Skip to main content

Department of Homeland Security

Jump To:

Recent Reports

View More Reports

Open Recommendations (141 total)

Air Cargo Security: TSA Field Testing Should Ensure Screening Systems Meet Detection Standards

GAO-21-105192
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Administrator of TSA, prior to designating the explosives detection system for air cargo screening currently under evaluation as "qualified" on the air cargo screening technology list, should, to the extent practicable, verify through additional data collection or analysis that the system's probability of detection in the field matches the performance measured in laboratory testing. (Recommendation 2)
Open
In July 2021, we reported that the Transportation Security Administration (TSA) did not incorporate all key practices in its field assessment on the use of a computed tomography (CT)-based explosives detection system (EDS) to screen air cargo as part of its ongoing process to qualify the system for use by air carriers. For example, we found that TSA officials did not collect all necessary data about the system's ability to detect threats (probability of detection) in the field, consistent with TSA's standards. TSA officials told us they did not measure probability of detection during the field assessment due to the operational difficulties of using live explosives in the field. Rather, they relied on image quality testing, using a manufacturer's test kit, to compare system performance in the field with earlier tests performed in a laboratory with live explosives. However, TSA officials did not validate that the test kit was an acceptable alternative test method for determining the CT system's probability of detection in the field. In their November 2021 update, TSA officials said they had conducted additional analyses to confirm image quality for the air cargo CT system. Moving forward, TSA officials said they plan to address the need for an independent test of image quality with a new test kit they plan to deploy for the checked baggage program. Officials said they plan to use this new test kit to also test the air cargo CT system, rather than relying on the manufacturer-provided kit. We have requested a meeting with TSA officials to more fully discuss these plans and are waiting for TSA's response. To fully address this recommendation, TSA should verify through additional data collection or analysis-such as use of the new test kit-that the CT system's probability of detection in the field matches the performance measured in laboratory testing.

Cloud Security: Selected Agencies Need to Fully Implement Key Practices

GAO-23-105482
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should ensure that the agency fully implements the FedRAMP requirements for its selected PaaS system, to include issuing an authorization for the cloud service. (Recommendation 14)
Open
The agency stated that through its responsibilities and activities on the Federal Risk and Authorization Management Program's (FedRAMP) Joint Authorization Board, it ensures the cloud service provider meets all of the program's requirements. According to DHS officials, components that leverage a cloud service provider (CSP) with an authorization issued by the board are required to perform a risk assessment and issue an agency authorization. However, as of February 2024, we have not received evidence that the agency had issued an authorization for the CSP used as part of its selected PaaS system. We will continue to monitor the agency's efforts to address our recommendation.

Department of Homeland Security: Reporting on Border Security Metrics Could Be Improved

GAO-24-106277
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Under Secretary for the Office of Strategy, Policy, and Plans should assess the extent to which its choice of input administrative data and model type for its statistical model of deterrence remains sufficiently predictive, and document the results. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Federal Research: Additional Actions Needed to Improve Public Access to Research Results

GAO-20-81
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should develop and implement a mechanism to ensure researcher compliance with the public access plan and associated requirements. (Recommendation 26)
Open
The Department of Homeland Security (DHS) concurred with this recommendation and stated it would develop a mechanism to ensure researcher compliance with the department's public access plan and data management plan requirements. According to a September 2021 update, DHS said that its components that conduct R&D provide reviewers that serve as administrative gatekeepers. DHS said it expected that usage rates for publications and data repositories would increase since mandatory metadata must be entered before articles and data can be placed in a repository. Both repositories have the ability to gather user metrics that DHS will use to determine user compliance. DHS said it will use that data to adjust practices and procedures to improve compliance, as necessary. In a January 2022 update, DHS clarified that the administrative gatekeepers are responsible for ensuring that publications and data are made publicly available to the extent appropriate. Additionally, in a March 2023 update DHS said it was reviewing and revising the Department's Public Access Plan (last published in 2016) based on the OSTP August 2022 memo. As part of the revision process, DHS will include a mechanism to ensure researcher compliance with the Public Access Plan, as well as the new DMP Directive & Instruction. DHS indicated an estimated completion date of late October 2023. We will provide an update when DHS provides additional information and documentation on these actions.

Privacy: Dedicated Leadership Can Improve Programs and Address Challenges

GAO-22-105065
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should incorporate privacy into an organization-wide risk management strategy that includes a determination of risk tolerance. (Recommendation 18)
Open
The Department of Homeland Security concurred with our recommendation and described plans to implement it. As of March 2024, DHS estimated that it would complete actions to address this recommendation in the summer of 2024. Once the department states that it has taken action, we plan to verify whether implementation has occurred.

Homeland Security: Joint Requirements Council Needs Leadership Attention to Improve Effectiveness

GAO-23-106125
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should ensure that the JRC validates those joint capability and requirements documents that fully meet key criteria. (Recommendation 1)
Open
In providing comments on this report, DHS concurred with this recommendation and stated that it would review each document carefully and take actions should key criteria not be met, including documenting unmet or partially met criteria as a residual concern to ensure enterprise-awareness and potential mitigating actions. These actions were to be included in a future update to the Joint Requirements Integration and Management System instruction, which was expected to be completed by fall 2024. In February 2024, DHS stated that planned actions were pending approval of a fiscal year 2024 budget. In March 2024, Congress directed DHS to dissolve the existing JRC and identify alternative methods to improve the management and resourcing of joint requirements across the department. We will continue to monitor the actions DHS plans to take and determine whether these actions meet the intent of the recommendation.

Surface Transportation Threats: Better Communication with Stakeholders Needed about the Security Clearance Process

GAO-24-106382
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The DHS Under Secretary for Intelligence and Analysis, in coordination with TSA, CISA, and DHS's Office of the Chief Security Officer, should implement a communications approach that conveys consistent and accurate information to DHS I&A staff who interact with surface transportation stakeholders about how those stakeholders access the security clearance application process. At minimum, the approach should aim to ensure accurate information about which DHS entities initiate applications for surface transportation stakeholders, whether there is a maximum number of clearances that could be granted, and what type of employees are eligible. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Coast Guard Acquisitions: Opportunities Exist to Reduce Risk for the Offshore Patrol Cutter Program

GAO-21-9
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The DHS Secretary should ensure the DHS Under Secretary for Management directs the Coast Guard to revise OPC's acquisition program baseline for stage 1 to include OPC's delivery dates. (Recommendation 1)
Open
In providing comments on this report, DHS concurred with our recommendation and stated that it will direct the Coast Guard to revise the OPC's acquisition program baseline to include stage 1 asset delivery dates for the lead ship and OPC 4. As of June 2023, officials anticipated that the stage 1 acquisition program baseline will be completed in fall 2023. However, as of April 2024, the program's updated baseline for stage 1 has not been approved. The Coast Guard told us that they anticipate approval of the program's stage 1 baseline by June 2024. We will review the stage 1 acquisition program baseline once the Coast Guard provides it and determine whether the actions taken meet the intent of this recommendation.

DHS Financial Management: Actions Needed to Improve Systems Modernization and Address Coast Guard Audit Issues

GAO-23-105194
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security DHS's Under Secretary for Management should ensure that the Joint Program Management Office works with ICE to remediate issues as they arise from user testing prior to moving forward with subsequent milestones for the ongoing financial systems modernization efforts. (Recommendation 3)
Open
In commenting on our draft report, DHS officials concurred with the recommendation and described actions they planned to take. Specifically, DHS stated that the Joint Program Management Office (JPMO) will ensure that lessons learned from the Trio implementation translate into appropriate actions for the ongoing ICE and ICE customer financial systems modernization efforts. This includes comprehensive discovery efforts to develop functional requirements documentation, incorporating business processes, and detailed user acceptance testing. Additionally, DHS stated that it will ensure the resolution of identified issues prior to go-live of the new system. DHS noted that one critical lesson learned that will be incorporated into the ICE modernization efforts is the need for early and consistent hands-on user testing throughout the implementation. In August 2023, DHS stated that JPMO remains on track for comprehensive discovery efforts, development of requirements, and starting the discovery process with the system integrator by October 2023. DHS's overall estimated completion date for these actions remains September 30, 2024. We will continue to monitor the department's progress towards implementing this recommendation.

Biometric Identity System: DHS Needs to Address Significant Shortcomings in Program Management and Privacy

GAO-23-105959
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of DHS should direct the OBIM Director to coordinate with the Privacy Office to establish and implement plans for correcting seven remaining privacy deficiencies identified in the HART PIA. (Recommendation 6)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
View More Recommendations

Related Pages