Recommendations Database

Jump To:

As of January 31, 2023, there are 4840 open recommendations that still need to be addressed. 471 of these are priority recommendations, those that we believe warrant priority attention. Learn more about our priority designation on our Recommendations page.

Search for open recommendations by agency, topic, subject, or keyword/phrase below, or view all open recommendations by agency.

Skip to main search results
Clear All Filters
1 - 20 of 23 Recommendations, including 2 Priority Recommendations
Want to download a list of recommendations that includes agency with subgroups?

Aviation Security: TSA Should Assess Potential for Discrimination and Better Inform Passengers of the Complaint Process

Show
4 Open Recommendations
Agency Recommendation Status
Transportation Security Administration The Administrator of TSA should collect additional data on passenger referrals for additional screening. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Transportation Security Administration The Administrator of TSA should conduct assessments to determine the extent to which TSA's passenger screening practices comply with agency non-discrimination policies to identify any needed actions to improve compliance. (Recommendation 2)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Transportation Security Administration The Administrator of TSA should take additional actions to better inform passengers about TSA's discrimination complaint process. (Recommendation 3)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Transportation Security Administration The Administrator of TSA should strengthen TSA's ability to analyze passenger discrimination complaints, including improving the collection and tracking of complaints data, to help inform training, procedures, and other initiatives. (Recommendation 4)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Aviation Security Programs: TSA Should Clarify Compliance Program Guidance and Address User Concerns with Its Data Systems

Show
3 Open Recommendations
Agency Recommendation Status
Transportation Security Administration The TSA Administrator should, in consultation with its inspectors as well as with airports and air carriers, provide further guidance for inspectors and regulated entities indicating when an action plan may be an effective method for resolving a compliance violation. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Transportation Security Administration The TSA Administrator should ensure the Information Technology and Compliance offices conduct an assessment to identify and address user concerns as PARIS transitions to the new platform. (Recommendation 2)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Transportation Security Administration The Administrator of TSA should ensure the Information Technology office identify, document, and share lessons learned from the agency's experiences transitioning the PARIS, LInKS, and GRADS data systems to a new platform in advance of future transitions. (Recommendation 3)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

DHS Privacy: Selected Component Agencies Generally Provided Oversight of Contractors, but Further Actions Are Needed to Address Gaps

Show
1 Open Recommendations
Agency Recommendation Status
Transportation Security Administration The Administrator of the Transportation Security Administration should direct the TSA Privacy Office to ensure the evaluation of proposed new instances of sharing personally identifiable information with third parties are fully documented. (Recommendation 7)
Open

As of April 2022, TSA has not provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.

Aviation Security Technology: TSA Lacks Outcome-oriented Performance Measures and Data to Help Reach Objectives to Diversify its Marketplace

Show
2 Open Recommendations
Agency Recommendation Status
Transportation Security Administration The TSA Administrator should develop outcome-oriented performance measures to help TSA assess the effectiveness of its strategic initiatives in diversifying its marketplace. (Recommendation 1)
Open

TSA response: Concur. TSA's Office of Strategy, Policy Coordination, and Innovation (SP&I) leads TSA's effort to assess the effectiveness of the 12 initiatives to increase small business participation in the security technology marketplace. As of March 2021, SP&I plans to develop outcome-oriented performance measures and methodologies to assess the effectiveness of diversifying its marketplace and intends to tracks this information for senior leadership on a quarterly basis using a dashboard or similar method. As of August 2021, TSA identified performance measures under development to assess

Transportation Security Administration The TSA Administrator should collect data, where appropriate, on small businesses' progress across its acquisition phases to determine how, where, and when it can better target its strategic initiatives or if other initiatives should be considered. (Recommendation 2)
Open

TSA response: Concur. TSA's Office of Strategy, Policy Coordination, and Innovation (SP&I) leads an effort to evaluate existing data collection measures and methodologies. As of March 2021, TSA is in the process of exploring new measures and methods to monitor small businesses' progress in the security technology acquisitions lifecycle. As of August 2021, TSA continues focusing on ways to attract a more comprehensive collection of solutions and, where applicable, spur the marketplace with available tools. For example, TSA's SP&I and Offices of Requirements and Capabilities Analysis

TSA Acquisitions: TSA Needs to Establish Metrics and Evaluate Third Party Testing Outcomes for Screening Technologies

Show
2 Open Recommendations
Agency Recommendation Status
Transportation Security Administration When performance metrics have been established, the Administrator of TSA should assess gains in efficiency resulting from third party testing. (Recommendation 2)
Open

TSA concurred with this recommendation. TSA's Test and Evaluation (T&E) Division assessed security technology qualification testing activities conducted from October 2020 to January 2022 for efficiency gains using the established metrics, the number of retests performed and test cycle duration. In February 2022, TSA T&E Officials reported that there have been no instances of third party testers used during the assessment period and do not anticipate vendors voluntarily choosing to do so. As such, TSA T&M officials reported no assessed impact of third party testing on the established metrics

Transportation Security Administration The Administrator of TSA should assess whether third party testing contributes to its goals of increasing supplier diversity and innovation. (Recommendation 3)
Open

TSA concurred with our recommendation. Since October 2020, TSA's Test and Evaluation (T&E) Division continues to conduct qualification testing for security technologies. TSA T&E officials reported that during their assessment period, October 2020 through January 2022, no vendors elected to use third party testers. In February 2022, TSA T&E officials reported that they found no evidence of third party testing contributing to supplier diversity or innovation goals at this time. GAO will continue to monitor.

Passenger Rail Security: TSA Engages with Stakeholders but Could Better Identify and Share Standards and Key Practices

Show
1 Open Recommendations
Agency Recommendation Status
Transportation Security Administration The TSA Administrator should update the BASE cybersecurity template to ensure it reflects cybersecurity key practices, including the Detect and Recover functions outlined in the NIST Cybersecurity Framework. (Recommendation 2)
Open

We found that the Transportation Security Administration's (TSA) Baseline Assessment for Security Enhancement (BASE) template did not fully reflect current industry cybersecurity standards and key practices. We recommended that TSA update cybersecurity questions in the BASE template to align more closely with the National Institute of Standards and Technology's (NIST) Cybersecurity Framework, including the Detect and Recover functions. In response to this recommendation, TSA reported that it convened a working group to review the cybersecurity section of the Mass Transit and Passenger Rail

Aviation Security: TSA Should Ensure Screening Technologies Continue to Meet Detection Requirements after Deployment

Show
3 Open Recommendations
Agency Recommendation Status
Transportation Security Administration The TSA Administrator should require and ensure that TSA officials document their assessments of risk and the rationale—including the assumptions, methodology, and uncertainty considered—behind decisions to deploy screening technologies. (Recommendation 3)
Open

In December 2019, we reported that TSA's process for incorporating risk into its plans for deploying screening technologies to specific airports lacks transparency. Officials said their discussions with security and intelligence officials about deployment strategies-including relevant risk information-are generally informal and not documented. Consequently, we recommended that TSA should require and ensure that agency officials document their assessments of risk and the rationale behind decisions to deploy screening technologies. In September 2021, TSA provided the Requirements and

Transportation Security Administration The TSA Administrator should develop a process to ensure that screening technologies continue to meet detection requirements after deployment to commercial airports. (Recommendation 4)
Open – Partially Addressed

In December 2019, we reported that TSA practices do not ensure that screening technologies continue to meet detection requirements after they have been deployed to airports. We recommended that TSA develop a process to ensure that screening technologies continue to meet detection requirements after deployment to commercial airports. In May 2020, TSA provided the Post Implementation and Periodic Review Policy (APM-20-031). According to the Policy, TSA will use Post Implementation Reviews (PIR) to explain how screening technology performance, including detection, is to be assessed over time

Transportation Security Administration The TSA Administrator should implement the process it develops to ensure that screening technologies continue to meet detection requirements after deployment to commercial airports. (Recommendation 5)
Open

In December 2019, we reported that TSA practices do not ensure that screening technologies continue to meet detection requirements after they have been deployed to airports. In April 2020, TSA issued policy for developing individual Post Implementation Reviews (PIR) for all screening technologies. According to TSA, the PIRs are to explain how the agency will assess performance after the deployment of each technology, including detection over time. Since TSA cannot use live explosives or simulants to test screening technology, the agency plans to measure, for each technology, the performance of

Aviation Security: TSA Coordinates with Stakeholders on Changes to Screening Rules but Could Clarify Its Review Processes and Better Measure Effectiveness

Show
1 Open Recommendations
Agency Recommendation Status
Transportation Security Administration The Administrator of TSA should explore additional data sources measuring the effectiveness of Silent Partner and Quiet Skies rules. (Recommendation 3)
Open – Partially Addressed

In November 2019, we reported that TSA had not identified a means to comprehensively measure the effectiveness of their Quiet Skies and Silent Partner passenger screening rules. Given the TSA resources being devoted to the enhanced screening and in-flight monitoring of many passengers matching the Silent Partner and Quiet Skies Lists, and the burden on the traveling public, we found that it was important that TSA understand the value of its screening rules programs. Consequently, we recommended that the Administrator of TSA explore additional data sources measuring the effectiveness of Silent

Critical Infrastructure Protection: Key Pipeline Security Documents Need to Reflect Current Operating Environment

Show
1 Open Recommendations
Agency Recommendation Status
Transportation Security Administration The TSA Administrator should periodically review, and as appropriate, update the 2010 Pipeline Security and Incident Recovery Protocol Plan to ensure the plan reflects relevant changes in pipeline security threats, technology, federal law and policy, and any other factors relevant to the security of the nation's pipeline systems. (Recommendation 5)
Open – Partially Addressed

As of January 2023, TSA officials reported that they completed a review of the Pipeline Security Incident Recovery Protocol Plan and determined that updates are needed. According to the officials, the Protocol Plan is being revised to bring it into conformity with several national level policy documents, such as the National Response Framework, the National Cybersecurity Incident Response Plan, and the National Terrorism Advisory System. The officials stated that they anticipate completion of the updated Protocol Plan by July 2023. Once the updated Protocol Plan is completed, we will review it

Critical Infrastructure Protection: Actions Needed to Address Significant Weaknesses in TSA's Pipeline Security Program Management

Show
2 Open Recommendations
2 Priority
Agency Recommendation Status
Transportation Security Administration
Priority Rec.
This is a priority recommendation.
The TSA Administrator should direct the Security Policy and Industry Engagement's Surface Division to identify or develop other data sources relevant to threat, vulnerability, and consequence consistent with the National Infrastructure Protection Plan and DHS critical infrastructure risk mitigation priorities and incorporate that data into the Pipeline Relative Risk Ranking Tool to assess relative risk of critical pipeline systems, which could include data on prior attacks, natural hazards, feedback data on pipeline system performance, physical pipeline condition, and cross-sector interdependencies. (Recommendation 6)
Open

As of January 2023, TSA officials reported seeking input from multiple sources of information that could be used to address this recommendation, including the Department of Transportation's Pipeline and Hazardous Materials Administration, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, the Department of Energy and the Federal Energy Regulatory Commission, as well as the industry-led Oil and Natural Gas Sector Coordinating Council. However, TSA officials also reported that after examining the relative costs of integrating and maintaining non-security

Transportation Security Administration
Priority Rec.
This is a priority recommendation.
The TSA Administrator should direct the Security Policy and Industry Engagement's Surface Division to take steps to coordinate an independent, external peer review of its Pipeline Relative Risk Ranking Tool, after the Pipeline Security Branch completes enhancements to its risk assessment approach. (Recommendation 7)
Open

As of January 2023, TSA officials reported that conducting an independent, external peer review of its Pipeline Relative Risk Ranking Tool is contingent upon completion of our recommended enhancements to the Tool. However, TSA officials also reported that although they acknowledge there is some value in an independent review, the officials do not believe it is necessary or justified when weighed against competing funding and personnel requirements. To fully implement this recommendation, we agree that implementing enhancements to TSA's risk assessment approach is necessary before launching a

Note: the list of open recommendations for the last report may continue on the next page.

Have a Question about a Recommendation?

For questions about a specific recommendation, contact the person or office listed with the recommendation. For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.