Recommendation: The Secretary of Homeland Security should identify the information about family members apprehended together that its components collectively need to process those family members and communicate that information to its components. (Recommendation 1)

Agency: Department of Homeland Security
Status: Open

Comments: According to DHS, in June 2020, DHS's Office of Immigration Statistics launched a Family Status Data Standards Community of Interest (COI) under the purview of the DHS Immigration Data Integration Initiative. In August 2020, DHS reported that the Family Status COI includes subject matter experts and data system managers from DHS components, the Department of Health and Human Services, and the Executive Office for Immigration Review. The COI's mandate includes drafting common DHS-wide and interagency data standards (common codes, common definitions, common formats) for all topics related to family status, including codes to identify the reasons for family separation, members apprehended together, and unaccompanied children. DHS expects to complete these actions by September 30, 2020. Identifying and communicating department-wide information needs with respect to family members who have been apprehended together should help provide DHS with greater assurance that its components are identifying all individuals who may be eligible for relief from removal from the United States based on their family relationships.

Recommendation: The Secretary of Homeland Security should ensure that, at the time of apprehension, CBP collects the information that DHS components collectively need to process family members apprehended together. (Recommendation 2)

Agency: Department of Homeland Security
Status: Open

Comments: In commenting on a draft of our report, DHS reported that its Office of Immigration Statistics (OIS) will work with relevant components and offices to ensure all required information is collected at the time of apprehension on the Form I-213 when processing family members apprehended together. As of August 2020, DHS reported that DHS OIS continues to work with relevant components and offices to ensure all required information is collected at the time of apprehension on Form I-213 when processing family members apprehended together. DHS expects to complete these actions by September 30, 2020. Collecting information about the relationships between family members apprehended together and documenting that information on the Form I-213 could help address fragmentation among DHS components and improve the information available to other agencies.

Recommendation: The Secretary of Homeland Security should ensure that CBP documents the information that DHS components collectively need to process family members apprehended together on the Form I-213. (Recommendation 3)

Agency: Department of Homeland Security
Status: Open

Comments: In commenting on a draft of our report, DHS reported that, upon implementation of the steps the department plans to take in response to our second recommendation, CBP will issue guidance to the field to ensure that CBP agents and officers document the information that DHS components collectively need to process family members. In August 2020, DHS reported that component agencies continue to collaborate to define the process of family members apprehended together, as will be reflected on CBP Form I-213. DHS estimates issuing this guidance by March 31, 2021. Collecting information about the relationships between family members apprehended together and documenting that information on the Form I-213 could help address fragmentation among DHS components and improve the information available to other agencies.immigration or other proceedings.

Recommendation: The Secretary of Homeland Security should evaluate options for developing a unique identifier shared across DHS components' data systems to link family members apprehended together. (Recommendation 4)

Agency: Department of Homeland Security
Status: Open

Comments: In commenting on a draft of our report, DHS reported that its Office of Immigration Statistics (OIS) plans to work with relevant components to develop a unique shared identifier linking family members apprehended together. According to DHS, DHS OIS launched the Family Status Community of Interest (COI) in June 2020, and the COI has since established a bi-weekly meeting schedule. The COI's initial focus is on standard codes describing the reasons for family separations. Upon completing the family separation reason standard, DHS reported that the COI will prioritize developing common codes to identify family members apprehended together. DHS estimates completing these actions by March 31, 2021. Evaluating options for developing a shared unique family member identifier across components that would allow each component access to certain information about family members apprehended together would help bridge the information gaps about family relationships between components caused by DHS's fragmented data systems.

Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a reliable JIE cost estimate and baseline, consistent with the best practices described in this report.

Agency: Department of Defense
Status: Open

Comments: DOD partially concurred with our recommendation; however, it has not yet implemented it. In its written response to our draft report, DOD stated that its partial concurrence was due to the language we used to introduce the recommendations. Specifically, we stated that the Secretary of Defense should direct the appropriate entities to implement the recommendations. In its comments, DOD stated that the DOD Chief Information Officer (CIO) was responsible for implementing JIE, and referred to a May 2013 memo from the Deputy Secretary of Defense directing DOD components to participate in and implement JIE under the direction of the DOD CIO. In response to DOD's comments, we revised the language used to introduce our recommendations. Specifically, we revised the language to call for the Secretary to direct the DOD CIO and other entities, as appropriate, to take the recommended actions. Since we made our recommendation, the department approved a cost baseline for one of the components of JIE, the Joint Regional Security Stacks (JRSS), and developed a cost estimate for another component, the Enterprise Collaboration and Productivity Services (ECAPS) program. The ECAPS cost estimate was substantially consistent with the practices described in the report. However, the JRSS cost estimate was not developed consistent with the best practices described in the report. Specifically, the department did not demonstrate that the cost estimate was well documented, comprehensive, accurate, and credible. In May 2019, officials in the Office of the DOD CIO stated that it would provide documentation to address the gaps in the JRSS cost estimate; however, as of July 2019, DOD had not provided the documentation. The officials also stated that planning for JIE components other than JRSS and ECAPS had not begun; therefore, there were no other JIE component cost estimates. We will continue to monitor the department's efforts to implement this recommendation.

Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a JIE schedule management plan and reliable schedule, consistent with practices described in this report.

Agency: Department of Defense
Status: Open

Comments: DOD partially concurred with our recommendation; however, it has not yet implemented it. In its written response to our draft report, DOD stated that its partial concurrence was due to the language we used to introduce the recommendations. Specifically, we stated that the Secretary of Defense should direct the appropriate entities to implement the recommendations. In its comments DOD stated that the DOD Chief Information Officer (CIO) is responsible for implementing JIE, and referred to a May 2013 memo from the Deputy Secretary of Defense directing DOD components to participate in and implement JIE under the direction of the DOD CIO. In response to DOD's comments we revised the language used to introduce our recommendations. Specifically, we revised the language to call for the Secretary to direct the DOD CIO and other entities, as appropriate, to take the recommended actions. In March 2017, the JIE Executive Committee approved a schedule baseline for the Non-secure Internet Protocol Router network part of the Joint Regional Security Stacks (JRSS) component; however, the schedule was not consistent with the practices described in our report. In addition, In May 2019, officials in the Office of the DOD CIO stated that another JIE initiative, the Enterprise Collaboration and Productivity Services program, had an approved baseline schedule. However, as of July 2019, DOD had not provided the schedule.

Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a JRSS schedule management plan and reliable JRSS schedule and schedule baseline, consistent with practices described in this report.

Agency: Department of Defense
Status: Open

Comments: DOD partially concurred with our recommendation; however, it has not implemented it. In its written response to our draft report, DOD stated that its partial concurrence was due to the language we used to introduce the recommendations. Specifically, we stated that the Secretary of Defense should direct the appropriate entities to implement the recommendations. In its comments DOD stated that the DOD Chief Information Officer (CIO) is responsible for implementing JIE, and referred to a May 2013 memo from the Deputy Secretary of Defense directing DOD components to participate in and implement JIE under the direction of the DOD CIO. In response to DOD's comments we revised the language used to introduce our recommendations. Specifically, we revised the language to call for the Secretary to direct the DOD CIO and other entities, as appropriate, to take the recommended actions. In March 2017, the JIE Executive Committee approved a schedule baseline for the Non-secure Internet Protocol Router network component of JRSS; however, the schedule was not consistent with the practices described in our report. In May 2019, officials in the Office of the DOD CIO said that the JRSS schedule had not been re-baselined and the department had not developed a schedule management plan. We will continue to monitor the department's efforts to implement the recommendation.

Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to complete an assessment to determine the number of staff and the specific skills and abilities needed to effectively achieve JIE, consistent with the workforce planning practices described in this report.

Agency: Department of Defense
Status: Open

Comments: DOD partially concurred with our recommendation and has taken steps to implement it; however, more needs to be done. In its written response to our draft report, DOD stated that its partial concurrence was due to the language we used to introduce the recommendations. Specifically, we stated that the Secretary of Defense should direct the appropriate entities to implement the recommendations. In its comments, DOD stated that the DOD Chief Information Officer (CIO) is responsible for implementing the Joint Information Environment (JIE), and referred to a May 2013 memo from the Deputy Secretary of Defense directing DOD components to participate in and implement JIE under the direction of the DOD CIO. In response to DOD's comments, we revised the language used to introduce our recommendations. Specifically, we revised the language to call for the Secretary to direct the DOD CIO and other entities, as appropriate, to take the recommended actions. Since we made our recommendation, the department has developed an inventory of cybersecurity knowledge and skills of existing staff. Specifically, we reported in our June 2018 report Cybersecurity Workforce: Agencies Need to Improve Baseline Assessments and Procedures for Coding Positions (GAO-18-466) that the department had developed an assessment that included the percentage of cybersecurity personnel holding certifications and the level of preparedness of personnel without existing credentials to take certification exams. In August 2018, the office of the DOD CIO stated that the department planned to identify work roles of critical need and establish gap assessment and mitigation strategies by April 2019. However, as of July 2019, the department had not provided an update on the status of its efforts to address the recommendation.

Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a strategy for conducting JIE security assessments that describes the resources needed to execute the strategy, responsible organizations, and a schedule to complete the assessments.

Agency: Department of Defense
Status: Open

Comments: DOD partially concurred with our recommendation; however, as of August 2018, it has not provided evidence that it has addressed it. In its written response to our draft report, DOD stated that its partial concurrence was due to the language we used to introduce the recommendations. Specifically, we stated that the Secretary of Defense should direct the appropriate entities to implement the recommendations. In its comments, DOD stated that the DOD Chief Information Officer (CIO) is responsible for implementing the Joint Information Environment (JIE), and referred to a May 2013 memo from the Deputy Secretary of Defense directing DOD components to participate in and implement JIE under the direction of the DOD CIO. In response to DOD's comments, we revised the language used to introduce our recommendations. Specifically, we revised the language to call for the Secretary to direct the DOD CIO and other entities, as appropriate, to take the recommended actions. In May 2019, the office of the DOD CIO stated that it had developed a schedule to complete JIE security assessments. However, as of July 2019, the office had not provided the schedule or demonstrated that it has a strategy for conducting JIE security assessments that includes the rest of the elements of our recommendation.

Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a reliable Joint Regional Security Stacks (JRSS) cost estimate and baseline, consistent with practices described in this report.

Agency: Department of Defense
Status: Open

Comments: DOD partially concurred with our recommendation; however it has not fully implemented it. In its written response to our draft report, DOD stated that its partial concurrence was due to the language we used to introduce the recommendations. Specifically, we stated that the Secretary of Defense should direct the appropriate entities to implement the recommendations. In its comments, DOD stated that the DOD Chief Information Officer (CIO) is responsible for implementing JIE, and referred to a May 2013 memo from the Deputy Secretary of Defense directing DOD components to participate in and implement JIE under the direction of the DOD CIO. In response to DOD's comments, we revised the language used to introduce our recommendations. Specifically, we revised the language to call for the Secretary to direct the DOD CIO and other entities, as appropriate, to take the recommended actions. Since we made our recommendation, in April 2017, the JRSS program office documented the methodology, ground rules and assumptions, among other things, used to develop the cost estimate we reviewed in our report, and the JIE Executive Committee established the estimate as its JRSS cost baseline. However, the cost estimate documentation was not sufficient to address our recommendation. Specifically, it did not demonstrate that the cost estimate was well documented, comprehensive, accurate and credible. In May 2019, officials in the Office of the DOD CIO stated that it would provide documentation to address the gaps. However, as of July 2019, DOD had not provided the documentation.