Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Software applications"

    5 publications with a total of 128 open recommendations including 4 priority recommendations
    Director: David Powner
    Phone: (202) 512-9286

    24 open recommendations
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: United States Agency for International Development
    Status: Open

    Comments: We reported that the U.S. Agency for International Development (USAID) had partially met the following two practices for establishing a complete software application inventory, (1) includes these systems from all organizational component, and (2) is regularly updated with quality controls to ensure reliability. In September 2017, USAID provided its updated application inventory, which includes enterprise IT and business systems from all organizational components--with the exception of two small offices that USAID officials stated use IT systems provided by other business units. In addition, we verified that the inventory includes basic application attributes, to include system name, system description, and system owner; however, it does not include the system description and owner for all systems listed. USAID officials reported that they have efforts underway to identify system owners and collect system descriptions from these owners. USAID has also taken steps to ensure the reliability of the inventory, including a data call it conducted to gather information for its updated application inventory, as well as efforts from its Business Enterprise Architecture team to follow up with system owners to obtain complete and accurate system information. We plan to continue to monitor USAID's efforts.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Education
    Status: Open

    Comments: We reported that the Department of Education partially met the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, we reported that the department had not yet established a policy for updating its inventory. In May 2017, the department issued an updated Lifecycle Management Framework directive, which requires system program managers to update the IT asset management information, including for software applications, in the department's Cyber Security Assessment and Management (CSAM) tool. In addition, in June 2017, the department updated its System Inventory Methodology and Guidance Document to ensure that the inventories within CSAM accurately reflect the system's software and operating system, and that all software utilized on the system is appropriately licensed and approved for use by the department's Enterprise Architecture Review Board. We will follow up with the department to determine whether it is using its updated policies.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Commerce
    Status: Open

    Comments: We reported that the Department of Commerce did not meet the following software application inventory practice: regularly updates the inventory with quality controls to ensure reliability. Specifically, the department did not provide evidence of a process to regularly update its inventory or quality controls to ensure the reliability of the data collected. In October 2017, the department reported that application inventory information will be captured through the Department of Commerce Capital Planning and Investment Control (CPIC) system, as part of its regular updating of investment information. Further, the department stated that it will update its CPIC handbook to provide guidance on quality control to ensure reliability of the data collected. We plan to continue to follow up with Commerce to monitor the status of these planned actions.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Energy
    Status: Open

    Comments: We reported that the Department of Energy partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In May 2017, the department reported that it plans to implement automated monitoring and inventory tools by the end of fiscal year 2018, which it expects will address the key practices. We plan to monitor the department's efforts to implement the tools.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: We reported that the Department of Housing and Urban Development partially met the following three software application inventory practices, (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In June 2017, the department reported that is working to identify applications in field offices, and plan for this effort to be completed in fiscal year 2018. In addition, the department stated it plans to update the inventory to include business functions for each system by the end of fiscal year 2017. Further, department officials stated that to ensure the accuracy and reliability of the application inventory, the department plans to conduct quarterly portfolio reviews starting in fiscal year 2018. We plan to continue to monitor the department's efforts.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: We reported that the Department of Health and Human Services (HHS) partially met the following software application inventory practice: is regularly updated with quality controls to ensure reliability. In June 2017 we followed up with HHS to obtain a status of actions to address our recommendation. As of November 2017, we were still waiting for a response.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Social Security Administration
    Status: Open

    Comments: We reported that the Social Security Administration (SSA) partially met the following two software application inventory practices, (1) includes systems from all organization components, and (2) regularly updates the inventory with quality controls to ensure reliability. In March 2017, SSA officials reported that the agency's Office of Systems and Office of Operations continue to collaborate on integrating application information into the Enterprise Application Inventory. The officials reported that regionally developed applications that have been granted authority to operate have been imported into the enterprise application inventory. In addition, the officials stated that the Office of Operations is in the process of redesigning their repository to accommodate requirements to support the Enterprise Application Inventory, including the ability to update and maintain application information in the enterprise repository. Lastly, SSA officials reported that its Office of Information Security and Office of Systems continue to work to identify additional headquarters applications and develop process and automation to include applications in the inventory. However, the agency did not provide documentation that supports the efforts taken. We are following up with the agency to obtain documentation.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of the Interior
    Status: Open

    Comments: We reported that the Department of Interior did not meet the software application inventory practice of regularly updating the inventory with quality controls to ensure reliability, and partially met the practice of including systems from all organization components. In June 2017, the department reported that it plans to review the application inventory for quality and completeness as a part of its annual update. Further, the department reported that it included applications and systems related to infrastructure investments in the IT portfolio as part of the fiscal year 2017 annual update to the department's application inventory. However, the department did not provide supporting documentation. We plan to monitor the department's efforts to ensure the accuracy and completeness of the inventory, as well as its efforts to include all its business systems in the inventory.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Transportation
    Status: Open

    Comments: In June 2017, the department reported that it had updated its application inventory to, among other things, address the key practices it had not fully met. We are following up with the department to obtain supporting documentation.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Labor
    Status: Open

    Comments: We reported that the Department of Labor did not meet one software application inventory practice, and partially met three practices. Specifically the department did not include business and enterprise IT systems, and partially met (1) includes systems from all organizational components, (2) specifies basic application attributes, and (3) is regularly updated with quality controls to ensure reliability. In June 2017, department officials stated that they plan to update the inventory in fiscal year 2017 to address the key practices, including ensuring that the inventory identifies business and enterprise IT systems, systems from all organizational components, and basic IT system attributes. In addition, officials stated that they plan to update the inventory on a periodic basis as necessary, including at least annually as part of its IT budgeting process. Further, officials stated that the department's Strategic Business Management program implemented a data quality initiative in fiscal year 2016 to improve the quality of data their agencies are reporting on their IT systems as part of the department's IT Capital Planning and Investment Control process. We are following up with the department to obtain evidence of the data quality initiative. Further, we will continue to monitor the department's efforts to address the practices.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of the Treasury
    Status: Open

    Comments: We reported that the Department of the Treasury had partially met the following two practices for establishing a complete software application inventory, (1) specifies basic application attributes, and (2) is regularly updated with quality controls to ensure reliability. In September 2017, the department provided evidence showing that it had taken steps to address these practices. Specifically, the department provided an export of its inventory, which showed that most of the systems listed contained a system description. According to department officials, some systems do not have a system description because the department's inventory policy allows bureaus to attach documents to the inventory, which include the system description, instead of populating the system description field. Further, the policy does not require a system description for systems in the disposal state. Moreover, the inventory did not include the business segment or function that the system supports. According to Treasury officials, the Bureau and Functional Unit fields within the inventory allow the department to map the systems to the business segments that they support; however, they did not provide documentation showing this mapping. We are following up with the Treasury to obtain supporting documentation, including its inventory policy. Further, we will continue to monitor its efforts to ensure that the inventory is regularly updated with quality controls to ensure its reliability.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of Veterans Affairs
    Status: Open

    Comments: We reported that the Department of Veterans Affairs (VA) had partially met the following practice for establishing a complete software application inventory: is regularly updated with quality controls to ensure reliability. We determined that VA partially met this practice because, while officials stated that their repository of systems was viewed as complete, the information within the repository was still maturing and work was being done to automate data capture and integration with other sources. The department has since taken action to address the practice. Specifically, in July 2017, VA officials reported that the department integrated its inventory with multiple repositories of IT system and application information. According to VA officials, this integration enables VA to more completely and accurately capture system and application related information, using both automated and manual processes to update and maintain the inventory. We will follow up with VA to obtain evidence of its action.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Department of State
    Status: Open

    Comments: We reported that the Department of State partially met the following software application inventory practices: (1) specifies basic application attributes; and (2) is regularly updated with quality controls to ensure reliability. In June 2017, department officials reported that they are working to align IT assets to the appropriate IT investments through both the capital planning and investment control process and the cloud governance process. The agency intends that these efforts will be the first step in better aligning assets to a defined business function. Department officials also stated that to improve quality control, they are developing additional guidance on the process to review all IT assets throughout their lifecycle, which includes a multi-stakeholder approach to confirm each asset contains accurate, appropriate and relevant information. We plan to continue to monitor the department's efforts.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In April 2017, we followed up with the Environmental Protection Agency to obtain a status of actions to address our recommendation. As of November 2017, we were still waiting for a response from the agency.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: National Aeronautics and Space Administration
    Status: Open

    Comments: We reported that the National Aeronautics and Space Administration had partially met the following two practices for establishing a complete software application inventory, (1) includes these systems from all organizational components, and (2) is regularly updated with quality controls to ensure reliability. In June 2017, agency officials stated that they plan to improve the application inventory using an investment review process, which they expect to complete in 2019. Specifically, the agency intends that the process will lead to an annual review of the application inventory and an improved process for updating the inventory. According to agency officials, the process will incorporate quality control processes into the overall portfolio management and rationalization approach. We plan to continue to monitor the agency's efforts to implement the new review process.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: National Science Foundation
    Status: Open

    Comments: We reported that the National Science Foundation had partially met the following practice for establishing a complete software application inventory: is regularly updated with quality controls to ensure reliability. In June 2017, agency officials reported that its Chief Information Officer is working with the agency's Division of Information Systems to formalize and provide evidence of the annual validation review that it stated it conducts for quality control purposes. The agency expects improvements to be implemented with the upcoming inventory review cycle for fiscal year 2018.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Small Business Administration
    Status: Open

    Comments: We reported that the Small Business Administration (SBA) did not meet one software application inventory practice, and partially met three practices. Specifically, the SBA did not regularly update the application inventory with quality controls to ensure reliability, and partially met (1) includes enterprise IT and business systems, (2) includes systems from all organizational components, and (3) specifies basic application attributes. In July 2017, SBA reported that its draft Software Asset Policy was being vetted throughout the agency for concurrence. SBA officials stated that the Software Asset Policy will determine the required basic application attributes, and provide adequate controls to ensure reliability of the inventory. Although SBA officials stated they are developing the planned milestones and a roadmap to implement the policy, they did not provide a formal release timeframe. We will continue to monitor the SBA's efforts to develop a complete application inventory.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: We reported that the Nuclear Regulatory Commission partially met the following software application inventory practice: is regularly updated with quality controls to ensure reliability. In July 2017, agency officials stated that they plan to finalize procedures to routinely update the agency's inventory in December 2017. We plan to continue to monitor the department's efforts to address our recommendation.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.

    Agency: Office of Personnel Management
    Status: Open

    Comments: We reported that the Office of Personnel Management (OPM) partially met the software application inventory practice to regularly update the inventory with quality controls to ensure reliability. In November 2016, OPM officials stated that they were validating the data in the application inventory. In addition, officials stated that they were making progress in using automated scanning tools to update the inventory, including coordinating with the General Services Administration's Software Management Group which is working to standardize the use of automated inventory tools across the government. In June 2017, we followed up with OPM to obtain documentation of these reported actions; however, as of November 2017, the agency had not yet provided supporting documentation. We are continuing to follow up with OPM to obtain documentation of its reported actions.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Defense should direct the responsible official to modify the department's existing processes to collect and review cost, technical, and business information for the enterprise and business IT systems within the Enterprise Information Environment Mission Area applications which are currently not reviewed as part of the department's process for business systems.

    Agency: Department of Defense
    Status: Open

    Comments: In June 2017, department officials reported they did not concur with the recommendation at the time it was made, and that their position had not changed.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Homeland Security should direct the department's CIO to identify one high-cost function it could collect detailed cost, technical, and business information for and modify existing processes to collect and review this information.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the department reported that it had identified e-mail as a high cost function, and that it would begin modifying existing processes to collect and review cost, technical, and business information. The agency expects to complete the effort in 2017. We plan to continue to monitor the department's efforts.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of the Interior should direct the department's CIO to document and implement a plan for establishing policy that would define a standard analytical technique for rationalizing the investment portfolio.

    Agency: Department of the Interior
    Status: Open

    Comments: We recommended that the Department of Interior document and implement a plan for establishing policy that would define a standard analytical technique for rationalizing the investment portfolio. In June 2017, the department reported that it had developed a comprehensive strategy and approach to implement application rationalization and portfolio management practices. However, the department did not provide supporting documentation. In addition, the department reported that its Office of the Chief Information Officer (OCIO) is currently drafting an application rationalization policy and supporting guidance that will establish a standard analytical approach for rationalization bureau office portfolios in a consistent manner across the department, and that its OCIO will collaborate with bureaus and offices to develop an application rationalization analytical framework. However, the department did not provide a timeframe for completing these efforts. We plan to continue to monitor the department'?s efforts to develop a rationalization policy and standard analytical techniques.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Secretary of Labor should direct the department's CIO to consider a segmented approach to further rationalize and identify a function for which it would modify existing processes to collect and review application-specific cost, technical, and business value information.

    Agency: Department of Labor
    Status: Open

    Comments: In June 2017, department officials stated that they plan to associate applications to specific IT investments, and to use this information to identify potential cost savings and avoidance. Further, officials stated that they plan to develop a segmented approach to rationalizing the portfolio of IT investments, including systems and applications. We plan to follow up with the department to determine the expected time frame for completing these actions.
    Recommendation: To improve federal agencies' efforts to rationalize their portfolio of applications, the Secretaries of Defense, Homeland Security, the Interior, and Labor; and the Director of the National Science Foundation should direct the CIOs and other responsible officials to modify existing investment management processes to address applications more completely. Specifically, the Director of the National Science Foundation should direct the CIO to consistently document evaluations for all applications and report cost information for them in the roadmap or other documentation.

    Agency: National Science Foundation
    Status: Open

    Comments: In June 2017, agency officials stated that they plan to take steps to ensure cost information is consistently documented for applications by the end of 2017. We will continue to monitor the agency's efforts.
    Director: Mark Goldstein
    Phone: (202) 512-2834

    2 open recommendations
    Recommendation: To improve access to and awareness and applicability of ITS resources for ITS deployment, the Secretary of Transportation should direct the ITS Joint Program Office (JPO), in coordination with the Federal Transit Administration (FTA), to develop a strategy to raise awareness of JPO's training, technical assistance, and knowledge resources for transit ITS deployment in the transit community.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation agreed with GAO's recommendation and stated that its Professional Capacity Building Program has two initiatives under development that will raise awareness of existing Intelligent Transportation System knowledge resources. First, the department will develop an overall course catalog that will describe all existing resources offerings. Second, the department will develop a new strategic plan that will utilize information from the updated course catalog as well as internal analyses to determine which new knowledge resources need to be developed to meet the needs of the transit community. As of June 2017, GAO is awaiting the Department's response regarding the status of its efforts to implement this recommendation.
    Recommendation: To improve access to and awareness and applicability of ITS resources for ITS deployment, the Secretary of Transportation should direct the ITS JPO, in coordination with FTA, to include ITS adoption by small urban and rural transit providers in ITS monitoring efforts.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation agreed with GAO's recommendation and stated that the Federal Transit Administration is considering the development of a small urban and rural Intelligent Transportation System survey component as part of its 2019 Intelligent Transportation System Deployment Survey. As of June 2017, GAO is awaiting the Department's response regarding the status of its efforts to implement this recommendation.
    Director: Cary Russell
    Phone: (202) 512-5431

    2 open recommendations
    Recommendation: To ensure that risks associated with ALIS are addressed expediently and holistically, the Secretary of Defense should direct the F-35 Program Executive Officer to improve the reliability of its cost estimates, conduct uncertainty and sensitivity analyses consistent with cost-estimating best practices identified in GAO's Cost Estimating and Assessment Guide.

    Agency: Department of Defense
    Status: Open

    Comments: According to DOD officials, the F-35 Program regularly performs sensitivity analysis in its cost estimates. The F-35 Cost Team runs drills throughout the year on varying ground rules and assumptions for all elements of the sustainment Annual Cost Estimate (ACE), including ALIS cost elements. These drills are used to assess cost impacts of various proposed requirements changes from the F-35 Program Office and the Services. The cost models capture the sensitivity of those technical baseline changes and the F-35 Program Office and Services use those results to inform the final technical baseline definition that becomes the basis of the annual estimate update. Although these measures are regularly performed, they do not constitute a direct uncertainty or sensitivity analysis on ALIS itself. For that reason, as of September 2017, this recommendation remains open.
    Recommendation: To ensure that risks associated with ALIS are addressed expediently and holistically, the Secretary of Defense should direct the F-35 Program Executive Officer to improve the reliability of its cost estimates, ensure that future estimates of ALIS costs use historical data as available and reflect significant program changes consistent with cost-estimating best practices identified in GAO's Cost Estimating and Assessment Guide.

    Agency: Department of Defense
    Status: Open

    Comments: According to DOD officials, as part of the cost estimating processes in the F-35 Program Office, the sustainment Annual Cost Estimate does incorporate the latest available historical cost data and reflects the latest approved technical baseline. For example, the latest hardware procurement costs from the most recent annual contracts for the F-35 were incorporated into the 2016 Annual Cost Estimate update as were the manpower assembly installation costs based on final delivered item prices. Although these are positive measures for the program and the cost estimate, the program has not incorporated a range of potential future costs that may better reflect actual ALIS costs. Until this step is taken, the recommendation will remain open.
    Director: David Powner
    Phone: (202) 512-9286

    5 open recommendations
    Recommendation: In order to institutionalize sound IT management practices and build FSA's IT management capacity while improving service to the Nation's farmers and ranchers, the Secretary of Agriculture should direct the FSA Administrator to establish and implement an improvement plan to guide the agency in adopting recognized best practices and following agency policy.

    Agency: Department of Agriculture
    Status: Open

    Comments: FSA developed a Strategic IT Roadmap to assist the agency's business and IT leadership in prioritizing IT investments. In addition, FSA stated that it will develop and document a comprehensive improvement plan that is to delineate tactical steps, timelines, and performance metrics to track incremental progress in adopting recognized best practices and program management capabilities. We will continue to monitor the agency's progress in documenting and implementing its improvement plan.
    Recommendation: In order to institutionalize sound IT management practices and build FSA's IT management capacity while improving service to the Nation's farmers and ranchers, the Secretary of Agriculture should direct the FSA Administrator to adhere to recognized best practices and agency policy in developing and managing system requirements before proceeding with any further system development to deliver previously envisioned MIDAS functionality. Specifically, the Administrator should ensure that requirements are complete, unambiguous, and prioritized; commitment to requirements is obtained through a formal requirements baseline; differences (or gaps) between the requirements and capabilities of the intended solution (including commercial off-the-shelf solutions) are analyzed; strategies to address any gaps are developed; and requirements are traced forward and backward among development products.

    Agency: Department of Agriculture
    Status: Open

    Comments: FSA reported that it will improve the rigor and adherence to requirements management processes for all IT projects, utilizing processes and tools that will support the integrity of the requirements throughout the lifecycle, to ensure that requirements are complete, formally baselined, gaps are analyzed, and fully traceable forward and backward. FSA also noted that it is pursuing an enhanced, more comprehensive governance structure that will further support its commitment to increasing rigor and adherence to defined requirements management processes. We will continue to monitor the agency's implementation of these efforts.
    Recommendation: In order to institutionalize sound IT management practices and build FSA's IT management capacity while improving service to the Nation's farmers and ranchers, the Secretary of Agriculture should direct the FSA Administrator to adhere to recognized best practices and agency policy in planning and monitoring projects. Specifically, the Administrator should ensure that project plans include predefined expectations for cost, schedule, and deliverables before proceeding with any further system development; updates to the project plan are made through change control processes; and progress against the project plan, including work performed by contractors, is monitored.

    Agency: Department of Agriculture
    Status: Open

    Comments: FSA noted that it began an initiative to improve the agency's use of capital planning guidance from the Office of Management and Budget and would prepare corrective action plans to address identified weaknesses in fiscal year 2016. FSA also noted that it was conducting a series of training classes on capital planning and IT project management across the agency, developing a risk management program, and strengthening the use of earned value management. We will continue to monitor the agency's progress on its project planning efforts.
    Recommendation: In order to institutionalize sound IT management practices and build FSA's IT management capacity while improving service to the Nation's farmers and ranchers, the Secretary of Agriculture should direct the FSA Administrator to adhere to recognized best practices and agency policy in system testing. Specifically, the Administrator should establish well-defined test plans before proceeding with any further system development, and ensure that testing of (a) individual system components, (b) the integration of system components, and (c) the end-to-end system are conducted.

    Agency: Department of Agriculture
    Status: Open

    Comments: FSA stated that going forward the agency will adhere to recognized best practices and agency policy in pursuing consistent or increased rigor around system testing. The agency noted that it plans to demonstrate that its testing capabilities are consistent and repeatable across all FSA IT projects. We will continue to monitor the agency's implementation of these efforts.
    Recommendation: In order to institutionalize sound IT management practices and build FSA's IT management capacity while improving service to the Nation's farmers and ranchers, the Secretary of Agriculture should direct the FSA Administrator to adhere to recognized best practices and agency policy in executive-level IT governance before proceeding with any further system development. Specifically, an executive-level governance board should (1) review and approve a comprehensive business case that includes a life cycle cost estimate, a cost-benefit analysis, and an analysis of alternatives for proposed solutions that are to provide former MIDAS requirements prior to their implementation; (2) ensure that any programs that are to accommodate former MIDAS requirements are fully implementing the IT program management disciplines and practices identified in this report; (3) conduct a post-implementation review and document lessons learned for the MIDAS investment; and (4) reassess the viability of the MIDAS technical solution before investing in further modernization technologies.

    Agency: Department of Agriculture
    Status: Open

    Comments: FSA stated that, as part of its organizational transformation efforts, the CIO is evaluating its governance structure and updating the charter for the agency-wide IT investment review board with the support of the agency's Executive Leadership Council. FSA also noted that it will adhere to the department's governance framework and processes. We will continue to monitor the agency's implementation of these efforts and how they address our recommendation.
    Director: Carol R. Cha
    Phone: (202) 512-4456

    95 open recommendations
    including 4 priority recommendations
    Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Agriculture
    Status: Open

    Comments: In October 2017, the US Department of Agriculture reported that its Departmental Regulation 3160-001, and Departmental Manual 3160-001 -- both titled "Licensed IT Software" -- are moving through the clearance process and will be provided to GAO as soon as they are approved.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Commerce
    Status: Open

    Comments: In October 2017, the Department of Commerce (Commerce) demonstrated it has taken steps to create a department wide software license management policy. Specifically, Commerce issued a directive for each of its bureaus to provide their current software license management policies. Based on these policies, Commerce will create a department-wide policy, which it expects to issue by March 2018. GAO will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Commerce
    Status: Open

    Comments: In October 2017, the Department of Commerce reported that a working group has been established to execute license management policies. However, meetings of the group have been put on hold due to resource constraints. GAO will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Commerce
    Status: Open
    Priority recommendation

    Comments: In October 2017, the Department of Commerce (Commerce) reported that it is considering options for establishing a comprehensive inventory of software licenses in the department. It is considering different automated tools, modifying its present tool suite, or using General Services Administration's Software License Management Service. Commerce reports that it is completing an analysis of alternatives and working with the budget office to determine available funding. GAO will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Commerce
    Status: Open

    Comments: In October 2017, the Department of Commerce (Commerce) reported that it is considering options for acquiring an automated tool for tracking and maintaining a comprehensive inventory of software licenses throughout the department. Commerce reports that it is completing an analysis of alternatives and working with the budget office to see what funding is available. GAO will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Commerce
    Status: Open

    Comments: In October 2017 the Department of Commerce (Commerce) reported that it currently does not provide training specific to software license management. However, Commerce officials state that they are working to development this training. For example, Commerce officials are currently reaching out to another federal agency to learn about the software license management training they offer. Commerce states that it plans to incorporate lessons learned into the department's future training plans. GAO will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency: Department of Defense
    Status: Open

    Comments: In October 2017 the Department of Defense (Defense) provided a number of documents to support its statement that it has a software inventory license reporting plan that includes actions for developing an appropriate license management policy. Defense does not have one definitive plan. In May 2016 the House Armed Forces Committee asked for a briefing on Defense's activities. The briefing does not address all of the seven elements that a comprehensive software licensing policy should specify, including topics such as roles, responsibilities, oversight mechanisms, details about the implications of the phases of software license management life-cycle phases on cloud computing decisions, and training. However, Defense stated that the Chief Information Officer was in the process of drafting another key document, which should be issued in January 2018. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Defense
    Status: Open

    Comments: In October 2017, the Department of Defense (Defense) reported on actions to implement a comprehensive inventory using automated tools. For example, Defense reported that it has completed a software inventory license reporting plan. It also continues to automate security domains for asset management and plans to implement automated support and processes for software license management processes in Fiscal Year 2020. However, the documentation available from Defense was insufficient to support these statements. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Defense
    Status: Open

    Comments: In October 2017 the Department of Defense (Defense) noted that it does not yet collect software asset data for all Defense end-points, but plans to start the process in fiscal year 2018. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Defense
    Status: Open
    Priority recommendation

    Comments: In October 2017, the Department of Defense stated that it does not yet collect software asset data for the entire department. We will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Education
    Status: Open

    Comments: In October 2017, the Department of Education stated that the department is working to streamline its software management process through the revision of its current Software Asset Management and Acquisition Policy directive, and IT Governance guidance. These are expected to be issued in 2017. We will continue to monitor the department's efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Education should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Education
    Status: Open

    Comments: In October 2017, the Department of Education (Education) reported that the department's initial training was designed to familiarize the community with the various requirements and mandates highlighted in the latest version of its software management directive and policy. Although the training covered a wide variety of topics, it did not specifically address software license contract terms and conditions, laws and regulations, and security planning. According to Education, the release of the revised Software Asset Management and Acquisition directive will appropriately address these areas. The policy is expected to be issued 2017. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Energy
    Status: Open

    Comments: In August 2017, the Department of Energy (Energy) provided a copy of Energy Order 200.1A, Information Technology Management. This document was updated in January 2017 to incorporate Federal Information Technology Acquisition Reform Act (FITARA) requirements. The order says that IT will be managed consistent with all statutory, regulatory, OMB and Departmental requirements, and that integrated IT management will be administered by the Office of the Chief Information. One of the requirements of the CIO is to perform software asset management including the tracking, licensing, and utilization of Energy's software license inventory. However, there is insufficient detail to addresses the weaknesses of policies that GAO found in our report. In October 2017, Energy stated that it is in the process of updating its policies. According to Energy, it has a draft of a Software Management Centralization Plan and plans to draft a Vendor Management Strategy. It anticipates having the policies finalized by the end of 2017. We will continue to monitor Energy's efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Energy
    Status: Open

    Comments: In 2017, the Department of Energy (Energy) reported that it needs is taking steps to address this recommendation, but that more remains to be done. Energy officials stated that it needs to leverage the existing Office of the Chief Information Officer (OCIO) Enterprise-wide Agreement Program for commercial off the shelf software and the OCIO's Enterprise Architecture Repository Solution, which identifies existing software within the OCIO-managed environment. Energy stated that the enterprise-wide agreement program has resulted in cost savings, but did not provide documentation to support this. We will continue to monitor the department's efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Energy
    Status: Open

    Comments: In 2017, the Department of Energy (Energy) issued a data call to its components and created a software license inventory from the information provided. Energy plans on conducting similar data calls, supplemented by automated scans where available, at least twice a year. This data collection will provide information useful to consolidating software licenses and developing operating and cost efficiencies. However, Energy stated that given that the department is federated and has numerous networks, an enterprise-wide automated scan is not feasible, as GAO recommended in May 2014. We will continue to monitor the department's efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Energy
    Status: Open

    Comments: In August 2017, the Department of Energy (Energy) stated that it is in the early stages of developing a centralized software license management approach to address the requirements outlined in the Office of Management and Budget (OMB's software license policy. According to Energy, this centralized approach will include a plan for how Energy routinely tracks and maintains a department-wide inventory of its software licenses using automated tools and how Energy will analyze this information to facilitate better spending across the department. Energy also provided a task order for the implementation of continuous diagnostic and mitigation services. The services includes the use of automated tools for software asset management, configuration system management, and vulnerability management. However, the task order does not include timelines. We will continue to monitor Energy's efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Energy
    Status: Open

    Comments: In 2017, the Department of Energy (Energy) stated that while the Department has realized cost savings from its Enterprise-wide Agreement Program, it recognizes that a more robust, enterprise-wide coordinated effort is needed. Energy stated that a plan for how the inventory will be developed will be a part of its future centralized management approach. According to Energy, the plan will include analyzing the inventory to identify potential cost savings. However, the documentation provided by Energy for the enterprise wide agreement program does not provide any cost savings information. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Energy
    Status: Open

    Comments: In October 2017, the Department of Energy (Energy) provided evidence that it has training courses in contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. However, Energy has yet to provide evidence that these courses have been attended by a sufficient number of Energy personnel. We will continue to monitor Energy's efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Acquisition Reform Act. This initiative is expected to start making progress by May 2018 and lead to ongoing improvements. HHS also stated that HHS's federated IT environment, presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's efforts to addressing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Acquisition Reform Act. This initiative is expected to start making progress by May 2018 and lead to ongoing improvements. HHS also stated that HHS's federated IT environment, presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's efforts to addressing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Reform Acquisition Act (FITARA) Scorecard from the House Oversight and Government Reform Committee. This initiative is expected to generate solid results by May 2018 and be ongoing afterwards. HHS also stated that they will continue to seek GAO's advice on the implementation and execution of the recommendation given HHS's federated IT environment, which they feel presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Acquisition Reform Act. This initiative is expected to start making progress by May 2018 and lead to ongoing improvements. HHS also stated that HHS's federated IT environment, presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's efforts to addressing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Acquisition Reform Act. This initiative is expected to start making progress by May 2018 and lead to ongoing improvements. HHS also stated that HHS's federated IT environment, presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's efforts to addressing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Health and Human Services
    Status: Open

    Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Acquisition Reform Act. This initiative is expected to start making progress by May 2018 and lead to ongoing improvements. HHS also stated that HHS's federated IT environment, presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's efforts to addressing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the CDM implementation will facilitate normalization efforts across DHS by defining common software license and maintenance requirements. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the CDM implementation will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Homeland Security
    Status: Open

    Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that CDM tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. The CDM tool will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses, including all licenses purchased, deployed, and in use, as well as spending on subscription services. As this data is captured the DHS OCIO, OSDO will analyze the software license data to track cost, usage, benefits to establish spending data that allows to the Department to perform trend analysis. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In October 2017, the Department of Housing and Urban Development (HUD) stated that the department developed a draft policy that will implement policies and responsibilities for managing software licenses and a software license consolidation plan to enable maintenance and enforcement of the software license management policy. In addition, the department reported that it had appointed a software license manager who is the single point of contact for software license management. Among other things, the department has initiated a software license management oversight working group, and worked to establish a software license management project management office. According to HUD, the targeted completion for implementing this recommendation is by the end of March 2018. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In October 2017, the Department of Housing and Urban Development (HUD) reported that its Office of the Chief information Officer (OCIO) has achieved full operational capability for the agency's Federal Asset Management Enterprise System (FAMES) and began to populate FAMES with information on the agency's software assets in January 2017. However, HUD noted that it still needs to implement and test the interface between FAMES and the agency's automated procurement system. According to HUD, upon completion of the interface, OCIO will have the data extracts necessary to support enforcement of an agency-wide comprehensive policy that incorporates software license management into its configuration management and control process. HUD reports that the targeted completion for implementing this recommendation is by the end of June 2018. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In October 2017, the Department of Housing and Urban Development (HUD) reported on actions taken to implement this recommendation including the development of an analysis to support acquisition and deployment of an automated software license management capability. According to HUD, this capability will provide the department with the data necessary to identify opportunities to reduce cost, implement IT commodity-consolidated acquisitions and buy licenses in bulk. HUD reports that the targeted completion for implementing this recommendation is by the end of March 2018. However, HUD reported that it has identified $1.4 million in cost savings and avoidance utilizing its current inventory and processes. We will follow-up with the Department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Housing and Urban Development
    Status: Open

    Comments: In October 2017, the Department of Housing and Urban Development (HUD) stated that the department is working to provide training to agency personnel. For example, HUD reports that it has worked with the Department of Defense (Defense) to offer Defense's Enterprise Software Initiative sponsored software license management training to staff. HUD also reports that it continues to work with peer agencies to identify opportunities to access required software management skills and other required training. HUD's target completion for addressing this recommendation by the end of March 2018. We will follow-up with the Department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of the Interior
    Status: Open

    Comments: In March 2017, the Department of Interior reported that the department has drafted a comprehensive policy that is comprised of the core elements of software management. In September 2017, the department reported that it had reevaluated its approach to software asset and license management and will issue an updated policy memorandum to Interior bureaus and offices during the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of the Interior
    Status: Open

    Comments: In March 2017, the Department of Interior reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets. The approach includes roles and responsibilities. In September 2017, the department reported that it plans to employ a centralized license management approach for its enterprise-wide software in the third quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of the Interior
    Status: Open

    Comments: In March 2017, the Department of Interior reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets. The approach includes roles and responsibilities. In August 2017, the department reported that it is using automated tools and technologies to begin compiling an inventory of installed software. Further, Interior officials reported that they are compiling information on software contracts that it maintains for enterprise-wide licensing. Department officials stated that they are investigating tools, techniques and approaches to automate matching its software installations against enterprise-wide software contracts and licensing. The department plans to establish a comprehensive inventory of enterprise-wide licenses in the third quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of the Interior
    Status: Open

    Comments: In March 2017, the Department of Interior reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets. In August 2017, the department reported that it plans to establish a comprehensive inventory of enterprise-wide licenses in the third quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making

    Agency: Department of the Interior
    Status: Open

    Comments: In March 2017, the Department of Interior reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets. In August 2017, the department reported that it plans to establish a comprehensive inventory of enterprise-wide licenses in the third quarter of fiscal year 2018, and to analyze the data by the end of second quarter fiscal year 2019. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of the Interior
    Status: Open

    Comments: In March 2017, the Department of Interior reported that the department provides software license management training to agency personnel. However, the agency has not yet provided documentation showing that the training addresses key aspects of software license management, including addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. We will follow-up with the department to obtain supporting documentation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Justice
    Status: Open

    Comments: In October 2017, the Department of Justice reported that it was in the process of finalizing its software license management policy with an expected completion date by the end of December 2017. We will continue to monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Justice
    Status: Open

    Comments: In October 2017, the Department of Justice (Justice) reported that a software centralization plan for all software licenses is under development, with an expected completion date of June 30, 2018. In the meantime, Justice reports that it tracks software usage within the department's components. Justice is able to reassign licenses from one component to another in instances where one component has the license but it not using it. We will continue to monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Justice
    Status: Open

    Comments: In September 2017, the Department of Justice (Justice) reported that it is in the process of deploying a software inventory tool across the department. According to Justice, this will provide a comprehensive inventory of software licenses installed on end user desktops and laptops. Justice had planned to have the tool implemented by September 30, 2017. However, in October 2017, Justice stated that it is still working with the components to deploy the tool and currently does not have a target date for completion. We will continue to monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Justice
    Status: Open

    Comments: In September 2017, the Department of Justice (Justice) reported that it is in the process of developing the automated tools needed to track and maintain a comprehensive inventory of software licenses. Justice had planned to have the tool implemented by September 30, 2017. However, in October 2017 Justice stated that it is still working with the components to deploy the tool and currently does not have a target date for completion. We will continue to monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Justice
    Status: Open

    Comments: In September 2017, the Department of Justice (Justice) reported that it has taken initial steps to analyze agency-wide software license data. For example, it has worked to provide better governance of existing software enterprise agreements to achieve savings from processes across the components, with an initial focus on its largest software vendors. Justice reported that it is also in the process of deploying a software inventory tool across the department. According to Justice, this will enable the department to identify opportunities for cost savings through additional enterprise agreements. They anticipate that the license data will substantiate usage patterns that will allow Justice to define alternate licensing structures (with reduced fees) for software not included in the enterprise agreements. Justice had planned to have the inventory tool implemented by September 30, 2017. However, in October 2017 Justice stated that it is still working with the components to deploy the inventory tool and currently does not have a target date for completion. We will continue to monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Justice
    Status: Open

    Comments: The Department of Justice (Justice) reported in September 2017 that it has taken initial steps to provide training to appropriate agency personnel. For example, Justice states that in the department's Vendor Management Calls they provide training on processes and the use of tools, including contract terms, negotiations, laws and regulations, acquisition, security planning and configuration management. However, Justice has not yet provided documentation to support this. We will continue to monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Labor
    Status: Open

    Comments: In October 2017, the Department of Labor (Labor) reported that it plans to implement a software solution in the first quarter of fiscal year 2018, to, among other things, assist in managing its inventory using automated tools and metrics. Further, Labor reported that it had developed a Departmental cross-functional team, including personnel from acquisitions, contracts, user service management, and finance, which evaluates software consolidation opportunities. According to Labor officials, the team's efforts have led to the consolidation of contracts for over 40 department-wide software companies, and identified and established enterprise-wide software agreements. For example, the agency analyzed its software license inventory and as a result consolidated seven separate licenses into a single enterprise-wide license agreement. According to agency officials, the consolidation minimizes the contracting administration effort and enables the agency to scale software license usage without a contract action. We will continue to monitor the agency's progress in implementing the software solution.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Labor
    Status: Open

    Comments: In October 2017, the Department of Labor (Labor) reported that it had provided software license training to six personnel, including automated tool training, software security and configuration management training. Further, Labor reported that it plans to provide further software management related training. We will follow-up with the agency to obtain supporting documentation, and will continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of State
    Status: Open

    Comments: In October 2017, the Department of State reported that it is working to develop a comprehensive policy for the management of software licenses. In addition, the department reported that it has a policy that identifies a single office within the department that is responsible for managing the enterprise software licensing agreements. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of State
    Status: Open

    Comments: In October 2017, the department reported that existing policy identifies roles and responsibilities for key stakeholders in the acquisition of software including the CIO and systems owners. In addition, the department reported that it uses a centralized approach for five products. However, the department did not provided evidence that it is employing a centralized management approach for other software licenses. We will continue to monitor its efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of State
    Status: Open

    Comments: In October 2017, the Department of State reported that it owns several tools that assist the department with software asset management. In addition, the department reported that it currently has insight into procurement information as well as a broad range of software inventory information available via the department's current network monitoring toolset and purchasing system. In addition, the department stated that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) initiative spearheaded by the Department of Homeland Security. According to the department, the CDM is expected to provide an improved, more consolidated, user-friendly, and actionable view into software license data on its network. However, the department has not yet provided documentation of a comprehensive inventory of software licenses using automated tools. We will continue to monitor the department's efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of State
    Status: Open

    Comments: In October2017, the department reported that it currently has insight into procurement information as well as a broad range of software inventory information available via the department's current network monitoring toolset and purchasing system. In addition, the department stated that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) which is expected to become the department's automated tool to track its software inventory. We will continue to monitor the department's efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of State
    Status: Open

    Comments: In October 2017, the department reported that it has established a centralized procurement for five products. Further, the department reported that it has saved over $69 million by using this approach. Moreover, the department reported that it is considering other products that might benefit from a centralized approach. In addition, the department reported that its software asset management framework is being updated to centralize, standardize and consolidate purchases of software licenses. However, the department reported that it currently conducts software licenses analysis on a contract-by-contract basis, and has not provided documentation showing that it is analyzing agency-wide software license data. We will continue to monitor the department's efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of State should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of State
    Status: Open

    Comments: In October 2017, the Department of State reported that it employees have access to the Foreign Service Institute's training, which includes acquisition courses. However, the department has not provided documentation showing that these courses address software licenses. In addition, in July 2017 the department reported that it has provided software license management training to the agency's Information Resource Management and acquisition personnel and that the agency plans to provide more relevant software license training in the future. We will follow-up with the agency to obtain supporting documentation and we will continue to monitor its efforts to address this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Department of Transportation
    Status: Open

    Comments: In February 2017, the Department of Transportation (DOT) stated that it has developed a policy addressing components of centralized management and management of software licenses through the entire life cycle. In addition, DOT updated its policy to address regularly tracking licenses using automated tools, analyzing license data to inform investment decision making, providing license management training to personnel, and establishing goals and objectives of the program. However, while DOT's Order 1351.21 states that each Enterprise License Agreement will be accompanied by a licensed management portal to provide department-wide transparency on how many licenses are available and when licenses need to be renewed, the policy did not include details on procedures for establishing a comprehensive inventory by identifying and collecting information about software license agreements using automated discovery and inventory tools. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of Transportation
    Status: Open

    Comments: In October 2017, the Department of Transportation (DOT) reported that, to be consistent with MEGABYTE Act requirements, the department is focused on applying software license management to the top 80 percent of its software spending. DOT reported that it has developed a methodology to use USASpending.gov and additional data from the department's procurement system to identify its software license spending. In addition, DOT reported that it is also leveraging tools from the Continuous Diagnostic and Monitoring) program as well as Microsoft System Center Configuration Manager and the Federal Procurement Data System to identify software that is installed base and their spending. Moreover, DOT is developing a tool is that they plan to use to create and monitor their software inventory using the data described above. We will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of Transportation
    Status: Open

    Comments: The Department of Transportation (DOT) has made progress in addressing this recommendation by among other things, developing policy requiring its components to regularly track software license data such as usage on a regular basis. For example, the DOT?s Enterprise License Agreements policy requires its information technology offices within the Operating agencies to report software license usage information on a bi-annual basis. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of Transportation
    Status: Open

    Comments: In February 2017, the Department of Transportation (DOT) noted that it was following guidance under the Federal Information Technology Acquisition Reform Act (FITARA). However, DOT did not provide evidence that it analyzes agency-wide software license data to identify opportunities to reduce cost and inform decisions. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of Transportation
    Status: Open

    Comments: In February 2017, the Department of Transportation (DOT) reported that its Office of the Chief Information Officer (OCIO) is piloting the Staff Training Education and Professional Development Program (STEP) for all OCIO employees. The courses cover areas such as contracting and negotiations, laws and regulations and security training. However, DOT reported that the training is not specific to software licensing, although elements of software management are covered in full through the offerings within the STEP program. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of the Treasury
    Status: Open

    Comments: In April 2017, Treasury's Chief Information Officer and Senior Procurement Executive established a policy on software license management. The policy includes plans to employ a centralized software license management strategy. We will continue to monitor the agency?s efforts to develop the strategy.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Department of the Treasury
    Status: Open

    Comments: In October 2017, the Department of Treasury reported that it had piloted automated tools to inventory software assets; however, it resulted in inconsistent data and created potential security vulnerabilities. Thus, Treasury has not yet developed a comprehensive inventory. We will continue to monitor the department's efforts to implement the recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Department of the Treasury
    Status: Open

    Comments: In October 2017, Treasury officials stated that they do not maintain a comprehensive centralized inventory of software assets within the enterprise. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Department of the Treasury
    Status: Open

    Comments: In October 2017, department officials stated that they are not currently conducting analysis of agency-wide software license data. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Department of the Treasury
    Status: Open

    Comments: In October 2017, department officials stated that they do not currently offer any training on software license management. We will continue to monitor the department's efforts to address the recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, Environment Protection Agency (EPA) reported that it is currently taking steps to develop a comprehensive policy that will address a centralized management program of licenses, an analysis to inform decision making, education and training goals and overall management throughout the lifecycle. In addition, EPA stated that it is still leveraging the efforts of the Continuous Diagnostics and Mitigation project as well as its Office of Acquisition Management's consolidation of its Microsoft suite. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is currently taking steps to develop a comprehensive policy that will address a centralized management program of licenses. In addition, EPA stated that it is still leveraging the efforts of the Continuous Diagnostics and Mitigation project as well as leveraging its Office of Acquisition Management's consolidation of enterprise licenses. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, EPA reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for a comprehensive software license inventory. EPA also reported that this comprehensive inventory will be provided via an automated dashboard. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for an automated tool that will establish a comprehensive software license inventory. EPA We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, the Environment Protection Agency reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for a comprehensive software license inventory. that will be available by the second quarter of fiscal year 2017. EPA also stated that it has consolidated six of the agency's eight major software license contracts. In addition, EPA reported that it is currently conducting an analysis of licenses and maintenance with regards to category management to determine the current spend environment and visibility within the agency to develop strategies for addressing each platform. We will follow up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Environmental Protection Agency
    Status: Open

    Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is working to develop a robust training curriculum that addresses all software license requirements including but not limited to negotiations, laws and regulations, and contract terms and conditions department wide. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: National Science Foundation
    Status: Open

    Comments: In March 2017, National Science Foundation (NSF) reported on actions taken to implement this recommendation. For example, the agency reported that in July 2015 NSF issued a new acquisition policy that provides the Chief Information Officer central oversight authority for IT acquisitions including software agreements. However, the guidance does not specify policies on managing software licenses for regularly tracking and maintaining software licenses to assist the agency in implementing decisions throughout the software license management life cycle, analyzing software usage and other data to make cost-effective decisions and providing training relevant to software license management. We will continue to monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: National Science Foundation
    Status: Open

    Comments: In March 2017, the National Science Foundation (NSF) reported that it continues to regularly track and maintain a comprehensive inventory of software licenses. For example, NSF reported that in 2015 the agency implemented an automated tool to capture, track and report on software licenses. In addition, NSF reported that it is implementing a Continuous Diagnostic and Mitigation (CDM) capabilities to further consolidate and centralize management of the agency's software asset inventory in an automated way. However, NSF did not provide documentation showing that it regularly tracks and maintains its inventory using automated tools and metrics. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: National Science Foundation
    Status: Open

    Comments: In March 2017, National Science Foundation (NSF) reported on its progress in analyzing agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. However, NSF did not provide documentation demonstrating that it analyzed agency-wide software license data to inform investment decisions and identify opportunities to reduce costs. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: National Science Foundation
    Status: Open

    Comments: In March 2017, National Science Foundation (NSF) reported that the agency is committed to providing software license training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. However, NFS did not provide documentation showing that this training include aspects of sufficient software license management training such as contract terms and conditions or negotiations. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: The Nuclear Regulatory Commission (NRC) has taken steps to implement this recommendation. For example, in March 2017, NRC reported that the agency's Software Manager is in the process of developing the NRC Software Management Centralization Plan to meet NRC's business needs and to ensure compliance with applicable Federal mandates and guidelines, including those from the Office of Management and Budget, the Federal Information Technology Acquisition Reform Act, the Federal Information Security Management Act, and from the National Institute of Standards and Technology. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) stated that a manual effort is underway to gather and verify data associated with the software on the list to complete a comprehensive inventory of software licenses. NRC also reported that it has developed requirements for an information technology asset management tool to support the establishment of a comprehensive inventory of software licenses using automated tools. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) stated that a manual effort is underway to gather and verify data associated with the software on the list to complete a comprehensive inventory of software licenses. NRC also reported that it has developed requirements for an information technology asset management tool to support the establishment of a comprehensive inventory of software licenses using automated tools. Upon deployment of an automated tool, NRC reported that it will be able to regularly track and maintain a comprehensive inventory of all software licenses. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) reported that the agency will analyze agency-wide software license data after it deploys an automated tool. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Nuclear Regulatory Commission
    Status: Open

    Comments: In March 2017, the Nuclear Regulatory Commission (NRC) reported that the agency plans to provide software license management training to all key personnel. NRC also reported that its software training is currently being developed by the Office of Management and Budget, the Federal Acquisition Institute and the Defense Acquisition University. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency: Office of Personnel Management
    Status: Open

    Comments: OPM concurred with this recommendation and in September 2015, reported that it had developed a guide to capture enterprise architecture (EA) lifecycle activities including software licensing management, acquisition, and requirements during several points of the project lifecycle. We contacted the agency and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Office of Personnel Management
    Status: Open

    Comments: OPM concurred with this recommendation and in September 2015 reported that it is finalizing a revised Life Cycle Management draft policy which will use stage gate reviews to evaluate the progress of projects including software licenses throughout the agency. According to OPM, once the new policy is approved, OPM subject matter experts will review project documentation during stage gates reviews to make written recommendations on whether projects should continue. OPM's Investment Review Board will then review that recommendation and other procurement documentation to make a final recommendation to the OPM Director. We contacted the agency and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Office of Personnel Management
    Status: Open

    Comments: OPM concurred with this recommendation and in September 2015 OPM reported that it acquired an enterprise architecture repository tool and is collecting information on its software applications. OPM also reported that it is assembling and performing quality reviews on hardware and software lists currently maintained in spreadsheets, in its EA Systems database, and Remedy database in order to consolidate the entire hardware and software asset inventory. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Office of Personnel Management
    Status: Open

    Comments: OPM concurred with this recommendation and in September 2015 OPM reported that it acquired an enterprise architecture repository tool and is collecting information on its software applications. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In written comments to our report, OPM concurred with our recommendations and noted actions the agency plans to take. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Office of Personnel Management
    Status: Open

    Comments: In written comments to our report, OPM concurred with our recommendations and noted actions the agency plans to take. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified.

    Agency: Small Business Administration
    Status: Open
    Priority recommendation

    Comments: In August 2017, the Small Business Administration (SBA) reported that it has developed and implemented enterprise policies to better manage its software. In addition, SBA reported that it is developing software asset policy and anticipates having it in place by the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Small Business Administration
    Status: Open

    Comments: In August 2017, the Small Business Administration (SBA) reported that it has centralized the agency software license management through its Office of the Chief Information Officer. We will follow up with the agency to obtain documentation verifying the implementation of this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Small Business Administration
    Status: Open

    Comments: In August 2017, the Small Business Administration (SBA) reported that the agency has taken several key steps to establish and build a comprehensive enterprise software inventory such as the use of Microsoft enterprise inventory tools. SBA also reported that it anticipates completing a comprehensive software license inventory by the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Small Business Administration
    Status: Open
    Priority recommendation

    Comments: In August 2017, the Small Business Administration (SBA) reported that it has replaced multiple standalone inventory tracking tools with Microsoft System Center 2016 which provides the SBA enterprise with a single automated tool capability. SBA also reported that it anticipates completing a comprehensive software license inventory by the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Small Business Administration
    Status: Open

    Comments: In August 2017, the Small Business Administration (SBA) reported on actions taken to analyze agency-wide software license data. For example, SBA reported that its Office of the Chief Information Office is leading an agency-wide effort to ensure that SBA is only purchasing the number of licenses needed during the renewal of software licensing contracts. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Small Business Administration
    Status: Open

    Comments: In August 2017, the Small Business Administration (SBA) reported on actions taken to provide software license management training. For example, SBA reported that officials in the Office of the Chief Information Officer have held multiple sessions on Microsoft licensing practices as well as software licensing, in general. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified

    Agency: Social Security Administration
    Status: Open

    Comments: The Social Security Administration agreed with this recommendation, and in response, developed an agency-wide policy for the management of software licenses that addresses six of the seven key elements that a comprehensive software license should specify, including identifying clear roles, responsibilities, and central oversight authority for agency wide software licenses; and analyzing software license usage to make cost effective decisions. However, SSA's policy did not include guidance on providing appropriate agency personnel with sufficient software management training. We will continue to work with SSA and monitor the agency's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Social Security Administration
    Status: Open

    Comments: The Social Security Administration (SSA) agreed with and has taken initial steps to implement our recommendation. In August 2017, SSA reported that it has established an informal workgroup to share software license management plans and processes. In addition, SSA's Information Technology Asset Management Policy discusses the agency's plan for a centralized software license management approach. We will continue to monitor SSA's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses.

    Agency: Social Security Administration
    Status: Open

    Comments: In August 2017, the Social Security Administration (SSA) reported on actions taken to address this recommendation. For example, SSA reported that it has installed a new version of an asset directory on its mainframe. The agency plans to implement additional software to assist with developing a software license inventory in fiscal year 2018. We will continue to monitor SSA's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.

    Agency: Social Security Administration
    Status: Open

    Comments: In August 2017, the Social Security Administration (SSA) reported on actions taken to address this recommendation. For example, SSA reported that it has installed a new version of an asset directory on its Mainframe. The agency plans to implement additional software to assist with developing a software license inventory in fiscal year 2018. We will continue to monitor SSA's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should analyze agency-wide departmental software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.

    Agency: Social Security Administration
    Status: Open

    Comments: The Social Security Administration (SSA) agreed with and has taken steps to implement our recommendation. In August 2017, SSA reported that it currently gathers data and conducts yearly exercises concerning its Microsoft software and reported on efforts to provide SSA the capability to analyze agency-wide software license data. We will continue to monitor the SSA's progress in implementing this recommendation.
    Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.

    Agency: Social Security Administration
    Status: Open

    Comments: In October 2017, Social Security Administration (SSA) officials stated that personnel responsible for software acquisition receive regular training. However, the agency has not yet provided documentation showing that this training addresses software license management. We will continue to monitor the SSA's progress in implementing this recommendation.