Skip to main content

Department of Transportation

Jump To:

Recent Reports

View More Reports

Open Recommendations (86 total)

Cloud Computing: Agencies Need to Address Key OMB Procurement Requirements

GAO-24-106137
Show
3 Open Recommendations
Agency Affected Recommendation Status
Department of Transportation The Secretary of Transportation should ensure that the CIO of Transportation updates its guidance regarding standardizing cloud SLAs. (Recommendation 22)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Transportation The Secretary of Transportation should ensure that the CIO of Transportation develops guidance to require that contracts affecting the agency's high value assets that are managed and operated in the cloud include language that provides the agency with continuous visibility of the asset. (Recommendation 23)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Transportation The Secretary of Transportation should ensure that the CIO of Transportation updates its existing contracts for HVAs that are managed and operated in the cloud to meet OMB's requirement once guidance from the CIO Council is available on language that provides the agency with continuous visibility of the asset. If modifying the existing contract is not practical, the agency should incorporate language into the contract that will meet OMB's requirement upon option exercise or issuance of a new award. (Recommendation 24)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cloud Computing: Agencies Need to Address Key OMB Procurement Requirements

GAO-24-106137
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Transportation The Secretary of Transportation should ensure that the CIO of Transportation develops guidance to put a cloud SLA in place with every vendor when a cloud solution is deployed. The guidance should include language that addresses OMB's four required elements for SLAs, including: continuous awareness of the confidentiality, integrity, and availability of its assets; a detailed description of roles and responsibilities; clear performance metrics; and remediation plans for non-compliance. (Recommendation 21)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Discretionary Transportation Grants: DOT Should Fully Document Key Selection Decisions for Its Rural Program

GAO-24-106882
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Transportation The Secretary of Transportation should ensure Rural program officials fully document the rationale behind key decisions related to advancing and selecting applications for award. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Transportation Equity: DOT Could Improve Some Performance Goals to Better Assess Progress

GAO-24-105652
Show
2 Open Recommendations
Agency Affected Recommendation Status
Department of Transportation The Secretary of Transportation should ensure each equity performance goal has a target or target milestone for the current and subsequent year in DOT's annual performance plan. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Transportation The Secretary of Transportation should clarify the performance measures or associated methodology descriptions for the equity performance goals we identified as being inconsistent with the practice of clarity. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Transportation Equity: DOT Could Improve Some Performance Goals to Better Assess Progress

GAO-24-105652
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Transportation The Secretary of Transportation should revise the descriptions of accuracy and reliability in DOT's annual performance report for the equity performance goals we identified as not having a sufficient description. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Critical Infrastructure Protection: Agencies Need to Enhance Oversight of Ransomware Practices and Assess Federal Support

GAO-24-106221
Show
2 Open Recommendations
Agency Affected Recommendation Status
Department of Transportation The Secretary of Transportation should, in coordination with CISA, co-SRMAs, and sector entities, determine the extent to which the transportation systems sector is adopting leading cybersecurity practices that help reduce the sector's risk of ransomware. (Recommendation 10)
Open
DOT disagreed with our recommendation. In June 2024, DOT reiterated that it believes that determining measures of adoption would only provide a snapshot in time. DOT also reiterated its concerns that the department and co-sector risk management agencies (SRMA) can neither verify nor cite voluntary information as comprehensive. The department noted that it can highlight the existing best practices readily available to mitigate ransomware risks through its co-SRMA efforts to implement risk management activities as part the National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22). As we reported, DOT's plan to encourage leading cybersecurity practices may help spread awareness, this approach does not assess the sector's adoption of the practices. A snapshot evaluation would still have value because it can help determine the sector's initial level of adoption of the practices and establish a baseline for DOT's assessment of sector risks. Further, even collecting limited, voluntary information from the sector can help SRMAs to better identify gaps, assess risks, and prioritize cybersecurity-related support. Improving its understanding of the transportation systems sector's practices that address ransomware will make DOT a more effective partner in national efforts to combat ransomware. We continue to believe that our recommendation is warranted. We will continue to monitor the status of this recommendation.
Department of Transportation The Secretary of Transportation should, in coordination with CISA, co-SRMAs, and sector entities, develop and implement routine evaluation procedures that measure the effectiveness of federal support in helping reduce the risk of ransomware to the transportation systems sector. (Recommendation 11)
Open
DOT partially agreed with our recommendation. In June 2024, DOT reiterated that assessing federal support within the transportation systems sector would require a cross-sector lead such as DHS. According to DOT, it agreed to collaborate with DHS and sector entities to help address the recommendation. We will continue to monitor the status of this recommendation.
View More Recommendations

Related Pages