Skip to main content

Image

Information Technology

Jump To:

Image

Open Recommendations

Cloud Computing: Agencies Need to Address Key OMB Procurement Requirements

GAO-24-106137
Sep 20, 2024
Show
47 Open Recommendations
Agency Affected Recommendation Status
Chief Information Officers Council The CIO Council, working with its chair, the Office of Management and Budget's Deputy Director for Management, should collect and share examples of agency guidance and contract language related to OMB's requirements in the Federal Cloud Computing Strategy on: (1) the four key SLA elements, (2) standardizing SLAs, and (3) ensuring that contracts affecting federal agencies' HVAs, including those managed and operated in the cloud, include requirements that provide agencies with continuous visibility of the asset. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Agriculture The Secretary of Agriculture should ensure that the CIO of Agriculture finalizes its guidance on standardizing cloud SLAs. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Agriculture The Secretary of Agriculture should ensure that the CIO of Agriculture finalizes its guidance to require that contracts affecting the agency's high value assets that are managed and operated in the cloud include language that provides the agency with continuous visibility of the asset. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Agriculture The Secretary of Agriculture should ensure that the CIO of Agriculture updates its existing contracts for high value assets that are managed and operated in the cloud to meet OMB's requirement once guidance from the CIO Council is available on language that provides the agency with continuous visibility of the asset. If modifying the existing contract is not practical, the agency should incorporate language into the contract that will meet OMB's requirement upon option exercise or issuance of a new award. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce The Secretary of Commerce should ensure that the CIO of Commerce finalizes guidance to put a cloud SLA in place with every vendor when a cloud solution is deployed. The guidance should include language that addresses OMB's four required elements for SLAs, including: continuous awareness of the confidentiality, integrity, and availability of its assets; a detailed description of roles and responsibilities; clear performance metrics; and remediation plans for non-compliance. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce The Secretary of Commerce should ensure that the CIO of Commerce finalizes guidance on standardizing cloud SLAs (Recommendation 6)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

COVID-19: HHS Needs to Identify Duplicative Pandemic IT Systems and Implement Key Privacy Requirements

GAO-24-106638
Sep 18, 2024
Show
14 Open Recommendations
Agency Affected Recommendation Status
Department of Health and Human Services The Secretary of HHS should ensure that the HHS CIO develops and maintains a department-wide comprehensive list of systems, including component systems, that support pandemic public health preparedness and response. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Health and Human Services The Secretary of HHS should ensure that the HHS CIO conducts reviews of systems that support pandemic public health preparedness and response across the department to identify and reduce any unnecessary duplication, overlap, or fragmentation and identify mitigation options, such as consolidation or elimination of systems. The HHS CIO should share the results of its reviews with components when identifying any instances of unnecessary duplication, overlap, or fragmentation. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Health and Human Services The Secretary of HHS should ensure that component agencies proactively and consistently identify and track the funding sources and costs dedicated to operating and maintaining all of their systems supporting pandemic public health preparedness and response. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Health and Human Services The Secretary of HHS should ensure that component agencies proactively and consistently identify and track staffing resources, including the type and number of staff dedicated to managing all of their systems supporting pandemic public health preparedness and response. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Health and Human Services The Secretary of HHS should ensure that the Administration for Strategic Preparedness and Response has an updated privacy impact assessment for the Cooperative Agreement Accountability and Management Platform. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Health and Human Services The Secretary of HHS should ensure that the Administration of Strategic Preparedness and Response revises the system privacy plan for ASPR Ready to include the privacy controls in place or planned for meeting the privacy requirements. (Recommendation 6)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

IT Modernization: Census Bureau Needs Reliable Cost and Schedule Estimates

GAO-24-105979
Apr 29, 2024
Show
5 Open Recommendations
Agency Affected Recommendation Status
Department of Commerce The Secretary of Commerce should direct the Director of the Census Bureau to ensure that the CEDSCI program consistently documents user stories to ensure bidirectional traceability with requirements. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce The Secretary of Commerce should direct the Director of the Census Bureau to ensure that the CEDSCI program develops reliable cost estimates using best practices described in GAO's Cost Estimating and Assessment Guide, in particular those practices related to the comprehensive and credible characteristics. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce The Secretary of Commerce should direct the Director of the Census Bureau to ensure that the CEDSCI program develops its schedule using the best practices described in GAO's Schedule Assessment Guide. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce The Secretary of Commerce should direct the Director of the Census Bureau to ensure that the OCIO incorporates key elements, such as time frames, into its DevSecOps strategy and finalizes it in a timely manner. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce The Secretary of Commerce should direct the Director of the Census Bureau to ensure that the American Community Survey program develops a plan, including time frames, for the steps they intend to take to determine the most appropriate methods to protect respondent privacy in the publicly available data releases. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Information Technology: IRS Needs to Complete Planning and Improve Reporting for Its Modernization Programs

GAO-24-106566
Mar 19, 2024
Show
3 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Internal Revenue Service The Commissioner of the IRS should complete the enterprise roadmap and ensure it addresses the strategic operating plan's technology objective. (Recommendation 1)
Open
In its March 2024 letter responding to our draft report, IRS noted plans to address this recommendation to complete its enterprise roadmap and stated that the work to complete the roadmap was well underway. However, the agency did not provide a time frame for when it plans to complete the roadmap. GAO will continue to monitor IRS actions to implement this recommendation.
Internal Revenue Service The Commissioner of the IRS should complete plans for its modernization programs that include (1) milestones to complete the modernization, (2) a description of the work necessary to complete the modernization, and (3) details regarding the disposition of the legacy system, if applicable. (Recommendation 2)
Open
IRS agreed with this recommendation. In its March 2024 letter responding to our draft report, IRS stated that, for each program, it will document the milestones to complete the modernization, describe the work necessary to develop the new system or to modernize the legacy system, and detail the disposition of the legacy system, if applicable. GAO will continue to monitor IRS actions to implement this recommendation.
Internal Revenue Service
Priority Rec.
The Commissioner of the IRS should include information including a history of programs' cost and schedule goals and showing how the quarterly cost and schedule performance aligns with fiscal year and overall goals for the programs in its quarterly reports to Congress. (Recommendation 3)
Open
IRS agreed with this recommendation. In its March 2024 letter responding to our draft report, IRS stated that the performance history of cost and schedule goals is readily available upon request. However, in our report, we do not state that IRS does not have this information. Rather, GAO is recommending that IRS proactively include this information in its quarterly reports to Congress. This would provide additional background and clarity on IRS's efforts to modernize the agency's information technology.