Skip to main content

Information Security

Jump To:

Recent Reports

View More Reports

Open Recommendations

Weapon System Sustainment: DOD Can Improve Planning and Management of Data Rights [Reissued with revisions on Sep. 29, 2025]
GAO-25-107468
Sep 29, 2025
Show
4 Open Recommendations
Agency Affected Recommendation Status
Congress Congress should consider clarifying how DOD and contractors should treat detailed manufacturing or process data that is necessary for OMIT purposes. (Matter for Consideration 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Defense The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD A&S) should ensure the Director of the IP Cadre updates the IP guidebook or produces guidance to address the courses of action available to programs in sustainment to obtain IP and data rights. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Defense OUSD A&S should ensure the Director of the IP Cadre formally assesses available tools to assist programs with the review of data deliverables, in coordination with officials responsible for the tools' development. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Defense OUSD A&S should ensure the Director of the IP Cadre establishes a process to collect and distribute IP and data rights lessons learned from programs in sustainment. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

DOD Cyberspace Operations: About 500 Organizations Have Roles, with Some Potential Overlap
GAO-25-107121
Sep 17, 2025
Show
2 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should ensure that the Assistant Secretary of Defense for Cyber Policy assesses the extent to which similar cyberspace training courses provided by the services overlap and can be consolidated to ensure that the military services are implementing a federated and joint training model in a manner that achieves efficiencies and reduces training development and delivery costs. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Defense The Secretary of Defense should ensure that the Assistant Secretary of Defense for Cyber Policy assesses the extent to which there are opportunities to achieve cost savings and efficiencies by consolidating DOD cybersecurity service providers. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cybersecurity: NASA Needs to Fully Implement Risk Management
GAO-25-108138
Jun 25, 2025
Show
16 Open Recommendations
Agency Affected Recommendation Status
National Aeronautics and Space Administration The NASA Administrator should ensure that NASA's Chief Information Officer prepares and approves an organization-wide cybersecurity risk assessment. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
National Aeronautics and Space Administration The NASA Administrator should direct NASA's Chief Information Officer to ensure that the documented impact levels for confidentiality, integrity, and availability for all systems match the risk of the system, and that any changes to the provisional impact levels are fully justified in accordance with NASA policy. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
National Aeronautics and Space Administration The NASA Administrator should direct NASA's Chief Information Officer to update its guidance to include oversight responsibilities for ensuring NASA-defined control baselines are properly applied when baselines are updated. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
National Aeronautics and Space Administration The NASA Administrator should direct NASA's Chief Information Officer to update its policies to provide more specific guidance about how to document assessment results for all types of critical controls including inherited controls. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
National Aeronautics and Space Administration The NASA Administrator should direct NASA's Chief Information Officer to ensure that all critical controls for the first system found to be unsatisfied during security control assessments include recommendations and a residual risk level. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
National Aeronautics and Space Administration The NASA Administrator should direct NASA's Chief Information Officer to ensure that all critical controls for the second system found to be unsatisfied during security control assessments include recommendations and a residual risk level. (Recommendation 6)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Taxpayer Identity Verification: IRS Should Strengthen Oversight of Its Identity-Proofing Program
GAO-25-107273
Jun 11, 2025
Show
4 Open Recommendations
Agency Affected Recommendation Status
Internal Revenue Service The Commissioner of Internal Revenue should define and document measurable goals and objectives for its digital identity-proofing program. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Internal Revenue Service The Commissioner of Internal Revenue should regularly evaluate and document results of its digital identity-proofing program in terms of meeting the goals and objectives established in recommendation 1. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Internal Revenue Service The Commissioner of Internal Revenue should establish procedures for routinely sharing and communicating identity-proofing vendors' performance data to relevant officials. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Internal Revenue Service The Commissioner of Internal Revenue should ensure that procured digital identity-proofing solutions that involve the use of AI are included in IRS's AI inventory, consistent with applicable legal requirements, and go through IRS's AI oversight process. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
View More Recommendations

Related Pages

GAO Contacts