Image

Information Technology

Open Recommendations

Information Technology: Government-Wide Guidance on Handling Data Could Improve Civil Rights and Civil Liberties Protections

Show

1 Open Recommendations

Agency Affected	Recommendation	Status
Congress	To assist federal agencies with consistently implementing civil rights and civil liberties protections when collecting, sharing, and using data, we suggest that Congress direct an appropriate federal entity to issue government-wide guidance or regulations addressing this matter. In its direction, Congress should consider delegating to such entity the explicit authority to make needed technical and policy choices or explicitly stating Congress's own choices.	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

IT Portfolio Management: OMB and Agencies Are Not Fully Addressing Selected Statutory Requirements

Show

46 Open Recommendations

Agency Affected	Recommendation	Status
Office of Management and Budget	The Director of OMB should update existing guidance or issue new guidance to agencies to implement a process to assist agencies in reviewing their IT portfolios that includes the requirements provided in FITARA. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget	The Director of OMB should develop standardized performance metrics for agencies to implement the IT portfolio review process, as prescribed by FITARA. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget	The Director of OMB should ensure that the Federal CIO carries out its role in annually reviewing each agency's IT portfolio that is conducted by each agency's CIO in conjunction with the Chief Operating Officer or Deputy Secretary (or equivalent) and the Federal CIO, as prescribed by FITARA. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget	The Director of OMB should direct the Federal CIO to submit a quarterly report to the FITARA-identified committees in Congress on the cost savings and reductions in duplicative IT investments identified through the IT portfolio review process, as prescribed by FITARA. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget	The Director of OMB should direct the Federal CIO to ensure that the agency cost savings on the IT Dashboard that are being used to fulfill statutory requirements to report to Congress are accurate and correctly attributed to IT portfolio review. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget	The Director of OMB should submit to Congress a report on the net program performance benefits achieved as a result of major capital investments made by agencies for information systems and how the benefits relate to the accomplishment of the goals of the agencies, as prescribed by FITARA. (Recommendation 6)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

IT Modernization: SBA Urgently Needs to Address Risks on Newly Deployed System

Show

14 Open Recommendations

Agency Affected	Recommendation	Status
Small Business Administration	The Administrator of SBA should direct the Associate Administrator of SBA's Office of Government Contracting and Business Development to expeditiously address critical UCP project risk management issues, including developing a project risk management strategy and risk mitigation plan. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration	The Administrator of SBA should direct the Associate Administrator of SBA's Office of Government Contracting and Business Development to expeditiously address critical UCP project cybersecurity issues, including developing a plan for managing project cybersecurity risks and documenting a traceability analysis for project security requirements. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration	The Administrator of SBA should direct the Chief Information Officer to consider the probability and impact of accepted UCP deployment risks if deciding to issue a final authorization to operate for the system. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration	The Administrator of SBA should direct the Chief Information Officer to establish and implement policies and procedures to ensure that risk registers or equivalent risk documentation explicitly state risk sources for IT modernization projects. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration	The Administrator of SBA should direct the Chief Information Officer to establish and implement policies and procedures to ensure that parameters to categorize or analyze risks are clearly defined at the project level for IT modernization projects. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration	The Administrator of SBA should direct the Chief Information Officer to establish and implement policies and procedures to ensure that project risk management strategies are established and maintained for IT modernization projects. (Recommendation 6)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cloud Computing: Selected Agencies Need to Implement Updated Guidance for Managing Restrictive Licenses

Show

12 Open Recommendations

Agency Affected	Recommendation	Status
Department of Justice	The Attorney General should update and implement Department of Justice guidance to fully address identifying, analyzing, and mitigating the impacts of restrictive software licensing practices on cloud computing efforts. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Justice	The Attorney General should assign and document responsibility for identifying and managing potential impacts of restrictive software licensing practices across the department. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Transportation	The Secretary of Transportation should update and implement guidance to fully address identifying, analyzing, and mitigating the impacts of restrictive software licensing practices on cloud computing efforts. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Transportation	The Secretary of Transportation should assign and document responsibility for identifying and managing potential impacts of restrictive software licensing practices across the department. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Veterans Affairs	The Secretary of Veterans Affairs should update and implement guidance to fully address identifying, analyzing, and mitigating the impacts of restrictive software licensing practices on cloud computing efforts. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Veterans Affairs	The Secretary of Veterans Affairs should assign and document responsibility for identifying and managing potential impacts of restrictive software licensing practices across the department. (Recommendation 6)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

View More Recommendations

GAO Contacts

Carol C. Harris

Director

Information Technology and Cybersecurity

harriscc@gao.gov

Nick Marinos

Managing Director

Information Technology and Cybersecurity

MarinosN@gao.gov

Jennifer Franks

Director

Information Technology and Cybersecurity

franksj@gao.gov

David (Dave) Hinchman

Director

Information Technology and Cybersecurity

HinchmanD@gao.gov

Marisol Cruz Cain

Director

Information Technology and Cybersecurity

cruzcainm@gao.gov

Sterling Thomas

Chief Scientist

Science, Technology Assessment, and Analytics

thomass2@gao.gov