Recommendation: The Director of the Federal Insurance Office should publicly communicate information about when it is considering certifying an event as an act of terrorism under TRIA. (Recommendation 1)

Agency: Department of the Treasury: Office of the Under Secretary for Domestic Finance: Office of the Assistant Secretary for Financial Institutions: Office of Financial Institutions Policy: Federal Insurance Office
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Director of the Federal Insurance Office should document an agreement with DHS about DHS's role, and how the agencies share information, during the process of certifying an event as an act of terrorism under TRIA. (Recommendation 2)

Agency: Department of the Treasury: Office of the Under Secretary for Domestic Finance: Office of the Assistant Secretary for Financial Institutions: Office of Financial Institutions Policy: Federal Insurance Office
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Director of the Federal Insurance Office should document an agreement with DOJ about DOJ's role, and how the agencies share information, during the process of certifying an event as an act of terrorism under TRIA. (Recommendation 3)

Agency: Department of the Treasury: Office of the Under Secretary for Domestic Finance: Office of the Assistant Secretary for Financial Institutions: Office of Financial Institutions Policy: Federal Insurance Office
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The Director of the Federal Insurance Office should communicate to insurers in writing how it would utilize policyholder retention amounts in calculating "insurance losses" and "insured losses" in determining the program certification threshold, trigger, and cap, as applicable. (Recommendation 1)

Agency: Department of the Treasury: Office of the Under Secretary for Domestic Finance: Office of the Assistant Secretary for Financial Institutions: Office of Financial Institutions Policy: Federal Insurance Office
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The TSA Administrator should update the BASE cybersecurity template to ensure it reflects cybersecurity key practices, including the Detect and Recover functions outlined in the NIST Cybersecurity Framework. (Recommendation 2)

Agency: Department of Homeland Security: Transportation Security Administration
Status: Open

Comments: TSA concurred with this recommendation and said it would take steps to implement it by updating the BASE Cybersecurity Security Action Item section to ensure it reflects the NIST Cybersecurity Framework Detect and Recover functions. When we confirm what actions TSA has taken in response to this recommendation, we will provide updated information.

Recommendation: The Attorney General should direct the Bureau of Justice Assistance to enhance quality checks to ensure the accuracy of information in its 180-day reports about Public Safety Officers' Benefits claims related to public safety officers affected by 9/11. (Recommendation 1)

Agency: Department of Justice
Status: Open

Comments: The Bureau of Justice Assistance agreed with this recommendation. The agency said it will develop and implement quality checks to confirm the accuracy of information reported in the 180-day reports related to PSOB 9/11 claims. We will consider closing this recommendation when this effort is completed.

Recommendation: The Assistant Secretary for Countering Weapons of Mass Destruction should develop a strategy and implementation plan to help the Department of Homeland Security, among other things, guide, support, integrate and coordinate its chemical defense programs and activities; leverage resources and capabilities; and provide a roadmap for addressing any identified gaps. (Recommendation 1)

Agency: Department of Homeland Security: Countering Weapons of Mass Destruction Office
Status: Open
Priority recommendation

Comments: DHS agreed with GAO's September 2018 recommendation and is taking actions to address it. Countering Weapons of Mass Destruction Office (CWMD) officials stated in December 2018 that CWMD plans to develop a strategy and implementation plan to help DHS guide, support, integrate and coordinate its chemical defense programs and activities; leverage resources and capabilities; and provide a roadmap for addressing any identified gaps. According to CWMD officials, the implementation plan would broadly address DHS chemical defense activities and programs to prevent, protect against, and respond to chemical incidents, including support to federal, state, tribal, and territorial operators and agencies, as well as the private sector. CWMD officials provided GAO with the completed strategy in December 2019 and plan to complete the implementation plan by December 2020. The strategy includes four overarching goals that will drive CWMD's mission in protecting American safety and security from chemical threats and incidents. We will continue to monitor the status of the implementation plan, as completion of both documents is essential to help the CWMD Office guide DHS's efforts to address fragmentation and coordination issues and would be consistent with the office's aim to establish a coherent mission.

Recommendation: The Director of DHS's National Protection and Programs Directorate's Infrastructure Security Compliance Division (ISCD) should incorporate vulnerability into the CFATS site security scoring methodology to help measure the reduction in the vulnerability of high-risk facilities to a terrorist attack, and use that data in assessing the CFATS program's performance in lowering risk and enhancing national security. (Recommendation 1)

Agency: Department of Homeland Security
Status: Open

Comments: DHS concurred with this recommendation and has taken steps to implement and monitor two new performance metrics intended to better demonstrate the CFATS program's effectiveness in enhancing national security and reducing national risk. Specifically, according to DHS, these new performance metrics allow for the (1) evaluation of the progress individual facilities have made in enhancing their security while part of the CFATS program, and (2) comparison of the security measures employed by CFATS-covered chemical facilities upon first entering the program against the improved and enhanced security measures contained in their approved CFATS security plans. DHS began reporting the two measures, "Average score of approved Site Security Plans" and "Average score of initial Site Security Plans", for the first quarter of fiscal year 2019. DHS stated that these measures will be used to demonstrate the percent increase in security score of facilities' security plans, resulting in a representation of the increase in the security posture across the facility population, which will be used internally to assess progress. GAO continues to monitor the results of these two new performance metrics.