Skip to main content

Transportation Security Administration

Jump To:

Recent Reports

View More Reports

Open Recommendations (22 total)

Department of Homeland Security: Components Could Improve Monitoring of the Employee Misconduct Process [Reissued with revisions on Sep. 4, 2018.]

GAO-18-405
Show
1 Open Recommendations
Agency Affected Recommendation Status
Transportation Security Administration The Administrator of TSA should monitor the duration of all cases beginning-to-end by stage and case type (Recommendation 16).
Open – Partially Addressed
In January 2023, TSA provided a sample report from its new misconduct case management system that tracks the duration of certain case types (e.g., management inquiries) from beginning-to-end by stage. However, the sample report does not track the duration of all case types (e.g., administrative inquiries, investigations) from beginning-to-end by stage. To close this recommendation, GAO needs evidence that TSA is using its new case management system to monitor the duration of all cases beginning-to-end by stage and case type. As of February 2024, we are continuing to follow up with TSA on its actions to implement this recommendation.

Department of Homeland Security: Components Could Improve Monitoring of the Employee Misconduct Process [Reissued with revisions on Sep. 4, 2018.]

GAO-18-405
Show
2 Open Recommendations
Agency Affected Recommendation Status
Transportation Security Administration The Administrator of TSA should monitor the timeliness of misconduct cases according to established targets for management inquiries (fact finding) and administrative inquiries, and the proposal and decision stages, using case information system data (Recommendation 17).
Open – Partially Addressed
In January 2023, TSA provided a sample report from its new misconduct case management system that tracks the duration of certain case types (e.g., management inquiries) from beginning-to-end by stage. However, the sample report does not show how, if at all, TSA is monitoring the timeliness of all misconduct cases according to established targets for management inquiries, administrative inquiries, and the proposal and decision stages. To close this recommendation, GAO needs evidence that TSA is using its new case management system to monitor the timeliness of all misconduct cases according to established targets. As of February 2024, we are continuing to follow up with TSA on its actions to implement this recommendation.
Transportation Security Administration The Administrator of TSA should define and document the case management system data fields and methodology to be used for monitoring all established performance targets and provide related guidance to staff (Recommendation 18).
Open – Partially Addressed
In January 2023, TSA completed development of its new misconduct case management system and provided GAO a sample report from the system that tracks the timeliness of certain case types. TSA officials stated they are still working to complete the updated user guide for the new case management system. They stated that the transition to the new system has been a long process, and the guide has to be created from scratch as the new system uses a completely different operating platform. TSA anticipates completion of the user guide by June 2023. As of February 2024, we are continuing to follow up with TSA on its actions to implement this recommendation.

Critical Infrastructure Protection: Key Pipeline Security Documents Need to Reflect Current Operating Environment

GAO-19-426
Show
1 Open Recommendations
Agency Affected Recommendation Status
Transportation Security Administration The TSA Administrator should periodically review, and as appropriate, update the 2010 Pipeline Security and Incident Recovery Protocol Plan to ensure the plan reflects relevant changes in pipeline security threats, technology, federal law and policy, and any other factors relevant to the security of the nation's pipeline systems. (Recommendation 5)
Open – Partially Addressed
As of September 2023, TSA officials reported that they completed a review of the Pipeline Security Incident Recovery Protocol Plan and determined that updates are needed. According to the officials, the Protocol Plan is being revised to bring it into conformity with several national level policy documents, such as the National Response Framework, the National Cybersecurity Incident Response Plan, and the National Terrorism Advisory System. The officials stated that they anticipate completion of the updated Protocol Plan in 2024. Once the updated Protocol Plan is completed, we will review it and determine whether it includes relevant changes in pipeline security threats, technology, federal law and policy, and any other factors relevant to pipeline security, as called for in our recommendation.

Aviation Security: TSA Should Ensure Screening Technologies Continue to Meet Detection Requirements after Deployment

GAO-20-56
Show
1 Open Recommendations
Agency Affected Recommendation Status
Transportation Security Administration The TSA Administrator should require and ensure that TSA officials document their assessments of risk and the rationale—including the assumptions, methodology, and uncertainty considered—behind decisions to deploy screening technologies. (Recommendation 3)
Open
In December 2019, we reported that TSA's process for incorporating risk into its plans for deploying screening technologies to specific airports lacks transparency. Officials said their discussions with security and intelligence officials about deployment strategies-including relevant risk information-are generally informal and not documented. Consequently, we recommended that TSA should require and ensure that agency officials document their assessments of risk and the rationale behind decisions to deploy screening technologies. In September 2021, TSA provided the Requirements and Capabilities Analysis (RCA) Deployment Guiding Principles, which is to be used in planning the deployment of screening technologies in, among other things , a risk-informed manner. It specifies that officials should determine the overall risk of airports and use that assessment to inform deployment strategies; it also cites numerous principles officials are to consider in developing a risk-based approach to deployment. While it is commendable that TSA has developed deployment guidance that factors in risk and other principles to be considered or followed when developing deployment plans, the guidance does not require officials to document risk assessments and the rationale behind deployment decisions. In May 2022, TSA provided an action plan and deployment schedule for specific screening technology to selected airports . While the action plan states that deployment decisions should include a "risk based, top down deployment approach when able" as part of the criteria for initial site evaluation and selection, the plan does not explain what, if any risk assessment was performed as part of the site evaluation process, or the rationale for the final deployment schedule. To fully address this recommendation, TSA should require that risk assessments and the rationale be documented as part of screening technology deployment plans. TSA should also provide an example of a screening technology deployment plan that includes a risk assessment and explains the rationale-including the assumptions, methodology, and uncertainty considered-for the deployment of screening technologies. As of August 2023, we are continuing to monitor TSA's implementation of this recommendation.

Aviation Security: TSA Should Ensure Screening Technologies Continue to Meet Detection Requirements after Deployment

GAO-20-56
Show
2 Open Recommendations
Agency Affected Recommendation Status
Transportation Security Administration The TSA Administrator should develop a process to ensure that screening technologies continue to meet detection requirements after deployment to commercial airports. (Recommendation 4)
Open – Partially Addressed
In December 2019, we reported that TSA practices do not ensure that screening technologies continue to meet detection requirements after they have been deployed to airports. We recommended that TSA develop a process to ensure that screening technologies continue to meet detection requirements after deployment to commercial airports. In May 2020, TSA provided the Post Implementation and Periodic Review Policy (APM-20-031). According to the Policy, TSA will use Post Implementation Reviews (PIR) to explain how screening technology performance, including detection, is to be assessed over time, following deployment. Each technology system is to require its own PIR-or roadmap for reviewing component performance of the detection chain-because each technology has unique logistics data and detection chain. PIRs are to be conducted within 6 to 12 months after initial operation (or as otherwise designated) and are to determine user satisfaction and system performance relative to effectiveness and suitability, among other things. However, timeframes and other requirements for conducting periodic reviews after the PIR are less clear-for example, system performance requirements "relative to effectiveness and suitability" are not specified for post-PIR (periodic) reviews. In May 2022, TSA stated that the timing of periodic reviews is subject to resource availability and the judgment of the management team for that technology, since each technology requires a unique evaluation and timetable for periodic reviews due to differences in component lifecycles. Similar to the PIR, periodic reviews are to prioritize key performance parameters, which are tied to effectiveness and suitability. To fully develop a process for ensuring screening technologies continue to meet detection requirements after deployment, TSA policy and guidelines should call for the same requirements for periodic reviews as for PIRs, such as general timeframes for conducting reviews that allow for the individual judgement of the management team , and system performance requirements relative to technology effectiveness and suitability. As of August 2023, we are continuing to monitor TSA's implementation of this recommendation.
Transportation Security Administration The TSA Administrator should implement the process it develops to ensure that screening technologies continue to meet detection requirements after deployment to commercial airports. (Recommendation 5)
Open
In December 2019, we reported that TSA practices do not ensure that screening technologies continue to meet detection requirements after they have been deployed to airports. In April 2020, TSA issued a policy for developing a review process to assess performance after the deployment of each technology, including detection over time. Since TSA cannot use live explosives or simulants to test screening technologies, the agency plans to measure, for each technology, the performance of system components within the detection chain instead of directly measuring detecting requirements. In 2021, to address this recommendation, TSA provided a report for Explosives Trace Detection (ETD) technology to demonstrate the review process. However, according to TSA, the agency initiated the report prior to the publication of TSA's April 2020 policy for conducting the reviews, and therefore this review does not address all TSA requirements. We informed TSA that its April 2020 policy should require consistent elements across all reviews, such as general timeframes for conducting reviews. To fully address this recommendation, TSA needs to demonstrate that is has developed a review process for the testing of all TSA screening technologies deployed to the field. Since each technology has unique operational parameters and requirements, TSA's plans should address the specific technical approach the agency intends to use to ensure the screening technologies continue to meet detection requirements. As of August 2023, we are continuing to monitor TSA's implementation of this recommendation.

TSA Acquisitions: TSA Needs to Establish Metrics and Evaluate Third Party Testing Outcomes for Screening Technologies

GAO-21-50
Show
1 Open Recommendations
Agency Affected Recommendation Status
Transportation Security Administration When performance metrics have been established, the Administrator of TSA should assess gains in efficiency resulting from third party testing. (Recommendation 2)
Open – Partially Addressed
TSA concurred with this recommendation. TSA's Test and Evaluation (T&E) Division assessed security technology qualification testing activities conducted from October 2020 to January 2023 for efficiency gains using the established metrics, the number of retests performed and test cycle duration. As of June 2023, TSA T&E Officials reported that there have been no instances of third party testers used during the assessment period and do not anticipate vendors voluntarily choosing to do so. As such, TSA T&M officials reported no assessed impact of third party testing on the established metrics, and no gains in efficiency resulting from third party testing at this time. GAO will continue to monitor.

TSA Acquisitions: TSA Needs to Establish Metrics and Evaluate Third Party Testing Outcomes for Screening Technologies

GAO-21-50
Show
1 Open Recommendations
Agency Affected Recommendation Status
Transportation Security Administration The Administrator of TSA should assess whether third party testing contributes to its goals of increasing supplier diversity and innovation. (Recommendation 3)
Open – Partially Addressed
TSA concurred with our recommendation. Since October 2020, TSA's Test and Evaluation (T&E) Division continues to conduct qualification testing for security technologies. TSA T&E officials reported that during their assessment period, October 2020 through January 2023, no vendors elected to use third party testers. As of June 2023, TSA T&E officials reported that they found no evidence of third party testing contributing to supplier diversity or innovation goals at this time. GAO will continue to monitor.

Aviation Security: TSA Should Assess Potential for Discrimination and Better Inform Passengers of the Complaint Process

GAO-23-105201
Show
1 Open Recommendations
Agency Affected Recommendation Status
Transportation Security Administration The Administrator of TSA should conduct assessments to determine the extent to which TSA's passenger screening practices comply with agency non-discrimination policies to identify any needed actions to improve compliance. (Recommendation 2)
Open
As of October 2023, TSA officials stated that the agency plans to analyze the data collected on referrals for additional screening to identify the (1) rate that passengers alarm, (2) percentage of false alarms; and (3) causes of false alarms. They noted that the results of this study will be cross referenced with complaint data and used to identify whether there is a need to improve TSA security policies and procedures or to develop requirements for enhancements of security technology, including advanced imaging technology. Officials also stated that TSA would also use the results of its focus groups with Transportation Security Officers and passenger experience surveys to help ensure its operational policies and procedures do not violate agency non-discrimination policies. In addition to its data collection and analysis efforts, TSA reviewed literature on passenger experiences and potential bias in on-person screening and issued a briefing on its findings in March 2023. The briefing summarizes common factors associated with additional screening and potential strategies for using technology and procedures to help mitigate or prevent unintended bias. We will continue to monitor TSA's efforts to address this recommendation.
View More Recommendations

Related Pages