Reports & Testimonies

  1. Share with Facebook 
  2. Share with Twitter 
  3. Share with LinkedIn 
  4. Share with mail 

Recommendations Database

GAO’s recommendations database contains report recommendations that still need to be addressed. GAO’s priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. Below you can search only priority recommendations, or search all recommendations.

Our recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Moreover, when implemented, some of our priority recommendations can save large amounts of money, help Congress make decisions on major issues, and substantially improve or transform major government programs or agencies, among other benefits.

As of October 25, 2020, there are 4812 open recommendations, of which 473 are priority recommendations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented.

Browse or Search Open Recommendations

Search


Have a Question about a Recommendation?

  • For questions about a specific recommendation, contact the person or office listed with the recommendation.
  • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.

« Back to Results List Sort by   

Results:

Subject Term: "Computer network protocols"

2 publications with a total of 3 open recommendations
Download these results in CSV format or XLSX format.
Passenger Rail Security: TSA Engages with Stakeholders but Could Better Identify and Share Standards and Key Practices
GAO-20-404, Apr 3, 2020
Director: Triana McNeil
Phone: (202) 512-8777

1 open recommendations
Display
Recommendation: The TSA Administrator should update the BASE cybersecurity template to ensure it reflects cybersecurity key practices, including the Detect and Recover functions outlined in the NIST Cybersecurity Framework. (Recommendation 2)

Agency: Department of Homeland Security: Transportation Security Administration
Status: Open

Comments: TSA concurred with this recommendation and said it would take steps to implement it by updating the BASE Cybersecurity Security Action Item section to ensure it reflects the NIST Cybersecurity Framework Detect and Recover functions. When we confirm what actions TSA has taken in response to this recommendation, we will provide updated information.
Internet of Things: Enhanced Assessments and Guidance Are Needed to Address Security Risks in DOD
GAO-17-668, Jul 27, 2017
Director: Kirschbaum, Joseph W
Phone: (202) 512-9971

2 open recommendations
Display
Recommendation: The Under Secretary of Defense for Intelligence, in coordination with the DOD Chief Information Officer, the Under Secretaries of Defense for Policy; Acquisition, Technology, and Logistics; and Personnel and Readiness; and with military service and agency stakeholders, should conduct operations security surveys that identify IoT security risks and protect DOD information and operations, in accordance with DOD guidance, or address operations security risks posed by IoT devices through other DOD risk assessments.

Agency: Department of Defense: Office of the Under Secretary of Defense for Intelligence
Status: Open

Comments: DOD concurred with this recommendation. We reached out to DOD in August 2018 on this recommendation and are awaiting their response.
Recommendation: The Principal Cyber Advisor, in coordination with the DOD Chief Information Officer; the Under Secretaries of Defense for Policy; Intelligence; Acquisition, Technology, and Logistics; and Personnel and Readiness; and with military service and agency stakeholders, should (1) review and assess existing departmental security policies and guidance--on cybersecurity, operations security, physical security, and information security--that may affect IoT devices; and (2) identify areas where new DOD policies and guidance may be needed--including for specific IoT devices, applications, or procedures--and where existing security policies and guidance can be updated to address IoT security concerns.

Agency: Department of Defense: Office of the Principal Cyber Advisor to the Secretary of Defense
Status: Open

Comments: DOD concurred with this recommendation. DOD has implemented one geo-location policy in 2018 relating to operations security that addresses a portion of this recommendation.