Skip to main content

Information Management

Jump To:

Recent Reports

View More Reports

Open Recommendations

Artificial Intelligence: DOD Needs Department-Wide Guidance to Inform Acquisitions
GAO-23-105850
Jun 29, 2023
Show
4 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should ensure that the Chief Digital and AI Officer, in conjunction with other DOD acquisition policy offices as appropriate, prioritize establishing department-wide AI acquisition guidance, including leveraging key private company factors, as appropriate. (Recommendation 1)
Open
DOD agreed with this recommendation. To address it, the Chief Digital and AI Officer (CDAO) stated that it developed the DOD Data, Analytics, and AI Adoption Strategy, released in November 2023, which includes guidance for DOD components on adopting and scaling AI capabilities, with a decision aid framework appendix planned for March 2024. DOD is also planning to create a federated AI construct implementation plan and publish a DOD instruction to serve as department-wide AI acquisition guidance by September 2024.
Department of the Army After DOD issues department-wide AI acquisition guidance, the Secretary of the Army should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 2)
Open
The Army agreed with this recommendation. As of Fall 2023, it noted that it expects to update the AI and Autonomy Roadmap after CDAO publishes its AI strategy, but did not indicate a specific timeframe for doing so. The Army is also delivering a Unified Data Reference Architecture and Project Linchpin, the Army's operations-enabling program for AI/machine learning capabilities.
Department of the Navy After DOD issues department-wide AI acquisition guidance, the Secretary of the Navy should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 3)
Open
The Navy agreed with this recommendation. As of Fall 2023, it noted that it expects to update AI acquisition guidance issued by the Secretary of the Navy where applicable within 90 days after CDAO issues its AI strategy.
Department of the Air Force After DOD issues department-wide AI acquisition guidance, the Secretary of the Air Force should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 4)
Open
The Air Force agreed with this recommendation. As of Fall 2023, it noted that it expects to address this recommendation by January 2026 by establishing Air Force-specific AI acquisition guidance after CDAO issues its AI strategy.

Information Management: Agencies Need to Streamline Electronic Services
GAO-23-105562
Dec 20, 2022
Show
12 Open Recommendations
Agency Affected Recommendation Status
Department of Justice The Attorney General should establish a reasonable time frame for when the Department of Justice will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 5)
Open
As of March 2024, Justice noted that any solution to implement remote identity proofing with authentication consistent with the CASES ACT and the Office of Management and Budget implementation guidance (M-21-04) must meet NIST's technical standard known as "Identity Assurance Level 2" (IAL2). In addition, the Department stated that they had been exploring acquiring the remote identity proofing services known as Login.gov offered by the General Services Administration (GSA), as a means of complying with the requirements of the CASES Act and M-21-04. Further, Justice stated the concerns identified in the GSA Inspector General report have contributed to challenges that the Department has faced in finding a solution to facilitate CASES Act compliance.
Department of Transportation The Secretary of Transportation should establish a reasonable time frame for when the Department of Transportation will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 6)
Open
As of March 2024, DOT has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.
Department of the Treasury The Secretary of Treasury should establish a reasonable time frame for when the Department of the Treasury will be able to digitally accept access and consent forms from individuals who were properly identity proofed and authenticated and post access and consent forms on the department's privacy program website. (Recommendation 7)
Open
As of March 2024, Treasury reported that it is exploring options for an authentication solution that includes an option for Multi-Factor Authentication Phishing Resistance. The Treasury will update GAO once they have a timeframe for implementation.
Department of Veterans Affairs The Secretary of Veterans Affairs should establish a reasonable time frame for when the Department of Veterans Affairs will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 8)
Open
As of March 2024, the VA's Office of Information and Technology (OIT) stood-up a focused team to explore solutions, develop a plan with milestones, establish level of effort, requirements, estimated costs, and a time frame for compliance. VA stated that within the next 90-days, the focused team responsible for addressing compliance with the CASES ACT and the Office of Management and Budget implementation guidance (M-21-04) will refine the plan based on the selected solution. OIT will provide an updated response to GAO, to include a detailed plan with milestones by July 31, 2023.
Equal Employment Opportunity Commission The Chair of the Equal Employment Opportunity Commission should establish a reasonable time frame for accepting remote identity proofing with authentication, digitally accepting access and consent forms from individuals who were properly identity proofed and authenticated, and posting access and consent forms on the agency's privacy program website. (Recommendation 9)
Open
As of March 2024, EEOC stated it has finalized plans to use the agency's FOIA portal vendor to route Privacy Act requesters through Login.gov to accept online access and consent forms from individuals who have been identity proofed and authenticated. In addition, this initiative is in the acquisition phase with planned delivery during the second quarter of Fiscal Year 2024.
National Archives and Records Administration The Archivist of the United States should establish a reasonable time frame for when the National Archives and Records Administration will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the agency's privacy program website. (Recommendation 10)
Open
As of March 2024, NARA has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.

COVID-19: Pandemic Lessons Highlight Need for Public Health Situational Awareness Network
GAO-22-104600
Jun 23, 2022
Show
12 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Department of Health and Human Services
Priority Rec.
The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes specific near-term and longterm actions that can be completed to show progress in developing the network. (Recommendation 5)
Open
In April 2023, HHS stated that longer-term actions that can be completed beyond fiscal year 2023 will require the establishment of dedicated funding resources. HHS also stated that it had completed specific near-term actions to establish an electronic public health situational awareness network capability by transitioning the HHS Protect data system and program stewardship to CDC and approving a new governance structure. In March 2024, HHS stated that the FY 2024 CDC Congressional Justification request will support the Response Ready Enterprise Data Platform (formerly HHS Protect) to serve as the common operating picture and central hub to collect, integrate, and share public health data in near-real time across federal agencies and with state, local, territorial, and tribal partners. HHS also stated that it will continue to provide information to GAO in future updates. We will continue to monitor any additional actions HHS takes to implement this recommendation. To fully implement this recommendation, HHS should ensure that it develops a plan for specific long-term actions in addition to near-term actions to show progress in the PAHPAIA network's development. For example, the plan should include PAHPAIA requirements regarding HHS' efforts to conduct a review of the data and information transmitted by the network and a discussion of any additional data sources and challenges in the incorporation of standardized data from various sources. Until HHS fully implements this recommendation, it may not be able to show that it is making significant progress in developing the network.
Department of Health and Human Services The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes time frames for implementing the near-term and long-term actions. (Recommendation 6)
Open
In April 2023, HHS stated that longer-term actions that can be completed beyond fiscal year 2023 will require the establishment of dedicated funding resources. As of February 2024, HHS stated that it will continue to provide information to GAO in future updates. We will continue to monitor any additional actions HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should ensure that the PAHPAIA work plan includes specific steps the department will take to oversee the progress of the actions the lead operational division takes to implement PAHPAIA requirements. (Recommendation 7)
Open
In February 2023, HHS stated that its Deputy Secretary approved a new governance structure in March 2022 to ensure strategic oversight, active management, and upkeep of HHS Protect as a data management system that will provide a common operating picture for future public health emergencies. According to HHS, the common operating picture establishes a governance structure and designates HHS leadership roles and responsibilities in the oversight and decision-making processes. However, as of April 2023, the department had not provided evidence that it established specific steps it would take to oversee the progress of PAHPAIA implementation. As of February 2024, HHS stated that it is working to provide an additional update to GAO. We will continue to monitor any actions HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should commit to a deadline for finalizing the work plan to implement PAHPAIA requirements and ensure that the work plan is fully implemented. (Recommendation 8)
Open
In April 2023, HHS stated that longer-term actions to establish an electronic public health situational awareness network capability beyond fiscal year 2023 will require the establishment of dedicated funding resources. The department added that it is working through the budget process to request additional resources in future fiscal years. As of February 2024, HHS stated that it will continue to provide information to GAO in future updates. We will continue to monitor the steps HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should ensure that the lead operational division for PAHPAIA implementation identifies and documents the IT- and information sharing-related challenges and lessons learned from the COVID-19 pandemic. (Recommendation 9)
Open
In April 2023, HHS stated that it will work with the relevant internal IT offices and also work with the HHS OCIO to identify and document IT and information-related challenges and lessons learned. The department did not provide a time frame for completing this activity. As of February 2024, HHS stated that it will continue to provide information to GAO in future updates. We will continue to monitor the actions HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should ensure that the lead operational division for PAHPAIA implementation shares the lessons learned from the COVID-19 pandemic with relevant stakeholders, such as state, territorial, and local public health officials. (Recommendation 10)
Open
In April 2023, HHS stated that the Centers for Disease Control and Prevention and the Administration for Strategic Preparedness and Response are examining lessons learned from the COVID-19 response and will coordinate on an implementation plan for comprehensive COVID-19 after-action efforts that address identified issues in this space. HHS did not provide a time frame for completing these activities. As of February 2024, HHS stated that it is working to provide an additional update to GAO. We will continue to monitor additional actions HHS takes to implement this recommendation.

Electronic Health Records: Additional DOD Actions Could Improve Cost and Schedule Estimating for New System
GAO-22-104521
Jun 08, 2022
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should direct the Program Executive Officer of Defense Health Management Systems to ensure that the program office develops a reliable cost estimate using best practices described in GAO's Cost Estimating and Assessment Guide, in particular, by addressing those cost practices that were partially or minimally met. (Recommendation 1)
Open
In its comments on our draft report, DOD agreed with our recommendation and outlined steps it would take in response. In July 2023, DOD reported that the program will start transitioning to new cost estimating software in September 2023. As a result of this transition, DOD stated that they will not have a new cost estimate that adheres to the best practices described in our Cost Estimating and Assessment Guide until September 2024. We will continue to be in contact with DOD to gain additional information on the actions they are taking and their progress toward completion.
View More Recommendations

Related Pages

GAO Contacts

View More Contacts