Image

Information Technology

Open Recommendations

Air Traffic Control: FAA Actions Are Urgently Needed to Modernize Aging Systems

Show

7 Open Recommendations

Agency Affected	Recommendation	Status
Federal Aviation Administration	The Administrator of FAA should report to Congress on how it is mitigating risks of all unsustainable and critical systems that are identified in the annual operational risk assessments. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Federal Aviation Administration	The Administrator of FAA should establish a time frame for developing and implementing guidance to increase JRC oversight of pre-baselined investments that require additional resources or time prior to establishing a baseline. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Federal Aviation Administration	The Administrator of FAA should ensure that ATC modernization investments, including FENS and Aeronautical Information Management Modernization Enhancement 1, establish baselines in an expeditious manner. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Federal Aviation Administration	The Administrator of FAA should establish a time frame for developing and implementing guidance that the JRC ensures that ATC system modernization investments are organized as manageable segments. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Federal Aviation Administration	The Administrator of FAA should ensure that the Joint Resources Council consistently review all high risks facing ATC modernization investments. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Federal Aviation Administration	The Administrator of FAA should require that the program offices for FENS, E-IDS Phase 1, and NWP and the Joint Resources Council each ensure that the acquisition management documentation are finalized prior to the council approving the investments to proceed to future phases of the investments' lifecycles. (Recommendation 6)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cloud Computing: Agencies Need to Address Key OMB Procurement Requirements

Show

47 Open Recommendations

Agency Affected	Recommendation	Status
Chief Information Officers Council	The CIO Council, working with its chair, the Office of Management and Budget's Deputy Director for Management, should collect and share examples of agency guidance and contract language related to OMB's requirements in the Federal Cloud Computing Strategy on: (1) the four key SLA elements, (2) standardizing SLAs, and (3) ensuring that contracts affecting federal agencies' HVAs, including those managed and operated in the cloud, include requirements that provide agencies with continuous visibility of the asset. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Agriculture	The Secretary of Agriculture should ensure that the CIO of Agriculture finalizes its guidance on standardizing cloud SLAs. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Agriculture	The Secretary of Agriculture should ensure that the CIO of Agriculture finalizes its guidance to require that contracts affecting the agency's high value assets that are managed and operated in the cloud include language that provides the agency with continuous visibility of the asset. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Agriculture	The Secretary of Agriculture should ensure that the CIO of Agriculture updates its existing contracts for high value assets that are managed and operated in the cloud to meet OMB's requirement once guidance from the CIO Council is available on language that provides the agency with continuous visibility of the asset. If modifying the existing contract is not practical, the agency should incorporate language into the contract that will meet OMB's requirement upon option exercise or issuance of a new award. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce	The Secretary of Commerce should ensure that the CIO of Commerce finalizes guidance to put a cloud SLA in place with every vendor when a cloud solution is deployed. The guidance should include language that addresses OMB's four required elements for SLAs, including: continuous awareness of the confidentiality, integrity, and availability of its assets; a detailed description of roles and responsibilities; clear performance metrics; and remediation plans for non-compliance. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce	The Secretary of Commerce should ensure that the CIO of Commerce finalizes guidance on standardizing cloud SLAs (Recommendation 6)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

IT Modernization: Census Bureau Needs Reliable Cost and Schedule Estimates

Show

5 Open Recommendations

Agency Affected	Recommendation	Status
Department of Commerce	The Secretary of Commerce should direct the Director of the Census Bureau to ensure that the CEDSCI program consistently documents user stories to ensure bidirectional traceability with requirements. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce	The Secretary of Commerce should direct the Director of the Census Bureau to ensure that the CEDSCI program develops reliable cost estimates using best practices described in GAO's Cost Estimating and Assessment Guide, in particular those practices related to the comprehensive and credible characteristics. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce	The Secretary of Commerce should direct the Director of the Census Bureau to ensure that the CEDSCI program develops its schedule using the best practices described in GAO's Schedule Assessment Guide. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce	The Secretary of Commerce should direct the Director of the Census Bureau to ensure that the OCIO incorporates key elements, such as time frames, into its DevSecOps strategy and finalizes it in a timely manner. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce	The Secretary of Commerce should direct the Director of the Census Bureau to ensure that the American Community Survey program develops a plan, including time frames, for the steps they intend to take to determine the most appropriate methods to protect respondent privacy in the publicly available data releases. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Information Technology: IRS Needs to Complete Planning and Improve Reporting for Its Modernization Programs

Show

3 Open Recommendations

1 Priority

Agency Affected	Recommendation	Status
Internal Revenue Service	The Commissioner of the IRS should complete the enterprise roadmap and ensure it addresses the strategic operating plan's technology objective. (Recommendation 1)	Open In its March 2024 letter responding to our draft report, IRS noted plans to address this recommendation to complete its enterprise roadmap and stated that the work to complete the roadmap was well underway. However, the agency did not provide a time frame for when it plans to complete the roadmap. GAO will continue to monitor IRS actions to implement this recommendation.
Internal Revenue Service	The Commissioner of the IRS should complete plans for its modernization programs that include (1) milestones to complete the modernization, (2) a description of the work necessary to complete the modernization, and (3) details regarding the disposition of the legacy system, if applicable. (Recommendation 2)	Open IRS agreed with this recommendation. In its March 2024 letter responding to our draft report, IRS stated that, for each program, it will document the milestones to complete the modernization, describe the work necessary to develop the new system or to modernize the legacy system, and detail the disposition of the legacy system, if applicable. GAO will continue to monitor IRS actions to implement this recommendation.
Internal Revenue Service	Priority Rec. The Commissioner of the IRS should include information including a history of programs' cost and schedule goals and showing how the quarterly cost and schedule performance aligns with fiscal year and overall goals for the programs in its quarterly reports to Congress. (Recommendation 3)	Open IRS agreed with this recommendation. In its March 2024 letter responding to our draft report, IRS stated that the performance history of cost and schedule goals is readily available upon request. However, in our report, we do not state that IRS does not have this information. Rather, GAO is recommending that IRS proactively include this information in its quarterly reports to Congress. This would provide additional background and clarity on IRS's efforts to modernize the agency's information technology.

View More Recommendations

GAO Contacts

Carol C. Harris

Director

Information Technology and Cybersecurity

harriscc@gao.gov

Nick Marinos

Managing Director

Information Technology and Cybersecurity

MarinosN@gao.gov

Jennifer Franks

Director

Information Technology and Cybersecurity

franksj@gao.gov

David (Dave) Hinchman

Director

Information Technology and Cybersecurity

HinchmanD@gao.gov

Marisol Cruz Cain

Director

Information Technology and Cybersecurity

cruzcainm@gao.gov

Sterling Thomas

Chief Scientist

Science, Technology Assessment, and Analytics

thomass2@gao.gov