Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase

  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release

  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or
  • « Back to Results List Sort by   


    Subject Term: Avionics

    1 publication with a total of 1 open recommendation including 1 priority recommendation
    Director: Gerald L. Dillingham, Ph.D.
    Phone: (202) 512-2834

    1 open recommendations
    including 1 priority recommendation
    Recommendation: To better ensure that cybersecurity threats to NextGen systems are addressed, given the challenges FAA faces in meeting the Office of Management and Budget's (OMB) guidance to implement the latest security controls in the National Institute of Standards and Technology's (NIST) revised guidelines within one year of issuance, the Secretary of Transportation should instruct the FAA Administrator to develop a plan to fund and implement the NIST revisions within OMB's time frames.

    Agency: Department of Transportation
    Status: Open
    Priority recommendation

    Comments: DOT concurred with this recommendation. FAA officials told us the agency is unable to implement all requirements within OMB's one-year time frame based on resource availability to address the number of FAA's FISMA reportable systems and NIST's newly revised requirements. As such, FAA's approach to achieve compliance with the most current NIST security controls (NIST SP 800-53 Revision 4) is to adopt a three-year assessment cycle where at least one-third (1/3) of these controls for all systems are assessed each year over a three year period. Each system will be fully assessed against all new and modified security controls in the current revision by the end of fiscal year 2017. Systems with weaknesses that could be exploited by adversaries may be at increased risk if relevant controls are not implemented. A three-year assessment cycle may not be adequate to maintain currency with NIST standards as future revisions are released. Therefore, FAA should report to OMB on how its alternative plan for implementing revised NIST standards will be adequate to protect the security of NextGen systems. As of October 2016, FAA is in the final stages of developing a plan to fund and implement the NIST revisions within OMB's time frames. FAA said it plans to implement the recommendation in 2017. The agency will request closure for the recommendation once the plan has been completed.