Skip to main content

Department of Homeland Security

Jump To:

Recent Reports

View More Reports

Open Recommendations (144 total)

Biodefense: After-Action Findings and COVID-19 Response Revealed Opportunities to Strengthen Preparedness

GAO-21-513
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should work through the Biodefense Steering Committee to ensure that the Biodefense Coordination Team routinely monitors the results of interagency biological exercises and real-world incidents to identify patterns of challenges and potential root causes of identified challenges, and reports these to the Biodefense Steering Committee along with recommendations for addressing the root causes that also identify the responsible agencies. (Recommendation 13)
Open
DHS concurred with this recommendation and described ways in which interagency partners could communicate about challenges and their root causes. In January 2022, officials from DHS stated that the process for interagency biodefense coordination was undergoing review. Officials stated that they would continue to work with the National Security Council and other interagency partners to determine the best approach to address this recommendation. In October 2022, the White House released an updated National Biodefense Strategy and associated implementation plan. As of January 2024, we have started new work to assess the updated National Biodefense Strategy and its associated implementation plan. As part of this work, we will determine if the changes meet the intent of our recommendation, or if agencies need to take action to meet that intent.

Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements

GAO-24-105658
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should ensure that the agency fully implements all event logging requirements as directed by OMB guidance. (Recommendation 6)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Critical Infrastructure: Actions Needed to Better Secure Internet-Connected Devices

GAO-23-105327
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should direct the Administrator of the Transportation Security Administration and the Commandant of the U.S. Coast Guard to jointly work with the Department of Transportation's Office of Intelligence, Security and Emergency Response, as co-SRMAs for the transportation systems sector, to use the National Plan to develop a sector-specific plan that includes metrics for measuring the effectiveness of their efforts to enhance the cybersecurity of their sector's IoT and OT environments. (Recommendation 5)
Open
In May 2023, DHS stated that the Transportation Security Administration (TSA) in coordination with the Coast Guard and other DHS offices and divisions and the Department of Transportation, are in the process of updating the 2015 Transportation Systems Sector Specific plan. DHS stated that the publication of the revised sector specific plan is contingent on the release of the revised Presidential Policy Directive 21 (PPD-21) and the National Plan. According to DHS, the revised draft of PPD-21 is estimated to be completed by December 2023 and the National Plan is estimated for completion by September 2025. DHS stated that the co-SRMAs anticipate releasing the final updated sector specific plan by May 29, 2026, within six to eight months of the completion of the National Plan.

Artificial Intelligence: Fully Implementing Key Practices Could Help DHS Ensure Responsible Use for Cybersecurity

GAO-24-106246
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Director of CISA should clearly define the roles and responsibilities and delegation of authority of all relevant stakeholders involved in managing and overseeing the implementation of the Automated PII Detection component to ensure effective operations and sustained oversight. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cloud Security: Selected Agencies Need to Fully Implement Key Practices

GAO-23-105482
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should ensure that the agency's contracts with CSPs include requirements for the service providers to comply with security authorization FedRAMP requirements. (Recommendation 16)
Open
Agency officials stated that they are updating their contract language to include additional details and clarifying requirements specifying compliance with the Federal Risk and Authorization Management Program's authorization requirements. The agency officials estimated that they would complete these efforts in fiscal year 2024. We will continue to monitor the agency's efforts to address our recommendation.

Southwest Border: Actions Needed to Improve DHS Processing of Families and Coordination between DHS and HHS

GAO-20-245
Show
1 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Department of Homeland Security
Priority Rec.
The Secretary of Homeland Security, jointly with the Secretary of Health and Human Services, should collaborate to address information sharing gaps identified in this report to ensure that ORR receives information needed to make decisions for UAC, including those apprehended with an adult. (Recommendation 8)
Open – Partially Addressed
Since our report, DHS and HHS have taken a number of steps to share information on unaccompanied children. For example, DHS's U.S. Customs and Border Protection (CBP), in coordination with HHS and other agencies, has implemented the Unified Immigration Portal (UIP). The UIP provides authorized users a means to view and access certain immigration-related data from each of the respective agencies from a single interface. The UIP also provides real time data, including biographic information, to help track unaccompanied children from the time of DHS apprehension to their referral and placement in HHS-funded facilities. In addition, HHS's Office of Refugee Resettlement (ORR) is continuing to implement its case management system, the UC Portal, which is integrated with UIP. This helps officials retrieve data regarding a child's status in a more automated manner. However, as of March 2024, the information gaps we highlighted in our report continue to exist. In particular, according to ORR officials, they do not consistently receive information from DHS components about the adults and, as applicable, the other children who arrived with unaccompanied children, which would help ORR make placement and release decisions. ORR officials stated that this includes information on the individuals within a family unit, whether a family separation occurred, and details of any such separation. Additionally, these officials stated they are not consistently receiving the necessary biographical information about unaccompanied children, or their parents/legal guardians. In the fall of 2023, DHS and ORR reported that they are working on a new interagency agreement to govern information sharing. As part of the new agreement, ORR stated the agencies are working to define exact data elements to be shared. DHS stated it anticipates concluding work on the new agreement by August 2024. To fully address this recommendation, DHS and HHS should collaborate to address the information-sharing gaps identified in our report to ensure that HHS receives information needed to make decisions for unaccompanied children, including those apprehended with an adult.

Coast Guard Acquisitions: Opportunities Exist to Reduce Risk for the Offshore Patrol Cutter Program

GAO-21-9
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The DHS Secretary should ensure the DHS Under Secretary for Management directs the Coast Guard to revise OPC's acquisition program baseline for stage 1 to include OPC's delivery dates. (Recommendation 1)
Open
In providing comments on this report, DHS concurred with our recommendation and stated that it will direct the Coast Guard to revise the OPC's acquisition program baseline to include stage 1 asset delivery dates for the lead ship and OPC 4. As of June 2023, officials anticipated that the stage 1 acquisition program baseline will be completed in fall 2023. However, as of April 2024, the program's updated baseline for stage 1 has not been approved. The Coast Guard told us that they anticipate approval of the program's stage 1 baseline by June 2024. We will review the stage 1 acquisition program baseline once the Coast Guard provides it and determine whether the actions taken meet the intent of this recommendation.

Biometric Identity System: DHS Needs to Address Significant Shortcomings in Program Management and Privacy

GAO-23-105959
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of DHS should direct the OBIM Director to revise the schedule estimate for the HART program that incorporates the best practices called for in the GAO Schedule Assessment Guide. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Ransomware: Federal Agencies Provide Useful Assistance but Can Improve Collaboration

GAO-22-104767
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should direct the Director of Secret Service to (1) evaluate how to best address concerns raised by SLTTs and facilitate collaboration with other key ransomware stakeholders and (2) improve interagency coordination on ransomware assistance to SLTTs. (Recommendation 2)
Open – Partially Addressed
DHS agreed with our recommendation and has taken steps towards implementing it. Since September 2022, Secret Service has participated in an interagency Joint Ransomware Task Force (JRTF). According to the JRTF charter, the task force intends to, among other things, facilitate coordination and collaboration between federal entities and relevant private sector and state, local, tribal, and territorial (SLTT) government entities to improve federal actions against ransomware threats. In January 2023, Secret Service issued a memorandum to its field offices that highlighted interagency efforts and reinforced the importance of collaborating and providing assistance to SLTT partners for cyber incident response. Secret Service has also extended its joint cyber incident response training initiative to other federal agencies to improve assistance to SLTT governments. Secret Service also identified planned efforts through JRTF working groups that, if effectively implemented, could help to address SLTT concerns and improve interagency coordination on ransomware assistance. As of January 2024, Secret Service had not demonstrated results from its planned efforts through the JRTF. To fully address this recommendation, Secret Service needs to demonstrate its efforts through the JRTF, or other mechanisms, to address concerns raised by SLTT governments and improve interagency collaboration on ransomware assistance. Addressing key practices for interagency collaboration in concert with the ransomware task force can help ensure effective delivery of ransomware assistance to SLTT governments.

Capitol Attack: Special Event Designations Could Have Been Requested for January 6, 2021, but Not All DHS Guidance is Clear [Reissued with revisions on Aug. 09, 2021.]

GAO-21-105255
Show
1 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Department of Homeland Security
Priority Rec.
The Secretary of Homeland Security should consider whether additional factors, such as the context of the events and surrounding circumstances in light of the current environment of emerging threats, are needed for designating NSSE events. (Recommendation 1)
Open
As of March 11, 2024, DHS officials stated that they do not concur with this recommendation and requested that GAO consider this recommendation resolved and closed. We disagree and maintain that implementing this recommendation is important. While past congressional certifications of election results were not designated National Special Security Events and DHS officials considered this normal congressional business, the lack of consideration of other factors, such as the large rally at the Ellipse that mobilized to the Capitol, and the climate surrounding the 2020 election demonstrate a gap in the adaptability of how these events are considered. To fully implement this recommendation, DHS needs to formally review the factors it developed to designate a National Special Security Event (NSSE), including whether additional events should be designated as an NSSE. A review of these factors can help ensure that the process for designating an NSSE is dynamic and responsive to changing environments and emerging threats.
View More Recommendations

Related Pages