Recommendations Database

Jump To:

As of January 31, 2023, there are 4839 open recommendations that still need to be addressed. 470 of these are priority recommendations, those that we believe warrant priority attention. Learn more about our priority designation on our Recommendations page.

Search for open recommendations by agency, topic, subject, or keyword/phrase below, or view all open recommendations by agency.

Skip to main search results
Clear All Filters
1 - 20 of 60 Recommendations, including 3 Priority Recommendations
Want to download a list of recommendations that includes agency with subgroups?

Department of Energy Contracting: Additional Actions Could Further Strengthen Competition

Show
3 Open Recommendations
Agency Recommendation Status
National Nuclear Security Administration The Associate Administrator for NNSA's Office of Partnership and Acquisition Services should hold periodic meetings to share information with industry about how competitions are conducted and how offers are evaluated, including any changes in agency practices. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

National Nuclear Security Administration The Associate Administrator for NNSA's Office of Partnership and Acquisition Services should use structured mechanisms for soliciting information on how entities decide whether to submit an offer for a solicitation, such as through periodic reverse industry day events. (Recommendation 4)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

National Nuclear Security Administration The Associate Administrator for NNSA's Office of Partnership and Acquisition Services should document the types of scoping alternatives that contracting officials should consider as part of acquisition planning for M&O contracts and how to take into account a competition's goals when considering alternatives. (Recommendation 7)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Nuclear Weapons: NNSA Does Not Have a Comprehensive Schedule or Cost Estimate for Pit Production Capability

Show
1 Open Recommendations
Agency Recommendation Status
National Nuclear Security Administration The NNSA Administrator should ensure the head of the Plutonium Modernization program develops a life cycle cost estimate for establishing NNSA's pit production capability that aligns with GAO cost estimating best practices. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

National Nuclear Security Administration: Fully Incorporating Key Practices for Agency Reform Would Benefit Any Future Organizational Changes

Show
2 Open Recommendations
Agency Recommendation Status
National Nuclear Security Administration The Administrator should update NNSA's organizational change policy to fully align it, and relevant internal procedures, with selected key practices for agency reform. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

National Nuclear Security Administration The Administrator should establish specific outcome-oriented goals and performance measures for NNSA's July 2022 reorganization. (Recommendation 2)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Nuclear Weapons Cybersecurity: NNSA Should Fully Implement Foundational Cybersecurity Risk Management Practices

Show
9 Open Recommendations
Agency Recommendation Status
National Nuclear Security Administration The NNSA Administrator should promptly finalize its planned revision of Supplemental Directive 205.1, Baseline Cybersecurity Program, to include the most relevant federal cybersecurity requirements and review the directive at least every 3 years. (Recommendation 1)
Open

NNSA agreed with our recommendation and, in November 2022, stated that the agency intended to issue a revised version of SD 205.1 by April 30, 2023, and that it would schedule it for review every 3 years thereafter. We will follow up with NNSA in 2023 to determine whether NNSA has taken action consistent with this recommendation.

National Nuclear Security Administration The NNSA Administrator should direct NNSA's Office of Information Management, and the site contractors that have not done so, to develop and maintain cybersecurity continuous monitoring strategies that address all elements from NIST guidance. (Recommendation 2)
Open

NNSA agreed with our recommendation and, in November 2022, stated that a forthcoming version of SD 205.1--which it intends to issue by April 30, 2023--will address this recommendation. We will follow up with NNSA in 2023 to determine whether the agency has taken action consistent with this recommendation.

National Nuclear Security Administration The NNSA Administrator should direct NNSA's Office of Information Management, and the site contractors that have not done so, to identify and assign all risk management roles and responsibilities called for in NIST guidance. (Recommendation 3)
Open

NNSA agreed with our recommendation and, in November 2022, stated that a revised version of SD 205.1--which it intends to issue by April 30, 2023--would address this recommendation. We will follow up with NNSA in 2023 to determine whether the agency has taken action consistent with this recommendation.

National Nuclear Security Administration The NNSA Administrator should direct that the site contractors that have not done so maintain a site-wide cybersecurity risk management strategy that addresses all elements from NIST guidance and perform periodic reviews at least annually. (Recommendation 4)
Open

NNSA agreed with our recommendation and, in November 2022, stated that a revised version of SD 205.1--which it intends to issue by April 30, 2023--would address this recommendation. We will follow up with NNSA in 2023 to determine whether the agency has taken action consistent with this recommendation.

National Nuclear Security Administration The NNSA Administrator should direct the Office of Information Management to identify the needed resources to implement foundational practices for the OT environment, such as by developing an OT activity business case for consideration in NNSA's planning, programming, budgeting, and evaluation process. (Recommendation 5)
Open

NNSA agreed with our recommendation and, in November 2022, stated that needed resources would be identified for developing an OT business case for use in the budgeting process. NNSA estimated it would complete this work by April 30, 2023. We will follow up with NNSA in 2023 to determine whether the agency has taken action consistent with this recommendation.

National Nuclear Security Administration The Director of NNSA's Office of Defense Programs should establish a cybersecurity risk management strategy for nuclear weapons information technology that includes all elements from NIST guidance. (Recommendation 6)
Open

NNSA agreed with our recommendation and, in November 2022, stated that it will develop a cybersecurity risk management strategy for nuclear weapons information technology. NNSA estimated it would complete this work by September 30, 2023. We will follow up with NNSA in 2023 to determine whether the agency has taken action consistent with this recommendation.

National Nuclear Security Administration The Director of NNSA's Office of Acquisition and Project Management should clarify and reinforce to the M&O contractors, such as by a policy flash or other communication, that they are required to monitor subcontractor's cybersecurity measures. (Recommendation 7)
Open

NNSA agreed with our recommendation and, in November 2022, stated that after it issues a revised version of SD 205.1, it will issue a policy flash to clarify the requirement and remind M&O contractors that they should be monitoring subcontractor cybersecurity. NNSA estimated it would complete this work by May 31, 2023. We will follow up with NNSA in 2023 to determine whether the agency has taken action consistent with this recommendation.

National Nuclear Security Administration The Director of NNSA's Office of Acquisition and Project Management should include performance criteria evaluating contractor oversight of subcontractor cybersecurity measures in the annual M&O contractor performance evaluation process. (Recommendation 8)
Open

NNSA agreed with our recommendation and, in November 2022, stated that NNSA will update the fiscal year 2023 Cybersecurity Program Execution Guidance to clarify and reinforce the responsibilities of M&O contractors to monitor subcontractors' cybersecurity measures. We will follow up with NNSA in 2023 to determine whether the agency has taken action consistent with this recommendation.

National Nuclear Security Administration The NNSA Administrator should direct Information Management and the Office of Acquisition and Project Management to ensure that Supplemental Directive 205.1 contains language requiring third-party validation of contractor and subcontractor cybersecurity measures. (Recommendation 9)
Open

NNSA agreed with our recommendation and, in November 2022, stated that a forthcoming version of SD 205.1--which it intends to issue by April 30, 2023--will address this recommendation. We will follow up with NNSA in 2023 to determine whether the agency has taken action consistent with this recommendation.

Financial Management: DOE and NNSA Have Opportunities to Improve Management of Carryover Balances

Show
2 Open Recommendations
Agency Recommendation Status
National Nuclear Security Administration The NNSA Associate Administrator for Management and Budget, with input from pertinent NNSA program offices, should either document the basis of support for the 45 percent threshold that NNSA uses to identify and assess uncosted carryover balances related to the NNSA-specific costing category for weapon modernization programs or revise the threshold, and document the methodology and analysis supporting the agency's decisions. (Recommendation 3)
Open

NNSA concurred with GAO's recommendation and estimated it would take action in response by June 2023. As of December 2022, we continue to monitor NNSA's efforts to address this recommendation.

National Nuclear Security Administration The NNSA Associate Administrator for Management and Budget, with input from relevant NNSA program offices, should periodically reassess the target threshold that NNSA uses to identify and assess uncosted carryover balances related to its weapon modernization programs to ensure that it reflects the current budgetary environment, including with respect to any assumptions made about the duration of continuing resolutions, and either revalidate or revise the threshold. (Recommendation 5)
Open

NNSA concurred with GAO's recommendation and estimated it would take action in response by June 2023. As of December 2022, we continue to monitor NNSA's efforts to address this recommendation.

Nuclear Security Enterprise: NNSA Could Enhance Its Evaluation of Manufacturing-Related R&D Performance

Show
2 Open Recommendations
Agency Recommendation Status
National Nuclear Security Administration The Deputy Administrator for the National Nuclear Security Administration's Office of Defense Programs should fully develop and document the process for evaluating the performance of the AMD R&D portfolio. (Recommendation 1)
Open

In its comments on the report, NNSA agreed with the recommendation and estimated that it would address the recommendation by September 2023. We will monitor NNSA's activities to address this recommendation.

National Nuclear Security Administration The Deputy Administrator for the National Nuclear Security Administration's Office of Defense Programs should develop measures for assessing progress on long-term R&D goals and priorities for the AMD program. (Recommendation 2)
Open

In its comments on the report, NNSA agreed with the recommendation and estimated that it would address the recommendation by September 2023. We will monitor NNSA's activities to address this recommendation.

National Nuclear Security Administration: Actions Needed to Improve Usefulness of Common Financial Data

Show
1 Open Recommendations
Agency Recommendation Status
National Nuclear Security Administration NNSA's Deputy Associate Administrator for Management and Budget, as chair of NNSA's Financial Integration Executive Committee, should define and communicate goals and expectations for using the common financial reporting data. (Recommendation 2)
Open

NNSA concurred with this recommendation. In comments on our draft report, officials stated that NNSA plans to complete actions to address this recommendation by September 30, 2022.

Note: the list of open recommendations for the last report may continue on the next page.

Have a Question about a Recommendation?

For questions about a specific recommendation, contact the person or office listed with the recommendation. For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.