Recommendations Database

Jump To:

As of December 4, 2022, there are 4782 open recommendations that still need to be addressed. 496 of these are priority recommendations, those that we believe warrant priority attention. Learn more about our priority designation on our Recommendations page.

Search for open recommendations by agency, topic, subject, or keyword/phrase below, or view all open recommendations by agency.

Skip to main search results
Clear All Filters
1 - 20 of 4782 Recommendations, including 496 Priority Recommendations

Critical Infrastructure: Actions Needed to Better Secure Internet-Connected Devices

Show
9 Open Recommendations
Agency Recommendation Status
Department of Energy The Secretary of Energy, as SRMA for the energy sector, should direct the Director of the Office of Cybersecurity, Energy Security, and Emergency Response to use the National Plan to develop a sector-specific plan that includes metrics for measuring the effectiveness of their efforts to enhance the cybersecurity of their sector's IoT and OT environments. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Energy The Secretary of Energy, as SRMA for the energy sector, should direct the Director of the Office of Cybersecurity, Energy Security, and Emergency Response to include IoT and OT devices as part of the risk assessments of their sector's cyber environment. (Recommendation 2)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Health and Human Services The Secretary of Health and Human Services, as SRMA for the healthcare and public health sector, should direct the Assistant Secretary for Preparedness and Response to use the National Plan to develop a sector-specific plan that includes metrics for measuring the effectiveness of their efforts to enhance the cybersecurity of their sector's IoT and OT environments. (Recommendation 3)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Health and Human Services The Secretary of Health and Human Services, as SRMA for the healthcare and public health sector, should direct the Assistant Secretary for Preparedness and Response to include IoT and OT devices as part of the risk assessments of their sector's cyber environment. (Recommendation 4)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Homeland Security The Secretary of Homeland Security should direct the Administrator of the Transportation Security Administration and the Commandant of the U.S. Coast Guard to jointly work with the Department of Transportation's Office of Intelligence, Security and Emergency Response, as co-SRMAs for the transportation systems sector, to use the National Plan to develop a sector-specific plan that includes metrics for measuring the effectiveness of their efforts to enhance the cybersecurity of their sector's IoT and OT environments. (Recommendation 5)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Homeland Security The Secretary of Homeland Security should direct the Administrator of the Transportation Security Administration and the Commandant of the U.S Coast Guard to jointly work with the Department of Transportation's Office of Intelligence, Security and Emergency Response, as co-SRMAs for the transportation systems sector, to include IoT and OT devices as part of the risk assessments of their sector's cyber environment. (Recommendation 6)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Transportation The Secretary of Transportation should direct the Director, Office of Intelligence, Security and Emergency Response to jointly work with the Administrator of DHS's Transportation Security Administration and the Commandant of the U.S. Coast Guard, as co-SRMAs for the transportation systems sector, to use the National Plan to develop a sector-specific plan that includes metrics for measuring the effectiveness of their efforts to enhance the cybersecurity of their sector's IoT and OT environments. (Recommendation 7)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Transportation The Secretary of Transportation should direct the Director, Office of Intelligence, Security and Emergency Response to jointly work with the Administrator of DHS's Transportation Security Administration and the Commandant of the U.S. Coast Guard, as co-SRMAs for the transportation systems sector, to include IoT and OT devices as part of the risk assessments of their sector's cyber environment. (Recommendation 8)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Management and Budget The Director of OMB should, as required by the Internet of Things Cybersecurity Improvement Act of 2020, expeditiously establish a standardized process for the Chief Information Officer of each covered agency to follow in determining whether the IoT cybersecurity waiver may be granted. (Recommendation 9)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Paid Tax Return Preparers: IRS Efforts to Oversee Refundable Credits Help Protect Taxpayers but Additional Actions and Authority Are Needed

Show
7 Open Recommendations
Agency Recommendation Status
Congress Congress should grant IRS the explicit authority to establish professional requirements for paid tax preparers. (Matter for Consideration 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Internal Revenue Service The Commissioner of Internal Revenue should test preparer education and compliance treatments in the Refundable Credits Return Preparer Strategy program that use digital services and assess the results of any tests. Examples include warning letters and secure document uploads. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Internal Revenue Service The Commissioner of Internal Revenue should develop a performance measure for the Refundable Credits Return Preparer Strategy program to assess how its preparer treatments affect compliance with due diligence requirements over time. (Recommendation 2)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Internal Revenue Service The Commissioner of Internal Revenue should define and document program elements of the Refundable Credits Return Preparer Strategy program, including its goals, objectives, activities, and performance measures. (Recommendation 3)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Internal Revenue Service The Commissioner of Internal Revenue should develop a long-term plan for the Refundable Credits Return Preparer Strategy program, in coordination with stakeholders, which outlines the program's vision for the future, links program elements together, and clearly aligns to agency strategic goals. (Recommendation 4)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Internal Revenue Service The Commissioner of Internal Revenue should implement a systematic method of tracking internal recommendations for the Refundable Credits Return Preparer Strategy program. (Recommendation 5)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Internal Revenue Service The Commissioner of Internal Revenue should finalize the Service-wide Return Preparer Strategy and identify the resources needed to implement it. (Recommendation 6)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Connected Vehicles: Additional DOT Information Could Help Stakeholders Manage Spectrum Availability Challenges and New Rules

Show
1 Open Recommendations
Agency Recommendation Status
Department of Transportation The Secretary of Transportation should share additional information about the Department's strategy to support the future deployment of connected vehicle technologies under the new spectrum rules. This information could include, for example, how the spectrum changes could influence DOT's grant funds that state and local transportation agencies have used to pursue connected vehicle projects. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Securities and Exchange Commission: Additional Guidance Needed for Assessing Staff Procedures

Show
3 Open Recommendations
Agency Recommendation Status
United States Securities and Exchange Commission The Director of the Division of Enforcement should ensure that the division's memorandum regarding certification under section 961 of the Dodd-Frank Act include a summary of the work performed for and results of the assessment of the effectiveness of staff procedures. (Recommendation 1)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

United States Securities and Exchange Commission The 961 Working Group should revise its Reference Guide for Compliance with Section 961 of the Dodd-Frank Act to include guidance on using program data to help assess the effectiveness of staff procedures. (Recommendation 2)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

United States Securities and Exchange Commission The 961 Working Group should revise its Reference Guide for Compliance with Section 961 of the Dodd-Frank Act to require the relevant divisions and office to include in their written plans for assessing the effectiveness of staff procedures a requirement that they review their program manuals on a periodic and comprehensive basis. (Recommendation 3)
Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Note: the list of open recommendations for the last report may continue on the next page.

Have a Question about a Recommendation?

For questions about a specific recommendation, contact the person or office listed with the recommendation. For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.