Recommendations Database

Jump To:

As of January 31, 2023, there are 4840 open recommendations that still need to be addressed. 471 of these are priority recommendations, those that we believe warrant priority attention. Learn more about our priority designation on our Recommendations page.

Search for open recommendations by agency, topic, subject, or keyword/phrase below, or view all open recommendations by agency.

Skip to main search results
Clear All Filters
1 - 17 of 17 Recommendations, including 0 Priority Recommendations

Cybersecurity: Secret Service Has Made Progress Toward Zero Trust Architecture, but Work Remains

Show
2 Open Recommendations
Agency Recommendation Status
United States Secret Service The Director of the Secret Service should instruct the agency's chief information officer to implement outstanding Office of Management and Budget requirements for transitioning to IPv6, particularly in regard to upgrading its public-facing systems. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

United States Secret Service The Director of the Secret Service should instruct the agency's chief information officer to update its ZTA implementation plan to include all efforts associated with the transition to ZTA. (Recommendation 2)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Law Enforcement: Federal Agencies Should Improve Reporting and Review of Less-Lethal Force

Show
1 Open Recommendations
Agency Recommendation Status
United States Secret Service The Director of USSS should modify policies and procedures to ensure that relevant officials document their determination on whether less-lethal force was used in accordance with agency policy. (Recommendation 10)
Open

Starting in December 2022, the U.S. Secret Service (USSS) began to roll out a new electronic use of force reporting system. This system replaces USSS's prior method of documenting use of force incidents, which was through an unstructured memorandum that consists of an open narrative and does not include any required fields. All reportable use of force incidents must be entered into the new system beginning January 1, 2023.As of December 2022, we have requested additional information to understand how the system will ensure that relevant officials document their determination on whether less

Facial Recognition Technology: Federal Law Enforcement Agencies Should Better Assess Privacy and Other Risks

Show
1 Open Recommendations
Agency Recommendation Status
United States Secret Service The Director of the Secret Service should, after implementing a mechanism to track non-federal systems, assess the risks of using such systems, including privacy and accuracy-related risks. (Recommendation 12)
Open

According to the agency, the Investigative Support Division and the Criminal Investigative Division will work with the Privacy Office to determine the appropriate frequency of internal case management system audits to review the usage of facial recognition technology by Secret Service employees. In addition to these audits, the agency reported that its Investigative Support Division will collaborate with the Privacy Office to draft a mandatory privacy compliance document. According to the agency, the compliance document will include Privacy Threshold Analyses and Privacy Impact Assessments

U.S. Secret Service: Investigative Operations Confer Benefits, but Additional Actions Are Needed to Prioritize Resources

Show
2 Open Recommendations
Agency Recommendation Status
United States Secret Service The Director of the Secret Service should establish a documented process to ensure that Office of Investigations resources are aligned with priority criminal threats. The process should outline key information to be included in plans for addressing priority threats. (Recommendation 3)
Open

As of March 2022, Secret Service has provided strategic plans related to investigative priorities and staffing management and has held discussions with GAO regarding actions needed. However, the strategic plans do not establish a documented process for ensuring that resources are aligned with priority threats. The recommendation therefore remains open and actions taken remain under review.

United States Secret Service The Director of the Secret Service should identify investigations that address priority criminal threats agencywide and collect data on the resources expended to investigate the threats. (Recommendation 4)
Open

As of March 2022, Secret Service has provided strategic plans related to investigative priorities and staffing management and has held discussions with GAO regarding actions needed.. However, the strategic plans do not document how investigations that address priority criminal threats will be identified, and as a result, no data is available on such investigations. The recommendation therefore remains open and actions taken remain under review.

U.S. Secret Service: Further Actions Needed to Fully Address Protective Mission Panel Recommendations

Show
2 Open Recommendations
Agency Recommendation Status
United States Secret Service The Director of the Secret Service should develop and implement a plan to ensure that special agents assigned to Presidential Protective Division and Vice Presidential Protective Division reach annual training targets given current and planned staffing levels. (Recommendation 1)
Open

In May 2019, we reported that the Secret Service had not met the established training target (25 percent of work time) and lacked a plan for achieving it. The U.S. Secret Service Protective Mission Panel (Panel) recommended that the Presidential and Vice Presidential Protective Divisions train for 25 percent of their work time. We found that, in fiscal year 2018, special agents assigned to PPD and VPD reported attending training for about 5.9 percent and 2.9 percent of their regular work hours, respectively. We therefore recommended that the Director of the Secret Service develop and implement

United States Secret Service The Director of the Secret Service should develop and implement a policy that documents the process for collecting complete Uniformed Division officer training data and establishes the types of information that should be collected. (Recommendation 2)
Open

In May 2019, we reported that training data collected on the Secret Service's Uniform Division were incomplete and in certain cases unrelated to protection or lacked descriptions to clearly link the training to required skills. Further, the process used to capture the data was not consistently employed and did not include information on how or whether to capture internal on-the-job training instances, or instruction on the type of training to be captured to demonstrate that the training is protection-related training. We therefore recommended that the Director of the Secret Service develop and

U.S. Secret Service: Action Needed to Address Gaps in IT Workforce Planning and Management Practices

Show
9 Open Recommendations
Agency Recommendation Status
United States Secret Service The Director should ensure that the CIO regularly analyzes the IT workforce to identify its competency needs and any gaps it may have. (Recommendation 6)
Open

DHS concurred with this recommendation. Secret Service worked with a contractor to develop staffing models and determine additional staffing needs based on an assessment of current and future workload expectations. The study indicated a need for additional staff across certain IT functions. However, although the staffing needs assessment identified areas where additional full time staff would better support the component's existing and planned workload, it is not clear how the assessment identified gaps in competencies. As such, we will continue to follow-up with the Secret Service for

United States Secret Service The Director should ensure that, after OCIO completes an analysis of the IT workforce to identify any competency and staffing gaps it may have, the Secret Service updates its recruiting and hiring strategies and plans to address those gaps, as necessary. (Recommendation 7)
Open

The Secret Service determined additional staffing needs based on an assessment of current and future workload expectations. However, as stated in recommendation six, it is not clear how the assessment identified gaps in competencies. As such, we will continue to follow-up with the Secret Service for documentation of the analyses the OCIO conducted to determine its IT staffing and competency gaps along with its subsequent recruiting and hiring efforts.

United States Secret Service The Director should ensure that the Office of Human Resources (1) develops and tracks metrics to monitor the effectiveness of the Secret Service's recruitment activities for the IT workforce, including their effectiveness at addressing skill and staffing gaps; and (2) reports to component leadership on those metrics. (Recommendation 8)
Open

Secret Service provided documentation that identified its fiscal year 2018-2020 recruitment activities. In addition, in January 2022, the Secret Service provided documentation that identified the number of positions within the OCIO that were either filled, in the process of being filled, or vacant. Secret Service officials also stated that they provide updates to Secret Service leadership on their efforts to address staffing gaps with the OCIO. However, the Secret Service has not yet provided supporting documentation demonstrating that it has (1) developed and tracked metrics specific to

United States Secret Service The Director should ensure that the Office of Human Resources and OCIO adjust their recruitment and hiring plans and activities, as necessary, after establishing and tracking metrics for assessing the effectiveness of these activities for the IT workforce. (Recommendation 9)
Open

The Secret Service has not yet demonstrated that it has established and tracked metrics for monitoring the effectiveness of its recruitment and hiring plans and activities for the IT workforce as stated in recommendation eight. As such, the component is not yet able to demonstrate that its Office of Human Resources and OCIO have adjusted their recruitment and hiring plans and activities based on these metrics. We will continue to monitor the Secret Service's efforts to implement this recommendation.

United States Secret Service The Director should ensure that the CIO (1) defines the required training for each IT workforce group, (2) determines the activities that OCIO will include in its IT workforce training and development program based on its available training budget, and (3) implements those activities. (Recommendation 10)
Open

DHS concurred with this recommendation, and in response, the Secret Service established a standard operating procedure document that identifies, among other things, recommended training and certifications for each OCIO division (e.g., network management, cyber security). However, this procedure document does not identify required training for each of these divisions. In addition, in April 2022, the Secret Service reported that the OCIO does not currently plan to implement a training and development program that is specific to its IT workforce. Instead, Secret Service OCIO officials reported

United States Secret Service The Director should ensure that the CIO ensures that the IT workforce completes training specific to their positions (after defining the training required for each workforce group). (Recommendation 11)
Open

DHS concurred with this recommendation. While the Secret Service OCIO has identified the recommended training and certifications for each OCIO division, the OCIO has not yet identified the required training for each of these divisions as stated in recommendation ten. Further, in April 2022, the Secret Service OCIO reported that it is not planning to track the completion of recommended training. As such, the component is also not able to demonstrate that it is ensuring that each IT workforce group completes the training specific to their positions, as we also recommended. We will continue to

United States Secret Service The Director should ensure that the CIO collects and assesses performance data (including qualitative or quantitative measures, as appropriate) to determine how the IT training program contributes to improved performance and results (once the training program is implemented). (Recommendation 12)
Open

DHS concurred with this recommendation. In April 2022, the Secret Service reported that the OCIO does not currently plan to implement a training and development program that is specific to its IT workforce. We will continue to monitor the component's efforts to implement this recommendation.

United States Secret Service The Director should update the enterprise governance policy to specify (1) the CIO's current role and responsibilities on the Executive Resources Board, to include developing and reviewing the IT budget formulation and execution; and (2) the Deputy CIO's role and responsibilities on the Enterprise Governance Council. (Recommendation 2)
Open

DHS concurred with this recommendation. The Secret Service has also taken important steps to address this recommendation, including establishing an Enterprise Resource Board charter and updating its Enterprise Governance Council charter that outline the roles and responsibilities of all board members, including senior designees from the OCIO. In February 2022, Secret Service provided its Planning, Programming, Budget, Executive and Evaluation policy directive, which reflects the CIO's responsibilities for developing and reviewing the IT budget formulation and execution. However, the Secret

United States Secret Service The Director should ensure that the CIO includes product quality and post-deployment user satisfaction metrics in the modular outcomes and target measures that the CIO sets for monitoring agile projects. (Recommendation 4)
Open

DHS concurred with this recommendation. The Secret Service provided the DHS Agile Instruction Manual and Agile Core Metrics, but has not yet demonstrated that the Secret Service CIO has set product quality and post-deployment user satisfaction metrics in modular outcomes and target measures for agile projects following each production release. We will continue to monitor the department's efforts to implement this recommendation.

Have a Question about a Recommendation?

For questions about a specific recommendation, contact the person or office listed with the recommendation. For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.