However, the evidence provided to demonstrate that the department is using automated tools in tracking and regularly maintaining its inventory including those of components was not sufficient. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2018, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that CDM tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. The CDM tool will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses, including all licenses purchased, deployed, and in use, as well as spending on subscription services. As this data is captured the DHS OCIO, OSDO will analyze the software license data to track cost, usage, benefits to establish spending data that allows to the Department to perform trend analysis. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To better communicate acquisition funding needs to Congress, the Secretary of Homeland Security should enhance the content of future Future Years Homeland Security Program (FYHSP) reports--for fiscal years 2016-20 and beyond--by presenting acquisition programs' annual cost estimates and any anticipated funding gaps.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, the Department of Homeland Security (DHS) concurred with this recommendation, and stated that it provides Congress Comprehensive Acquisition Status Reports (CASR) on a quarterly basis that include cost estimates for all major acquisition programs. However, the CASRs do not disaggregate the cost estimates to identify how much the programs are expected to cost each year, and therefore the proposed approach would not allow Congress to identify funding gaps on an annual basis. In April 2016, DHS presented an alternative approach that would incorporate annual funding gaps into future FYHSP reports. DHS stated it plans to initially include these annual funding gaps in the fiscal years 2018-22 FYHSP report, which was expected to be released shortly after the President's fiscal year 2018 budget request in May 2017. However, the transition to a new administration delayed the release of the FYHSP report. Once available, GAO will evaluate the FYHSP report to determine whether DHS has met the intent of this recommendation.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To improve the acquisition management of the Plan and the reliability of its cost estimates and schedules, assess the effectiveness of deployed technologies, and better inform CBP's deployment decisions, once data on asset assists are required to be recorded and tracked, the Commissioner of CBP should analyze available data on apprehensions and seizures and technological assists, in combination with other relevant performance metrics or indicators, as appropriate, to determine the contribution of surveillance technologies to CBP's border security efforts.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open
    Priority recommendation

    Comments: In February 2015, the Border Patrol was planning to address this recommendation using the Capability Gap Analysis Process (CGAP) developed by Johns Hopkins University Applied Physics Lab, specifically for the Border Patrol, to examine the effects of technology and other assets, such as infrastructure. In September 2016, Border Patrol provided a case study that assessed CGAP data with technology assist data and other measures. While this was a start to developing performance measures, the case study was limited to one location along the border and the analysis limited to select technologies. In May 2017, Border Patrol officials demonstrated a new system, intended to allow for more comprehensive analysis of the contributions of surveillance technologies to Border Patrol's mission. However, officials confirmed that it is not yet used to support such analytic efforts. As noted in GAO's November 2017 report on CBP's use of surveillance technology, GAO continues to believe that developing and applying performance metrics for its border technologies, in accordance with our prior recommendation, would help Border Patrol more fully assess its progress in implementing the Southwest Border Technology Plan and determine when mission benefits have been realized.
    Director: Rebecca Gambler
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To better ensure DSOs' and students' compliance with OPT requirements, and strengthen efforts to identify and assess potential risks in OPT, the Director of ICE should direct SEVP to develop and distribute guidance to DSOs on how to determine whether a job is related to a student's area of study and require DSOs to provide information in SEVIS to show that they took steps, based on this guidance, to help ensure that the student's work is related to the area of study.

    Agency: Department of Homeland Security: United States Immigration and Customs Enforcement
    Status: Open

    Comments: As of April 2015, SEVP has made progress in developing employment guidance to support DSOs in determining whether a job is related to a student's course of study and requiring DSOs to provide such information in SEVIS. In May 2016, the new STEM OPT regulation went into effect and SEVP officials stated that, among other things, it requires much greater detail on the scope of the employment and how it is related to the earned degree. As of October 2016, SEVP expects that non-STEM guidance on course of study would be finalized by the second quarter of fiscal year 2017. In May 2017, SEVP officials stated they had been revising the guidance and that it was undergoing final revisions, as planned. In February 2018, ICE reported to GAO that the planned dissemination of SEVP's guidance to DSOs concerning how to determine whether a student's OPT opportunity is directly related to his or her course of study has been drafted and is being finalized in cooperation with ICE's Office of the Principal Legal Advisor. ICE noted that the timelines for promulgating agency guidance have been delayed by instruction from DHS's Office of General Counsel based on a January 20, 2017, memorandum from the White House. ICE told GAO that, on the basis of this instruction, the agency would not issue guidance until an ICE political appointee is in place. As a result, as of February 2018, ICE reported that the ability of its components, including SEVP, to issue guidance has been delayed; however, SEVP is planning to release guidance on this issue once it is cleared and approved through official channels and anticipates being able to do so in the third quarter of 2018. To fully address this recommendation, ICE should develop and distribute non-STEM-related guidance on determining whether a job is related to a student's area of study and require DSOs to provide relevant information in SEVIS.
    Director: Wilshusen, Gregory C
    Phone: (202)512-6244

    1 open recommendations
    Recommendation: The Secretary of Homeland Security, in collaboration with emergency service sector stakeholders, should address the cybersecurity implications of implementing Next Generation 911 and the First Responder Network Authority network in the next iteration of sector plans.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In December 2015, DHS released an updated sector-specific plan for the emergency services sector that describes the sector's greater dependence on cyber-based infrastructure as a notable trend and emerging issue among the sector's risks. However, the plan does not incorporate steps to address the cybersecurity risk of implementing Next Generation 911 or risks associated with the First Responder Network, the public safety broadband network, currently in development. An update to the sector-specific plan will likely not occur until 2018. When DHS provides evidence regarding additional risk mitigation steps, we will review the evidence provided to update the status of this recommendation.
    Director: Grover, Jennifer A
    Phone: (202) 512-7141

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To help ensure that security-related funding is directed to programs that have demonstrated their effectiveness, the Secretary of Homeland Security should direct the TSA Administrator to limit future funding support for the agency's behavior detection activities until TSA can provide scientifically validated evidence that demonstrates that behavioral indicators can be used to identify passengers who may pose a threat to aviation security.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: DHS did not concur with this recommendation, but has subsequently taken steps to address it. For example, TSA reduced the number of Behavior Detection Officers (BDO) from 3,131 full-time equivalents (FTE) in fiscal years 2013 through 2015 to 2,600 BDO FTEs in fiscal year 2016 and has reduced funding for its behavior detection activities since 2013. In fiscal year 2017, TSA eliminated the standalone BDO position and began integrating BDOs and behavior detection activities into the standard duties of its transportation security officer (TSO) position. According to TSA, this adjustment resulted in $196 million in funding becoming available to support increased passenger volume at TSA's checkpoints. TSA also revised its list of behavior indicators from 94 to 36. In July 2017, however, GAO found that only 8 of the 36 revised indicators were supported by valid evidence-- which includes original research that meets generally accepted research standards and presents evidence that is applicable in supporting TSA's use of specific behavioral indicators--demonstrating the use of the indicators to identify passengers who pose a threat to aviation security. As a result, GAO reported that TSA should continue to limit funding for behavior detection activities until the agency can provide valid evidence demonstrating that behavioral indicators can be used to identify potentially high-risk passengers. GAO has ongoing work to monitor and review TSA's behavior detection activities.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To ensure that the increasing risks of GPS disruptions to the nation's critical infrastructure are effectively managed, the Secretary of Homeland Security should increase the reliability and usefulness of the GPS risk assessment by developing a plan and time frame to collect relevant threat, vulnerability, and consequence data for the various critical infrastructure sectors, and periodically review the readiness of data to conduct a more data-driven risk assessment while ensuring that DHS's assessment approach is more consistent with the National Infrastructure Protection Plan (NIPP).

    Agency: Department of Homeland Security
    Status: Open

    Comments: DHS officials had previously indicated that DHS's Office of Infrastructure Protection (IP) and Office of Cyber and Infrastructure Analysis (OCIA) have discussed an update of the GPS risk assessment, noting that such an update may be included in fiscal year 2017 planning documents. However, as of February 2017, no documentation had been provided that demonstrates such plans. Additionally, information from DHS shows that DHS has continued other efforts to collect potentially relevant threat, vulnerability, and consequence data for various GPS equipment in use. For example, according to DHS officials, DHS has conducted visits to major maritime, finance, wireless communications, and electricity firms to gauge their understanding of GPS vulnerabilities and of technology- and strategy-based efforts to improve GPS resilience, and DHS documentation shows that DHS has held events to test GPS receivers as part of assessing vulnerabilities. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To ensure that the increasing risks of GPS disruptions to the nation's critical infrastructure are effectively managed, the Secretary of Homeland Security should, as part of current critical infrastructure protection planning with Sector-Specific Agencys (SSAs) and sector partners, develop and issue a plan and metrics to measure the effectiveness of GPS risk mitigation efforts on critical infrastructure resiliency.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2017, DHS documentation shows that DHS has worked with Sector Specific Agencies (SSAs) and other interagency partners to help manage GPS risks and continues to communicate information on risks to critical infrastructure partners. For example, according to DHS officials, this included briefing field staff and developing questions for infrastructure surveys to gather information on GPS resilience at the facility level. According to DHS officials, at the national level DHS included GPS in discussions with SSAs on topics they could include in their Sector-Specific Plans (each SSA develops a Sector-Specific Plan to detail risk management in its critical infrastructure sector), but DHS has also indicated that sector-oriented metrics are not a viable means of assessing risk management actions. We will update the status of this recommendation after we receive additional information from DHS.
    Recommendation: To improve collaboration and address uncertainties in fulfilling the National Security Presidential Directive 39 (NSPD-39) backup-capabilities requirement, the Secretaries of Transportation and Homeland Security should establish a formal, written agreement that details how the agencies plan to address their shared responsibility. This agreement should address uncertainties, including clarifying and defining DOT's and DHS's respective roles, responsibilities, and authorities; establishing clear, agreed-upon outcomes; establishing how the agencies will monitor and report on progress toward those outcomes; and setting forth the agencies' plans for examining relevant issues, such as the roles of SSAs and industry, how NSPD-39 fits into the NIPP risk management framework, whether an update to the NSPD-39 is needed, or other issues as deemed necessary by the agencies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2017, the National Executive Committee for Space-Based Positioning, Navigation, and Timing (PNT) Executive Steering group had established an interagency team called the "Complementary PNT Tiger Team" co-chaired by DHS, DOT, and DOD. This team was formed to manage the federal government's efforts to establish a national backup system to GPS. According to DHS officials, this organizational structure obviates the need for a formal, written agreement between DOT and DHS specific to GPS backup responsibilities. They also stated that, in a separate but related effort, DHS, DOT, and DOD are discussing a tri-lateral agreement that covers a broad spectrum of PNT-related responsibilities and activities. We will update the status of this recommendation after we receive additional information from DHS.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    1 open recommendations
    Recommendation: To improve the management and oversight of FPS's contract guard program, the Secretary of Homeland Security should direct the Under Secretary of National Protection and Programs Directorate (NPPD) and the Director of FPS to take immediate steps to determine which guards have not had screener or active-shooter scenario training and provide it to them and, as part of developing a national lesson plan, decide how and how often these trainings will be provided in the future.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FPS has indicated that they plan to implement this recommendation through its implementation of a training management system. FPS anticipates beginning implementation of this system in early 2018 and completing implementation by August 2018. GAO will continue to work with FPS to determine whether this recommendation has been implemented.
    Director: Gambler, Rebecca S
    Phone: (202) 512-8777

    1 open recommendations
    Recommendation: To better ensure that CBP's Office of Field Operations' (OFO) staffing processes are transparent and to help ensure CBP can demonstrate that these resource decisions have effectively addressed CBP's mission needs, the Commissioner of CBP should document the methodology and process OFO uses to allocate staff to land ports of entry on the southwest border, including the rationales and factors considered in making these decisions.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: CBP officials report that in May 2017 the Office of Field Operations began working with a contractor to develop a comprehensive CBP position allocation methodology and tool. They report that the purpose of this tool is to ensure a data driven, transparent process for allocating CBP resources-including staff-to land ports of entry on the southwest border. CBP officials report that the contractor completed development of the tool in January 2018 and CBP will now test the tool in fiscal year 2018, and implement the tool in fiscal year 2019. Developing this tool is a positive first step, but CBP will need to adopt the tool and ensure that the methodology and process used to allocate staff to land ports of entry-including rationales and factors considered-are documented. This recommendation remains open.
    Director: Cackley, Alicia P
    Phone: (202) 512-8678

    1 open recommendations
    Recommendation: To establish full-risk rates for properties with previously subsidized rates that reflect their risk for flooding, the Secretary of the Department of Homeland Security (DHS) should direct the FEMA Administrator to develop and implement a plan, including a timeline, to obtain needed elevation information as soon as practicable.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of February 2018, FEMA is undertaking a multi-year effort to modernize its rating approach to reflect industry best practices, such as providing credible, understandable rates based on graduated risk. We reported in February 2016 in GAO-16-190 that FEMA would evaluate the appropriate approach for obtaining or requiring the submittal of information needed to determine full-risk rates for subsidized properties. FEMA also said it would explore technological advancements and engage with industry to determine the availability of technology and data that could be used to implement the recommendation. However, FEMA officials also said that obtaining elevation information could take considerable time and cost, and requiring policyholders to incur the cost would not be consistent with NFIP's policy objective to promote affordability. The agency encourages subsidized policyholders who seek to ensure the appropriateness of their NFIP rates to voluntarily submit elevation documentation.
    Director: Caldwell, Stephen L
    Phone: (202) 512-9610

    2 open recommendations
    Recommendation: To better assess risk associated with facilities that use, process, or store chemicals of interest consistent with the NIPP and the CFATS rule, the Secretary of Homeland Security should direct the Under Secretary for National Protection and Programs Directorate (NPPD), the Assistant Secretary for NIPP's Office of Infrastructure Protection (IP), and Director of ISCD to develop a plan, with timeframes and milestones, that incorporates the results of the various efforts to fully address each of the components of risk and take associated actions where appropriate to enhance ISCD's risk assessment approach consistent with the NIPP and the CFATS rule.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, they completed development of an updated tiering methodology, which incorporates improvements based on recommendations from both the external peer review of the tiering methodology and a Sandia National Laboratory (Sandia) report on economic consequences, which was submitted to the Department in the first quarter of fiscal year (FY) 2015. Additionally, according to the officials, DHS continued hosting meetings of an external experts panel consisting of representatives from other Federal agencies and the chemical and oil and natural gas industries, who have met repeatedly to review and provide input on the proposed improvements to the Chemical Facility Anti-Terrorism Standards (CFATS) tiering methodology. As noted in the tiering methodology improvement plan previously provided by the Department to GAO, the ISCD is having external entities validate and verify the updated methodology before deployment. To that end, the Homeland Security Studies and Analysis Institute (HSSAI) has reviewed and provided findings and recommendations on all parts of the updated tiering engine. Additionally, Sandia has been conducting component testing of the tiering engine as it is being updated and, beginning in January 2016, Sandia will conduct end-to-end testing of the engine. Concurrent with these efforts, ISCD has been updating the Chemical Security Assessment Tool (CSAT) applications which currently support the collection of the data used by the CFATS tiering methodology (i.e., Top-Screen, Security Vulnerability Assessment). According to the officials, deployment of these new applications cannot occur until the DHS's Information Collection Request (ICR) is approved by the White House's Office of Management and Budget (OMB), which the Department anticipates submitting to OMB in the third quarter of fiscal year 2016. We will update the status of this recommendation after additional information is received from DHS. Status as of January 20, 2016.
    Recommendation: To better assess risk associated with facilities that use, process, or store chemicals of interest consistent with the NIPP and the CFATS rule, the Secretary of Homeland Security should direct the Under Secretary for NPPD, the Assistant Secretary for IP, and Director of ISCD to conduct an independent peer review, after ISCD completes enhancements to its risk assessment approach, that fully validates and verifies ISCD's risk assessment approach consistent with the recommendations of the National Research Council of the National Academies.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to Infrastructure Security Compliance Division (ISCD) officials, the updated CFATS risk-based tiering methodology has been developed and portions of it are undergoing independent review from both HSSAI and Sandia. An independent verification and validation of the updated tiering methodology is scheduled to be conducted by Sandia beginning in January 2016. We will update the status of this recommendation after additional information is received from DHS. Status as of January 20, 2016.
    Director: Larence, Eileen
    Phone: (202)512-6510

    1 open recommendations
    Recommendation: To ensure that USNCB and ICE are providing more comprehensive information to their respective foreign counterparts regarding registered sex offenders traveling internationally, the Attorney General and the Secretary of Homeland Security should take steps to help ensure that USNCB and ICE have information on the same number of registered sex offenders as well as the same level of detail on registered sex offenders traveling internationally. Such steps could include USNCB and ICE copying each other on their notifications to their foreign counterparts or USNCB receiving information directly from the CBP National Targeting Center (NTC).

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that U.S. National Central Bureau (USNCB) and U.S. Immigration and Customs Enforcement (ICE) did not have information on the same registered sex offenders or the same level of detail on registered sex offenders traveling internationally, which affected their ability to notify their respective foreign counterparts. In part, this is because the two agencies rely on different information sources and do not share information with one another. We recommended that DOJ and DHS develop mechanisms that would enable these two agencies to have access to the same information on traveling sex offenders. In August 2013, ICE provided documentation showing that it copied several U.S. Marshals Service (USMS) officials on notifications that ICE sent to other countries regarding registered sex offenders traveling internationally. However, ICE did not copy USNCB on these notifications. ICE explained that it thought sharing information on traveling sex offenders with USMS and relying on USMS to pass that information along to USNCB was the most efficient way to share information with USNCB. However, we analyzed notifications from ICE, USNCB, and USMS regarding sex offenders who initiated international travel in February 2014 and found that USMS only passed along about 30 percent of the notifications it received from ICE to USNCB. We provided the results of this analysis to all three agencies in July 2014. We met with relevant U.S. Customs and Border Protection (CBP), ICE, USMS, and USNCB officials in September 2014 to discuss options for ensuring that USNCB receives more comprehensive information regarding traveling sex offenders. ICE officials stated that since CBP is the source of the information ICE receives on traveling sex offenders, as well as one of the information sources for USMS, that it may be best for CBP to provide information directly to USNCB. USNCB officials also stated that their preference was to receive information directly from CBP, and it was their understanding that CBP and USNCB were in the process of developing an MOU that would allow for this. In October 2015, CBP confirmed that the MOU would enable CBP to share information with USNCB regarding traveling sex offenders but had not yet finalized the MOU. Since that time, in December 2015, International Meghan's Law (IML) was passed which codified the relationship between USMS and ICE as the two key information sharing components on traveling sex offenders within DOJ and DHS, respectively. According to ICE officials, as of May 2018, DHS and DOJ are drafting an MOU which will detail the information sharing agreement between ICE and USMS and that is consistent with the framework established by IML. The MOU will likely be signed sometime in 2019 and could meet the spirit of our recommendation if it directly speaks to the coordination laid out by IML. When we confirm additional details about the MOU, we will provide updated information.
    Director: Caldwell, Stephen L
    Phone: (202)512-9610

    1 open recommendations
    Recommendation: To better ensure consistent implementation of and accountability for DHS's resilience policy, the Secretary of Homeland Security should direct the Assistant Secretary for Policy to develop an implementation strategy for this new policy that identifies the following characteristics and others that may be deemed appropriate: (1) steps needed to achieve results, by developing priorities, milestones, and performance measures; (2) responsible entities, their roles compared with those of others, and mechanisms needed for successful coordination; and (3) sources and types of resources and investments associated with the strategy, and where those resources and investments should be targeted.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In the 60-day letter provided in January 2013, DHS indicated that the Resilience Integration Team (RIT) was developing a draft implementation plan to be circulated among relevant stakeholders for review. On October 30, 2013, we notified DHS that we would like to see a copy of the resilience policy implementation plan (if developed), or any other related documentation if the plan is still in development. We were informed later that day that a draft plan had been developed, and DHS needed to confirm its status. In November of 2017, we were told again that a draft plan had been developed but never finalized. As of June 2018, DHS's Policy Office was looking into the status of plan development. We await their response. DHS response still pending as of June 20, 2018.
    Director: Mackin, Michele
    Phone: (202) 512-3000

    1 open recommendations
    Recommendation: To help the Coast Guard create stability in the acquisition process and provide decision makers, including DHS, Office of Management and Budget, and Congress, with current information to make decisions about budgets, the Commandant of the Coast Guard should conduct a comprehensive portfolio review to develop revised baselines that reflect acquisition priorities as well as realistic funding scenarios.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation. Since 2014, we found efforts are underway to address this issue, but, so far, these efforts have not led to the significant trade-off decisions needed to improve the affordability of the Coast Guard's portfolio. The Coast Guard is currently conducting a fleet-wide analysis, including surface, aviation, and information technology, intended to be a fundamental reassessment of the capabilities and mix of assets the Coast Guard needs to fulfill its missions. The Coast Guard is undertaking this effort consistent with direction from Congress based upon this and other GAO recommendations. Specifically, the Coast Guard has completed its new mission needs statement and plans to release a fleet-wide concept of operations by the end of fiscal 2016. Then, it will use a complex model to develop the full fleet mix study. Based on this, the Coast Guard plans to recommend a set of assets that best meets these needs in terms of capability and cost. The Coast Guard plans to complete the full study in time to inform the fiscal year 2019 budget, though specific dates for these events have not been set forth.
    Director: Mackin, Michele
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To help mitigate the risk of poor acquisition outcomes and strengthen the department's investment management activities, the Secretary of Homeland Security should direct the Under Secretary for Management to, once the department's acquisition programs comply with DHS acquisition policy, prioritize major acquisition programs departmentwide and ensure that the department's acquisition portfolio is consistent with DHS's anticipated resource constraints.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In providing comments on this report, DHS concurred with this recommendation, and stated that its effort to more fully reflect portfolio management practices in its acquisition policy will help DHS prioritize its major acquisition programs departmentwide. DHS also stated that the revised portfolio management approach will help ensure that the department's acquisition portfolio is consistent with anticipated resource constraints. However, it has taken years for some of the department's major acquisition programs to comply with DHS's acquisition policy, which requires getting approval for key acquisition documentation that contains the critical knowledge needed for DHS to make effective portfolio management decisions. In February 2017, we found that DHS had approved the required acquisition documentation for all of its major acquisition programs and planned to continue to ensure that all major acquisition programs have approved documents, such as acquisition program baselines. Now that major acquisition programs are in compliance with DHS's acquisition policy, GAO will evaluate the department's implementation of its revised portfolio management approach to determine whether DHS has met the intent of this recommendation by ensuring that the department's acquisition portfolio is consistent with DHS's anticipated resource constraints.
    Director: Currie, Christopher
    Phone: (404)679-3000

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To increase the efficiency and effectiveness of the process for disaster declarations, the FEMA Administrator should develop and implement a methodology that provides a more comprehensive assessment of a jurisdiction's capability to respond to and recover from a disaster without federal assistance. This should include one or more measures of a jurisdiction's fiscal capacity, such as TTR, and consideration of the jurisdiction's response and recovery capabilities. If FEMA continues to use the PA per capita indicator to assist in identifying a jurisdiction's capabilities to respond to and recover from a disaster, it should adjust the indicator to accurately reflect the annual changes in the U.S. economy since 1986, when the current indicator was first adopted for use. In addition, implementing the adjustment by raising the indicator in steps over several years would give jurisdictions more time to plan for and adjust to the change.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open
    Priority recommendation

    Comments: On January 20, 2016, FEMA published an Advanced Notice of Proposed Rulemaking to solicit comments on an option FEMA is considering to establish a disaster deductible, which would require a predetermined level of financial or other commitment from a recipient, generally the state or territorial government, before FEMA would provide assistance under the Public Assistance Program. According to FEMA, the agency received 150 responses during the 60-day public comment period, which ended on March 21, 2016, and used this input to develop a plan for further engagement on a more detailed proposal for public comment. The Supplemental Advanced Notice of Proposed Rulemaking, published on January 12, 2017, provided another opportunity for stakeholder input prior to any changes to the Public Assistance program. This proposal included an explanation of how deductible amounts might be calculated, identified specific credits that states could apply for, and detailed how the deductible would be applied post-declaration. Comments on the Supplemental Advanced Notice of Proposed Rulemaking must be submitted by April 12, 2017. Until FEMA implements a new methodology, FEMA will not have an accurate assessment of a jurisdiction's capabilities to respond to and recover from a disaster without federal assistance and runs the risk of recommending that the President award Public Assistance to jurisdictions that have the capability to respond and recover on their own.
    Director: Goldstein, Mark L
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should develop and implement a new comprehensive and reliable system for contract guard oversight.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FPS officials, as of September 2017, FPS is currently reviewing proposals and preparing to make a decision for the final contract award for a Post Tracking System (PTS). According to FPS, this PTS will allow FPS to comprehensively and reliability mange its contract guards. Once the contract is awarded in late 2017 FPS will begin to implement the PTS system. GAO is keeping this recommendation open pending successful implementation of this system.
    Recommendation: Given the challenges that FPS faces in assessing risks to federal facilities and managing its contract guard workforce, the Secretary of Homeland Security should verify independently that FPS's contract guards are current on all training and certification requirements.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FPS officials, as of September 2017, FPS plans to address this recommendation through the implementation of FPS?s Training Academy and Management System (TAMS). FPS reported that this system should allow it to verify independently that FPS's contract guards are current on all training and certification requirements. FPS is currently taking various steps to finalize the system and anticipates full implementation of TAMS by August 2018. GAO is leaving this recommendation open pending successful implementation of TAMS.
    Director: Maurer, Diana C
    Phone: (202) 512-9627

    3 open recommendations
    Recommendation: To help ensure that FEMA's agencywide workforce planning and training efforts are conducted in a comprehensive and integrated manner, the FEMA Administrator should identify and document long-term and quantifiable mission critical goals that reflect the agency's priorities for workforce planning and training.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In October 2016, agency officials said they had contracted for the development of a Workforce Strategic Plan that is intended to assess current steady state staffing needs based on mission requirements and establish workforce models capable of determining future needs based on workload drivers. Further, they said the plan will monitor and evaluate FEMA's progress towards mission critical goals and the contribution that human capital results have made towards achieving programmatic priorities. In July 2017, they provided an updated estimate that the plan will be completed by June 2020. Pending completion of this effort, the recommendation will remain open.
    Recommendation: To help ensure that FEMA's agencywide workforce planning and training efforts are conducted in a comprehensive and integrated manner, the FEMA Administrator should establish a time frame for completing the development of quantifiable performance measures related to workforce planning and training efforts.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In October 2016, agency officials said they had contracted for the development of a Workforce Strategic Plan that is intended to assess current steady state staffing needs based on mission requirements and establish workforce models capable of determining future needs based on workload drivers. Once complete, they said the plan will identify performance metrics to track FEMA's progress towards mission critical goals regarding workforce planning and training efforts. In July 2017, they provided an updated estimate that the plan will be completed by September 2020. Pending completion of this effort, the recommendation will remain open.
    Recommendation: To better inform FEMA's decision-making related to agencywide workforce planning and training efforts, the FEMA Administrator should develop systematic processes to collect and analyze workforce and training data.

    Agency: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
    Status: Open

    Comments: In July 2017, officials reported that FEMA's Chief Component Human Capital Office was preparing a Training Plan that will outline the collection and analysis methodology of training data with an estimated completion date of September 2018. Pending documentation of the results of these efforts this recommendation will remain open.
    Director: Martin, Belva M
    Phone: (202) 512-4841

    1 open recommendations
    Recommendation: To better inform management and resource allocation decisions, effectively manage limited export control enforcement resources, and improve the license determination process, the Secretary of Homeland Security, in consultation with the departmental representatives of the Export Enforcement Coordination Center, including Commerce, Justice, State, and the Treasury should (1) leverage export control enforcement resources across agencies by building on existing agency efforts to track resources expended, as well as existing agency coordination at the local level; (2) establish procedures to facilitate data sharing between the enforcement agencies and intelligence community to measure illicit transshipment activity; and (3) develop qualitative and quantitative measures of effectiveness for the entire enforcement community to baseline and trend this data.

    Agency: Department of Homeland Security
    Status: Open

    Comments: To help track resources expended and coordination of enforcement resources, the E2C2 has ratified and implemented the investigative deconfliction protocol. The Export Enforcement Coordination Center (E2C2) has also ratified and implemented the dispute resolution protocol and it is being used by all E2C2 partners. These are two of seven standard operating procedures planned to be in use by the E2C2. The Intelligence Community engagement/information protocols are being addressed through the E2C2 Export Enforcement Intelligence Working Group to help facilitate data sharing, and ICE, through the E2C2, is still in the process of establishing interagency agreement on procedures to facilitate data sharing between the enforcement agencies and intelligence community to assist in measuring illicit transshipment activity. The E2C2 Intel Cell White Paper is complete, but the Cell is not staffed or operational. This Cell is to serve as the primary interagency conduit for defining, establishing, and implementing protocols and facilitating information sharing between the IC and export enforcement community. The white paper outlines the E2C2 Intel Cell's mission, general roles and functions, recommended tasks and structure to facilitate enhanced coordination and intelligence sharing. When established, the Cell will develop standard operating procedures but this has not yet occurred. In late August 2016, the Department of Commerce assigned a new Assistant Director and one analyst to the E2C2. Efforts to formalize an intelligence analytical unit and draft a corresponding SOP are ongoing as of the summer of 2017.
    Director: Gambler, Rebecca S
    Phone: (202)512-3000

    1 open recommendations
    Recommendation: To increase the likelihood of successful implementation of the Arizona Border Surveillance Technology Plan and maximize the effectiveness of technology already deployed, the Commissioner of CBP should take the following step in planning the agency's new technology approach: determine the mission benefits to be derived from implementation of the plan and develop and apply key attributes for metrics to assess program implementation.

    Agency: Department of Homeland Security: United States Customs and Border Protection
    Status: Open

    Comments: As of November 2017, the U.S. Border Patrol, within CBP, had made some progress in identifying key attributes for metrics to assess implementation of the Arizona Border Surveillance Technology Plan (Plan), as GAO recommended in November 2011, but it has not yet fully identified and applied attributes for metrics for all technologies under the Plan. As GAO recommended in November 2011, CBP has identified improved situational awareness and agent safety as the mission benefits derived from the majority of these technologies. In November 2014, CBP identified a set of potential key attributes for performance metrics for all technologies to be deployed under the Plan, and established a timeline for developing performance measures for each technology. In September 2016, CBP provided GAO a case study that assessed technology assist data, along with other measures such as field-based assessments of capability gaps. However, the case study was limited to one border location and the analysis was limited to select technologies. In May 2017, Border Patrol officials demonstrated a new system, intended to allow for more comprehensive analysis of the contributions of surveillance technologies to Border Patrol's mission. However, officials confirmed that it is not yet used to support such analytic efforts. As noted in GAO's November 2017 report on CBP's use of surveillance technology, GAO continues to believe that developing and applying performance metrics for its border technologies, in accordance with our prior recommendation, would help Border Patrol more fully assess its progress in implementing the Southwest Border Technology Plan and determine when mission benefits have been realized.
    Director: Goldstein, Mark L
    Phone: (202)512-6670

    1 open recommendations
    Recommendation: The Secretary of Homeland Security and Attorney General should instruct the Director of FPS, and the Director of the Marshals Service, respectively, to jointly lead an effort, in consultation and agreement with the judiciary and GSA, to update the MOA on courthouse security to address the challenges discussed in this report. Specifically, in this update to the MOA stakeholders should: (1) clarify federal stakeholders' roles and responsibilities including, but not limited to, the conditions under which stakeholders may assume each other's responsibilities and whether such agreements should be documented; and define GSA's responsibilities and determine whether GSA should be included as a signatory to the updated MOA; (2) outline how they will ensure greater participation of relevant stakeholders in court or facility security committees; and (3) specify how they will complete required risk assessments for courthouses, referred to by the Marshals Service as court security facility surveys and by FPS as facility security assessments (FSA), and ensure that the results of those assessments are shared with relevant stakeholders, as appropriate.

    Agency: Department of Homeland Security
    Status: Open

    Comments: As of April 2017, The Federal Protective Service, U.S. Marshals Service, Administrative Office of the U.S. Courts, and General Services Administration were working to update the memorandum of agreement on courthouse security. An updated memorandum has been drafted, but it has yet to be signed by all parties. Consequently, resolution of this recommendation is pending until further action is taken.
    Director: Brown, Orice Williams
    Phone: (202)512-5837

    2 open recommendations
    Recommendation: To improve strategic planning, performance management, and program oversight within and related to NFIP, the Secretary of DHS should direct the FEMA Administrator to develop a comprehensive workforce plan according to PKEMRA that identifies agency staffing and skills requirements, addresses turnover and staff vacancies, and analyzes FEMA's use of contractors.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FEMA officials, as of July 2016, FEMA is in the process of developing a Workforce Strategic Plan they say will contribute to organizational performance and mission by enabling FEMA to align the overall workforce with strategic priorities. FEMA expected to complete the plan by the first quarter of FY2017. As of February 2018, FEMA officials said they were still working to implement this recommendation and expected to complete it by September 2018.
    Recommendation: To improve FEMA's policies, procedures, and systems for achieving NFIP's program goals, the Secretary of DHS should direct the FEMA Administrator to establish timelines for and complete the development and implementation of FEMA's revised acquisition process, in line with the DHS Acquisition Directive 102-01, including a rollout process with staff training and a mechanism to better ensure that all acquisitions undergo the necessary reviews.

    Agency: Department of Homeland Security
    Status: Open

    Comments: FEMA officials stated that, as of July 2016, a Disaster Acquisitions Response Team (DART) was in place along with metrics in place to monitor the team's success. The officials said they had also awarded a contract to serve as a contract file repository and that previously scanned contract files would be uploaded by December 31, 2016. As of February 2018, officials said they were still working to implement this recommendation and expected to complete the effort by March 2018.
    Director: Grover, Jennifer A
    Phone: (202) 512-7141

    3 open recommendations
    including 1 priority recommendation
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should perform an internal control assessment of the TWIC program by (1) analyzing existing controls, (2) identifying related weaknesses and risks, and (3) determining cost-effective actions needed to correct or compensate for those weaknesses so that reasonable assurance of meeting TWIC program objectives can be achieved. This assessment should consider weaknesses we identified in this report among other things, and include: (1) strengthening the TWIC program's controls for preventing and detecting identity fraud, such as requiring certain biographic information from applicants and confirming the information to the extent needed to positively identify the individual, or implementing alternative mechanisms to positively identify individuals; (2) defining the term extensive criminal history for use in the adjudication process and ensuring that adjudicators follow a clearly defined and consistently applied process, with clear criteria, in considering the approval or denial of a TWIC for individuals with extensive criminal convictions not defined as permanent or interim disqualifying offenses; and (3) identifying mechanisms for detecting whether TWIC holders continue to meet TWIC disqualifying criminal offense and immigration-related eligibility requirements after TWIC issuance to prevent unqualified individuals from retaining and using authentic TWICs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that internal control weaknesses governing the enrollment, background checking, and use of TWIC potentially limit the program's ability to provide reasonable assurance that access to secure areas of MTSA-regulated facilities is restricted to qualified individuals. We further reported that TSA did not assess the internal controls designed and in place to determine whether they provided reasonable assurance that the program could meet defined mission needs for limiting access to only qualified individuals, and that internal control weaknesses in TWIC enrollment, background checking, and use could have contributed to the breach of selected MTSA-regulated facilities during covert tests conducted by our investigators. We recommended that DHS perform an internal control assessment of the TWIC program by (1) analyzing existing controls, (2) identifying related weaknesses and risks, and (3) determining cost-effective actions needed to correct or compensate for those weaknesses so that reasonable assurance of meeting TWIC program objectives can be achieved. In April 2013, DHS reported that it had taken a number of steps to address our recommendations. For example, it had refreshed and reissued fraudulent document detection training to enrollment personnel; created a mechanism for enrollment personnel to send detailed information of suspected fraud to adjudication personnel; benchmarked TWIC enrollment processes with passport enrollment processes; and defined guidance for adjudicators on the application of discretionary authority. As we reported in May 2013, to determine if the internal control weaknesses identified in our May 2011 report still exist, we conducted limited covert testing in late 2012. Our investigators again acquired an authentic TWIC through fraudulent means and were able to use this card and counterfeit TWIC cards to access areas of ports or port facilities requiring a TWIC for entry at four ports. In February 2014, TSA reported that it, in coordination with Coast Guard and DHS subject matter experts, had established an Executive Steering Committee to address recommendations from the May 2011 report on the TWIC program's internal controls (GAO-11-657). GAO recommended that the internal control assessment be the basis of the effectiveness assessment. In response, the Executive Steering Committee developed an internal control action plan that lists TWIC program control issues GAO identified, along with actions that TSA and the Coast Guard would or would not take to address them. However, based on our review of the internal control action plan and associated documents, and further discussing with TSA officials the methodology used to arrive at the internal control action plan, we determined that the internal control assessment we recommended has not been implemented. Specifically, there is no evidence of a detailed mapping of each policy and process in the program, their interrelationships, and clear linkage to show how actions in one step may enhance or reduce the effectiveness of the TWIC program achieving its stated mission needs. In December 2017, a third party contracted by TSA reported on the results of its internal control assessment of the TWIC program, including the TWIC program's internal controls of the enrollment, background checking, and credential issuance processes. We believe that this is a positive step towards addressing our recommendation. However, the assessment did not include an evaluation of the use of TWIC, including Coast Guard's role in TWIC enforcement. We continue to believe that the internal control assessment inclusive of TWIC use and the interrelationship between acquiring a TWIC and using it in the maritime environment is needed. For the reasons noted above, this recommendation remains open.
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should conduct an effectiveness assessment that includes addressing internal control weaknesses and, at a minimum, evaluates whether use of TWIC in its present form and planned use with readers would enhance the posture of security beyond efforts already in place given costs and program risks.

    Agency: Department of Homeland Security
    Status: Open
    Priority recommendation

    Comments: We reported that DHS had not assessed the program's effectiveness at enhancing security. We recommended that DHS conduct an effectiveness assessment that includes addressing internal control weaknesses and, at a minimum, evaluates whether use of TWIC in its present form and planned use with readers would enhance the posture of security beyond efforts already in place given costs and program risks. In March 2012, DHS reported that it agreed that the results and progress of the internal control actions should be used to further evaluate the effectiveness of the TWIC program. They further noted that as the different long term actions progress, DHS will develop specific plans to address this action. In May 2013 (see GAO-13-198), we reported that DHS had not addressed this recommendation. On January 17, 2014, the explanatory statement accompanying the Consolidated Appropriations Act, 2014, directed DHS to complete the assessment that we recommended within 90 days after enactment (April 17, 2014). In February 2014, TSA reported that it, in coordination with Coast Guard and DHS subject matter experts, had established an Executive Steering Committee to address recommendations from the May 2011 report on the TWIC program's internal controls (GAO-11-657). GAO recommended that the internal control assessment be the basis of the effectiveness assessment. In response, the Executive Steering Committee developed an internal control action plan that lists TWIC program control issues GAO identified, along with actions that TSA and the Coast Guard would or would not take to address them. However, based on our review of the internal control action plan and associated documents, and further discussing with TSA officials the methodology used to arrive at the internal control action plan, we determined that the internal control assessment we recommended has not been implemented. Specifically, there is no evidence of a detailed mapping of each policy and process in the program, their interrelationships, and clear linkage to show how actions in one step may enhance or reduce the effectiveness of the TWIC program achieving its stated mission needs. As of March 2017, the internal control assessment we recommended as the basis for initiating the effectiveness assessment had not been completed. However, on January 15, 2016, Coast Guard reported that it had completed its effectiveness assessment. Specifically, DHS completed an effectiveness assessment titled "Security Assessment of the Transportation Worker Identification Credential and Readers." However, the effectiveness assessment did not substantively address the risk concerns identified in our report. For example, the effectiveness assessment lacked the internal control assessment we deem to be the critical first step for fully understanding the TWIC program's controls, costs, and risks. Further, while the effectiveness assessment presented a comparison of alternative credentialing approaches, the assessment did not fully consider, as discussed in our 2011 and 2013 reports, an approach wherein federal security threat assessments could be leveraged in concert with site-specific credentials. The analysis did consider the benefits of updating the TWIC credential to new federal credentialing standards. However, absent from the analysis is a risk-informed basis for disallowing site-specific credentials. While TWIC credentials are developed based on standards aligned with those used by federal entities, each federal entity continues to use site-specific credentials that have varying appearances, rather than a single credential for granting access to all federal entities. This is important, especially because Coast Guard's risk assessment does not include an evaluation of the security benefits and shortfalls that a single credential used nation-wide provide. Absent an effectiveness assessment that meets the intent of our recommendation, this recommendation remains open.
    Recommendation: To identify effective and cost-efficient methods for meeting TWIC program objectives, and assist in determining whether the benefits of continuing to implement and operate the TWIC program in its present form and planned use with readers surpass the costs, the Secretary of Homeland Security should use the information from the internal control and effectiveness assessments as the basis for evaluating the costs, benefits, security risks, and corrective actions needed to implement the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks as part of conducting the regulatory analysis on implementing a new regulation on the use of TWIC with biometric card readers.

    Agency: Department of Homeland Security
    Status: Open

    Comments: We reported that prior to issuing the regulation on implementing the use of TWIC as a flashpass, DHS conducted a regulatory analysis, which asserted that TWIC would increase security. The analysis included an evaluation of the costs and benefits related to implementing TWIC. We further reported that as a proposed regulation on the use of TWIC with biometric card readers is under development, DHS is to issue a new regulatory analysis. Conducting a regulatory analysis using the information from the internal control and effectiveness assessments as the basis for evaluating the costs, benefits, security risks, and needed corrective actions could better inform and enhance the reliability of the new regulatory analysis. Moreover, these actions could help DHS identify and assess the full costs and benefits of implementing the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks, and help ensure that the TWIC program is more effective and cost-efficient than existing measures or alternatives at enhancing maritime security. We therefore recommended that DHS use the information from the internal control and effectiveness assessments we recommended as the basis for evaluating the costs, benefits, security risks, and corrective actions needed to implement the TWIC program in a manner that will meet stated mission needs and mitigate existing security risks as part of conducting the regulatory analysis on implementing a new regulation on the use of TWIC with biometric card readers. In March 2012, DHS reported that upon completion of the internal control and effectiveness assessments, DHS will evaluate the results to determine any subsequent actions, and that any applicable data or risks will be communicated to the Coast Guard for consideration during their regulatory analysis. However, DHS has not implemented the internal control assessment we recommended, which is to be the basis for the effectiveness assessment and addressing this recommendation. Further, the January 15, 2016 effectiveness assessment titled "Security Assessment of the Transportation Worker Identification Credential and Readers" did not substantively address the risk concerns identified in our report. Given shortfalls that remain in addressing our internal control assessment and effectiveness assessment recommendations, this recommendation remains open pending DHS taking corrective actions. As of February 2018, no further action has been taken.
    Director: Gambler, Rebecca
    Phone: (202) 512-6912

    2 open recommendations
    Recommendation: To help ensure DHS is maximizing the benefits of its coordination efforts with northern border partners through interagency forums, documented agreements, and its resource planning process, the Secretary of Homeland Security should provide DHS-level guidance and oversight for interagency forums established or sponsored by its components to ensure that the missions and locations are not duplicative and to consider the downstream burden on northern border partners.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2011, we reviewed and reported the extent to which the Department of Homeland Security (DHS) had improved federal coordination of border security intelligence and enforcement operations with state, local, and Canadian law enforcement partners. We found, among other things, that DHS improved northern border security coordination through interagency forums and joint operations; however, partners raised concerns about the resources needed for the increasing number of interagency forums and that some efforts may be overlapping. In May 2011 and June 2012, DHS reported that it took action to coordinate law enforcement initiatives and advance communications interoperability and information sharing, while reducing duplicative activities. DHS also reported that the DHS Northern Border Strategy, released in June 2012, is intended to align internal DHS operations and provide a unified direction that will also help the department reduce duplicative activities. However, DHS's efforts to coordinate law enforcement initiatives and its Northern Border Strategy do not specifically address possible duplication of efforts and resource constraints that may be imposed by interagency forums. Further, DHS leadership has not yet determined how the strategy will be implemented. In October 2015, DHS officials stated that a statement of cooperation for a Cross-Border Law Enforcement Advisory Committee was signed by all five core members. The intent of the committee is to provide executive-level strategic guidance to cross-border law enforcement initiatives involving partnerships between U.S. and Canadian law enforcement agencies on the northern border. However, DHS officials stated that it will take at least a year to show how this committee will increase coordination and prevent duplication among interagency forums, including the IBET and BEST. Development of this committee is a positive step; however, it is too soon to assess the extent to which this committee helps prevent duplication of effort and strengthen coordination efforts along the northern border. As of August 31, 2017, DHS had not provided updated information to show how the committee increased coordination and prevented duplication among interagency forums. To fully address this recommendation, DHS needs to provide guidance specific to interagency forums established or sponsored by its components and conduct DHS-level oversight for those forums to ensure they are not duplicative and do not burden northern border partners.
    Recommendation: To help ensure DHS is maximizing the benefits of its coordination efforts with northern border partners through interagency forums, documented agreements, and its resource planning process, the Secretary of Homeland Security should provide regular DHS-level oversight of Border Patrol and ICE compliance with the provisions of the interagency memorandum of understanding (MOU), including evaluation of outstanding challenges and planned corrective actions.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In fiscal year 2011, we reviewed and reported on the extent to which the Department of Homeland Security (DHS) had made progress in addressing past coordination challenges between U.S. Border Patrol, an office within U.S. Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE), and across the Drug Enforcement Administration and Forest Service, according to northern border security partners. We found, among other things, that federal agency coordination to secure the northern border was improved, but partners cited ongoing challenges sharing information and resources for daily border security related to operations and investigations despite the efforts made to establish and update interagency agreements. In June 2012, DHS reported that the DHS Northern Border Strategy emphasizes the importance of partnerships and coordination and discusses the benefits that can be garnered through collaboration and information sharing. DHS also reported that a National Special Agent in Charge/Chief Patrol Agent Advisory Council was established to enhance collaboration between Border Patrol and ICE, which includes addressing historical points of contention between the two components. While the strategy emphasizes and encourages coordination between Border Patrol and ICE, it does not specifically address compliance with the interagency memoranda of agreement, evaluation of longstanding challenges, or any planned corrective actions. In addition, the advisory council established does not provide DHS-level oversight as it is composed of ICE and Border Patrol officials. In October 2015, DHS officials stated that the Cross-Border Law Enforcement Advisory Committee may provide DHS-level oversight because both CBP and ICE officials are members of the committee. However, as of August 31, 2017, DHS has not yet indicated how the committee may provide guidance and oversight to ensure Border Patrol and ICE compliance with the provisions of the interagency memorandum of understanding, and DHS could not provide timeframes for addressing this recommendation. To fully address this recommendation, DHS needs to take action to specifically address long-standing coordination challenges and enforce DHS-level oversight of Border Patrol and ICE compliance with the interagency memoranda of agreement.
    Director: Mackin, Michele
    Phone: (202) 512-7773

    1 open recommendations
    Recommendation: To capitalize on the increase in knowledge gained by creating new baselines for Deepwater assets, and to better manage acquisitions of further assets and capabilities, the Commandant of the Coast Guard should complete, and present to Congress, a comprehensive review of the Deepwater Program that clarifies the overall cost, schedule, quantities, and mix of assets that are needed to meet mission needs and what trade-offs need to be made considering fiscal constraints, given that the currently approved Deepwater baseline is no longer feasible.

    Agency: Department of Homeland Security: United States Coast Guard
    Status: Open

    Comments: In providing comments on this report, the agency concurred with this recommendation but has not yet taken actions necessary to implement it. Since this report, DHS and the Coast Guard have each completed studies examining the mix of assets that composed the Deepwater Program. To date, the Coast Guard has not yet provided the Congress with a comprehensive review that clarifies the program's cost, schedule, quantities, and mix of assets or takes into account the Coast Guard's needs and available resources and makes recommendations about what trade-offs may be necessary. In 2015, we found that the Coast Guard is currently conducting a fleet-wide analysis, including surface, aviation, and information technology, intended to be a fundamental reassessment of the capabilities and mix of assets the Coast Guard needs to fulfill its missions. The Coast Guard is undertaking this effort consistent with direction from Congress. Specifically, the Coast Guard plans first to rewrite its mission needs statement and concept of operations by 2016. Then, it will use a complex model to develop the full fleet mix study. Based on this, the Coast Guard plans to recommend a set of assets that best meets these needs in terms of capability and cost. The Coast Guard plans to complete the full study in time to inform the fiscal year 2019 budget, though specific dates for these events have not been set forth. As of July 2016, the Coast Guard informed GAO that the modeling is complete and the CONOPS report is being developed with a target date of September 30 for completion.
    Director: Gambler, Rebecca S
    Phone: (202)512-8816

    4 open recommendations
    Recommendation: To improve the reliability and accountability of checkpoint performance results to the Congress and the public, the Commissioner of Customs and Border Protection should establish internal controls for management oversight of the accuracy, consistency, and completeness of checkpoint performance data.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: In our review of Border Patrol traffic checkpoints, we found inconsistencies in the way field agents collected and entered performance data into the checkpoint information system. As a result, data reported in the system were unreliable. We recommended that Border Patrol establish internal controls to ensure the accuracy, consistency, and completeness of checkpoint performance data. In October 2009, the Border Patrol reported internal control solutions were underway, which would primarily involve upgrading its existing checkpoint data systems and creating a checkpoint data oversight protocol. Also in October 2009, Border Patrol issued a memorandum specifying which data fields agents should use to indicate that an enforcement activity occurred at a checkpoint (or on a circumvention route, for apprehensions), and, in January 2010, Border Patrol issued an additional memorandum on checkpoint data integrity that further specified definitions for "at the checkpoint" and "circumvention." In June 2013, Border Patrol reported that it was developing a redesigned checkpoint information system that should address the data errors and issues identified by our report. The agency also noted that it was exploring ways to implement a data oversight procedure and training on the importance of accurate data collection. In October 2014, the Border Patrol reported that the recommendation was being addressed in various phases, with a new expected completion date of March 2015. In June 2015, Border Patrol revised the expected completion date to September 2015. In September 2016, Border Patrol officials stated that the agency had not yet updated its checkpoint data system or created a data oversight protocol. In October 2017, DHS stated that it expected to issue an updated checkpoint policy, including updates on data entry guidance and oversight to address data integrity, by February 28, 2018. In June 2018, Border Patrol reported that on June 13, 2018, it had submitted a draft of the updated checkpoint policy to the office of the Commissioner of U.S. Customs and Border Protection for approval, and Border Patrol estimated that the policy would be finalized by September 30, 2018. Without established internal controls, the integrity of Border Patrol's performance and accountability system with regard to checkpoint operations remains uncertain.
    Recommendation: To improve the reliability and accountability of checkpoint performance results to the Congress and the public, the Commissioner of Customs and Border Protection should implement the quality of life measures that have already been identified by the Border Patrol to evaluate the impact that checkpoints have on local communities. Implementing these measures would include identifying appropriate data sources available at the local, state, or federal level, and developing guidance for how data should be collected and used in support of these measures.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: In our review of Border Patrol traffic checkpoints, we found that the Border Patrol had identified some measures to evaluate the impact that checkpoints have on local communities in terms of quality of life, but Border Patrol had not implemented the measures. As a result, the Border Patrol lacked information on how checkpoint operations could affect nearby communities. In October 2009, the Border Patrol reported that it was reevaluating its checkpoint performance measures, including quality of life measures. In December 2012, the DHS Center of Excellence completed a study for CBP on checkpoints. This study made several recommendations to Border Patrol on evaluating the impact of checkpoints on local communities using quantitative measures and with maintaining regular contact with the public to elicit opinions on experiences with the checkpoint, both positive and negative. At the time, the Border Patrol noted it intended to develop quantitative measures on community impact, such as on public safety and quality of life, using information collected in the new checkpoint information system it was planning. Border Patrol also noted that it was considering the budgetary feasibility of (1) conducting a survey of checkpoint travelers to gather detailed information about the community and impact metrics that are of highest importance to the public and (2) implementing an expedited lane for regular and pre-approved travelers. In July 2014, the Border Patrol revised the expected completion date for this recommendation to March 2015, noting that it planned to request ideas from the field commanders on what the agency could measure that would accurately depict the impact of checkpoints on the community. In June 2015, Border Patrol revised the expected completion date to September 2015. In September 2016, officials from Border Patrol's Checkpoint Program Management Office said quality of life measures had not been implemented and they were not aware of any plans to develop and implement such measures. In October 2017, DHS stated that it expected to establish performance measures related to community impacts by February 28, 2018. In June 2018, Border Patrol reported to us that the Checkpoint Program Management Office is making progress on identifying and implementing such performance measures, and Border Patrol expects to fully implement these measures by February 2019. Measuring performance, such as quality of life measures related to checkpoints, would give Border Patrol critical information on which to base decisions for improving checkpoint operations.
    Recommendation: To improve the reliability and accountability of checkpoint performance results to the Congress and the public, the Commissioner of Customs and Border Protection should use the information generated from the quality of life measures in conjunction with other relevant factors to inform resource allocations and address identified impacts.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: In our review of Border Patrol traffic checkpoints, we found that while the Border Patrol's national strategy cites the importance of assessing the community impact of Border Patrol operations, the implementation of such measures was lacking in terms of checkpoint operations. We recommended that Border Patrol implement such measures in areas of community concern to provide greater attention and priority in Border Patrol operational and staffing decisions to address any existing issues. In October 2009, the Border Patrol reported that once it had completed an upgrade of its existing checkpoint data systems and had reevaluated its checkpoint performance measures, the agency would begin using information garnered by these performance measures to inform future resource allocation decisions. This was originally expected to be completed by September 30, 2010, but due to budgetary and other issues, the checkpoint system upgrades were not yet completed as of June 2013. Border Patrol reported to us in June 2013 that the redesigned and upgraded checkpoint information system was expected to be implemented in September 2014. In July 2014, however, Border Patrol revised its expected completion date to March 2016. In June 2015, Border Patrol reported that it was on target to meet this March 2016 completion date. However, in September 2016, officials from Border Patrol's Checkpoint Program Management Office stated that they were not aware of any planned or completed actions to address this recommendation. In October 2017, DHS stated that it expected to establish performance measures related to community impacts by February 28, 2018, and that these measures will be used to inform resource allocation decisions. In June 2018, Border Patrol reported to us that the Checkpoint Program Management Office is making progress on identifying and implementing such performance measures, and Border Patrol expects to fully implement these measures by February 2019. Measuring performance, such as quality of life measures related to checkpoints, would give Border Patrol critical information on which to base decisions for improving checkpoint operations.
    Recommendation: To ensure that the checkpoint design process results in checkpoints that are sized and resourced to meet operational and community needs, the Commissioner of Customs and Border Protection should, in connection with planning for new or upgraded checkpoints, conduct a workforce planning needs assessment for checkpoint staffing allocations to determine the resources needed to address anticipated levels of illegal activity around the checkpoint.

    Agency: Department of Homeland Security: Directorate of Border and Transportation Security: Bureau of Customs and Border Protection
    Status: Open

    Comments: In our review of Border Patrol traffic checkpoints, we found that Border Patrol's checkpoint strategy to push illegal aliens and smugglers to areas around checkpoints-which could include nearby communities-underscores the need for the Border Patrol to ensure that it deploys sufficient resources and staff to these areas. We recommended that Border Patrol conduct a needs assessment when planning for a new or upgraded checkpoint in order to better ensure that officials consider the potential impact of the checkpoint on the community and plan for a sufficient number of agents and resources. In October 2009, Border Patrol reported that the agency was evaluating its checkpoint policy regarding the establishment of a new checkpoint or the upgrade of an old checkpoint, and checkpoint policy changes would be finalized by September 30, 2010. Border Patrol also reported that checkpoint system upgrades that capture data on checkpoint performance would help management determine future resource needs at checkpoints. In June 2013, Border Patrol reported that due to budget and other issues, the checkpoint system upgrade had not been completed, and the rewritten checkpoint data protocol had not been approved. In June 2013, Border Patrol reported that as part of the checkpoint study conducted by the DHS Centers of Excellence, the Centers created checkpoint simulation tools that would help inform resource allocations when determining the number of inspection lanes on current or new checkpoints. The Border Patrol agreed with the utility of such a model, but noted that the Border Patrol would need to purchase modeling software--a cost-prohibitive measure in the current budget environment. In the interim, Border Patrol is developing a formal workforce staffing model to identify staffing strategies for all Border Patrol duties. Border Patrol expected to implement this model for checkpoint staffing assignments in fiscal year 2014. However, in July 2014, Border Patrol reported that the Border Patrol Personnel Requirements Determination project was still being developed and would not be complete until 2015. That process will inform staffing at checkpoints. As a result, Border Patrol revised its expected implementation date to September 2015. In June 2015, Border Patrol reported that it was on target to implement this recommendation by September 2015. However, according to the Border Patrol official overseeing the project, subsequent changes in leadership and factors unrelated to checkpoints have affected the overall time frames for the Personnel Requirements Determination project. In September 2016, Border Patrol officials reported that the agency's Personnel Requirements Determination process would not provide information on staffing needs until fiscal year 2017 or 2018, and also noted that this effort is not specifically examining staffing needs at checkpoints. In October 2017, DHS stated that it expects to use information from the Personnel Requirements Determination process to determine staffing requirements and address our recommendation by September 30, 2019. In June 2018, DHS reported to us that it was on schedule to meet this expected completion date. Conducting a needs assessment when planning for a new or upgraded checkpoint could help better ensure that officials consider the potential impact of the checkpoint on the community and plan for a sufficient number of agents and resources.
    Director: Brown, Orice Williams
    Phone: (202) 512-3000

    5 open recommendations
    Recommendation: To provide transparency and accountability over the payments FEMA makes to WYOs for expenses and profits, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to determine in advance the amounts built into the payment rates for estimated expenses and profit.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FEMA officials, FEMA is responding to this recommendation as part of its development of a final rule on WYO compensation practices, required by the Biggert-Waters Act. FEMA's current payment rates do not explicitly consider WYO insurers' actual expenses and profit.
    Recommendation: To provide transparency and accountability over the payments FEMA makes to WYOs for expenses and profits, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to annually analyze the amounts of actual expenses and profit in relation to the estimated amounts used in setting payment rates.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FEMA officials, FEMA is responding to this recommendation as part of its development of a final rule on WYO compensation practices, required by the Biggert-Waters Act. However, GAO has reported that an annual analysis of the WYO insurers' actual expenses and profit could be regularly performed in relation to FEMA's existing payment methodology.
    Recommendation: To provide transparency and accountability over the payments FEMA makes to WYOs for expenses and profits, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to consider the results of the analysis of payments, actual expenses, and profit in evaluating the methods for paying WYOs.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FEMA officials, FEMA is responding to this recommendation as part of its development of a final rule on WYO compensation practices, required by the Biggert-Waters Act.
    Recommendation: To increase the usefulness of the data reported by WYOs to the National Association of Insurance Commissioners (NAIC) and to institutionalize FEMA's use of such data, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to take actions to obtain reasonable assurance that NAIC flood insurance expense data can be considered in setting payment rates that are appropriate, including identifying affiliated company profits in reported flood insurance expenses.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FEMA officials, FEMA is responding to this recommendation as part of its development of a final rule on WYO compensation practices, required by the Biggert-Waters Act. FEMA can also take actions, in addition to any actions related to the rule, to develop method(s) for obtaining reasonable assurance that NAIC data is accurate and usable for setting payment rates before implementation of a new compensation methodology.
    Recommendation: To increase the usefulness of the data reported by WYOs to the National Association NAIC and to institutionalize FEMA's use of such data, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to develop comprehensive data analysis strategies to annually test the quality of flood insurance data that WYOs report to NAIC.

    Agency: Department of Homeland Security
    Status: Open

    Comments: According to FEMA officials, FEMA is responding to this recommendation as part of its development of a final rule on WYO compensation practices, required by the Biggert-Waters Act. FEMA can also take actions, in addition to any actions related to the rule, to develop and implement data analysis strategies to annually test the quality of flood insurance data WYO insurers report to NAIC before implementation of a new compensation methodology.
    Director: Williams, Orice M
    Phone: (202)512-5837

    2 open recommendations
    Recommendation: The Secretary of the Department of Homeland Security should direct FEMA to take steps to ensure that its rate-setting methods and the data it uses to set rates result in full-risk premiums rates that accurately reflect the risk of losses from flooding. These steps should include, for example, verifying the accuracy of flood probabilities, damage estimates, and flood maps; ensuring that the effects of long-term planned and ongoing development, as well as climate change, are reflected in the flood probabilities used; and reevaluating the practice of aggregating risks across zones.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In April 2018, FEMA officials told us they had begun to redesign NFIP's risk rating system to help ensure policy rates better reflect the risk of flooding. The redesign includes efforts to use catastrophe models, stochastic approaches, and updated map information to better reflect the variation in flood risk. These reforms are also intended to improve how FEMA's rating process accounts for general and specific factors that affect flood probabilities and damage. FEMA officials said they will roll out the new rates to groups of policyholders at a time, and expects the first new rates to be available in mid-2019 with implementation for policyholders starting in 2020. They said it will take several more years after that to roll out the new rates to all policyholders.
    Recommendation: The Secretary of the Department of Homeland Security should direct FEMA to ensure that information is collected on the location, number, and losses associated with existing and newly created grandfathered properties in NFIP and to analyze the financial impact of these properties on the flood insurance program.

    Agency: Department of Homeland Security
    Status: Open

    Comments: To assess the impact of grandfathered properties on the NFIP, in April 2018 FEMA officials said the agency has begun to develop a clearer and fairer process for rating policies according to flood risk for all policyholders, which will help them understand the impact of grandfathered properties. FEMA officials also said that they have continued their process for identifying all current properties with grandfathered premium rates, but that the process has been delayed by responding to recent flooding events and expects to complete that process in 2019.