GAO’s recommendations database contains report recommendations that still need to be addressed.
GAO’s priority recommendations are those that we believe warrant priority attention.
We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues.
Below you can search only priority recommendations, or search all recommendations.
Our recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations.
Moreover, when implemented, some of our priority recommendations can save large amounts of money, help Congress make decisions on major issues, and substantially improve or transform major government programs or agencies, among other benefits.
As of June 17, 2020, there are 4969 open recommendations, of which 518 are priority recommendations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented.
Browse or Search Open Recommendations
Have a Question about a Recommendation?
For questions about a specific recommendation, contact the person or office listed with the recommendation.
For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or firstname.lastname@example.org.
Recommendation: The Director of OMB should establish a process for monitoring and holding agencies accountable for authorizing cloud services through FedRAMP. (Recommendation 1)
Agency: Executive Office of the President: Office of Management and Budget: Office of the Director Status: Open Priority recommendation
Comments: To fully implement this recommendation, OMB needs to collect data on the extent to which federal agencies are using cloud services authorized outside of FedRAMP and oversee agencies' compliance with using the program. OMB neither agreed nor disagreed with this recommendation. According to an OMB Associate General Counsel, the agency does not have a mechanism for enforcing agencies' compliance with its guidance on FedRAMP. However, we believe that OMB can and should hold agencies accountable for complying with its policies. By implementing this recommendation, OMB could substantially improve participation in the FedRAMP program, which is intended to standardize security requirements for federal agencies' authorizations of cloud services. OMB has not provided information on its actions to implement our recommendation. We will update the status of this recommendation once OMB provides information on its corrective actions.
Recommendation: The Director of OMB should expand its coordination of CyberStat review meetings for those agencies with a demonstrated need for assistance in implementing information security. (Recommendation 2)
Agency: Executive Office of the President: Office of Management and Budget Status: Open Priority recommendation
Comments: In January 2020, OMB officials stated that they have incorporated agency feedback for enhancing the CyberStat program into an updated concept of operations document that is currently in draft. To consider this recommendation fully implemented, OMB needs to provide us with an updated concept of operations document for the CyberStat program, and demonstrate the expansion of CyberStat review meetings to agencies that require additional assistance due to persistent information security deficiencies.