Recommendation: The Under Secretary for Management should ensure that the Office of Program Accountability and Risk Management and component heads execute the Component Acquisition Executive nomination and designation process consistently, as described in its guidance. This should include nominating and designating Component Acquisition Executives to oversee all acquisition programs. (Recommendation 1)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Under Secretary for Management should ensure that the Component Acquisition Executives that are responsible for oversight of acquisition programs comply with Department of Homeland Security direction to complete Component Acquisition Executive support staffing plans. (Recommendation 2)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Under Secretary for Management should identify, in policy or guidance, the expertise that constitutes critical acquisition positions for effective Component Acquisition Executive oversight. (Recommendation 3)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Under Secretary for Management should direct the Office of Program Accountability and Risk Management to establish a time frame for completing its assessment of the Investment Evaluation, Submission, and Tracking (INVEST) system data fields for which the Component Acquisition Executive certification is necessary, based on current use and reporting requirements, and take appropriate actions based on the results. (Recommendation 4)

Agency: Department of Homeland Security
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Under Secretary of Defense for Acquisition and Sustainment should establish procedures requiring the military departments to collect and share findings from their peer reviews of MDAP contracting approaches—including choice of contract type—such as by updating the existing online compendium of best practices and lessons learned as they complete their reviews.

Agency: Department of Defense
Status: Open

Comments: DOD agreed with this recommendation, but as of August 2020 has not taken any action to implement it.

Recommendation: The Secretary of Homeland Security should direct the DHS Chief Procurement Officer to, in coordination with the Office of Program Accountability and Risk Management, develop a risk-based approach for reviewing service requirements—through the Procurement Strategy Roadmap or other means—to ensure proposed service requirements are clearly defined and reviewed before planning how they are to be procured. (Recommendation 1)

Agency: Department of Homeland Security
Status: Open

Comments: DHS disagreed with our recommendation, preferring to maintain the status quo in its policy and procedures. However, by doing so, DHS is missing important opportunities to prevent negative acquisition outcomes and the potential for wasted resources. In its response, DHS noted its processes for major acquisitions, however, DHS service programs and contracts did not rise to the level of being classified a major service acquisition.

Recommendation: The Secretary of Homeland Security should direct the DHS Chief Procurement Officer to document the factors the Office of the Chief Procurement Officer considers when waiving procurement actions from its Procurement Strategy Roadmap to ensure it is consistently considering potential acquisition risks in its planning—including those specific to services. (Recommendation 2)

Agency: Department of Homeland Security
Status: Open

Comments: DHS did not concur with this recommendation, maintaining that the factors considered when waiving a Procurement Strategy Roadmap are not static. We believe, however, that documenting the factors considered will help ensure that the decisions to waive the Procurement Strategy Roadmaps are made consistently, transparently, and help maintain institutional knowledge.

Recommendation: The Secretary of Homeland Security should direct the DHS Chief Procurement Officer to update the Inherently Governmental and Critical Functions Analysis to require the identification of special interest functions. (Recommendation 3)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation and stated that it will update the Inherently Governmental and Critical Functions Analysis job aid to require the identification of a special interest function when applicable.

Recommendation: The Secretary of Homeland Security should direct the DHS Chief Procurement Officer to update the Inherently Governmental and Critical Functions Analysis to provide guidance for analyzing, documenting, and updating the federal workforce needed to perform or oversee service contracts requiring heightened management attention. (Recommendation 4)

Agency: Department of Homeland Security
Status: Open

Comments: DHS did not concur with this recommendation maintaining that the components are certifying that they have sufficient internal capacity or federal employees available for oversight within the Inherently Governmental and Critical Functions Analysis. We continue to believe, however, that without guidance, each component is making its own determination about which factors to consider, and DHS does not know how or whether the components are considering the federal workforce available to oversee service contracts in need of heightened management attention, or what steps, if any, the components are taking to mitigate risks if there are not enough federal personnel available to oversee the contracts after award.

Recommendation: The Secretary of Homeland Security should direct the DHS Chief Procurement Officer to develop guidance identifying oversight tasks or safeguards personnel can perform, when needed, to mitigate the risk associated with contracts containing closely associated with inherently governmental functions, special interest functions, or critical functions. (Recommendation 5)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation and stated that it will develop guidance that identifies oversight tasks or safeguards that personnel can perform, when needed, to mitigate the risk associated with contracts containing closely associated with inherently governmental, special interest, or critical functions.

Recommendation: The Secretary of Homeland Security should direct the DHS Chief Financial Officer to work with Congress to identify information to include in its annual congressional budget justifications to provide greater transparency into requested and actual service requirement costs, particularly for those services requiring heightened management attention. (Recommendation 6)

Agency: Department of Homeland Security
Status: Open

Comments: DHS did not concur with this recommendation stating that its annual Congressional Budget Justification already contains substantial service contract information. We maintain, however, that the service contract information currently included limits visibility for both DHS and Congress into requested and actual service requirements costs.

Recommendation: We recommend the Secretary of the Air Force issue policy emphasizing the following three key reliability practices when planning and executing acquisition programs: (1) leveraging reliability engineers early and often, (2) establishing realistic reliability requirements, and (3) employing reliability engineering activities to improve a system's design throughout development. (Recommendation 1)

Agency: Department of Defense: Department of the Air Force: Office of the Secretary of the Air Force
Status: Open

Comments: The Air Force agreed with this recommendation and told us they will be updating Air Force Instruction AFI63-101/20-101 to ensure the inclusion of key practices to improve weapon system reliability, including leveraging reliability engineers early and often, establishing realistic reliability requirements, and employing reliability engineering activities to improve a system's design throughout development. The Air Force said it plans to complete this effort by December 31, 2020.

Recommendation: We recommend the Secretary of the Navy issue policy emphasizing the following three key reliability practices when planning and executing acquisition programs: (1) leveraging reliability engineers early and often, (2) establishing realistic reliability requirements, and (3) employing reliability engineering activities to improve a system's design throughout development. (Recommendation 3)

Agency: Department of Defense: Department of the Navy: Office of the Secretary
Status: Open

Comments: The Navy agreed with this recommendation and told us they plan to address GAO's recommendation in two ways. First, they are developing a guidebook for program managers and leadership to emphasize the importance of leveraging reliability engineers early and often, establishing realistic reliability requirements, and employing reliability engineering activities to improve a system's design throughout development. The Navy anticipates the guidebook will be completed by the end of fiscal year 2021. Second, the Navy plans to update the SECNAV 5000.2 when it is open for changes. They noted, this is dependent on the Office of the Secretary of Defense (OSD) completing its ongoing update to DOD-wide acquisition guidance. The Navy anticipates OSD's efforts will be completed by end of calendar year 2020.

Recommendation: The Secretary of Homeland Security should ensure that the Undersecretary for Management develops an oversight process to confirm that programs' schedule goals are developed and updated in accordance with GAO's Schedule Assessment Guide, to include ensuring traceability between APB schedule goals and IMSs. (Recommendation 1)

Agency: Department of Homeland Security: Office of the Secretary
Status: Open

Comments: In providing comments on this report, DHS concurred with our recommendation and stated that the Management Directorate's Office of Program Accountability and Risk Management (PARM) developed a checklist based on GAO's Schedule Assessment Guide, among other things, to evaluate programs' IMSs. PARM also plans to develop guidance on schedules which is intended to assist the Component Acquisition Executives (CAE) and acquisition program staff responsible for building IMSs and APBs. In July 2020, PARM officials reported that the schedule checklist was already being used to evaluate and ensure program IMSs adhered to GAO's Schedule Assessment Guide. In addition, PARM officials are updating and drafting guidance on schedules to assist CAEs and program staff when building IMSs and APBs. As of July 2020, PARM was still in the process of executing these efforts.

Recommendation: The Secretary of Homeland Security should ensure that the Undersecretary for Management revises the schedule development guidance in the Systems Engineering Life Cycle Guidebook to state clearly that an IMS should be used as the basis for APB schedule goals. (Recommendation 2)

Agency: Department of Homeland Security: Office of the Secretary
Status: Open

Comments: DHS concurred with our recommendation and stated that Management Directorate's Office of Program Accountability and Risk Management (PARM) was in the process of revising the Systems Engineering Life Cycle Guidebook and would clarify the language relating to IMSs to ensure guidance is consistent. As of July 2020, PARM was still in the process of revising the Systems Engineering Life Cycle Guidebook.

Recommendation: The Director, MDA should coordinate with the defense intelligence community on the agency's collective priorities for threat assessments and work with the defense intelligence community to determine if additional resources are needed to support the agency's threat assessment needs. (Recommendation 1)

Agency: Department of Defense: Office of the Secretary of Defense: Missile Defense Agency
Status: Open

Comments: DOD concurred with our recommendation, stating that MDA will continue to follow established processes to identify threat assessment needs and to determine if additional resources are required. However, we have yet to see sufficient evidence that MDA is collectively prioritizing its threat assessment requests. We understand that MDA prioritizes its threat assessment requests within the distinct lanes of intelligence product types. We have yet to see evidence that shows MDA has taken steps to also prioritize amongst those lanes. For example, MDA could coordinate with the intelligence community to establish a formal process or venue through which such macro-level prioritization could be conveyed and discussed. In April 2020, MDA told us that it did not plan to transfer funds to the intelligence community in fiscal year 2021 for any unique MDA intelligence needs. By not taking actions to collectively prioritize its threat assessment needs or providing the intelligence community with resources, MDA continues to run the risk of not receiving the threat assessments it needs when it needs them.

Recommendation: The Director, MDA should fully engage the defense intelligence community on key threat-related missile defense acquisition processes and decisions, including providing insight into and obtaining input from the defense intelligence community on the threat space MDA establishes for the BMDS and the threat parameters and threat models MDA assigns to BMDS elements as design requirements and test cases. (Recommendation 2)

Agency: Department of Defense: Office of the Secretary of Defense: Missile Defense Agency
Status: Open

Comments: DOD concurred with our recommendation, stating that MDA will continue to fully engage the intelligence community on key threat-related Ballistic Missile Defense System (BMDS) acquisition processes and decisions. We have observed improvements in MDA including the intelligence community in some of these key threat-related processes and decisions, some of which were discussed in our report. Also, the National Defense Authorization Act for Fiscal Year 2020 included a provision requiring the Secretary of Defense to submit a report to the congressional defense committees on the NGI and include in the report, among several items, updated threat assessments by the intelligence community informing system threshold and objective requirements. To this end, we are aware that MDA consulted with the intelligence community on the threat space and threat-related requirements that are being considered for the Next Generation Interceptor (NGI). The Office of the Under Secretary of Defense for Research and Engineering stated in a September 2019 memo to GAO that MDA also coordinates in weekly Technical Interchange Meetings with the intelligence community on the threat space bounds for parameters that have high uncertainty. We are also aware of ongoing efforts between MDA and the intelligence community to jointly model missile threats that could directly be used in MDA ground tests. These efforts address much of our recommendation; however, we have yet to see whether MDA will coordinate with the intelligence community on the threat parameters assigned to BMDS elements in the BMD System Specification. We intend to follow up with MDA to determine the extent to which MDA has implemented our recommendation.

Recommendation: The Secretary of Defense should require the Director, MDA and the Director, DIA to coordinate on establishing a process for MDA to obtain validation of its threat models. (Recommendation 3)

Agency: Department of Defense: Office of the Secretary of Defense
Status: Open

Comments: DOD concurred with our recommendation, stating that the department will re-examine the most cost-effective approach to meet the intent of DIA validation to support development and fielding of effective Ballistic Missile Defense System (BMDS) elements. We have observed significant progress on this recommendation, primarily through the joint coordination occurring through the Defense Intelligence Ballistic Missile Analysis Committee (DIBMAC) Joint Modeling Tiger Team, where multiple pathways are being explored. Our recommendation calls for the intelligence community and MDA to coordinate on establishing a process for MDA to obtain validation of its threat models. We are also open to other pathways, such as intelligence community and MDA jointly producing threat models or MDA making direct use of threat models built by the intelligence community. Our objective is that MDA use threat models that are validated by the intelligence community when such models are necessary to inform formal BMDS processes, products, and decisions. Any pathway that MDA and the intelligence community agree upon that yields this result meets the intent of our recommendation. We believe that through the tiger team initiative, such coordination is occurring and therefore the closure of this recommendation as implemented in imminent. We are waiting to see: (1) whether MDA and intelligence community establish a formal process and/or jointly sign a memorandum of agreement to codify the process; and (2) the production and use of an intelligence community-validated threat model by MDA in a ground test or other Models and Simulation application.

Recommendation: The Under Secretary of Defense for Acquisition and Sustainment should ensure that the Air Force's finalized Space C2 program's acquisition strategy includes, at a minimum, the following elements:

• acquisition and contracting approach;
• program management structure, including authorities and oversight responsibilities;
• plans for platform and infrastructure development;
• requirements management and development approach, and plans for prioritization;
• risk management plans, including how the program will identify and mitigate risks;
• metrics for measuring quality of software, and how those results will be shared with external stakeholders;
• manpower assessment identifying program workforce needs and state of expertise in Agile methods;
• requirements for reporting program progress to decision makers; and
• yearly funding levels. (Recommendation 1)

Agency: Department of Defense
Status: Open

Comments: DOD concurred with the recommendation and stated that the Under Secretary of Defense for Acquisition and Sustainment directed the Air Force (this work has now been moved to the Space Force) to provide an Acquisition Strategy for approval in November 2019. DOD noted that a strategy template provided to the Air Force included the elements identified by GAO. As of July 2020, the Acquisition Strategy had been submitted to the office of the Under Secretary of Defense for Acquisition and Sustainment, but officials stated that the strategy is still in review and has not yet been finalized.

Recommendation: The Under Secretary of Defense for Acquisition and Sustainment should ensure that the Air Force's Space C2 program conducts periodic independent reviews to assess the program's approach to developing software and provide, as needed, advice to the program and recommendations for improving the program's development and progress. Participants could include, but are not limited to, officials from the Defense Innovation Board, the Defense Digital Service, the office of the Air Force Chief Software Advisor, and the Under Secretary of Defense for Acquisition and Sustainment's Special Assistant for Software Acquisition. (Recommendation 2)

Agency: Department of Defense
Status: Open

Comments: DOD concurred with this recommendation and stated that the Under Secretary of Defense for Acquisition and Sustainment will assess the need for future periodic and independent reviews of the program. As of July 2020, the Office of the Under Secretary of Defense for Acquisition and Sustainment stated that it had planned to direct an independent review of the program to be conducted by a Federally Funded Research and Development Center and to be completed by September 2020. However, lack of funding and restrictions related to COVID-19 impacted planning. The office still plans to direct this review, but details are pending.

Recommendation: The Secretary for Homeland Security should direct the Director of OTE to revise T&E policy or guidance as necessary to fully meet the key practice for programs to test that components and subsystems work together as a system in a controlled setting before finalizing a system's design. (Recommendation 1)

Agency: Department of Homeland Security
Status: Open

Comments: In providing comments on this report DHS concurred with our recommendation and stated that it planned to update its T&E policy to specify that acquisition programs demonstrate that components and subsystems work together before finalizing a system's design. In July 2020, DHS Test and Evaluation Division (TED) officials said they were in the process of updating the policy and that it was undergoing management review with an anticipated completion in fall 2020. Once finalized, GAO will evaluate the revised policy to determine whether DHS has met the intent of this recommendation.

Recommendation: The Secretary for Homeland Security should direct the Director of OTE, in coordination with OCPO, to develop an assessment process-including establishing performance measures-to help ensure T&E training achieves desired results. (Recommendation 2)

Agency: Department of Homeland Security
Status: Open

Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it planned to assess the knowledge and skill requirements for the T&E workforce and establish performance goals for the training. DHS Test and Evaluation Division (TED), in coordination with OCPO, also plan to develop strategies to address any deficiencies with the current training that do not meet the identified requirements. In April 2020, TED officials said that they developed a new survey process to obtain recurring feedback from participants on the training's impact on their ability to perform T&E duties as assigned over time to inform the annual review of the T&E curriculum. However, this effort is still in a piloting stage so the extent to which this information is used to assess the training is still unknown at this time. As of July 2020, TED was still in the process of executing these efforts.

Recommendation: The Secretary for Homeland Security should direct the Director of OTE to revise T&E policy or guidance as necessary to specify when in the acquisition life cycle a major acquisition program manager should designate a level III certified T&E manager. (Recommendation 3)

Agency: Department of Homeland Security
Status: Open

Comments: In providing comments on this report DHS concurred with our recommendation and stated that it planned to update its T&E policy to specify when in the acquisition lifecycle acquisition program managers should designate a qualified T&E manager. In July 2020, DHS Test and Evaluation Division (TED) officials said they were in the process of revising the policy to include this specification and that it was undergoing management review with an anticipated completion in fall 2020. Once finalized, GAO will evaluate the revised policy to determine whether DHS has met the intent of this recommendation.

Recommendation: The Secretary for Homeland Security should direct the Director of OTE to establish an internal control process to ensure that data collected and maintained on major acquisition programs' T&E managers are reliable. (Recommendation 4)

Agency: Department of Homeland Security
Status: Open

Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it planned to establish an internal control process to reliably collect and maintain data on acquisition programs' assigned test and evaluation managers. In April 2020, DHS Test and Evaluation Division (TED) reported taking steps to ensure the validity of this data including establishing points of contacts within each component to cross-check collected information for accuracy and having the Director review collected data on a quarterly basis beginning in third quarter fiscal year 2020. As of July 2020, TED was still in the process of improving its internal collection process, but had not completed these efforts.

Recommendation: The Secretary for Homeland Security should direct the Under Secretary for Science and Technology to assess OTE's workforce to ascertain the extent to which it has the appropriate number of staff with the necessary skills to fulfill its responsibilities. (Recommendation 5)

Agency: Department of Homeland Security
Status: Open

Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it planned to assess the Test and Evaluation Division's (TED) workforce by reviewing current staffing levels and vacancies against the division's roles and responsibilities. The Senior Official Performing the Duties of the Under Secretary for Science and Technology plans to use the results of this review to inform strategic hiring in future years, if needed. In February 2020, DHS released its fiscal year 2020 strategic guidance memorandum for the Science and Technology (S&T) Directorate which included a statement pertaining to resourcing S&T's test and evaluation capabilities. However, as of July 2020, S&T had not yet conducted its review of TED's workforce.

Recommendation: The Commandant of the Coast Guard, in collaboration with the Secretary of the Navy, should direct the polar icebreaker program and NAVSEA 05C to update the HPIB cost estimate in accordance with best practices for cost estimation, including (1) developing risk bounds for all phases of the program lifecycle, and on the basis of these risk bounds, conduct risk and uncertainty analysis, as well as sensitivity analysis, on all phases of the program lifecycle, and (2) reconciling the results with an updated independent cost estimate based on the same technical baseline before the option for construction of the lead ship is awarded. (Recommendation 2)

Agency: Department of Homeland Security: United States Coast Guard
Status: Open

Comments: In providing comments on this report, the Coast Guard concurred with our recommendation. As of August 2020, Coast Guard officials stated that they are updating the polar icebreaker program's life cycle cost estimate to reflect information provided by the shipbuilder and anticipate completing the update in the fall 2020. We will review the updated life cycle cost estimate at that time and determine if the actions taken meet the intent of this recommendation.

Recommendation: The Commandant of the Coast Guard should direct the polar icebreaker program office to develop a program schedule in accordance with best practices for project schedules, including determining realistic durations of all shipbuilding activities and identifying and including a reasonable amount of margin in the schedule, to set realistic schedule goals for all three ships before the option for construction of the lead ship is awarded. (Recommendation 3)

Agency: Department of Homeland Security: United States Coast Guard
Status: Open

Comments: In providing comments on this report, the Coast Guard concurred with our recommendation. As of August 2020, Coast Guard officials stated that they updated the polar icebreaker program's schedule for the lead ship and are in the process of developing schedules for the follow-on ships. We will review the updated schedules once the Coast Guard provides them and determine if the actions taken meet the intent of this recommendation.

Recommendation: The DHS Under Secretary for Management should require the Coast Guard to update the HPIB acquisition program baselines prior to authorizing lead ship construction, after completion of the preliminary design review, and after it has gained the requisite knowledge on its technologies, cost, and schedule, as recommended above. (Recommendation 5)

Agency: Department of Homeland Security
Status: Open

Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it will require the Coast Guard to update the HPIB program's acquisition program baselines prior to authorizing lead ship construction. As of August 2020, Coast Guard officials anticipate updating the acquisition program baselines by no later than February 2021. We will review the updated HPIB acquisition program baselines at that time and determine if the actions taken meet the intent of this recommendation.

Recommendation: The Secretary of DHS should ensure that the Commissioner of Customs and Border Protection through the Executive Assistant Commissioner for Operations Support updates the 2013 workforce assessment to account for the independent requirements organization's current workforce needs. (Recommendation 2)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation. Customs and Border Protection provided an estimated completion date for their workforce assessment of September 30, 2020.

Recommendation: The Secretary of DHS should ensure that the Administrator of the Federal Emergency Management Agency establishes a policy for requirements development. (Recommendation 4)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation. The Federal Emergency Management Agency plans to establish a policy for requirements development by September 30, 2020, about one year after it completes changes to its governance processes.

Recommendation: The Secretary of DHS should ensure that the Director of Immigration and Customs Enforcement establishes a policy for requirements development. (Recommendation 8)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation but has not yet taken action to implement it as of August 2020.

Recommendation: The Secretary of DHS should ensure that the Director of Immigration and Customs Enforcement establishes the planned independent requirements development organization within Immigration and Customs Enforcement. (Recommendation 9)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation but has not yet taken action to implement it as of August 2020.

Recommendation: The Secretary of DHS should ensure that the Director of Immigration and Customs Enforcement conducts a workforce assessment to account for an independent requirements organization's workforce needs. (Recommendation 10)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation but has not yet taken action to implement it as of August 2020.

Recommendation: The Secretary of DHS should ensure that the Director of Immigration and Customs Enforcement establishes component specific training for requirements development. (Recommendation 11)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation but has not yet taken action to implement it as of August 2020.

Recommendation: The Secretary of DHS should ensure that the Under Secretary of Homeland Security for the National Protection and Programs Directorate finalizes and promulgates the National Protection and Programs Directorate's draft policy for requirements development. (Recommendation 12)

Agency: Department of Homeland Security
Status: Open

Comments: The National Protection and Programs Directorate changed its name to the Cybersecurity and Infrastructure Security Agency in January 2018. DHS concurred with this recommendation. The Cybersecurity and Infrastructure Security Agency estimates that it will have a final policy by September 30, 2020.

Recommendation: The Secretary of DHS should ensure that the Under Secretary of Homeland Security for the National Protection and Programs Directorate establishes the planned independent requirements development organization within the National Protection and Programs Directorate. (Recommendation 13)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation. In January 2018, the National Protection and Programs Directorate changed its name to the Cybersecurity and Infrastructure Security Agency. The Cybersecurity and Infrastructure Security Agency estimates that it will establish an independent requirements organization by September 30, 2020.

Recommendation: The Secretary of DHS should ensure that the Under Secretary of Homeland Security for the National Protection and Programs Directorate conducts a workforce assessment to account for an independent requirements organization's workforce needs. (Recommendation 14)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation. In January 2018, the National Protection and Programs Directorate changed its name to the Cybersecurity and Infrastructure Security Agency. The Cybersecurity and Infrastructure Security Agency estimates it will complete an assessment to account for an independent requirements organization's workforce needs by September 30, 2020.

Recommendation: The Secretary of DHS should ensure that the Director of the U.S. Citizenship and Immigration Services establishes the planned independent requirements development organization within U.S. Citizenship and Immigration Services. (Recommendation 21)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation. The U.S. Citizenship and Immigration Services estimates that it will establish an independent requirements development organization by September 30, 2020.

Recommendation: The Commissioner of CBP should analyze the costs associated with future barrier segments and include cost as a factor in the Impedance and Denial Prioritization Strategy. (Recommendation 1)

Agency: Department of Homeland Security
Status: Open
Priority recommendation

Comments: In July 2018, we reported on U.S. Customs and Border Protection's (CBP) efforts to construct new physical barriers along the southwest border. We found that the Impedance and Denial Prioritization Strategy--CBP's decision support tool for prioritizing locations for barrier construction projects--did not include analysis of the costs of deploying barriers in each location, which can vary depending on topography, land ownership, and other factors. We recommended that CBP analyze the costs associated with future barrier segments and include cost as a factor in the Impedance and Denial Prioritization Strategy. CBP agreed with this recommendation. CBP officials stated that, after prioritizing locations, CBP conducts detailed cost estimates as part of the acquisitions process. As of January 2020, CBP officials stated that this cost information may affect how the construction projects are executed, but that it would not influence how CBP prioritizes barrier construction projects across various locations. As we have previously reported, organizations should use an integrated approach to the requirements, acquisitions, and budget processes to prioritize needs and allocate resources, so they can optimize return on investment, and maintain program affordability. To fully address our recommendation, Border Patrol needs to incorporate its analysis of the costs of barrier projects into its process for prioritizing locations for construction of barriers.

Recommendation: The Commandant of the Coast Guard should work with Congress to include in the Coast Guard's annual 5-year CIP a discussion of the acquisition programs it prioritized that describes how trade-off decisions made could affect other acquisition programs, such as by delaying recapitalization efforts or needing to conduct Service Life Extension Projects for legacy assets. (Recommendation 1)

Agency: Department of Homeland Security: United States Coast Guard
Status: Open

Comments: The Coast Guard agreed with this recommendation and in August 2019 officials reported that the Coast Guard is working with DHS to include additional information that addresses how trade-off decisions made could affect other major acquisition programs in future CIP reports. It anticipates including this information in the FY 2021-2025 CIP, which it expects to release in late summer 2020.

Recommendation: The Commandant of the Coast Guard should require the Executive Oversight Council, in its role to facilitate a balanced and affordable acquisition portfolio, to annually review the acquisition portfolio collectively, specifically for long-term affordability. (Recommendation 2)

Agency: Department of Homeland Security: United States Coast Guard
Status: Open

Comments: The Coast Guard disagreed with this recommendation stating that other bodies within the Coast Guard--such as the Investment Board, Deputies Council, and Investment Review Board--are responsible for making decisions regarding out-year funding, while the Executive Oversight Council works outside of the annual budget process. DHS also stated that, to meet the spirit of our recommendation, the Coast Guard will update the Executive Oversight Council's charter to require a review of the collective acquisition portfolio, specifically evaluating long-term planning. We believe that updating the Executive Oversight Council's charter to include long-term-planning is a positive step. However, we continue to believe that in addition to long-term planning, the Executive Oversight Council should include the major acquisition portfolio's budget realities faced by the Coast Guard in its reviews, or long-term affordability. If the planning accounts for long-term funding considerations to achieve the Coast Guard's acquisition goals and objectives, we believe the intent of our recommendation would be met. The Coast Guard expects to complete the update of the EOC charter by by late summer 2020.

Recommendation: The Secretary of Defense should direct the F-35 program office to resolve all critical deficiencies before making a full-rate production decision. (Recommendation 1)

Agency: Department of Defense
Status: Open

Comments: DOD concurred with our recommendation and stated that critical deficiencies would be resolved before full-rate production, due in December 2019. In May 2020, we reported that DOD delayed its full-rate production decision from December 2019 to between September 2020 and March 2021.

Recommendation: The Secretary of Defense should direct the F-35 program office to identify what steps are needed to ensure the F-35 meets reliability and maintainability requirements before each variant reaches maturity and update the Reliability and Maintainability Improvement Program with these steps. (Recommendation 2)

Agency: Department of Defense
Status: Open
Priority recommendation

Comments: DOD concurred with our recommendation. According to a DOD official, as of July 2020, the F-35 program office is in the process of revising its plan for improving the F-35's reliability and maintainability.

Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Acquisition and Sustainment to update the policy or guidance for MAIS business programs. Specifically, the update should include the following elements: (1) establishment of initial and current baseline cost and schedule estimates, (2) predetermined threshold cost and schedule estimates to identify the point when programs may be at high risk, and (3) quarterly and annual reports on the performance of programs to stakeholders. (Recommendation 1)

Agency: Department of Defense
Status: Open

Comments: In January 2020, the Under Secretary of Defense for Acquisition and Sustainment issued an updated instruction on defense business systems requirements and acquisition, which included guidance on establishing baseline cost and schedule estimates and considering progress against the baselines at key decision points. However, the instruction does not make a distinction between initial and current baselines. Further, it did not include thresholds for cost and schedule variances or specify periodic reporting of program performance information to stakeholders. According to an official in the office of the Under Secretary of Defense for Acquisition and Sustainment, the office does not intend to add the elements of the recommendation related to thresholds and reporting. Specifically, according to the official, the office considers specifying predetermined threshold cost and schedule estimates and frequency for status reporting to be matters for implementation guidance issued by department components or determined by a program decision authority. However, until the department demonstrates that it has fully addressed the recommendation, it is limited in its ability to ensure that effective system acquisition management controls are implemented for each major business system investment and that stakeholders have the information needed to make informed decisions for managing and overseeing these investments. We will continue to monitor the department's implementation of the recommendation.

Recommendation: The Secretary of Defense should direct the Director of the Defense Health Agency to direct the program manager for the Defense Healthcare Management System Modernization program to: (1) finalize and approve its requirements management plan, (2) identify and document changes that should be made to plans and work products resulting from changes to the requirements baseline, and (3) quantify costs and benefits of risk mitigation within its program-level risk mitigation plans. (Recommendation 2)

Agency: Department of Defense
Status: Open

Comments: As of November 2019, the Department of Defense had made progress addressing the intent of the recommendation related to requirements management; however, it needs to do more to improve DHMSM program risk management. Specifically, in March 2019, the DHMSM program manager approved a requirements management plan, which includes identifying and documenting changes that should be made to plans and work products resulting from changes to the baseline requirements. Specifically, it includes forward and backward configuration and change management of the baselined requirements and managing traceability of requirements to design artifacts, test cases, defects, and change requests. However, the program has not demonstrated that it quantifies costs and benefits of risk mitigation in its risk mitigation plans. Specifically, it did not demonstrate that it had updated its guidance to require that costs and benefits of risk mitigation plans be included in these plans. We will continue to monitor the department's efforts to implement the recommendation.

Recommendation: The Under Secretary for Management should require the Office of Program Accountability and Risk Management to assess the results of major acquisition programs' post-implementation reviews and identify opportunities to improve performance across the acquisition portfolio. (Recommendation 2)

Agency: Department of Homeland Security
Status: Open

Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it planned to update its policy to require more formal reporting requirements and execution criteria for post-implementation reviews. PARM also plans to initiate a study focused on assessing lessons learned and developing a tool to share them across components to improve performance of the acquisition portfolio. In February 2020, PARM approved guidance intended to standardize analysis elements for post-implementation reviews. As of July 2020, PARM was still in the process of developing a tool to share results across components, but in the interim, results from some post-implementation reviews have been shared during meetings with Component Acquisition Executives. GAO will review post-implementation reviews conducted under the new guidance and will monitor DHS's implementation of the tool to ensure the department's actions meet the intent of this recommendation.

Recommendation: The Secretary of Homeland Security should work with Congress to include O&S data in monthly execution reports at a major acquisition program level within current program/project activity accounts. (Recommendation 2)

Agency: Department of Homeland Security
Status: Open

Comments: DHS agreed with this recommendation and has indicated the OCFO budget division will develop a display that provides major acquisition program level data at the program project activity level by March 30, 2019. As of March 2020, DHS has developed these displays and is working to populate them with all components' data.

Recommendation: To mitigate the risk of poor acquisition outcomes and strengthen the department's investment decisions, the Secretary of Homeland Security should direct the Undersecretary for Management to update the acquisition policy to require that major acquisition programs' technical requirements are well defined and key technical reviews are conducted prior to approving programs to initiate product development and establishing Acquisition Program Baselines, in accordance with acquisition best practices.

Agency: Department of Homeland Security
Status: Open

Comments: In providing comments on this report, DHS concurred with our recommendation and stated that it planned to initiate a study to assess how to better align its processes for technical reviews and acquisition decisions. Upon completion of the study, DHS updated its acquisition policy instruction in May 2019, which adjusted the acquisition life cycle. Specifically, the updated instruction requires programs to conduct key technical reviews--including a preliminary design review--prior to establishing the program's Acquisition Program Baseline. As of July 2020, DHS was in the process of updating the related policies and guidance for its Systems Engineering Life Cycle, which govern the department's technical reviews. GAO will review these policies and guidance once complete to confirm alignment with the changes made to the acquisition management instruction and will monitor DHS's implementation of its new acquisition life cycle to ensure the department's actions meet the intent of this recommendation.

Recommendation: To enhance DOD's efforts to better integrate and improve intelligence support to major defense acquisition programs, and to better enable personnel to provide intelligence inputs to their portfolios of acquisition programs, the Secretary of Defense should direct--as appropriate--the Under Secretary of Defense for Acquisition, Technology, and Logistics; the Under Secretary of Defense for Intelligence; and/or the Secretaries of the military departments, in coordination with one another, to establish certifications that include having these personnel complete required training.

Agency: Department of Defense
Status: Open

Comments: The Department of Defense (DOD) concurred with the recommendation. DOD provided corrective action plans that show they expect to complete efforts that will address this recommendation in 2019. We will continue to monitor the status of DOD's actions and whether these actions address the intent of our recommendations.

Recommendation: To enhance DOD's efforts to better integrate and improve intelligence support to major defense acquisition programs, and to facilitate implementation of improved processes and procedures developed by the Acquisition Intelligence Requirements Task Force and by the Air Force for the integration of intelligence into major defense acquisition programs, the Secretary of Defense should direct--as appropriate--the Under Secretary of Defense for Acquisition, Technology, and Logistics; the Under Secretary of Defense for Intelligence; and/or the Secretaries of the military departments, in coordination with one another, to revise relevant guidance and procedures--including DOD Instruction 5000.02 and DOD Directive 5250.01-- require that intelligence mission data at the acquisition program, service, and department levels be prioritized.

Agency: Department of Defense
Status: Open

Comments: The Department of Defense (DOD) concurred with the recommendation. DOD provided corrective action plans that show they expect to complete efforts that will address this recommendation in 2019. We will continue to monitor the status of DOD's actions and whether these actions address the intent of our recommendations.

Recommendation: To enhance DOD's efforts to better integrate and improve intelligence support to major defense acquisition programs, and to better ensure that DOD obtains useful feedback from stakeholders and the intended users of the Validated Online Lifecycle Threat tool, the Secretary of Defense should direct--as appropriate--the Under Secretary of Defense for Acquisition, Technology, and Logistics; the Under Secretary of Defense for Intelligence; and/or the Secretaries of the military departments, in coordination with one another, to instruct the Director of the Defense Intelligence Agency to develop a communication plan for the tool that includes plans for communicating with and obtaining feedback from stakeholders and intended users such as acquisition program offices and personnel providing intelligence support to acquisition programs.

Agency: Department of Defense
Status: Open

Comments: The Department of Defense (DOD) concurred with the recommendation. DOD provided corrective action plans that show they expect to complete efforts that will address this recommendation by the end of 2018. We will continue to monitor the status of DOD's actions and whether these actions address the intent of our recommendations.

Recommendation: To enhance DOD's efforts to better integrate and improve intelligence support to major defense acquisition programs, and to ensure that it fulfills the needs of acquisition programs and the intelligence community and works as intended, the Secretary of Defense should direct--as appropriate--the Under Secretary of Defense for Acquisition, Technology, and Logistics; the Under Secretary of Defense for Intelligence; and/or the Secretaries of the military departments, in coordination with one another, to assess the need for the Acquisition Intelligence Support Assessment tool and, if validated by this assessment, define this tool's requirements for development and identify the entity responsible for providing oversight and funding for its continued development, implementation, and operation.

Agency: Department of Defense
Status: Open

Comments: The Department of Defense (DOD) concurred with the recommendation. DOD provided corrective action plans that show they expect to complete efforts that will address this recommendation sometime in the future. We will continue to monitor the status of DOD's actions and whether these actions address the intent of our recommendations.