Reports & Testimonies

  1. Share with Facebook 
  2. Share with Twitter 
  3. Share with LinkedIn 
  4. Share with mail 

Recommendations Database

GAO’s recommendations database contains report recommendations that still need to be addressed. GAO’s priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. Below you can search only priority recommendations, or search all recommendations.

Our recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Moreover, when implemented, some of our priority recommendations can save large amounts of money, help Congress make decisions on major issues, and substantially improve or transform major government programs or agencies, among other benefits.

As of October 25, 2020, there are 4812 open recommendations, of which 473 are priority recommendations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented.

Browse or Search Open Recommendations

Search


Have a Question about a Recommendation?

  • For questions about a specific recommendation, contact the person or office listed with the recommendation.
  • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.

« Back to Results List Sort by   

Results:

Federal Agency: "Department of Commerce: National Institute of Standards and Technology: Office of the Director"

1 publication with a total of 1 open recommendation
Download these results in CSV format or XLSX format.
Critical Infrastructure Protection: Additional Actions Needed to Identify Framework Adoption and Resulting Improvements
GAO-20-299, Feb 25, 2020
Director: Vijay A. D'Souza
Phone: (202) 512-6240

1 open recommendations
Display
Recommendation: The Director of NIST should establish time frames for completing NIST's initiatives, to include the information security measurement program and the cybersecurity framework starter profile, to enable the identification of sector-wide improvements from using the framework in the protection of critical infrastructure from cyber threats. (Recommendation 1)

Agency: Department of Commerce: National Institute of Standards and Technology: Office of the Director
Status: Open

Comments: In written comments provided in July 2020, the Department of Commerce (Commerce) stated that it agreed with our recommendation. It noted that to further establish its Cybersecurity Measurement program, the National Institute of Standards and Technology (NIST) will document its Cybersecurity Measurement program's scope, objectives, and approach, including an inventory of existing measurement resources. Additionally, to further amplify small business awareness of cybersecurity, and of the Cybersecurity Framework, it noted that NIST will develop and publish two Cybersecurity Framework starter profiles tailored toward risk management of business processes important to small business owners. The expected completion date is September 2020.