Skip to main content

Information Security

Jump To:

Recent Reports

View More Reports

Open Recommendations

Artificial Intelligence: OMB Action Needed to Address Privacy-Related Gaps in Federal Guidance
GAO-26-107681
Mar 26, 2026
Show
2 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of OMB should specify examples of known privacy-related risks that agencies should consider when updating their policies as they pertain to AI. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget The Director of OMB should facilitate additional information sharing or issue government-wide guidance related to:

  • how agencies should consider privacy when evaluating and auditing AI models that contain sensitive information;
  • storing data in a manner where sensitive data can be separated from the dataset;
  • clear rules, norms, and best practices with respect to privacy that agencies should use when developing AI solutions internally;
  • performance metrics agencies can use to assess privacy-related impacts when using AI;
  • actions agencies can take to ensure that members of the public who interact with their AI technologies understand what they are consenting to;
  • technological tools agencies can use to protect sensitive data when using AI;
  • incorporating AI-specific considerations into privacy impact assessments, including identifying risks and informing the public about how PII is involved in the use of AI; and
  • potential tradeoffs between privacy and performance agencies can consider when using AI. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Defense Contractor Cybersecurity: DOD Should Address External Factors That Could Impede Program Implementation
GAO-26-107955
Mar 12, 2026
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should ensure the DOD Chief Information Officer assesses and documents key external factors that could significantly affect the implementation of the CMMC program and develops approaches it will take to address those factors. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Weapon System Sustainment: DOD Can Improve Planning and Management of Data Rights [Reissued with revisions on Sep. 29, 2025]
GAO-25-107468
Sep 29, 2025
Show
4 Open Recommendations
Agency Affected Recommendation Status
Congress Congress should consider clarifying how DOD and contractors should treat detailed manufacturing or process data that is necessary for OMIT purposes. (Matter for Consideration 1)
Open
We reviewed recent legislation and did not identify any congressional actions as of February 2026.
Department of Defense The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD A&S) should ensure the Director of the IP Cadre updates the IP guidebook or produces guidance to address the courses of action available to programs in sustainment to obtain IP and data rights. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Defense OUSD A&S should ensure the Director of the IP Cadre formally assesses available tools to assist programs with the review of data deliverables, in coordination with officials responsible for the tools' development. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Defense OUSD A&S should ensure the Director of the IP Cadre establishes a process to collect and distribute IP and data rights lessons learned from programs in sustainment. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

DOD Cyberspace Operations: About 500 Organizations Have Roles, with Some Potential Overlap
GAO-25-107121
Sep 17, 2025
Show
2 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should ensure that the Assistant Secretary of Defense for Cyber Policy assesses the extent to which similar cyberspace training courses provided by the services overlap and can be consolidated to ensure that the military services are implementing a federated and joint training model in a manner that achieves efficiencies and reduces training development and delivery costs. (Recommendation 1)
Open
The department agreed with this recommendation and indicated it would conduct the assessment. We will continue to monitor the department's actions to implement the recommendation. DOD reported that it will conduct an assessment of overlapping training courses provided by the military departments by September 30, 2026.
Department of Defense The Secretary of Defense should ensure that the Assistant Secretary of Defense for Cyber Policy assesses the extent to which there are opportunities to achieve cost savings and efficiencies by consolidating DOD cybersecurity service providers. (Recommendation 2)
Open
The department agreed with this recommendation and indicated it would conduct the assessment. We will continue to monitor the department's actions to implement the recommendation. DOD reported that it will conduct a comprehensive assessment of all cybersecurity service provider consolidation opportunities by September 30, 2026.
View More Recommendations

Related Pages

GAO Contacts

Multimedia

Podcasts

DOD's Back Office IT--We Looked At Costs and Cybersecurity Risks
Transcript
The Growing Need for Cyber Diplomacy
Transcript
How Does DOD Protect Itself and Contractors from Cyberthreats?
Transcript