Skip to main content

Department of Homeland Security

Jump To:

Recent Reports

View More Reports

Open Recommendations (141 total)

Critical Infrastructure Protection: Additional Federal Coordination Is Needed to Enhance K-12 Cybersecurity

GAO-23-105480
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of the Department of Homeland Security should ensure that the Director of the Cybersecurity and Infrastructure Security Agency develops metrics for measuring the effectiveness of its K-12 cybersecurity-related products and services that are available for school districts and determine the extent that CISA meets the needs of state and local-level school districts to combat cybersecurity threats. (Recommendation 4)
Open
The Secretary of the Department of Homeland Security agreed with our recommendation. In April 2023, responsible agency officials stated that it is actively developing metrics for measuring the effectiveness of its K-12 cybersecurity-related products and services, and once finalized, it will report quarterly on the progress against those metrics. We will continue to monitor Homeland Security's progress in fulfilling this recommendation

Artificial Intelligence: Fully Implementing Key Practices Could Help DHS Ensure Responsible Use for Cybersecurity

GAO-24-106246
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Director of CISA should develop metrics to consistently measure progress toward all stated goals and objectives for Automated PII Detection. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cloud Security: Selected Agencies Need to Fully Implement Key Practices

GAO-23-105482
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should ensure that the agency fully implements the FedRAMP requirements for its selected SaaS system 2, to include issuing an authorization for the cloud service. (Recommendation 15)
Open
The agency stated that through its responsibilities and activities on the Federal Risk and Authorization Management Program's Joint Authorization Board, the agency ensures the cloud service provider (CSP) meets all of the program's requirements. According to DHS officials, components that leverage a CSP with an authorization issued by the board are required to perform a risk assessment and issue an agency authorization. However, as of February 2024, we have not received evidence that the agency had issued an authorization for the cloud service used as part of its selected SaaS system 2. We will continue to monitor the agency's efforts to address our recommendation.

Immigration Detention: Additional Actions Needed to Strengthen DHS Management of Short-Term Holding Facilities

GAO-16-514
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security To strengthen the transparency of the complaints process, the Secretary of Homeland Security should direct CBP and ICE to develop and issue guidance on how and which complaint mechanisms should be communicated to individuals in custody at holding facilities.
Open – Partially Addressed
In May 2016, we reported on the Department of Homeland Security's management and oversight of short-term holding facilities. We found, for example, that only 4 of 17 Border Patrol holding facilities posted information on how individuals can contact the DHS OIG to file general complaints, and the remaining facilities did not have information posted on any complaint mechanisms, such as the Joint Intake Center or CBP INFO Center. In December 2016, ICE Enforcement and Removal Operations (ERO) sent a broadcast to ICE field offices stating that posters should be visible at all of ICE ERO temporary holding facilities. This broadcast directed ICE ERO Field Office staff to immediately post copies of the Detention Reporting and Information Line poster, both in English and in Spanish, in temporary confinement areas or other areas so that it is visible to individuals in custody at ICE ERO temporary holding facilities. Regarding CBP, in July 2022, CBP told us that CBP's Office of Professional Responsibility (OPR) is working with the CBP Office of Information Technology (OIT) on the requirements for a public-facing website and complaint form for reporting allegations of misconduct and other issues of concern. CBP added that given the importance of the web-based complaint form in improving mechanisms for reporting allegations of misconduct and abuse, CBP developed and implemented the public-facing website and complaint form for reporting allegations of misconduct and other issues of concern. This website went live in June 2023 in English, and August 2023, in Spanish. CBP OPR continues to support the consolidation of CBP/DHS Oversight posters within CBP short-term holding facilities as part of a working group led by the Commissioner's Office. The working group has consolidated a list of information currently posted in CBP holding facilities and determined which are oversight versus other health and safety postings. The goal is to consolidate all oversight posters into one poster, focusing on how to report to the correct oversight entity, removing confusion among those being held, while also ensuring consistent messaging across all CBP short-term holding facilities. CBP OPR expects the completion date by July 31, 2024.

Flood Insurance: Opportunities Exist to Improve Oversight of the WYO Program

GAO-09-455
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security To provide transparency and accountability over the payments FEMA makes to WYOs for expenses and profits, the Secretary of Homeland Security should direct the Under Secretary of Homeland Security, FEMA, to consider the results of the analysis of payments, actual expenses, and profit in evaluating the methods for paying WYOs.
Open
According to FEMA officials, FEMA planned to respond to this recommendation as part of its development of a final rule on WYO compensation practices, required by the Biggert-Waters Act. FEMA issued an Advance Notice of Proposed Rulemaking (ANPRM) on July 8, 2019 seeking comments by September 6, 2019 regarding possible approaches to incorporating actual flood insurance expense data into the WYO payment methodology. As of February 2021, FEMA officials said that they completed reviewing comments received in response to the July 2019 notice and concluded that they needed to reassess their approach to compensating WYO insurers. In April 2021, FEMA officials explained that they had established goals, outputs, and milestones related to analyzing various aspects of WYO compensation as part of a three-pronged effort that included a comprehensive study of WYO compensation. As of January 2022, FEMA had issued a contract to study and develop options for incorporating flood expense data into a new methodology for compensating WYO insurers and selling agents and brokers and another contract to study the effects of technological advancements on the future of flood insurance, which together are expected to provide a basis for analyzing payments, expenses and profits of various compensation options. These studies have since been completed. According to FEMA officials, workgroups comprised of specialists from across various branches of its Federal Insurance Directorate (FID) have been formed as of March 2024 to complete the research, analysis, and policy deliberations on the various elements of WYO compensation. These ongoing analyses and methodology design efforts continue to be informed by FID's analysis of WYO expenses and implied profits as well as the results of the study to assess WYO expenses and profits and possible alternative compensation models.

Biometric Identity System: DHS Needs to Address Significant Shortcomings in Program Management and Privacy

GAO-23-105959
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of DHS should direct the OBIM Director to update the cost estimate for the HART program to account for all costs and incorporate the best practices called for in the GAO Cost Estimating and Assessment Guide. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Sexual Assault: DOD and Coast Guard Should Ensure Laws Are Implemented to Improve Oversight of Key Prevention and Response Efforts

GAO-22-103973
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should ensure that the Commandant of the Coast Guard, in collaboration with the Director of Health, Safety & Work Life Directorate, reviews and updates policy or establishes policy, and sets a timeframe for completion, to ensure alignment with sexual assault prevention and response statutory requirements, specifically, sections 1712 and 1745(a)-(c) of the NDAA for Fiscal Year 2014. (Recommendation 20)
Open – Partially Addressed
In March 2022, the Department of Homeland Security concurred with this recommendation. In November 2023, the department provided updated guidance that addressed section 1745(a)-(c). However, to address section 1712 the department provided the guidance that we identified in our review as not aligning with expedited transfer policy timeliness requirements. When we confirm what actions the agency has taken to address section 1712, we will provide updated information.

Air Cargo Security: TSA Field Testing Should Ensure Screening Systems Meet Detection Standards

GAO-21-105192
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Administrator of TSA should ensure that necessary data are collected during field assessments to independently verify that the probability of detection of explosives detection systems for air cargo screening in the field matches the performance measured in laboratory testing, prior to designating systems as "qualified" on the air cargo screening technology list. TSA could provide this verification either through live explosives testing or, when operational considerations limit TSA's ability to use live threat materials, TSA should use an independently validated, fully documented alternative testing strategy. (Recommendation 3)
Open
In July 2021, we reported that the Transportation Security Administration (TSA) did not select an evaluation approach that included collecting necessary data about the CT system's probability of detection in the field as part of its field assessment. To assess operational effectiveness, TSA guidance states that the test team should gather data on the probability of detection, false alarm rate, and throughput in the operational environment. In November 2022, TSA officials said they were in the process of developing an independently developed and validated image quality test kit to use in daily testing of the agency's passenger checked baggage program rather than relying solely on a manufacturer-provided test kit. Officials said they plan to use this test kit to also test the air cargo CT system. We have requested a meeting with TSA officials to discuss the status of these plans and are waiting for TSA's response. To fully address this recommendation, TSA should demonstrate how use of the new image quality test kit constitutes a viable alternative testing strategy to assess the probability of detection of systems in the field.

Department of Homeland Security: Reporting on Border Security Metrics Could Be Improved

GAO-24-106277
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Under Secretary for the Office of Strategy, Policy, and Plans should use the results of its assessment to update or inform its efforts to replace its statistical model of deterrence, as appropriate. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Critical Infrastructure: Actions Needed to Better Secure Internet-Connected Devices

GAO-23-105327
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should direct the Administrator of the Transportation Security Administration and the Commandant of the U.S. Coast Guard to jointly work with the Department of Transportation's Office of Intelligence, Security and Emergency Response, as co-SRMAs for the transportation systems sector, to use the National Plan to develop a sector-specific plan that includes metrics for measuring the effectiveness of their efforts to enhance the cybersecurity of their sector's IoT and OT environments. (Recommendation 5)
Open
In May 2023, DHS stated that the Transportation Security Administration (TSA) in coordination with the Coast Guard and other DHS offices and divisions and the Department of Transportation, are in the process of updating the 2015 Transportation Systems Sector Specific plan. DHS stated that the publication of the revised sector specific plan is contingent on the release of the revised Presidential Policy Directive 21 (PPD-21) and the National Plan. According to DHS, the revised draft of PPD-21 is estimated to be completed by December 2023 and the National Plan is estimated for completion by September 2025. DHS stated that the co-SRMAs anticipate releasing the final updated sector specific plan by May 29, 2026, within six to eight months of the completion of the National Plan.
View More Recommendations

Related Pages