This is the accessible text file for GAO report number GAO-12-163 
entitled 'Aviation Security: TSA Has Taken Steps to Enhance Its 
Foreign Airport Assessments, but Opportunities Exist to Strengthen the 
Program' which was released on October 31, 2011. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Report to Congressional Requesters: 

October 2011: 

Aviation Security: 

TSA Has Taken Steps to Enhance Its Foreign Airport Assessments, but 
Opportunities Exist to Strengthen the Program: 

GAO-12-163: 

GAO Highlights: 

Highlights of GAO-12-163 a report to congressional requesters. 

Why GAO Did This Study: 

International flights bound for the United States continue to be 
targets of terrorist activity, as demonstrated by the October 2010 
discovery of explosive devices in air cargo packages bound for the 
United States from Yemen. The Transportation Security Administration 
(TSA) is responsible for securing the nation’s civil aviation system, 
which includes ensuring the security of U.S.-bound flights. As 
requested, GAO evaluated (1) the steps TSA has taken to enhance its 
foreign airport assessment program since 2007, and any remaining 
program challenges; (2) TSA’s assessment results, including how TSA 
uses the results to guide future efforts; and (3) what opportunities, 
if any, exist to enhance the program. To conduct this work, GAO 
reviewed foreign airport assessment procedures and results, 
interviewed TSA and foreign aviation security officials, and observed 
TSA conduct a foreign airport assessment. While these interviews and 
observations are not generalizable, they provided insights on TSA’s 
program. This is the public version of a sensitive report GAO issued 
in September, 2011. Information that TSA deemed sensitive has been 
omitted. 

What GAO Found: 

Since 2007, TSA has taken a number of steps to enhance its foreign 
airport assessment program, some of which were taken in response to GAO’
s prior recommendations. For example, TSA updated its policies and 
methodologies used to guide and prioritize its assessment efforts, and 
implemented tools to track its annual assessment schedule, airport 
assessment results, and foreign government progress in resolving 
security deficiencies previously identified during the assessments. 
However, challenges remain in gaining access to some foreign airports, 
developing an automated database to better manage program information, 
prioritizing and providing training and technical assistance to 
foreign countries, and expanding the scope of TSA’s airport 
assessments to include all-cargo operations. TSA has various efforts 
under way to address these challenges. 

Based on GAO’s analysis of TSA’s foreign airport assessments conducted 
from fiscal year 2006 through May 2011, some foreign airports complied 
with all of TSA’s aviation security assessment standards; however, TSA 
has identified serious noncompliance issues at a number of foreign 
airports. Common areas of noncompliance included weaknesses in airport 
access controls and passenger and baggage screening. Moreover, GAO’s 
analysis showed variation in airport compliance across geographic 
regions and individual security standards, among other things. For 
example, GAO’s analysis showed that some number of regions of the 
world had no airports with egregious noncompliance while other regions 
had several such airports. However, TSA has not yet taken steps to 
evaluate its assessment results to identify regional and other trends 
over time. Developing a mechanism to evaluate its assessment results 
could help support TSA’s priorities for aviation security training and 
technical assistance, inform its risk management decision making by 
identifying any trends and security gaps, and target capacity building 
efforts. 

Opportunities also exist for TSA to make additional program 
improvements in several key areas. For example, the agency has not 
developed criteria and guidance for determining foreign airport 
vulnerability ratings. This is particularly important given that these 
ratings are a key component for how TSA determines each foreign 
airport’s risk level. Providing TSA decision makers with more specific 
criteria and definitions could provide greater assurance that such 
determinations are consistent across airports over time. In addition, 
there are opportunities for TSA to increase program efficiency and 
effectiveness by, for example, conducting more targeted foreign 
airport assessments and systematically compiling and analyzing 
security best practices. Taking such actions could help TSA better 
focus its assessments to address areas of highest risk, and identify 
security best practices and technologies that may be applicable to 
enhancing the security of both foreign and domestic airports. 

What GAO Recommends: 

GAO recommends that TSA develop a mechanism to evaluate its assessment 
results to identify any trends, and target resources and future 
activities; establish criteria for determining foreign airport 
vulnerability ratings; and consider the feasibility of conducting more 
targeted assessments and compiling information on aviation security 
best practices. DHS agreed with the recommendations. 

View [hyperlink, http://www.gao.gov/products/GAO-12-163]. For more 
information, contact Steve Lord at (202) 512-4379 or lords@gao.gov. 

[End of section] 

Contents: 

Letter: 

Background: 

TSA Has Taken Steps to Enhance Foreign Airport Assessments, but 
Challenges Remain: 

Some Number of Foreign Airports Complied with ICAO Standards, but TSA 
Could Better Use Its Assessment Results: 

Opportunities Exist to Clarify Airport Assessment Criteria, Further 
Target Airport Assessments, and Systematically Identify Security Best 
Practices: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Scope and Methodology: 

Appendix II: Process for Taking Secretarial Action against a Foreign 
Airport: 

Appendix III: ICAO Standards TSA Uses to Assess Security Measures at 
Foreign Airports: 

Appendix IV: TSA Process for Conducting Foreign Airport Assessments: 

Appendix V: TSA Aviation Security Sustainable International Standards 
Team (ASSIST) Program: 

Appendix VI: Comments from the Department of Homeland Security: 

Appendix VII: GAO Contact and Staff Acknowledgments: 

Table: 

Table 1: Positions That Play a Key Role in TSA's Foreign Airport 
Assessment Program: 

Figures: 

Figure 1: Process for Taking Secretarial Action against a Foreign 
Airport: 

Figure 2: Multistep Process for Conducting Foreign Airport Assessments: 

Abbreviations: 

AIT: Advanced Imaging Technology: 

AME: Africa-Middle East: 

APAC: Asia-Pacific: 

ASSIST: Aviation Security Sustainable International Standards Team: 

ATA: Anti-Terrorism Assistance: 

CDB: Capacity Development Branch: 

DHS: Department of Homeland Security: 

EC: European Commission: 

ECAC: European Civil Aviation Conference: 

EU: European Union: 

EUR: Europe: 

FAA: Federal Aviation Administration: 

FAARS: Foreign Airport Assessment Reporting System: 

GC: Global Compliance: 

GPRA: Government Performance and Results Act: 

ICAO: International Civil Aviation Organization: 

OGS: Office of Global Strategies: 

OIO: Office of International Operations: 

ROC: Regional Operations Center: 

SOP: Standard Operating Procedures: 

SSI: Sensitive Security Information: 

TSA: Transportation Security Administration: 

TSAR: TSA Representative: 

WH: Western Hemisphere: 

[End of section] 

United States Government Accountability Office: 
Washington, DC 20548: 

October 21, 2011: 

The Honorable Susan M. Collins:
Ranking Member:
Committee on Homeland Security and Governmental Affairs:
United States Senate: 

The Honorable Peter T. King:
Chairman:
Committee on Homeland Security:
House of Representatives: 

The Honorable John L. Mica:
Chairman:
Committee on Transportation and Infrastructure:
House of Representatives: 

The December 25, 2009, attempt to detonate an explosive during an 
international flight bound for Detroit, and the October 2010 discovery 
of explosive devices in air cargo packages bound for the United States 
from Yemen provide vivid reminders that civil aviation remains a key 
terrorist target and highlight the importance of ensuring the security 
of U.S.-bound flights. Furthermore, roughly 80 million passengers and 
10 billion pounds of cargo are transported on inbound flights to the 
United States per year, further highlighting the need to ensure the 
security of these flights. Approximately 300 foreign airports provide 
last point of departure flights to the United States in approximately 
100 countries. As a result, efforts to evaluate the security of 
foreign airports that service the United States--and mitigating any 
identified security risks--are important steps in ensuring the 
security of the U.S. aviation system particularly considering that 
inbound flights continue to be targets of coordinated terrorist 
activity. 

The Transportation Security Administration (TSA), a component of the 
Department of Homeland Security (DHS), is the federal agency with 
primary responsibility for securing the nation's civil aviation 
system, which includes ensuring the security of U.S.-bound flights. 
[Footnote 1] Through its foreign airport assessment program, TSA 
determines whether foreign airports that provide service to the United 
States are maintaining and carrying out effective security measures. 
[Footnote 2] While TSA is authorized under U.S. law to conduct foreign 
airport assessments at intervals it considers necessary, TSA may not 
perform an assessment of security measures at a foreign airport 
without permission from the host government. 

In 2007, we reported on TSA's efforts to assess the security at 
foreign airports and recommended that TSA, among other things, take 
steps to track the status of foreign airport assessments from 
initiation through completion, develop a standard process for tracking 
and documenting host governments' progress in addressing security 
deficiencies identified during TSA assessments, and develop outcome-
oriented performance measures to evaluate the impact TSA assessments 
have on improving foreign airport compliance with international 
standards.[Footnote 3] DHS concurred with the recommendations and has 
since taken a number of steps to address them and improve the program. 
We discuss these and other actions TSA has taken, since 2007, later in 
this report. 

Considering the high volume of passengers and flights arriving in the 
United States from foreign locations and the recent history of 
terrorist threats against inbound commercial flights, you asked us to 
reexamine TSA's foreign airport assessment program, including the 
progress it has made since our prior report in 2007. Specifically, 
this report addresses the following questions: (1) to what extent has 
TSA taken steps to enhance its foreign airport assessment program 
since 2007, and what challenges remain; (2) what are the results of 
TSA's foreign airport assessments, and to what extent does TSA use the 
results of these assessments to guide its future assessment 
activities; and (3) what opportunities, if any, exist to enhance the 
value of TSA's foreign airport assessment program? 

This report is a public version of the prior sensitive report that we 
provided to you in September 2011. TSA deemed some of the information 
in the prior report as Sensitive Security Information (SSI), which 
must be protected from public disclosure. Therefore, this report omits 
sensitive information about the specific results of TSA's foreign 
airport assessments. In addition, at TSA's request, we have omitted 
some information regarding the remaining challenges for TSA's foreign 
airport assessment program. Although the information provided in this 
report is more limited in scope, it addresses the same questions as 
the sensitive report. Also, the overall methodology used for both 
reports is the same. 

To collectively address these objectives, we obtained and reviewed TSA 
guidance for conducting and reporting the results of foreign airport 
assessments, such as TSA's Foreign Airport Assessment Program Standard 
Operating Procedures (SOP) document, which prescribes program and 
operational guidance for assessing security measures at foreign 
airports. We also obtained and analyzed the results of TSA's foreign 
airport assessments from fiscal year 2006 through May 9, 2011, to 
determine the extent to which foreign airports complied with 
international aviation security standards, and assessed how TSA 
conducted follow-up on the results of these assessments. Specifically, 
we analyzed the frequency with which foreign airports complied with 
standards, such as passenger screening, baggage screening, and access 
controls, among others. We assessed the reliability of TSA's foreign 
airport assessment data and concluded that the data were sufficiently 
reliable for the purposes of our review. Among the steps we took to 
assess the reliability of TSA data were selecting a random sample of 
records from the program's vulnerability results tracking sheet and 
examining the corresponding assessment reports to identify any 
inconsistencies. We also reviewed the steps TSA takes to assign risk 
rankings to foreign airports as well as efforts to analyze its 
assessment results, and compared these efforts to Standards for 
Internal Control in the Federal Government.[Footnote 4] In addition, 
we interviewed TSA program management officials located at TSA 
headquarters as well as visited four of the five TSA Regional 
Operations Centers (ROC) located in Miami, Los Angeles, Dallas, and 
Frankfurt, Germany, to interview TSA international inspector 
officials. We based our site visit selections on the number of 
available inspectors at each location and geographic dispersion. We 
also interviewed other federal and nonfederal stakeholders, such as 
the Department of State, International Civil Aviation Organization 
(ICAO), and European Commission (EC) officials to discuss efforts and 
programs these organizations have in place to enhance international 
aviation security. In addition, we accompanied TSA officials during an 
assessment at a foreign airport to observe how TSA's policies and 
procedures were implemented in practice. Information from our 
interviews with government officials, members of the aviation 
industry, and TSA officials and inspectors, and our observations of 
TSA inspectors cannot be generalized beyond those that we spoke with 
because we did not use statistical sampling techniques in selecting 
individuals to interview. However, these interviews and observations 
provide perspectives on TSA's foreign airport assessment program, 
including various officials' roles and responsibilities related to the 
program. 

We conducted this performance audit from August 2010 through October 
2011 in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives. More 
details about the scope and methodology of our work are contained in 
appendix I. 

Background: 

DHS Responsibilities for Enhancing the Security of Airports with U.S.- 
Bound Flights from Foreign Countries: 

Shortly after the September 11, 2001, terrorist attacks, Congress 
passed, and the President signed into law, the Aviation and 
Transportation Security Act, which established TSA and gave the agency 
responsibility for securing all modes of transportation, including the 
nation's civil aviation system, which includes domestic and 
international commercial aviation operations.[Footnote 5] In 
furtherance of its civil aviation security responsibilities, TSA is 
statutorily required to assess the effectiveness of security measures 
at foreign airports served by a U.S. air carrier, from which a foreign 
air carrier serves the United States, that pose a high risk of 
introducing danger to international air travel, and at other foreign 
airports deemed appropriate by the Secretary of Homeland Security. 
[Footnote 6] This provision of law also identifies measures that the 
Secretary must take in the event that he or she determines that an 
airport is not maintaining and carrying out effective security 
measures based on TSA assessments.[Footnote 7] See appendix II for a 
detailed description of the process for taking secretarial actions 
against a foreign airport. In addition, TSA conducts inspections of 
U.S. air carriers and foreign air carriers that service the United 
States from foreign airports pursuant to its authority to ensure that 
air carriers certified or permitted to operate to, from, or within the 
United States meet applicable security requirements, including those 
set forth in an air carrier's TSA-approved security program.[Footnote 
8] 

The Secretary of Homeland Security delegated to the Assistant 
Secretary of TSA the responsibility for conducting foreign airport 
assessments, but retained responsibility for making the determination 
that a foreign airport does not maintain and carry out effective 
security measures. Currently, the Global Compliance Division and 
Office of International Operations, within TSA's Office of Global 
Strategies, are responsible for conducting foreign airport 
assessments. Table 1 highlights the roles and responsibilities of the 
TSA positions within these divisions that are responsible for 
implementing the foreign airport assessment program. 

Table 1: Positions That Play a Key Role in TSA's Foreign Airport 
Assessment Program: 

Office/division: Global Compliance, Office of Global Strategies; 
Position: Director of Global Compliance; 
Duties: The Director of Global Compliance carries out the statutory 
mandate of the Secretary of Homeland Security and the Assistant 
Secretary of TSA to assess the adequacy of civil aviation security at 
foreign airports. The Director of Global Compliance supervises and 
directs work of the Regional Operations Center Managers and assigned 
desk officers. 

Office/division: Global Compliance, Office of Global Strategies; 
Position: Regional Operations Center (ROC) Manager; 
Duties: The ROC Manager is responsible for the overall planning and 
conduct of assessments of the foreign airports for which he/she has 
geographic responsibility, including the scheduling and coordination 
of personnel and resources. The ROC Manager supervises and directs the 
work of the inspector workforce and administrative support personnel 
within his/her assigned geographic responsibility.[A] 

Office/division: Global Compliance, Office of Global Strategies; 
Position: Aviation Security Inspector; 
Duties: Inspectors are primarily responsible for performing and 
reporting the results of foreign airport assessments, and will provide 
on-site assistance and make recommendations for security enhancements. 
Inspectors are also deployed in response to specific incidents and to 
monitor for identified threats. Inspectors are based in one of TSA's 
five ROCs. As of July 2011, TSA has authorized 2,013 full-time 
equivalent inspectors, including 1,929 domestic aviation, cargo, cargo 
canine, and surface inspectors and 84 international aviation 
inspectors. Of the 84 authorized international aviation inspectors, 64 
are on-board (with 10 vacancies) for international aviation inspectors 
and 9 are on-board (with 1 vacancy) for international cargo aviation 
inspectors. 

Office/division: International Operations, Office of Global Strategies; 
Position: TSA Representative (TSAR); 
Duties: TSARs communicate with foreign government officials to address 
transportation security matters and to conduct foreign airport 
assessments. Specifically, the TSARs serve as on-site coordinators for 
TSA responses to terrorist incidents and threats to U.S. assets at 
foreign transportation modes. TSARs also serve as principal advisors 
on transportation security affairs to U.S. ambassadors and other 
embassy officials responsible for transportation issues to ensure the 
safety and security of the transportation system. For the foreign 
airport assessment program, TSARs are often involved in arranging pre- 
assessment activities, assessment visits, and follow-up visits. 
Additionally, TSARs are responsible for completing portions of the 
airport assessment reports and reviewing completed assessment reports. 
TSARs also help host government officials address security 
deficiencies that are identified during assessments. As of July 2011, 
TSA had 24 TSARs.[B] 

Source: TSA. 

[A] TSA's ROCs are located in Dallas, Miami, Singapore, Los Angeles, 
and Frankfurt, Germany. They are responsible for foreign airports in 
the geographic regions of Africa-Middle East (AME), Asia-Pacific 
(APAC), Europe (EUR), and Western Hemisphere (WH). 

[B] TSARs are located in Amman, Athens, Bangkok, Beijing, Berlin, 
Brussels, Buenos Aires, Johannesburg, Kabul, London, Madrid, Manila, 
Mexico City, Miami, Nairobi, Nassau, Ottawa, Paris, Rome, Singapore, 
Sydney, Tokyo, and Warsaw. There is also a TSA liaison to the United 
States Africa Command based in Stuttgart, Germany. 

[End of table] 

TSA's Process for Assessing Aviation Security Measures at Foreign 
Airports: 

TSA assesses the effectiveness of security measures at foreign 
airports using select aviation security standards and recommended 
practices adopted by ICAO, a United Nations organization representing 
190 countries.[Footnote 9] ICAO standards and recommended practices 
address operational issues at an airport, such as ensuring that 
passengers and baggage are properly screened and that unauthorized 
individuals do not have access to restricted areas of an airport. ICAO 
standards and recommended practices also address non-operational 
issues, such as whether a foreign government has implemented a 
national civil aviation security program for regulating security 
procedures at its airports and whether airport officials implementing 
security controls go through background investigations, are 
appropriately trained, and are certified according to a foreign 
government's national civil aviation security program. ICAO member 
states have agreed to comply with these standards, and are strongly 
encouraged to comply with ICAO-recommended practices.[Footnote 10] The 
ICAO standards and recommended practices TSA assesses foreign airports 
against are referred to collectively in this report as ICAO standards 
or standards. See appendix III for a description of the ICAO standards 
TSA uses to assess security measures at foreign airports.[Footnote 11] 

TSA uses a risk-informed approach to schedule foreign airport 
assessments by categorizing airports into three tiers.[Footnote 12] 
Specifically, Tier 1 airports--airports that are determined to be low 
risk--are assessed once every 3 years; Tier 2 airports--airports 
determined to be medium risk--are assessed every 2 years; and Tier 3 
airports--those determined to be high risk--are assessed annually. 
TSA's assessments of foreign airports are conducted by a team of 
inspectors, which generally includes one team leader and one team 
member. According to TSA, it generally takes 3 to 7 days to complete a 
foreign airport assessment. However, the amount of time required to 
conduct an assessment varies based on several factors, including the 
size of the airport, the number of air carrier station inspections to 
be conducted at the airport, the threat level to civil aviation in the 
host country, and the amount of time it takes inspectors to travel to 
and from the airport where the assessment will take place.[Footnote 13] 

TSA uses a multistep process to conduct assessments of foreign 
airports. Specifically, the TSA Representative (TSAR) must obtain 
approval from the host government to allow TSA to conduct an airport 
assessment, and schedule the date for the on-site assessment. After 
conducting an entry briefing with Department of State, host country 
officials, and airport officials, the team conducts an on-site visit 
to the airport. During the assessment, the team of inspectors uses 
several methods to determine a foreign airport's level of compliance 
with ICAO standards, including conducting interviews with airport 
officials, examining documents pertaining to the airport's security 
measures, and conducting a physical inspection of the airport. For 
example, inspectors are to examine the integrity of fences, lighting, 
and locks by walking the grounds of the airport. Inspectors also make 
observations on access control procedures, such as looking at employee 
and vehicle identification methods in secure areas, as well as 
monitoring passenger and baggage screening procedures in the airport. 
At the close of an airport assessment, inspectors brief foreign 
airport and government officials on the results of the assessment. TSA 
inspectors also prepare a report summarizing their findings on the 
airport's overall security posture and security measures, which may 
contain recommendations for corrective action and must be reviewed by 
the TSAR, the ROC manager, and TSA headquarters officials. See 
appendix IV for more information on the multistep process TSA uses to 
conduct its assessments of foreign airports. 

Along with conducting airport assessments, the same TSA inspection 
team also conducts air carrier inspections when visiting a foreign 
airport to ensure that air carriers are in compliance with TSA 
security requirements. Both U.S. air carriers and foreign air carriers 
with service to the United States are subject to inspection. When 
conducting air carrier inspections, TSA inspectors examine compliance 
with applicable security requirements, including TSA-approved security 
programs, emergency amendments to the security programs, and security 
directives.[Footnote 14] As in the case of airport assessments, air 
carrier inspections are conducted by a team of inspectors, which 
generally includes one team leader and one team member. An inspection 
of an air carrier typically takes 1 or 2 days, but can take longer 
depending on the extent of service by the air carrier. Inspection 
teams may spend several days at a foreign airport inspecting air 
carriers if there are multiple airlines serving the United States from 
that location. During an inspection, inspectors are to review 
applicable security manuals, procedures, and records; interview air 
carrier station personnel; and observe air carrier employees 
processing passengers from at least one flight from passenger check-in 
until the flight departs the gate to ensure that the air carrier is in 
compliance with applicable requirements. Inspectors evaluate a variety 
of security measures, such as passenger processing, checked baggage 
acceptance and control, aircraft security, and passenger screening. If 
an inspector finds that an air carrier is not complying with 
applicable security requirements, additional steps are to be taken to 
record such instances and, in some cases, pursue them with further 
investigation. 

If the inspectors report that an airport's security measures do not 
meet minimum ICAO standards, particularly critical standards, such as 
those related to passenger and checked baggage screening and access 
controls, TSA headquarters officials are to inform the Secretary of 
Homeland Security.[Footnote 15] If the Secretary, based on TSA's 
airport assessment results, determines that a foreign airport does not 
maintain and carry out effective security measures, he or she must, 
after advising the Secretary of State, take secretarial action. See 
appendix II for a detailed description of the process for taking 
secretarial actions against a foreign airport. 

GAO's 2007 Review of TSA Foreign Airport Assessment Program: 

In 2007, we issued a report on TSA 's foreign airport assessment 
program, including the results of TSA's foreign airport assessments, 
actions taken and assistance provided by TSA when security 
deficiencies were identified at foreign airports, TSA oversight of its 
program, and TSA's efforts to address challenges in conducting foreign 
airport assessments. Specifically, we reported that TSA's oversight of 
the foreign airport assessment program could be strengthened. For 
example, TSA did not have adequate controls in place to track whether 
scheduled assessments and inspections were actually conducted, 
deferred, or canceled. TSA also did not always document foreign 
officials' progress in addressing security deficiencies identified by 
TSA. Further, TSA did not have outcome-based performance measures to 
assess the impact of its assessments on the security of U.S.-bound 
flights. As a result, we recommended that TSA develop controls for 
tracking and documenting information and establish outcome-based 
performance measures to strengthen oversight of its foreign airport 
and air carrier evaluation programs. DHS concurred with the 
recommendations and has since taken several actions to address them, 
which we discuss later in our report. 

TSA Has Taken Steps to Enhance Foreign Airport Assessments, but 
Challenges Remain: 

TSA Steps to Update and Streamline Its Assessments: 

Since 2007, TSA has taken a number of steps to update and streamline 
its foreign airport assessment program, as discussed below. 

TSA revised and updated its Standard Operating Procedures (SOP) for 
the program. In 2010, TSA revised the SOP, which prescribes program 
and operational guidance for assessing security measures at foreign 
airports. TSA also streamlined the assessment process by reducing the 
number of ICAO standards it assesses foreign airports against from 86 
to 40.[Footnote 16] Of the 40, TSA officials we interviewed told us 
the agency has identified 22 standards as key for determining an 
airport's level of security.[Footnote 17] In addition, TSA reduced the 
assessment report writing cycle time for inspectors from 38 calendar 
days to 20 calendar days, which was intended to expedite the delivery 
of assessment reports to host governments. This new requirement has 
helped TSA reduce the time needed to deliver its assessment results to 
foreign countries, but all 23 inspectors we interviewed told us this 
requirement was often difficult to meet due to a variety of factors. 
For example, upon returning from a visit, TSA inspectors reported that 
they need to document both the airport assessment and air carrier 
inspections, and plan their next trip, which makes the reduced 
reporting time requirement difficult to meet. However, the Director of 
Global Compliance told us that for larger airports with many air 
carriers, TSA recently began separating the airport assessment and air 
carrier inspection visits into two separate visits, thus reducing the 
documentation workload. Moreover, the deadline to submit documentation 
has been delayed for some back-to-back assessment trips in order to 
provide sufficient time for inspectors to complete the documentation. 
[Footnote 18] The Director of Global Compliance also stated that, in 
fiscal year 2012, all employees will have training opportunities in 
order to improve writing skills and reduce the amount of time 
dedicated to editing and rewriting assessments. In addition, to 
address resource needs we identified in 2007, TSA hired 6 additional 
international inspectors in 2007 and 10 international cargo inspectors 
in 2008 and created 25 new international inspector positions, of which 
15 were filled as of July 2011.[Footnote 19] TSA plans to fill the 
remaining 10 positions by the end of 2011.[Footnote 20] The Director 
of Global Compliance stated that the burden of writing and processing 
assessment reports should be lessened as the agency hires additional 
inspectors because this will create a greater pool of available 
inspectors to conduct and document the assessments. 

TSA implemented a new risk-informed methodology for prioritizing and 
scheduling its assessments at foreign airports in 2010.[Footnote 21] 
Specifically, TSA now categorizes foreign airports as high, medium or 
low risk. Of the roughly 300 foreign airports TSA assesses, TSA 
identified some airports as high risk and others as medium risk as of 
August, 2011.[Footnote 22] The remaining airports were deemed low 
risk. [Footnote 23] TSA's methodology for determining an airport's 
risk category is based on the likelihood of a location being targeted 
(threat), the protective measures in place at that location 
(vulnerability), and the potential impact of an attack on the 
international transportation system (consequence). TSA uses current 
threat information, airport passenger and flight data, and prior 
airport assessment results to assign each airport a numerical risk 
score, which is then used to determine its overall risk ranking. As 
part of this calculation, TSA assigns each airport an overall 
vulnerability score of 1-5. These scores, or categories, are numerical 
representations of compliance or noncompliance with the ICAO standards 
the agency assesses each foreign airport against. Specifically, using 
an airport's most recent assessment report, the ROC Manager and TSA's 
Director of Global Compliance assign an overall vulnerability category 
for each airport based on the following descriptions provided in the 
2010 Foreign Airport Assessment Program SOP: 

* Category 1: Fully Compliant; 

* Category 2: Capability Exists with Minor Episodes of Noncompliance; 

* Category 3: Capability Exists, Compliance is Generally Noted, 
Shortfalls Remain; 

* Category 4: Capability Exists, Serious Lack of Implementation 
Observed; and: 

* Category 5: Egregious Noncompliance. 

Once the vulnerability score is determined, it is then combined with 
each airport's related threat and consequence information to determine 
its risk category. TSA attempts to assess high-risk airports every 
year, medium-risk airports once every 2 years, and low-risk airports 
once every 3 years. TSA's Director of Global Compliance told us this 
new approach allows the agency to better allocate resources to 
identify and mitigate security concerns at foreign airports it 
assesses. In addition, all the TSA ROC managers and 19 of the 23 
inspectors we interviewed during our site visits told us that this new 
foreign airport risk prioritization methodology was an improvement 
over the previous process.[Footnote 24] These officials also stated 
that this new approach has helped them reduce the number of 
assessments conducted annually, enabling inspectors to better adhere 
to the annual schedule. On the basis of our analysis, TSA's approach 
for scheduling foreign airport assessments is consistent with 
generally accepted risk management principles, which define risk as a 
function of threat, vulnerability, and consequence.[Footnote 25] 

TSA developed a 2011 strategic implementation plan. This plan 
establishes annual program objectives and milestones, and links 
program activities to broader agency aviation security goals providing 
a road map for their completion.[Footnote 26] 

TSA began declassifying its foreign airport assessment reports. Since 
2007, TSA has been declassifying the reports from Confidential and 
designating them SSI to facilitate better access to and the 
dissemination of program results, while still providing protection for 
foreign government information deemed sensitive. TSA officials noted 
that the declassification of assessment results is essential for TSA 
because staff could not easily access the specifics of prior results 
and deficiencies from reports that have not yet been declassified. 

TSA formed the Capacity Development Branch (CDB). TSA created the CDB 
in 2007 to manage all TSA international aviation security capacity 
building assistance efforts, including requests for assistance in 
response to a host government's airport assessment results. Through 
CDB, TSA provides six aviation security training courses that address, 
among other things, preventive security measures, incident management 
and response, and cargo security.[Footnote 27] In 2008, TSA also 
developed the Aviation Security Sustainable International Standards 
Team (ASSIST) Program to provide more long-term, sustainable, 
technical aviation security assistance to select foreign countries. 
Thus far, TSA has partnered with five countries under the ASSIST 
program: St. Lucia, Liberia, Georgia, Haiti, and Palau. See appendix V 
for more specific information on TSA assistance provided these 
countries under ASSIST. 

TSA developed assessment tracking tools to provide better oversight of 
program information. In 2007 we reported that TSA did not have 
controls in place to track the status of scheduled foreign airport 
assessments, including whether assessments were actually conducted or 
whether they were deferred or canceled, which could make it difficult 
for the agency to ensure that scheduled assessments are actually 
completed. We also reported that TSA did not always document the 
results of follow-up conducted by TSA staff to determine progress made 
by foreign governments in addressing security deficiencies identified 
by TSA inspectors during assessments, and that such follow-up would 
enable the agency to have access to updated information on the 
security status of foreign airports that provide service to the United 
States. In response to the findings and recommendations we made in our 
2007 report, TSA implemented a tool to track its annual foreign 
airport assessment schedule, including reasons why assessments were 
deferred or canceled, and a tracking sheet to compile the results of 
its prior airport assessments. Specifically, this sheet documents the 
frequency with which foreign airports complied with particular 
categories of ICAO standards, such as passenger screening, baggage 
screening, and access controls, among others. TSA also developed a 
tool whereby deficiencies previously identified during an assessment 
can be tracked to monitor the progress made by host governments in 
rectifying security deficiencies. TSA's Director of Global Compliance 
told us these tracking sheets have helped TSA provide better oversight 
and monitoring of key program information. 

TSA signed several working arrangements to facilitate its assessments. 
Since 2007, TSA has signed a multilateral working arrangement with the 
European Union (EU), and several bilateral working arrangements with 
individual foreign nations, to facilitate, among other things, TSA 
assessments at foreign airports. Specifically, in 2007, we reported 
that TSA had taken steps toward harmonizing[Footnote 28] airport 
assessment processes with the European Commission (EC).[Footnote 29] 
As part of these efforts, TSA and the EC established six working 
groups to facilitate, among other things, sharing of SSI between TSA 
and the EC, TSA observation of EU airport assessments, as well as EC 
observation of TSA assessments of airports in the United States. 
[Footnote 30] In 2008, TSA signed a multilateral working arrangement 
with the EU to facilitate joint assessments and information sharing 
between TSA and the EU. Specifically, under the arrangement, TSA and 
the EC coordinate assessment schedules annually to identify airport 
locations at which to conduct joint assessments. EC officials we 
interviewed told us their main goal under the arrangement was to 
better leverage resources and reduce the number of TSA visits per year 
to European airports because of concerns from EU member states on the 
frequency of visits from EC and U.S. audit teams. TSA officials we 
interviewed said they also wanted to better leverage existing 
resources while ensuring continued TSA access to European airports for 
the purposes of conducting security assessments. While TSA agreed to 
conduct assessments at EU airports no more than once every 5 years, EU 
and TSA officials we interviewed said the EC permits TSA to approach a 
country bilaterally if scheduling conflicts do not allow for an 
assessment to be conducted jointly. TSA also occasionally conducts 
table-top reviews in place of on-site airport visits. Specifically, if 
the EC inspected an airport within the last 2 years, TSA will 
sometimes meet with EC officials to review the EC inspection report--
referred to as a table top--which typically contains enough 
information for TSA to make its evaluations.[Footnote 31] However, TSA 
officials said table-top reviews should not serve as a permanent 
substitute for TSA onsite assessments. 

TSA has also entered into several bilateral working arrangements with 
foreign countries to facilitate its airport assessments. Specifically, 
TSA has signed arrangements with Brazil, Germany, India, the United 
Kingdom, Russia, and is in the process of establishing arrangements 
with Nicaragua and Portugal. These arrangements specify certain 
conditions, practices, and protocols for sharing key information with 
TSA, but also impose some constraints, such as limiting the number of 
TSA visits per year, including the length of the visit. 

Challenges Affecting TSA Assessment Efforts: 

Even with TSA's efforts to enhance the program, challenges remain in 
several areas: gaining access to some foreign airports, developing an 
automated database to manage program information, prioritizing and 
providing training and technical assistance, and expanding the scope 
of TSA's airport assessments to include all-cargo operations, as 
discussed below. 

TSA access to some foreign airports has been limited by sovereignty 
concerns. In 2007, we reported that some host governments expressed 
concerns that TSA assessments infringe upon their authority to 
regulate airports and air carriers within their borders, and that some 
foreign governments had denied TSA access to their airports. TSA's 
multilateral and bilateral arrangements have helped to facilitate 
assessments in some foreign countries, but TSA has had difficulty 
gaining access to some foreign airports due to sovereignty concerns 
raised by host governments. For example, TSA has not been able to 
assess any of the four airports in Venezuela or conduct TSA compliance 
inspections for air carriers flying out of Venezuela into the United 
States, including U.S. air carriers, since 2006. Thus, TSA has been 
unable to determine the security posture of flights from Venezuela 
bound for the United States. On September 8, 2008, the Secretary of 
Homeland Security issued a Public Notice that informs the public that 
the U.S. Government is unable to determine whether airports in 
Venezuela that serve as the last point of departure for nonstop 
flights to the United States maintain and carry out effective aviation 
security measures.[Footnote 32] 

A TSA official told us that a TSA representative traveled to Venezuela 
recently to start discussions with the Venezuelan government about TSA 
regaining access to Venezuelan airports to conduct assessments and air 
carrier inspections. Since it is unclear what the outcome of these 
discussions will be, and when TSA will regain access to airports and 
air carriers in Venezuela, the Public Notice remains in effect. Until 
TSA is able to regain access to airports and air carriers in Venezuela 
to conduct assessments and air carrier inspections, the agency will be 
unable to determine to what extent, if at all, airports in Venezuela 
are maintaining and carrying out effective security measures, or the 
extent to which air carriers are complying with TSA security 
requirements for U.S.-bound flights.[Footnote 33] The Director of 
Global Compliance indicated TSA is concerned about sovereignty issues 
with other foreign countries and their willingness to allow TSA 
inspectors to assess their airports and air carriers. TSA has been 
working on establishing a Memorandum of Understanding with one country 
to ensure continued TSA access to its airports. Moreover, TSA 
indicated that working arrangements it developed with two other 
countries were undertaken to address government sovereignty concerns 
over TSA's assessments. 

TSA has experienced difficulties developing an automated database. 
Since 2007, TSA has been in the process of trying to develop an 
integrated, automated database management system to allow for more 
timely submission of foreign airport assessment results, as well as 
perform more substantive analysis and comparisons of foreign airport 
trends and issues. Specifically, in response to our 2007 
recommendations, TSA stated that they were exploring an automated 
means of capturing foreign airport assessment data to track airport 
deficiencies identified, corrective actions recommended by TSA, and 
any resulting actions taken by the host nation. In 2010, TSA field 
tested a system, called the Foreign Airport Assessment Reporting 
System (FAARS), which was intended to store results of airport 
assessments for easier data extraction and manipulation. For example, 
while airport assessments are currently prepared as word documents 
(typically around 60 pages in length), FAARS was intended to put 
information into database fields, which would have allowed the Office 
of Global Strategies (OGS) to run reports on specific indicators, such 
as which foreign airport checkpoints are using Advanced Imaging 
Technology (AIT) units.[Footnote 34] However, the Director of Global 
Compliance told us FAARS ultimately did not meet TSA's needs and was 
discontinued because, among other things, data entry was cumbersome 
and certain data fields could not be edited. Further, the database was 
not web-based, and instead had to be installed on users' hard drives, 
not allowing for easy integration of multiple users and data. 

In April 2011, TSA developed a comprehensive functional requirements 
document, which outlines the capabilities and functions required for a 
new proposed software solution. TSA officials told us they provided it 
to officials in TSA's Offices of Acquisition and Information 
Technology who developed a contract for developing, testing, fielding, 
and distributing a software solution that meets programs needs. TSA 
officials told us that the contractor who will develop the product has 
received the Statement of Work, and initial implementation of the 
product is planned for fiscal year 2012, with full capability planned 
to follow in fiscal year 2013. Given these time frames, it will be 
important for TSA to monitor the status of this effort to ensure a 
solution is implemented within reasonable time frames, particularly 
since we raised this issue in our 2007 report and it is still not 
clear when a solution will be fully vetted and implemented. TSA's 
Director of Global Compliance also told us that identifying a database 
management system that meets of the needs of the program has been a 
long-standing challenge for the program. 

TSA's training and technical assistance efforts face several 
challenges, and TSA's new equipment loan program has raised concerns. 
TSA has initiated several capacity building efforts since our 2007 
report, but these efforts have been affected by conflicting Department 
of State priorities, and TSA's new equipment loan program has raised 
concerns about ensuring that loaned equipment is properly operated and 
maintained. Specifically, in addition to its own training courses and 
technical assistance, CDB provides training and technical assistance 
sponsored by the Department of State's Anti-Terrorism Assistance (ATA) 
program[Footnote 35] and from the Organization of American States 
Inter-American Committee Against Terrorism,[Footnote 36] which is 
funded through the State Department. A CDB official stated they 
currently have eight employees and limited funds to provide aviation 
security technical and training assistance to partner nations 
overseas.[Footnote 37] As a result, a CDB official told us their 
training schedule often has a 3-month lag from when training is 
requested to when it is provided. In addition, four TSARs we spoke 
with stated they sometimes have difficulty getting their requests for 
TSA training from host nations fulfilled because of a lack of 
resources. According to a TSA official we spoke with, during the past 
2 years, the U.S. government's aviation security training and 
assistance priorities have been largely driven by State Department 
priorities. For example, of the 64 course offerings CDB had planned to 
provide in 47 foreign countries at the beginning of fiscal year 2011, 
33 were sponsored by State ATA or the Organization of American States, 
and some number of those countries have high-risk airports as 
identified by TSA. In addition, TSA's 2010 training schedule showed 
that of the 53 course offerings CDB provided in 33 countries, 29 were 
sponsored by State ATA or the Organization of American States, and 
some number of those countries have high-risk airports as identified 
by TSA.[Footnote 38] CDB and State Department officials told us they 
plan to work more closely in the future to better align their 
respective priorities. 

In addition to providing various types of training and technical 
assistance, TSA has also provided aviation security equipment to 
foreign countries to help these countries enhance their existing 
capabilities and practices. Specifically, one of TSA's goals in its 
CDB fiscal year 2011-2015 Strategic Plan is to develop the necessary 
procedures for a system of long-term lending of decommissioned TSA 
screening equipment to partner countries.[Footnote 39] In accordance 
with authority granted under the Aviation and Transportation Security 
Act, TSA has undertaken to provide or loan security technologies and 
other equipment to foreign governments.[Footnote 40] According to TSA 
officials, the agency exercises this authority in coordination with 
the Department of State, and has obtained authority from the 
Department of State to negotiate and conclude agreements with foreign 
governments to provide technical cooperation and assistance, referred 
to as "Circular 175" agreements.[Footnote 41] For example, following 
the October 2010 discovery of explosive devices in air cargo packages 
bound for the United States from Yemen, TSA loaned six hand-held 
explosives trace detection devices to Yemen in an expedited fashion as 
a response to an emergent threat to help enhance the government's 
passenger and cargo screening processes.[Footnote 42] TSA officials 
also told us that the agency has provided security technology and 
equipment to Aruba, Bahamas, Bermuda, Haiti, Ireland, and Malta under 
this same authority. 

While TSA has provided some equipment to foreign countries, TSA and EC 
officials we spoke with identified potential challenges associated 
with doing so. For example, TSA officials cited some foreign 
governments' inability to properly maintain and operate TSA-provided 
screening equipment once provided. TSA officials told us it will be 
important for the agency to ensure that a foreign government has the 
appropriate staff, and that they are properly trained and ready to 
operate the equipment as well as conduct any necessary maintenance, to 
ensure that the U.S.-provided equipment is being used as intended and 
remains operational. TSA officials also explained that while under its 
existing authority it can donate or otherwise transfer equipment, such 
authority does not authorize TSA to provide maintenance and service 
contracts for this equipment. TSA officials we spoke with told us they 
would support congressional efforts to provide the agency with this 
additional authority. In addition, EC officials we interviewed 
identified similar challenges to their current and potential future 
efforts to provide various types of capacity building assistance to 
foreign countries. TSA officials said it will be important for TSA to 
establish user agreements with recipient countries that ensure U.S. 
government resources are not wasted or inappropriately used. 

Several factors may complicate TSA assessments of foreign all-cargo 
operations. Following the attempted bombing of an all-cargo flight 
bound for the United States from Yemen in October 2010, TSA decided to 
devote additional resources to assessing all-cargo airports. While TSA 
is still in the early planning stages of its efforts to assess all- 
cargo operations at foreign airports, several factors may complicate 
these efforts.[Footnote 43] Specifically, TSA's Director of Global 
Compliance stated that the agency has identified 17 foreign airports 
that serve as all-cargo last points of departure to the United States. 
As of July 2011, TSA has conducted two all-cargo assessments of two 
airports in China. Moreover, TSA plans to assess two additional all- 
cargo airports by the end of fiscal year 2011. According to TSA, from 
these first visits, TSA is making some adjustments to the assessment 
process. For fiscal years 2012 through 2013, TSA plans to schedule 
visits to the remaining 15 airports that serve as all-cargo last 
points of departure to the United States, pending host government 
permission. However, TSA stated that it is too early to tell how many 
additional inspectors may be needed to complete these assessments. 

TSA officials we interviewed identified several factors that may 
complicate TSA's assessments of all-cargo operations at foreign 
airports. For example, all of the 23 TSA inspectors we interviewed 
expressed concerns about incorporating additional assessment visits 
into their annual schedules given their current workloads. In 
addition, these officials stated that it is uncertain whether foreign 
governments will allow TSA inspectors to assess their all-cargo 
operations and all-cargo airports. For example, while TSA has several 
bilateral arrangements with foreign countries to facilitate its 
assessments, TSA officials told us these arrangements do not specify 
access to cargo operations or all-cargo airports. Moreover, all four 
cargo inspectors we met with said it is logistically difficult to 
assess "upstream" cargo originating from other non-last point of 
departure airports. These inspectors said these logistical challenges 
will be an important factor for the agency to consider when selecting 
foreign airports to assess as well as in making determinations on the 
security posture of cargo on flights departing foreign airports for 
the United States. In addition, these inspectors also said that travel 
to some foreign all-cargo operation airports may be logistically 
difficult because of the lack of direct passenger flights and may 
require long travel by car or train. The Director of Global Compliance 
acknowledged that this new effort is challenging and stated that the 
agency will address these issues on a case-by-case basis. However, the 
Director also stated that with the increase to the inspector 
workforce, the cross-training of generalist international aviation 
inspectors to perform cargo inspections, and the limited additional 
locations to visit, TSA will be able to perform these additional 
visits over the next 2 years. 

Some Number of Foreign Airports Complied with ICAO Standards, but TSA 
Could Better Use Its Assessment Results: 

Some Foreign Airports Complied with ICAO Standards, but TSA Identified 
Serious Noncompliance Issues at Other Airports: 

Based on our analysis of the results of TSA's foreign airport 
assessments conducted during fiscal year 2006 through May 9, 2011, 
some number of the foreign airports TSA assessed complied with all of 
TSA's aviation security assessment standards.[Footnote 44] However, 
TSA has identified serious or egregious noncompliance issues at a 
number of other foreign airports. Common areas of noncompliance 
included weaknesses in airport access controls and passenger and 
baggage screening. Moreover, our analysis of TSA's assessments showed 
variation in compliance across regions, among various individual 
standards, and by airports' risk level. For example, our analysis 
showed that some number of regions of the world had no airports with 
egregious noncompliance while some regions had several such airports. 
Specific information related to our analysis of TSA's airport 
assessment results is deemed SSI. 

TSA Has Not Yet Analyzed Its Assessment Results to Identify Trends and 
Better Inform Future Activities: 

TSA has not taken steps to analyze or evaluate its foreign airport 
assessment results in the aggregate to identify regional and other 
trends over time, which could assist the agency in informing and 
prioritizing its future activities. TSA officials have access to 
results of foreign airport assessments dating back to fiscal year 
1997, but they have not analyzed the information to gain insight into 
how foreign airports' security posture may have changed over time or 
identified regional and other patterns and trends over time. 
Specifically, TSA's airport assessment reports are collected in an 
online repository that can be accessed by employees, and TSA's 
Director of Global Compliance compiles high-level information from 
each airport assessment in a tracking tool, which allows her to view 
the overall results of assessments without having to go back to 
individual narrative reports.[Footnote 45] However, according to TSA, 
the agency has not analyzed the data contained in this tracking tool, 
which could assist TSA in informing and prioritizing its future 
activities and assessing the results of its past assessment efforts. 
In addition, while the spreadsheet provides a snapshot of airports and 
their results compared to the ICAO standards, it does not indicate why 
a standard was not met by an airport. If TSA employees would like to 
know why a certain airport did not meet a standard in a previous year, 
they must locate and read the report for that assessment. TSA's 
Director of Global Compliance told us that this is labor intensive, 
and makes it difficult to identify anomalies or trends over time. 

Standards for Internal Control in the Federal Government require 
agencies to ensure that ongoing monitoring occurs during the course of 
normal operations to help evaluate program effectiveness.[Footnote 46] 
TSA's Director of Global Compliance as well as all TSA ROC managers 
and inspectors we interviewed agreed that information pertaining to 
identified vulnerabilities in foreign airports should be compiled in 
regional-, country-, and airport-specific aggregates to help conduct 
planning and assess the results of program activities. TSA's Director 
of Global Compliance stated that TSA has prepared a vacancy 
announcement for a program analyst position which may, when filled, be 
tasked with compiling overall results and analyzing assessment results. 

TSA's Director of Global Compliance as well as all ROC managers and 
inspectors we interviewed also agreed that analysis of foreign airport 
assessment results would be helpful in identifying the aviation 
security training needs of foreign aviation security officials. TSA 
has one internally funded program in place that is specifically 
intended to provide aviation security training and technical 
assistance to foreign aviation security officials. However, TSA also 
coordinates with other federal agencies, such as the Department of 
State, to identify global and regional training needs and provide 
instructors for the aviation security training courses State offers to 
foreign officials. While TSA does not always determine which foreign 
countries receive aviation security training and technical assistance 
offered by other federal agencies, TSA could use the cumulative 
results of TSA's foreign airport assessments to better support TSA's 
priorities for aviation security training and technical assistance. 
Moreover, with analysis of airport assessment results, TSA could 
better inform its risk management decision making by identifying 
trends and security gaps, and target capacity building efforts 
accordingly. Specifically, this evaluation could include an analysis 
of the frequency of noncompliance issues TSA inspectors identified, 
including regional variations and perspectives on the security posture 
of individual airports over time. Further, a mechanism to evaluate 
cumulative foreign airport assessment results could help the agency 
better allocate and target its future resources and better understand 
its results, including the impact the program is having on enhancing 
foreign nations' ability to comply with ICAO standards. 

TSA Has Not Yet Developed Outcome-Based Performance Measures: 

In 2007, we reported that TSA was taking steps to assess whether the 
goals of the foreign airport assessment program were being met, but 
that it had not yet developed outcome-based performance measures to 
evaluate the impact TSA assistance has on improving foreign airport 
compliance with ICAO standards. As a result, we recommended that TSA 
establish outcome-based performance measures to strengthen oversight 
of the program.[Footnote 47] While DHS officials agreed with the 
recommendation in 2007, according to TSA, the agency has not yet 
developed such measures. The goal of the foreign airport assessment 
program is to ensure the security of U.S.-bound flights by evaluating 
the extent to which foreign governments are complying with applicable 
security requirements. The Government Performance and Results Act 
(GPRA) of 1993, as amended by the GPRA Modernization Act of 2010, 
requires executive branch departments to use performance measures to 
assess progress toward meeting program goals and to help decision 
makers assess program accomplishments and improve program performance. 
[Footnote 48] Performance measures can be categorized either as 
outcome measures, which describe the results of carrying out a program 
or activity, or as output measures, which describe the direct products 
or services delivered by a program or activity, or as process 
measures, which address the type or level of program activities 
conducted, such as timeliness or quality. 

TSA has taken some steps to develop a variety of measures and is 
reporting this information to the Office of Management and Budget. 
These measures include: 

* average number of international inspections conducted annually per 
inspector, 

* percentage of foreign airports serving as Last Point of Departure 
operating in compliance with leading security indicators,[Footnote 49] 

* percentage of countries with direct flights to the U.S. that are 
provided aviation security assistance, and: 

* percentage of countries/territories with no direct flights to the 
U.S. that are provided aviation security assistance. 

While these measures are useful in determining, for example, the 
percentage of airports operating in compliance with security 
indicators, they do not address the ultimate results of the program, 
as outcome measures could. Outcome-based measures could help determine 
the extent to which TSA programs that assess and provide training and 
technical assistance to foreign airports have helped to improve 
security at airports that service the United States. However, TSA's 
Director of Global Compliance noted several possible challenges with 
applying such outcome measures to the assessment program. 
Specifically, the Director stated that the foreign airport assessment 
program is designed to identify--not correct--security deficiencies at 
foreign airports, and that whether or not foreign officials improve 
security at their airports is not within TSA's control. The Director 
added that such measures may create a disincentive for inspectors to 
objectively assess an airport's level of compliance. Despite these 
challenges, the Director acknowledged the importance of developing 
outcome measures and stated that their development should be the 
responsibility of TSA's Office of Global Strategies, not individual 
programs within this office, such as the foreign airport assessment 
program that she leads. Even without full control over the outcomes 
associated with such measures, we continue to believe our prior 
recommendation is still valid and that it would be useful for TSA to 
develop reasonable outcome-based measures, such as the percentage of 
security deficiencies that were addressed as a result of TSA onsite 
assistance or related technical assistance and training offered by the 
CDB, and TSA recommendations for corrective action. As we previously 
recommended, such measures would help TSA establish greater 
accountability over the way in which TSA uses its resources and, in 
conjunction with its existing measures, enable the agency to evaluate 
and improve the impact of its assistance on improving security at 
foreign airports. 

Opportunities Exist to Clarify Airport Assessment Criteria, Further 
Target Airport Assessments, and Systematically Identify Security Best 
Practices: 

While TSA has taken a number of steps to improve and streamline its 
foreign airport assessment program since our 2007 report, 
opportunities exist for TSA to make additional improvements in several 
key areas. For example, TSA has taken steps to make its foreign 
airport assessments more risk informed, but the agency lacks clearly 
defined criteria to determine a foreign airport's level of 
noncompliance with ICAO standards. For example, as stated earlier, TSA 
provides each airport an overall vulnerability category, or score, of 
1 through 5, which is a numerical representation of compliance or 
level of noncompliance with the ICAO standards the agency assesses 
each foreign airport against. However, TSA has not developed any 
specific criteria, definitions, or implementing guidelines to ensure 
ROC managers and other program management officials apply these 
categories consistently across airports. For example, the SOP does not 
define how to assess whether an airport should receive a vulnerability 
rating of 3--"capability exists, compliance is generally noted, 
shortfalls remain," versus a vulnerability rating of 2--"capability 
exists with minor episodes of noncompliance." In the absence of more 
specific and transparent criteria and guidance, it is not clear how 
TSA applied these related categories--which describe the level of 
noncompliance--to the results of the assessments, or whether they were 
applied consistently over time. The lack of documented guidance 
prevented us from making an analysis or comparison of how TSA made its 
determinations. This is particularly important given that these scores 
represent an overall assessment of an airport's level of compliance or 
noncompliance with ICAO standards that TSA has deemed critical to 
airport security, and also are a key component of TSA foreign airport 
risk-ranking determinations. 

TSA's Director of Global Compliance agreed these category 
determinations are largely subjective judgments based on many facts 
and circumstances. TSA's Director of Global Compliance stated that it 
is challenging to establish specific guidance for how to assign these 
categories because of the numerous factors that can influence the 
decision for assigning vulnerability scores. The Director also noted 
that because she reviews each assessment report and weighs in on each 
assigned category, she in effect serves to institutionalize the scores 
and ensure they are consistent from airport to airport. Standards for 
Internal Control in the Federal Government call for controls and other 
significant events to be clearly documented in directives, policies, 
or manuals to help ensure operations are carried out as intended. 
[Footnote 50] This is especially important should key staff leave the 
agency. Although we recognize the inherently subjective nature of the 
standards, providing TSA decision makers with more specific criteria 
and definitions for determining a foreign airport's level of 
compliance with ICAO standards would provide greater assurance that 
such determinations are consistent across airports over time. The 
Director acknowledged that additional guidance, such as examples to 
illustrate what these categories mean, could help ensure greater 
transparency and consistency over how airport vulnerability scores are 
determined. Such consistency is important since airport vulnerability 
determinations are used to calculate an airport's overall security 
risk level, which in turn affects the program's activities and 
resource needs. 

In addition, TSA officials we spoke with identified opportunities for 
TSA to increase program efficiency by conducting more targeted airport 
assessments. Specifically, ROC managers and inspectors at all the 
locations we visited stated there are opportunities for TSA to conduct 
more targeted, smaller scale assessments at foreign airports that 
could focus more exclusively on the key security issues at a 
particular airport rather than having inspectors conduct full-scale 
assessments every visit. For example, the ROC Manager of one location 
we visited stated that the Federal Aviation Administration previously 
conducted supplemental-type visits of foreign airports that were 
reduced in scope and only focused on specific issues or deficiencies 
that needed to be addressed. He said that TSA should consider ways to 
incorporate this type of assessment philosophy into its current 
operations as it may help further streamline the assessment process 
and associated time frames. ROC managers at all the locations we 
visited also said inspectors often know, from their prior visits and 
assessment reports, what specific issues are present at specific 
airports, and that focusing more time on key issues could provide a 
more effective way of addressing and correcting security deficiencies. 
Twenty of 23 inspectors we spoke with said this type of assessment 
would also reduce repetitive and duplicative data gathering. In 
addition, these inspectors stated they sometimes do not have the 
opportunity to conduct all necessary onsite operational observations, 
document reviews, and interviews because they spend a significant 
amount of time addressing other descriptive, less critical aspects of 
the assessment. They said more targeted risk-informed assessments 
would allow them to focus more time and attention on key security 
issues, resulting in higher quality and more useful assessment 
results. Exploring opportunities to conduct more targeted assessments 
could help TSA enhance the efficiency and value of TSA's foreign 
airport assessment program. 

TSA's Director of Global Compliance told us they have begun to conduct 
abbreviated and targeted airport assessments in some cases due to the 
security risks associated with traveling and working in certain 
countries. For example, in 2011 TSA conducted abbreviated assessments 
at airports in Mexico and Iraq, due to the current security situation, 
which focused on a select number of critical areas rather than on all 
topics typically covered during an assessment. While targeted or 
abbreviated assessments are viewed as beneficial in some 
circumstances, TSA's Director of Global Compliance also stated that 
conducting a comprehensive assessment is important because inspectors 
may visit an airport only once every 3 years, to document any security 
changes, deficiencies, or improvements since the previous visit. The 
Director also raised a concern about conducting additional targeted 
assessments if they limited opportunities to conduct regularly 
scheduled comprehensive assessment visits. However, we believe TSA's 
use of abbreviated or targeted assessments could be expanded in cases 
where it would not have a negative impact on the program. For example, 
as TSA works to systematically analyze the results of its assessments, 
it may determine that specific regions of the world need additional 
assistance in meeting certain critical standards. TSA could use this 
information to focus or target its assessments to address these higher 
risk scenarios, thus leveraging program resources. Such efforts are 
consistent with TSA's ongoing risk-informed activities, as discussed 
earlier in this report. Moreover, we have previously reported that 
risk-informed, priority driven decisions can help inform decision 
makers when allocating finite resources to the areas of greatest need. 
[Footnote 51] 

In addition, TSA has not taken steps to systematically compile or 
analyze security best practice information that could contribute to 
enhancing the security of both foreign and U.S. airports. TSA 
officials acknowledged possible opportunities to better identify, 
compile, and analyze aviation security best practices through their 
assessments at foreign airports. We have previously reported that in 
order to identify innovative security practices that could help 
further mitigate terrorism-related risk to transportation sector 
assets, it is important to assess the feasibility as well as the costs 
and benefits of implementing security practices currently used by 
foreign countries.[Footnote 52] While TSA compiles information in its 
foreign airport assessment reports to evaluate the degree to which 
airports are in compliance with select ICAO standards, it does not 
have a process in place to identify and analyze aviation security best 
practices that are being used by foreign airports to secure their 
operations and facilities. TSA officials agreed that identifying 
relevant best practices could help TSA better leverage their 
assessment activities by assisting foreign airports in increasing 
their level of compliance with ICAO standards, as well as in 
identifying security practices and technologies that may be applicable 
to enhancing the security of U.S. airports. 

In December 2, 2010, testimony before the Senate Committee on 
Commerce, Science and Transportation, TSA's Director of Global 
Compliance confirmed that there are a variety of ways in which foreign 
airports can effectively meet ICAO standards. For example, one airport 
might address access control security by using coded door locks and 
swipe cards, while another may lock its doors and limit the number of 
available keys to certain personnel. Airports may also establish 
perimeter security in different ways, such as through fencing or 
natural barriers. In addition, TSA inspectors, as part of the 
assessment, often obtain detailed information and understanding of the 
various types of security technologies and methods being used by 
foreign governments, which may also be applicable and cost-effective 
for U.S. airports. For example, while accompanying TSA inspectors 
during an airport assessment, we observed TSA inspectors being briefed 
on various passenger screening processes, technologies, and equipment 
that were comparable to, and in some cases may have exceeded, those 
used in the U.S. We believe establishing a mechanism to systematically 
compile and analyze this type of information could help ensure TSA is 
more effectively able to assist foreign airports in meeting ICAO 
standards and improve security practices, as well as identify security 
practices and technologies that may be applicable to enhancing the 
security of U.S. airports. 

Conclusions: 

Securing commercial aviation operations remains a daunting task--with 
hundreds of airports and thousands of flights carrying millions of 
passengers and pieces of checked baggage to the United States every 
year. TSA's foreign airport assessment program is aimed at enhancing 
this system by identifying critical security weaknesses and gaps in 
airports serving the United States, which in turn can help inform and 
guide needed efforts to mitigate these deficiencies. TSA has taken a 
number of actions to enhance its foreign airport assessment program 
since 2007, but additional steps can help further strengthen the 
program. For example, developing a mechanism to evaluate assessment 
results to determine security trends and patterns could enable TSA to 
target and prioritize future assessment activities, including training 
and other capacity building resources. Moreover, establishing criteria 
and guidance for determining the vulnerability of individual foreign 
airports would provide for greater consistency of these vulnerability 
ratings across airports over time. Such consistency is important since 
airport vulnerability determinations are used to calculate an 
airport's overall security risk level. Further, exploring the 
feasibility of conducting more targeted assessments could help enhance 
the efficiency and value of TSA's foreign airport assessment program. 
Moreover, systematically compiling information on aviation security 
best practices could help ensure TSA is more effectively able to 
assist foreign airports in meeting ICAO standards and improve security 
practices, as well as identifying security practices and technologies 
that may be applicable to enhancing the security of U.S. airports. 

Recommendations for Executive Action: 

To help further enhance TSA's foreign airport assessment program, we 
recommend that the Secretary of Homeland Security direct the Assistant 
Secretary for the Transportation Security Administration to take the 
following three actions: 

* Develop a mechanism to evaluate the results of completed assessment 
activities to determine any trends and target future activities and 
resources. This evaluation could include frequency of noncompliance 
issues, regional variations, and perspectives on the security posture 
of individual airports over time. 

* Establish criteria and guidance to assist TSA decision makers when 
determining the vulnerability rating of individual foreign airports. 

* Consider the feasibility of conducting more targeted assessments and 
systematically compiling information on aviation security best 
practices. 

Agency Comments and Our Evaluation: 

We provided a draft of the sensitive version of this report to DHS and 
TSA on September 1, 2011, for review and comment. DHS provided written 
comments which are reprinted in appendix VI. In commenting on our 
report, DHS stated that it concurred with all three of the 
recommendations and identified actions taken or planned to implement 
them. DHS also highlighted new initiatives under way by the Office of 
Global Strategies. 

Regarding the first recommendation that TSA develop a mechanism to 
evaluate the results of completed assessment activities to determine 
any trends and target activities and resources, and that this 
evaluation could include frequency of noncompliance issues, regional 
variations, and perspectives on the security posture of individual 
airports over time, DHS concurred. DHS stated that TSA has taken 
several steps to address this recommendation including utilizing a 
program analyst to create analyses reflecting temporal and site- 
specific trends and anomalies. DHS also stated that TSA established a 
project team to evaluate regional, country, and airport 
vulnerabilities and determine those problem areas that could be 
effectively addressed by training. DHS also noted that TSA is 
developing workshops that can be presented by inspectors at the 
conclusion of an airport assessment which will be tailored to address 
specific shortfalls observed during the assessment, which could be 
effectively mitigated through training. These actions, when fully 
implemented, should address the intent of the recommendation. 

DHS concurred with the second recommendation that TSA establish 
criteria and guidance to assist TSA decision makers when determining 
the vulnerability rating of individual foreign airports. DHS stated 
that the most recent version of the Foreign Airport Assessment Program 
Standard Operating Procedures now contains several scenarios for 
managers to use as a set of guidelines in determining the 
vulnerability rating for each open standard and for the airport 
overall. DHS also stated that the Director of Global Compliance and 
ROC managers will collaborate on the development of a scenario archive 
to promote more long-term consistency in the event that key staff 
leave the agency. We support TSA's efforts to ensure greater 
transparency and consistency over how airport vulnerability scores are 
determined and believe it will be important for TSA to provide 
sufficient detail in the criteria and guidance that the agency 
develops. Such actions, when fully implemented, should address the 
intent of the recommendation. 

DHS concurred with the third recommendation that TSA consider the 
feasibility of conducting more targeted assessments and systematically 
compiling information on aviation security best practices. In its 
response, DHS stated that TSA is developing a pre-audit questionnaire 
that will be sent to each host government in advance of a planned 
airport assessment which will assist assessment teams in obtaining 
administrative information and key documents, such as the Airport 
Security Program, prior to the visit. DHS added that when the 
questionnaire is returned to TSA, the agency will obtain an official 
translation of all submitted items so that the assessment team has a 
better understanding of the current policies, procedures, and 
practices in place at the site. According to DHS, this practice may 
enable the team to tailor its efforts at the airports to focus on 
those areas of concern as indicated in the responses to the 
questionnaire, as well as the critical standards. DHS stated that TSA 
plans to complete development of the questionnaire by mid-fiscal year 
2012, with wide-scale deployment beginning in October 2012. We support 
TSA's planned actions but also believe that there may be additional 
opportunities for TSA to expand its use of targeted assessments as it 
works to implement the first recommendation related to developing a 
mechanism to evaluate the results of completed assessment activities 
to determine any trends and target activities and resources. For 
example, as TSA works to systematically analyze the results of its 
assessments, it may determine that specific regions of the world need 
assistance in meeting certain critical standards. Such action, in 
conjunction with TSA's planned efforts, would meet the intent of the 
recommendation. 

With regard to aviation security best practices, DHS stated that the 
five volumes of the International Civil Aviation Organization (ICAO) 
Security Manual for Safeguarding Civil Aviation Against Acts of 
Unlawful Interference (Document 8973) contains the globally-recognized 
best practices and alternative methods for meeting the ICAO standards 
and recommended practices. DHS stated that TSA participates in the 
development and review of this document and draws from it when 
recommending improvements to foreign airport authorities. However, it 
noted that an infrequently-populated portion of the foreign airport 
assessment reports is available for inspectors to capture particularly 
noteworthy practices. DHS stated that during fiscal year 2012, 
inspectors will be encouraged to more conscientiously identify and 
document new approaches encountered at airports that are not reflected 
in the security manual but effectively address the ICAO standards and 
recommended practices. We support these efforts but also believe that 
it will be important for TSA to capture information identifying 
security best practices and technology that may be applicable to 
enhancing the security of U.S. airports. Such action, in conjunction 
with TSA's planned efforts, would meet the intent of the 
recommendation. 

DHS also provided us with technical comments, which we incorporated as 
appropriate. 

As agreed with your offices, unless you publicly announce the contents 
of this report earlier, we plan no further distribution until 10 days 
from the report date. At that time, we will send copies to the 
Secretary of Homeland Security, appropriate congressional committees, 
and other interested parties. This report also will be available at no 
charge on the GAO web site at [hyperlink, http://www.gao.gov]. 

If you or your staffs have any questions about this report, please 
contact me at (202) 512-4379 or lords@gao.gov. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this report. Key contributors to this report are 
listed in appendix VII. 

Signed by: 

Stephen M. Lord: 
Director, Homeland Security and Justice Issues: 

[End of section] 

Appendix I: Scope and Methodology: 

To examine the efforts made by the Transportation Security 
Administration (TSA) to determine whether foreign airports that 
provide service to the United States are maintaining and carrying out 
effective security measures, we addressed the following questions: (1) 
to what extent has TSA taken steps to enhance its foreign airport 
assessment program since 2007, and what challenges remain; (2) what 
are the results of TSA's foreign airport assessments, and to what 
extent does TSA use the results of these assessments to guide its 
future assessment activities; and (3) what opportunities, if any, 
exist to enhance the value of TSA's foreign airport assessment program? 

To collectively address all three questions, we reviewed relevant laws 
and regulations, including statutory provisions that identify specific 
actions to be taken by the Secretary of Homeland Security when the 
Secretary determines that a foreign airport does not maintain and 
carry out effective security measures.[Footnote 53] We reviewed 
various TSA program management and strategic planning documents and 
interviewed TSA officials located at TSA headquarters and in the 
field. We interviewed other federal and nonfederal stakeholders, such 
as the Department of State, International Civil Aviation Organization 
(ICAO), and the European Commission (EC). We outline the specific 
steps taken to answer each objective below. 

To determine the steps TSA has taken to enhance its foreign airport 
assessment program since 2007, we reviewed various TSA program 
management and strategic planning documents to identify revisions to 
its current and planned future strategy. Specifically, we reviewed 
TSA's 2010 Foreign Airport Assessment Program Standard Operating 
Procedures (SOP) document, which prescribes program and operational 
guidance for assessing security measures at foreign airports, and 
informs TSA personnel at all levels of what is expected of them in the 
implementation of the program. We also reviewed the job aids TSA 
inspectors use during each assessment, which ensure that the TSA- 
specified ICAO aviation security standards and recommended practices 
are fully evaluated during each assessment. 

To determine TSA's current and planned future strategy, we reviewed 
available strategic planning documents that TSA uses to guide its 
program. Specifically, we reviewed TSA's Office of Global Strategies 
International Strategy to Enhance Aviation Security for 2010-2012, 
TSA's Office of Global Strategies Global Compliance Strategic 
Implementation Plan Fiscal Year 2011, and the TSA Capacity Development 
Strategic Plan for fiscal years 2011-2015. In addition, we also 
obtained and reviewed multilateral and bilateral arrangements TSA has 
established with the European Union (EU) and several foreign nations 
to facilitate coordination in the area of aviation security, including 
facilitation of TSA's foreign airport assessments. 

To understand how TSA assesses and manages its foreign airport risk 
information, we obtained and reviewed various program documents. 
Specifically, we obtained and reviewed documents on TSA's methodology 
for assigning individual risk rankings (called Tier rankings) to each 
foreign airport it assesses. TSA's rankings are based on the 
likelihood of a location being targeted, the protective measures in 
place at that location, and the potential impact of an attack on the 
international transportation system. Airports are then categorized as 
high, medium, or low risk. While we did not evaluate the quality of 
TSA's risk rankings, as this analysis was outside the scope of our 
work, we generally determined that the rankings addressed all three 
components of risk (threat, vulnerability, and consequence). 

To obtain a greater understanding of the foreign airport assessment 
process, including how TSA works with host nation officials, we 
accompanied a team of TSA inspectors during an assessment of the 
Toronto Pearson International Airport. We based our selection on 
several factors, including the airport locations TSA had plans to 
assess during the course of our audit work, host government 
willingness to allow us to accompany TSA, and travel costs. 

To obtain information on the extent to which TSA provided oversight of 
its assessment efforts, we obtained and reviewed various TSA program 
management documents and tools TSA uses to track and manage 
information for the program. Specifically, we reviewed the TSA Airport 
and Air Carrier Comprehensive Tool (known as the A.C.T.), which TSA 
uses to track its foreign airport assessment schedule, including when 
various airports are due to be assessed. We also reviewed the Open 
Standards and Recommended Practices Tracking Tool, which the TSA 
Representatives (TSAR) use to monitor and track a foreign airport's 
progress in resolving security deficiencies identified by TSA 
inspectors during previous assessments. In addition, we reviewed the 
tracking sheet TSA's Director of Global Compliance uses to compile and 
track current-and prior-year assessment results, including individual 
airport vulnerability scores and information on which specific ICAO 
standards were in noncompliance. 

To obtain stakeholder views and perspectives on steps TSA has taken to 
enhance its foreign airport assessment program since 2007, we 
interviewed and obtained information from various federal and 
nonfederal stakeholders. Specifically, we interviewed TSA officials 
located in the Office of Global Strategies (OGS), Global Compliance 
(GC), Office of International Operations (OIO), and Capacity 
Development Branch (CDB). In addition, we also conducted site visits 
to four of the five TSA Regional Operations Centers (ROC) located in 
Los Angeles, Dallas, Miami, and Frankfurt where we met with the ROC 
managers and 23 international aviation security inspectors who conduct 
TSA's foreign airport assessments.[Footnote 54] We based our site 
visit selections on the number of available inspectors at each 
location and geographic dispersion. 

We conducted telephone and in-person interviews with 9 of the 27 
TSARs, located in various embassies and consulates throughout the 
world, who schedule TSA airport assessment visits and follow up on 
host governments' progress in addressing identified security 
deficiencies. When possible, we conducted in-person interviews with 
TSARs who were at TSA ROCs during our site visits.[Footnote 55] We 
based our TSAR selections on geographic dispersion and varying years 
of experience. During each of these interviews, we discussed these 
officials' responsibilities related to the program, including their 
role in assisting foreign officials in correcting security 
deficiencies identified during assessments. 

We met with Department of State officials to better understand how 
they coordinate with TSA through their Anti-Terrorism Assistance (ATA) 
Program and other related efforts aimed at assisting foreign partners' 
capacity to secure their airports. Additionally, we met with officials 
from the EC, International Air Transport Association, and ICAO to 
discuss efforts and programs these organizations have in place to 
enhance international aviation security. We interviewed or received 
responses to questions from five foreign embassies to obtain 
perspectives of foreign transportation security officials on TSA's 
airport assessment program. We based our selection on geographic 
dispersion and countries with the highest risk airports, as designated 
by TSA.[Footnote 56] However, information from our interviews with 
government officials, members of the aviation industry, and TSA 
officials and inspectors cannot be generalized beyond those that we 
spoke with because we did not use statistical sampling techniques in 
selecting individuals to interview. 

To identify challenges affecting TSA's foreign airport assessment 
program, we interviewed TSA program management officials and field 
officials located at the TSA ROCs on the challenges they experience 
obtaining access to foreign airports to conduct assessments, the 
development of an automated database management system, and the 
provision of aviation security training to foreign governments. In 
addition, we met with TSA's Director of Global Compliance, and ROC 
managers and inspectors located in the field, to discuss potential 
future challenges TSA may experience when attempting to conduct 
assessments at foreign airports with all-cargo flights to the United 
States. Specifically, we obtained their perspectives on foreign 
governments that have been reluctant to allow TSA inspectors to visit 
their airports. We interviewed TSA's Director of Global Compliance on 
the agency's progress in developing an automated database to manage 
program information, including the challenges the agency has 
experienced finding a solution that meets program needs. We conducted 
telephone and in-person interviews with nine TSARs to obtain their 
perspectives on challenges to scheduling airport assessment visits. In 
addition, we interviewed officials within TSA's CDB to better 
understand the scope and types of requests for assistance they receive 
from foreign countries, including challenges they experience in 
attempting to provide assistance, such as resource constraints and 
aligning security priorities with the Department of State. 

To determine the results of TSA's foreign airport assessments and the 
extent to which the agency evaluates its results to inform future 
activities, we interviewed TSA officials on the results of its 
assessments, obtained and reviewed assessment reports and relevant 
program documents, and conducted our own independent analysis of TSA's 
assessment results. To better understand the scope and type of 
information contained in TSA's foreign airport assessment reports, we 
obtained and reviewed the most recently available assessments for all 
high-risk airports. We also selected a randomized sample of assessment 
reports from current and prior years. We reviewed sections of these 
reports for completeness and general consistency with TSA guidance for 
preparing assessment reports. We obtained and reviewed TSA's foreign 
airport risk-ranking sheet to better understand which airports TSA 
identified as high, medium, and low risk, including how the results of 
TSA's assessments influence an airport's risk ranking. In addition, we 
obtained and reviewed TSA's foreign airport assessment program 
vulnerability results tracking sheet used by the Director of Global 
Compliance to compile and track current and prior-year assessment 
results. This tracking sheet included records of TSA's compliance 
assessments for each airport that TSA assessed from fiscal year 1997 
through May 9, 2011. Specifically, the tracking sheet recorded 
assessment results for each of the ICAO standards used in the airport 
assessments, as well as an overall vulnerability score of 1 through 5 
assigned after each assessment. This overall vulnerability score is a 
representation of compliance or noncompliance with all the ICAO 
standards against which TSA assesses foreign airports. We interviewed 
the Director of Global Compliance on the steps taken to develop the 
tracking sheet, including how TSA manages and updates data, and how 
TSA assigns vulnerability scores. In addition, we conducted our own 
independent analysis of TSA's assessment results from fiscal year 2006 
through May 9, 2011. Specifically, we analyzed data from TSA's foreign 
airport assessment program vulnerability results tracking sheet to 
identify the number of airports in each vulnerability category by 
region. We also analyzed TSA assessment results data to determine the 
frequency with which foreign airports complied with particular ICAO 
standards, such as access control, quality control, passenger 
screening, and baggage screening, among others. For those airports 
that TSA has identified as high risk, we analyzed TSA assessment 
results data to determine the number of resolved and remaining 
compliance issues at high-risk airports by region, as well as the 
level of noncompliance found at high-risk airports. 

To assess the reliability of TSA's data, we selected a random sample 
of records from TSA's foreign airport assessment program vulnerability 
results tracking sheet. Next, we examined the corresponding reports to 
locate those ICAO standards that had been identified as less than 
fully compliant in the tracking sheet (a score of 2 through 5 on a 5-
point scale).[Footnote 57] The actual scores assigned to the 
compliance ratings and found in the tracking sheet were determined by 
the Director of Global Compliance using guidance in the 2010 SOP in 
consultation with individuals involved in the assessment process (ROC 
managers, Supervisory Transportation Security Specialists, and 
Transportation Security Specialists). Our comparison of the results in 
the tracking sheet with the compliance information provided in the 
corresponding reports did not match in several cases. However, in 
discussions with TSA we determined that the differences were the 
result of changes to the ICAO standards used in the assessments or a 
change in the definition of the standards. Specifically, TSA told us 
that Amendments 10 and 11 to ICAO Annex 17 changed the definitions of 
some standards, and the numbers assigned to identify them. For 
example, a standard concerning Hold Baggage Security is now identified 
as 4.5.1. However, in years prior to Amendments 10 and 11 to Annex 17, 
that same standard was identified as 4.1.1. TSA's Director of Global 
Compliance told us that she updated the foreign airport assessment 
program vulnerability results tracking sheet with the new definitions 
and numbers, and the associated results, each time an ICAO amendment 
came out. As a result, we determined that any analysis of the 
assessment results for specific ICAO standards would need to take into 
account the changes TSA identified. Based on our overall analysis of 
the data and reports, we determined that the data were sufficiently 
reliable to provide a general indication, by type or category, of the 
standards TSA assesses against and the level of compliance, and 
frequency of compliance, for TSA's airport assessments over the period 
of our analysis. 

In addition, we interviewed TSA's Director of Global Compliance on the 
steps TSA takes to analyze its assessment results to inform the 
agency's future efforts and compared these efforts to Standards for 
Internal Control in the Federal Government.[Footnote 58] We discussed 
the status of implementation of our 2007 recommendation to develop 
outcome-oriented performance measures to evaluate the impact that TSA 
assessments have on improving foreign airport compliance with ICAO 
standards. We interviewed TSA managers and inspectors located in the 
field on their roles and responsibilities in determining and 
documenting assessment results. We assessed TSA's efforts to analyze 
its assessment results against Standards for Internal Control in the 
Federal Government, which require agencies to ensure that ongoing 
monitoring occurs during the course of normal operations to help 
evaluate program effectiveness. 

To identify opportunities for TSA to enhance the value of TSA's 
foreign airport assessment program, we reviewed all relevant program 
management and strategic documentation, and interviewed TSA officials 
as well as various other federal and nonfederal stakeholders. 
Specifically, we reviewed the 2011 Foreign Airport Assessment Program 
SOP and job aids; OGS, GC, and CDB strategic planning documents; 
foreign airport risk assessment and ranking information; program 
management tools TSA uses to track and manage its schedule and the 
status of foreign airport security deficiencies; and reviewed TSA 
foreign airport assessment results and reports. We also reviewed our 
prior work concerning how risk-informed and priority driven decisions 
can help inform agency decision makers in allocating finite resources 
to the areas of greatest need.[Footnote 59] 

Moreover, we reviewed the process TSA uses to assign vulnerability 
ratings of 1-5 to each foreign airport it assesses and then evaluated 
this process against Standards for Internal Control in the Federal 
Government, which call for controls and other significant events to be 
clearly documented in directives, policies, or manuals to help ensure 
operations are carried out as intended.[Footnote 60] In addition, we 
visited the Toronto Pearson International Airport to observe TSA 
inspectors during the assessment thereby obtaining a greater 
understanding of the foreign airport assessment process, including 
opportunities for TSA to improve its program. We reviewed prior GAO 
work discussing the importance of identifying potential best 
practices, as part of conducting U.S. federal government security 
assessments in other countries. 

To obtain stakeholder views and perspectives on opportunities to 
enhance the program, we interviewed and obtained information from 
various TSA and nonfederal stakeholders. Specifically, we interviewed 
TSA headquarters officials in GC, OIO, and CDB. During our site 
visits, we interviewed ROC managers and international inspectors on 
possible opportunities that exist for TSA to improve its foreign 
airport assessment program. We discussed opportunities to improve the 
program during our telephone and in-person interviews with nine TSARs. 
In addition, we discussed ways in which TSA could improve its program 
during our interviews with officials from the EC, ICAO, and select 
foreign embassies. 

We conducted this performance audit from August 2010 through October 
2011 in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives. 

[End of section] 

Appendix II: Process for Taking Secretarial Action against a Foreign 
Airport: 

If the Secretary, based on the TSA airport assessment results, 
determines that a foreign airport does not maintain and carry out 
effective security measures, he or she must, after advising the 
Secretary of State, take secretarial action. Below is a list of these 
actions. Figure 4 describes the process for taking secretarial action 
against an airport. 

* 90-day action--The Secretary notifies foreign government officials 
that they have 90 days to address security deficiencies that were 
identified during the airport assessment and recommends steps 
necessary to bring the security measures at the airport up to ICAO 
standards.[Footnote 61] 

* Public notification--If, after 90 days, the Secretary finds that the 
government has not brought security measures at the airport up to ICAO 
standards, the Secretary notifies the general public that the airport 
does not maintain and carry out effective security measures.[Footnote 
62] 

* Modification to air carrier operations--If, after 90 days, the 
Secretary finds that the government has not brought security measures 
at the airport up to ICAO standards: 

- The Secretary may withhold, revoke, or prescribe conditions on the 
operating authority of U.S.-based and foreign air carriers using that 
airport to provide transportation to the U.S., following consultation 
with appropriate host government officials and air carrier 
representatives, and with the approval of the Secretary of State. 
[Footnote 63] 

- The President may prohibit a U.S.-based or foreign air carrier from 
providing transportation between the United States and any foreign 
airport that is the subject of a secretarial determination.[Footnote 
64] 

* Suspension of service--The Secretary, with approval of the Secretary 
of State, shall suspend the right of any U.S.-based or foreign air 
carrier to provide service to or from an airport if the Secretary 
determines that a condition exists that threatens the safety or 
security of passengers, aircraft, or crew traveling to or from the 
airport, and the public interest requires an immediate suspension of 
transportation between the United States and that airport.[Footnote 65] 

Figure 1: Process for Taking Secretarial Action against a Foreign 
Airport: 

[Refer to PDF for image: process illustration] 

Step 1: Inspectors find airport does not meet minimum international 
aviation security standards. 

Step 2: The Assistant Administrator for the Office of Global 
Strategies will brief the Assistant Secretary and Office of Chief 
Counsel regarding the possible notification that an airport was found 
to have ineffective security measures. 

Step 3: TSA officials prepare an action memorandum and supporting 
documents on airport’s ineffective security measures for the Secretary 
of Homeland Security and recommend that the Secretary take action. 

Step 4: Secretary of Homeland Security determines airport does not 
maintain and carry out effective security measures and recommends 
corrective action to foreign government. 

90-day action letter: 
* Team of inspectors conducts interim assessment of foreign airport to 
determine status of security deficiencies and identify additional U.S. 
assistance needed; 
* Team returns to the host country to do final airport assessment; 
* Team prepares a report for briefing Secretary of Homeland Security 
on current conditions at airport; 
* Secretary of Homeland Security determines whether airport maintains 
effective security: 
If yes: Secretarial action lifted; 
If no: Secretary must issue public notification. 

Public notification/modification to air carrier operations: 
* TSA posts notices at U.S. airports stating that the foreign airport 
does not maintain and carry out effective security measures and may 
withhold, revoke, or impose conditions on the operating authority of 
foreign and domestic carriers serving this airport with flights to the 
United States; 
* Team of inspectors conducts interim assessment of foreign airport to 
determine the status of security deficiencies and identify additional 
U.S. assistance needed; 
* Team returns to conduct airport assessments at the request of the 
host country; 
* Team prepares a report for briefing Secretary of DHS on conditions 
at airport; 
* Public notification or modification to air carrier operations is 
lifted if airport carries out effective security measures. 

Suspension of air service: 
* Occurs when the Secretary of Homeland Security determines conditions 
at airport threaten the safety or security of passengers, aircraft, or 
crew traveling to or from the airport, and the public interest 
requires an immediate suspension of transportation between the United 
States and the airport. 

Source: GAO analysis of information provided by TSA. 

[End of figure] 

[End of section] 

Appendix III: ICAO Standards TSA Uses to Assess Security Measures at 
Foreign Airports: 

TSA inspectors use 40 ICAO standards and 1 recommended practice when 
conducting foreign airport assessments. Of the 40, TSA identified 22 
as critical. These 22 critical standards are in bold.[Footnote 66] 

Airport Operations: 

3.2.1: Each Contracting State shall require each airport serving civil 
aviation to establish, implement and maintain a written Airport 
Security Program appropriate to meet the requirements of the National 
Civil Aviation Security Programme. 

3.2.2: Each Contracting State shall ensure that an authority at each 
airport serving civil aviation is responsible for coordinating the 
implementation of security controls. 

3.2.3: Each Contracting State shall ensure that an airport security 
committee at each airport serving civil aviation is established to 
assist the authority mentioned under 3.2.2 in its role of coordinating 
the implementation of security controls and procedures as specified in 
the airport security programme. 

Quality Control: 

3.4.1: Each Contracting State shall ensure that the persons 
implementing security controls are subject to background checks and 
selection procedures. 

3.4.2: Each Contracting State shall ensure that the persons 
implementing security controls possess all competencies required to 
perform their duties and are appropriately trained according to the 
requirements of the national civil aviation security programme and 
that appropriate records are maintained up to date. Relevant standards 
of performance shall be established and initial and periodic 
assessments shall be introduced to maintain those standards. 

3.4.3: Each Contracting State shall ensure that the persons carrying 
out screening operations are certified according to the requirements 
of the National Civil Aviation Security Program to ensure that 
performance standards are consistently and reliably achieved. 

3.4.5: Each Contracting State shall ensure that the implementation of 
security measures is regularly subjected to verification of compliance 
with the national civil aviation security programme. The priorities 
and frequency of monitoring shall be determined on the basis of risk 
assessment carried out by the relevant authorities. 

3.4.6: Each Contracting State shall arrange for audits, tests, surveys 
and inspections to be conducted on a regular basis, to verify 
compliance with the National Civil Aviation Security Program and to 
provide for the rapid and effective rectification of any deficiencies. 

Measures Relating to Access Control: 

4.2.1: Each Contracting State shall ensure that the access to airside 
areas at airports serving civil aviation is controlled in order to 
prevent unauthorized entry. 

4.2.2: Each Contracting State shall ensure that security restricted 
areas are established at each airport serving civil aviation 
designated by the State based upon a security risk assessment carried 
out by the relevant national authorities. 

4.2.3: Each Contracting State shall ensure that identification systems 
are established in respect of persons and vehicles in order to prevent 
unauthorized access to airside areas and security restricted areas. 
Identity shall be verified at designated checkpoints before access is 
allowed to airside areas and security restricted areas. 

4.2.4: Each Contracting State shall ensure that background checks are 
conducted on persons other than passengers granted unescorted access 
to security restricted areas of the airport prior to granting access 
to security restricted areas. 

4.2.5: Each Contracting State shall ensure that the movement of 
persons and vehicles to and from the aircraft is supervised in 
security restricted areas in order to prevent unauthorized access to 
aircraft. 

4.2.6: Each Contracting State shall ensure that persons other than 
passengers, together with items carried, being granted access to 
security restricted areas are screened; however, if the principle of 
100 per cent screening cannot be accomplished, other security 
controls, including but not limited to proportional screening, 
randomness and unpredictability, shall be applied in accordance with a 
risk assessment carried out by the relevant national authorities. 

4.2.7: Each Contracting State shall ensure that vehicles being granted 
access to security restricted areas, together with items contained 
within them, are subject to screening or other appropriate security 
controls in accordance with a risk assessment carried out by the 
relevant national authorities. 

Measures Relating to Aircraft: 

4.3.1: Each Contracting State shall ensure that aircraft security 
checks of originating aircraft engaged in commercial air transport 
movements are performed or an aircraft security search is carried out. 
The determination of whether it is an aircraft security check or a 
search that is appropriate shall be based upon a security risk 
assessment carried out by the relevant national authorities. 

4.3.2: Each Contracting State shall ensure that measures are taken to 
ensure that any items left behind by passengers disembarking from 
transit flights are removed from the aircraft or otherwise dealt with 
appropriately before departure of an aircraft engaged in commercial 
flights. 

4.3.3: Each Contracting State shall require its commercial air 
transport operators to take measures as appropriate to ensure that 
during flight unauthorized persons are prevented from entering the 
flight crew compartment. 

4.3.4: Each Contracting State shall ensure that an aircraft subject to 
4.3.1 is protected from unauthorized interference from the time the 
aircraft search or check has commenced until the aircraft departs. 

Measures Relating to Passengers and Their Cabin Baggage: 

4.4.1: Each Contracting State shall establish measures to ensure that 
originating passengers of commercial air transport operations and 
their cabin baggage are screened prior to boarding an aircraft 
departing from a security restricted area. 

4.4.2: Each Contracting State shall ensure that transfer passengers of 
commercial flights and their cabin baggage are screened prior to 
boarding an aircraft, unless it has established a validation process 
and continuously implements procedures, in collaboration with the 
other Contracting State where appropriate, to ensure that such 
passengers and their cabin baggage have been screened to an 
appropriate level at the point of origin and, subsequently, protected 
from unauthorized interference from the point of screening at the 
originating airport to the departing aircraft at the transfer airport. 

4.4.3: Each Contracting State shall ensure that passengers and their 
cabin baggage which have been screened are protected from unauthorized 
interference from the point of screening until they board their 
aircraft. If mixing or contact does take place, the passengers 
concerned and their cabin baggage shall be re-screened before boarding 
an aircraft. 

4.4.4: Each Contracting State shall ensure that passengers and their 
cabin baggage which have been screened are protected from unauthorized 
interference from the point of screening until they board their 
aircraft. If mixing or contact does take place, the passengers 
concerned and their cabin baggage shall be re-screened before boarding 
an aircraft. 

Measures Relating to Hold Baggage: 

4.5.1: Each Contracting State shall establish measures to ensure that 
originating hold baggage is screened prior to being loaded onto an 
aircraft engaged in commercial air transport operations departing from 
a security restricted area. 

4.5.2: Each Contracting State shall ensure that all hold baggage to be 
carried on a commercial aircraft is protected from unauthorized 
interference from the point it is screened or accepted into the care 
of the carrier, whichever is earlier, until departure of the aircraft 
on which it is to be carried. If the integrity of the hold baggage is 
jeopardized, the hold baggage shall be re-screened before being placed 
on board an aircraft. 

4.5.3: Each Contracting State shall ensure that commercial air 
transport operators do not transport the baggage of passengers who are 
not on board the aircraft unless that baggage is identified as 
unaccompanied and subjected to additional screening. 

4.5.4: Each Contracting State shall ensure that transfer hold baggage 
is screened prior to being loaded onto an aircraft engaged in 
commercial air transport operations, unless it has established a 
validation process and continuously implements procedures, in 
collaboration with the other Contracting State where appropriate, to 
ensure that such hold baggage has been screened at the point of origin 
and subsequently protected from unauthorized interference from the 
originating airport to the departing aircraft at the transfer airport. 

4.5.5: Each Contracting State shall ensure that aircraft commercial 
air transport operators transport only items of hold baggage that have 
been individually identified as accompanied or unaccompanied, screened 
to the appropriate standard, and accepted for carriage on that flight 
by the air carrier. All such baggage should be recorded as meeting 
these criteria and authorized for carriage on that flight. 

Measures Relating to Cargo, Mail and Other Goods: 

4.6.1: Each Contracting State shall ensure that appropriate security 
controls, including screening where practicable, are applied to cargo 
and mail, prior to their being loaded onto an aircraft engaged in 
passenger commercial air transport operations. 

4.6.2: Each Contracting State shall establish a supply chain security 
process, which includes the approval of regulated agents and/or known 
consignors, if such entities are involved in implementing screening or 
other security controls of cargo and mail. 

4.6.3: Each Contracting State shall ensure that cargo and mail to be 
carried on a passenger commercial aircraft are protected from 
unauthorized interference from the point screening or other security 
controls are applied until departure of the aircraft. 

4.6.4: Each Contracting State shall ensure that operators do not 
accept cargo or mail for carriage on an aircraft engaged in passenger 
commercial air transport operations unless the application of 
screening or other security controls is confirmed and accounted for by 
a regulated agent, or such consignments are subjected to screening. 
Consignments which cannot be confirmed and accounted for by a 
regulated agent are to be subjected to screening. 

4.6.5: Each Contracting State shall ensure that catering, stores and 
supplies intended for carriage on passenger commercial flights are 
subjected to appropriate security controls and thereafter protected 
until loaded onto the aircraft. 

4.6.6: Each Contracting State shall ensure that merchandise and 
supplies introduced into security restricted areas are subject to 
appropriate security controls, which may include screening. 

4.6.7: Each Contracting State shall ensure that security controls to 
be applied to cargo and mail for transportation on all-cargo aircraft 
are determined on the basis of a security risk assessment carried out 
by the relevant national authorities. 

Measures Relating to Special Categories of Passengers: 

4.7.1: Each Contracting State shall develop requirements for air 
carriers for the carriage of potentially disruptive passengers who are 
obliged to travel because they have been the subject of judicial or 
administrative proceedings. 

Measures Relating to the Landside: 

4.8.1: Recommendation--Each Contracting State should ensure that 
security measures in landside areas are established to mitigate 
possible threats of acts of unlawful interference in accordance with a 
risk assessment carried out by the relevant authorities. 

Prevention: 

5.1.4: Each Contracting State shall ensure that contingency plans are 
developed and resources made available to safeguard civil aviation, 
against acts of unlawful interference. The contingency plans shall be 
tested on a regular basis. 

5.1.5: Each Contracting State shall ensure that authorized and 
suitably trained personnel are readily available for deployment at its 
airports serving international civil aviation to assist in dealing 
with suspected, or actual, cases of unlawful interference with civil 
aviation. 

Aerodrome Emergency Planning: 

9.1.1: An aerodrome emergency plan shall be established at an 
aerodrome, commensurate with the airport operations and other 
activities conducted at the aerodrome. 

Fencing: 

9.10.3: Suitable means of protection shall be provided to deter the 
inadvertent or premeditated access of unauthorized persons into ground 
installations and facilities essential for the safety of civil 
aviation located off the aerodrome. 

[End of section] 

Appendix IV: TSA Process for Conducting Foreign Airport Assessments: 

TSA uses a multistep process to conduct its assessments of foreign 
airports. Figure 5 describes the process TSA uses. 

Figure 2: Multistep Process for Conducting Foreign Airport Assessments: 

[Refer to PDF for image: process illustration] 

The TSAR is to communicate with the host government to obtain approval 
to conduct an assessment and to schedule an on-site visit to the 
foreign airport. 

The assessment team leader is to hold a pre-trip briefing to prepare 
for the on-site visit to the foreign airport. 

The assessment team is to conduct an entry briefing with Department of 
State, host government officials, and host airport officials. 

The assessment team is to conduct an on-site visit to the foreign 
airport to assess security measures in place by using ICAO standards, 
which takes about3 to 7 days: 
Assessment team is to conduct interviews with airport officials; 
Assessment team is to examine documents regarding a foreign airport’s 
security measures; 
Assessment team is to conduct a physical inspection of the airport. 

The assessment team is to provide a synopsis of the results from the 
assessment during an exit briefing with Department of State officials, 
host government officials,and host airport officials. 

The assessment team is to return to the ROC to write a report 
summarizing findings on the foreign airport’s overall security posture 
and security measures. 

The TSAR, ROC manager, and TSA headquarters official are to review the 
report findings to ensure that inspectors addressed and properly 
identified all relevant ICAO standards. 

Source: GAO analysis of information provided by TSA. 

[End of figure] 

[End of section] 

Appendix V: TSA Aviation Security Sustainable International Standards 
Team (ASSIST) Program: 

The mission of the ASSIST program is to raise and strengthen 
international aviation security standards in foreign countries and 
airports, and to ensure that improvements in standards are long-term 
and sustainable. Specifically, TSA deploys teams consisting of six to 
seven individuals for 1 week in partnership with the host nation in 
order to evaluate and develop recommendations for building the 
aviation security capacity. Following the initial visit, TSA conducts 
follow-up focused visits to deliver training and technical assistance 
when agreed upon by the host nation. To date, TSA has partnered with 
five foreign countries under the ASSIST program.[Footnote 67] These 
countries are St. Lucia, Liberia, Georgia, Haiti, and Palau. TSA 
selects countries to partner with based on a variety of factors, which 
include focusing on countries with last point of departure service to 
the United States, foreign airport risk rankings, a foreign 
government's demonstrated willingness to engage TSA, and a foreign 
government's demonstrated ability to sustain ASSIST initiatives after 
the conclusion of ASSIST. See below for specific information on the 
countries TSA partnered with during 2009-2011. 

St. Lucia: 

St. Lucia was the first nation to partner with TSA under the ASSIST 
program. It was selected as the pilot country for ASSIST because it is 
a last point of departure location to the U.S., a popular destination 
for U.S. passengers, and the TSA Representative in the region 
requested the assistance. The inaugural survey visit to St. Lucia was 
conducted in January 2009. Subsequent follow-up visits were held in 
March and June of 2009, and focused on training in Emergency 
Communications, Improvised Explosive Device Familiarization, Essential 
Instructor Skills, and Basic Screener Training. The ASSIST program 
closed out in St. Lucia in 2010. TSA officials told us that TSA 
partnered with St. Lucia because it was the pilot country for the 
ASSIST program. The Capacity Development Branch did not want to pilot 
the ASSIST program in a country that was "ultra challenging" in terms 
of security deficiencies. 

Liberia: 

Liberia was the second nation to partner with TSA under ASSIST. 
Liberia was chosen for ASSIST after President George W. Bush visited 
the nation in February 2008, pledging U.S. support in the area of 
aviation security. In addition, Delta Airlines wanted to reestablish 
service between the U.S. and Liberia and, in order to do so, Liberia's 
national civil aviation program needed improvement. Liberia received a 
survey visit in April 2009. TSA conducted Essential Instructor Skills 
and Basic Screening Skills Training in May 2009. This training was 
followed by monthly visits to assess the impact of training and other 
technical assistance. In January 2010, TSA coordinated Fraudulent 
Document Detection training in conjunction with the U.S. Customs and 
Border Protection and Immigration and Customs Enforcement. In August 
2010, TSA conducted its National Inspectors Training. The ASSIST 
program was closed out in Liberia in November 2010. 

Georgia: 

Georgia, the third nation to partner with TSA under ASSIST, received a 
survey visit in September 2009. TSA coordinated its ASSIST program 
activities in Georgia with the European Civil Aviation Conference 
(ECAC). Georgia is a member state of ECAC and ECAC initiated a program 
of technical assistance in Georgia following its March 2009 audit of 
the Tbilisi Airport. In addition, TSA officials also told us that the 
State Department also requested that TSA work with Georgia. In April 
2010, ECAC and TSA conducted ECAC's Best Practices for National-level 
Auditors course. In August 2010, TSA conducted a review of passenger 
and baggage screening. The ASSIST program was closed out in Georgia in 
December 2010. 

Palau: 

TSA deployed an ASSIST program representative to Palau in August 2010. 
TSA officials told us that Palau was selected for the ASSIST program 
as a result of the results from the TSA foreign airport assessment 
program. In addition, Palau was a last point of departure to the 
United States and the host government was willing to engage TSA and 
make a commitment to sustain its aviation security enhancements. 

Haiti: 

Currently, the ASSIST program is working with Haiti. Haiti was 
selected for ASSIST as a result of past program assessment 
recommendations. Specifically, in October 2010, the ASSIST team was in 
the process of conducting a training "needs assessment" in Haiti to 
determine what is needed to rectify aviation security deficiencies 
found by the program. 

[End of section] 

Appendix VI: Comments from the Department of Homeland Security: 

U.S. Department of Homeland Security: 
Washington, DC 20528: 

September 22, 2011: 

Mr. Stephen M. Lord: 
Director, Homeland Security and Justice Issues: 
U.S. Government Accountability Office: 
441 G Street, NW: 
Washington, DC 20548: 

Dear Mr. Lord: 

Thank you for the opportunity to review and comment on this draft 
report. The U.S. Department of Homeland Security (DHS) appreciates the 
U.S. Government Accountability Office's (GAO's) work in planning and 
conducting its review and issuing this report. 

The Department is pleased to note GAO's positive acknowledgment of the 
progress made in enhancing its foreign airport assessment program. In 
addition, the Transportation Security Administration (TSA) wanted to 
highlight new initiatives underway by the Office of Global Strategies 
(OGS). 

* Automated Database: TSA has completed its evaluation of a 
contractor's proposal for the Global Risk Analysis and Decision 
Support System. The envisioned product will initially enable TSA to 
capture the airport assessment data in a mechanism that facilitates
accurate and repeatable analyses. Eventually, it will incorporate 
mobile inspection capabilities, application of the risk algorithm, and 
visualization tools. Initial deployment is anticipated to occur by the 
end of Fiscal Year (FY) 2012 with enhancements to follow as 
technologies mature. 

* All-cargo Operations: On the basis of this year's cargo statistics, 
16 foreign airports currently provide only all-cargo (no passenger) 
operations to the United States. Nine are in European Union countries 
within the Frankfurt Regional Operations Center (ROC) area of 
responsibility (AOR), four are in the Miami AOR, two are in the 
Singapore AOR, and one is in the Dallas ROC's purview. As of September 
1, 2011, 73 OGS inspectors have been trained to conduct cargo 
inspections and on-the-job training visits are underway. Therefore, 
the workforce availability is now adequate to perform these essential 
but previously infeasible missions. 

* Analysis of Assessment Results and Outcome-based Performance 
Measures: TSA has created an Integrated Project Team (IPT) that 
reviews the results of visits to highly vulnerable airports and 
evaluates the root causes. If challenges exist because of 
infrastructure problems (e.g., lack of fencing), the TSA 
Representative (TSAR) can reach out to other U.S. Government entities 
with a vested interest in security at that airport and the statutory 
and financial ability to fund projects that mitigate the 
vulnerability. If the vulnerability stems from a lack of knowledge, 
the Capacity Development Branch (CDB) can be deployed to teach 
specific, tailored courses. if the difficulty arises from a lack of 
national or political will, the TSAR can again be engaged to address 
the issues at the appropriate level. The IPT develops a strategic 
implementation plan for each critical area, including expectations, 
ownership, and timelines. Throughout this process, OGS tracks actions 
completed and the subsequent airport assessment confirms the level of 
sustained success attributable by TSA's efforts.  

The draft report contains three recommendations with which DHS concurs 
and has already initiated steps to implement. Specifically, to help 
further enhance TSA's foreign airport assessment program, GAO 
recommended that the Secretary of DHS direct the Assistant 
Secretary for TSA to:  

Recommendation 1: Develop a mechanism to evaluate the results of 
completed assessment activities to determine any trends and target 
activities and resources. This evaluation could include frequency of 
noncompliance issues, regional variations, and perspectives on the 
security posture of individual airports over time.  

Response: Concur. In the months since the data collection phase of 
this project, TSA has taken several steps to address this proposal. A 
Program Analyst began work in the Global Compliance Directorate (GCD) 
and one of his primary performance goals is creation of analyses 
reflecting temporal and site-specific trends and anomalies. The CDB 
established an IPT composed of representatives from all OGS 
directorates with a mandate of evaluating regional, country, and 
airport vulnerabilities and determining those problem areas that could 
be effectively addressed by CDB-provided training. CDB and GCD are 
also partnering to develop workshops that can be presented by GCD 
inspectors at the conclusion of an airport assessment. These workshops 
would be tailored to address specific shortfalls observed during the 
assessment, which could be effectively mitigated through training.  

Recommendation 2: Establish criteria and guidance to assist TSA 
decision makers when determining the vulnerability rating of 
individual foreign airports.  

Response: Concur. The most recent version of the Foreign Airport 
Assessment Program (FAAP) standard operating procedure now contains 
several scenarios for ROC Managers to use as a set of guidelines — 
rather than dogma — in determining the Vulnerability rating for each 
open Standard and for the airport overall. The Director will 
collaborate on development of a scenario the event that key staff 
leave the Office or of Global Compliance and the ROC Managers archive 
to promote more long-term consistency in agency. 

Recommendation 3: Consider the feasibility of conducting more targeted 
assessments and systematically compiling information on aviation 
security best practices. 

Response: Concur. GCD has commenced development of a Pre-Audit 
Questionnaire (PAQ) that will be sent to each host government in 
advance of a planned airport assessment. Through this mechanism, TSA 
anticipates obtaining administrative information and key documents, 
such as the Airport Security Program, well prior to the visit. When 
the PAQ is returned to TSA, GCD will obtain an official translation of 
all submitted items so that the team has a better understanding of the 
current policies, procedures, and practices in place at the site. This 
may enable the team to tailor its efforts at the airports to focus on 
those areas of concern as indicated in the responses to the PAQ, as 
well as the critical Standards and Recommended Practices (SARPs). GCD 
anticipates completing the development of the PAQ by mid Fiscal Year 
(FY) 2012, with wide-scale deployment beginning October 1, 2012. 

With regard to aviation security best practices, the five volumes of 
the International Civil Aviation Organization's (ICAO) Security Manual 
for Safeguarding Civil Aviation Against Acts of Unlawful Interference 
(Document 8971) contain the globally recognized best practices and 
alternative methods for meeting the ICAO SARPs. TSA participates in 
development and review of this document as part of its ICAO activities 
and draws from it when recommending improvements to foreign airport 
authorities. However, an infrequently populated portion of the
FAAP report is available for inspectors to capture particularly 
noteworthy practices. During FY 2012, inspectors will be encouraged to 
more conscientiously identify and document new approaches encountered 
at airports that are not reflected in the Security Manual but 
effectively address the SARP. 

Again, thank you for the opportunity to review and comment on this 
draft report. Technical and sensitivity comments were previously 
provided under separate cover. We look forward to working with you on 
future Homeland Security issues. 

Sincerely, 

Signed by: 

Jim H. Crumpacker: 
Director:
Departmental GAO-OIG Liaison Office: 

[End of section] 

Appendix VII: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Stephen M. Lord, (202) 512-4379 or lords@gao.gov: 

Acknowledgments: 

In addition to the contact named above, Steve D. Morris, Assistant 
Director, and Christopher E. Ferencik, Analyst-in-Charge, managed this 
review. Wendy C. Johnson, Lisa A. Reijula, and Rebecca Kuhlmann Taylor 
made significant contributions to the work. Thomas F. Lombardi 
provided legal support. Stanley J. Kostyla and Minette D. Richardson 
assisted with design, methodology, and data analysis. Linda S. Miller 
provided assistance in report preparation. Tina Cheng helped develop 
the report's graphics. 

[End of section] 

Footnotes: 

[1] See 49 U.S.C. § 114(d). 

[2] See 49 U.S.C. § 44907. 

[3] GAO, Aviation Security: Foreign Airport Assessments and Air 
Carrier Inspections Help Enhance Security, but Oversight of These 
Efforts Can Be Strengthened, [hyperlink, 
http://www.gao.gov/products/GAO-07-729] (Washington, D.C.: May 11, 
2007). 

[4] GAO, Standards for Internal Control in the Federal Government, 
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] 
(Washington, D.C.: November 1999). 

[5] See Pub. L. No. 107-71, 115 Stat. 597 (2001). 

[6] 49 U.S.C. § 44907. Prior to the establishment of DHS in March 
2003, authority for conducting foreign airport assessments resided 
with the Secretary of Transportation. Although assessments were 
originally conducted by the Federal Aviation Administration (FAA), TSA 
assumed responsibility for conducting the assessments following the 
enactment of the Aviation and Transportation Security Act (enacted 
Nov. 19, 2001). In March 2003, TSA transferred from the Department of 
Transportation to DHS. See Homeland Security Act of 2002, Pub. L. No. 
107-296, § 403(2), 116 Stat. 2135, 2178. 

[7] See 49 U.S.C. § 44907(d)-(e). 

[8] Domestic and foreign air carriers that operate to, from, or within 
the United States must establish and maintain security programs 
approved by TSA in accordance with requirements set forth in 
regulation at 49 C.F.R. parts 1544 and 1546. See 49 U.S.C §§ 44903, 
44906. As with foreign airport assessments, FAA had responsibility for 
conducting air carrier inspections prior to TSA's establishment and 
assumption of this function. 

[9] ICAO was formed following the 1944 Convention on International 
Civil Aviation (also known as the Chicago Convention). In 1947, ICAO 
became a specialized agency of the United Nations. A primary objective 
of ICAO is to provide for the safe, orderly, and efficient development 
of international civil aviation. There are currently 190 signatory 
nations to the ICAO convention, including the United States. Nations 
that are members to the ICAO convention agree to cooperate with other 
member states to meet standardized international aviation security 
measures. The international aviation security standards and 
recommended practices are detailed in Annex 17 to the Convention on 
International Civil Aviation adopted by ICAO. 

[10] More specifically, an ICAO standard is a specification for the 
safety or regularity of international air navigation, with which 
member states agree to comply; a recommended practice is any desirable 
specification for safety, regularity, or efficiency of international 
air navigation, with which member states are strongly encouraged to 
comply. Member states are expected to make a genuine effort to comply 
with recommended practices. 

[11] Segments of Annex 17 to the Convention of International Civil 
Aviation, Safeguarding International Civil Aviation Against Unlawful 
Acts of Interference, Ninth Edition, March 2011, and Annex 14, 
Aerodrome Design and Operations, Volume I, have been reproduced in 
appendix III with permission of the International Civil Aviation 
Organization. 

[12] A risk-informed approach entails consideration of terrorist 
threats, vulnerability of potential terrorist targets to those 
threats, and the consequences of those threats being carried out when 
deciding how to allocate resources to defend against these threats. 
Risk-informed decision making can help ensure that finite resources 
are allocated to the areas of greatest need. 

[13] According to TSA, the airport assessment period is extended by 8 
to 12 hours for each air carrier inspection that TSA conducts in 
conjunction with an airport assessment. TSA may also conduct air 
carrier inspections separately from airport assessments because 
foreign airports are generally assessed no more than once a year by 
TSA, while some air carriers are inspected twice a year by TSA. See 49 
C.F.R. §§ 1544.3, 1546.3 (requiring that each U.S. aircraft operator 
and foreign air carrier (respectively) allow TSA, at any time or 
place, to make any inspections or tests to determine compliance-
applicable requirements). 

[14] TSA requires that each air carrier adopt and implement a TSA- 
approved security program for all scheduled passenger and public 
charter operations at locations within the United States, from the 
United States to a non-U.S. location, or from a non-U.S. location to 
the United States. See 49 C.F.R. pts. 1544-46. When TSA determines 
that additional security measures are necessary to respond to a threat 
assessment or to a specific threat against civil aviation, TSA may 
issue a security directive or an emergency amendment to an air carrier 
security program that sets forth additional mandatory security 
requirements. Air carriers are required to comply with each applicable 
security directive or emergency amendment issued by TSA, along with 
the requirements already within their security programs and any other 
requirements set forth in applicable law. 

[15] According to TSA's Foreign Airport Assessment Program Standard 
Operating Procedures, if security concerns and deficiencies are 
considered not "serious enough to warrant secretarial action (e.g., 
the measure barely satisfies the minimum international standard and 
could be improved)," TSA may develop an action plan for addressing the 
deficiencies identified without seeking a determination from the 
Secretary of Homeland Security. 

[16] TSA officials told us they used their subject-matter expertise 
and expert judgment to identify the 40 standards, which allow them to 
focus only on areas most critical for their assessments. TSA also 
assesses foreign airports against one ICAO-recommended practice 
concerning landslide areas. See appendix III for the complete list of 
standards TSA assesses foreign airports against. 

[17] These 22 standards cover the areas of passenger and hold baggage 
screening, access control, aircraft-in-flight security, and 
cargo/catering/mail. 

[18] The Director of Global Compliance told us that if multiple trips 
are scheduled back-to-back, inspectors are to conduct the air carrier 
inspection visit at one airport first, and the airport visit combining 
the assessment and air carrier inspection second. Doing so provides 
the inspectors more time to meet the 20 day airport assessment 
reporting requirement. 

[19] Of the 25 new international inspector positions, 5 are allocated 
for Frankfurt ROC; 6 for Miami; 7 for Dallas; 2 for Singapore; and 5 
for Los Angeles. 

[20] TSA is also planning to hire a program analyst in headquarters to 
assist with, among other things, analyzing assessment results and 
assessments scheduling. TSA also established three new TSAR positions 
in 2010--one each in Brasilia, Brazil; Johannesburg, South Africa; and 
Nassau, the Bahamas; and plans to staff three more TSARs by the end of 
2011 located in Dakar, Senegal; Dubai, United Arab Emirates; and New 
Delhi, India. 

[21] A risk-informed approach entails consideration of terrorist 
threats, vulnerability of potential terrorist targets to those 
threats, and the consequences of those threats being carried out when 
deciding how to allocate resources to defend against these threats. 
Risk-informed, priority-driven decisions can help inform decision 
makers in allocating finite resources to the areas of greatest need. 

[22] The total number of foreign airports TSA assesses changes due to 
carriers changing service locations or flight destinations, and 
seasonal service carriers. 

[23] Information on the specific number of airports identified as 
high, medium and low risk is deemed sensitive security information. 

[24] Under the previous approach, foreign airports that exhibited no 
operational issues in the previous two assessments were assessed once 
every 3 years. Foreign airports that had not been previously assessed, 
were subjected to secretarial action within the last 5 years, or 
exhibited operational issues in either of the two previous assessments 
were assessed once a year. Operational issues were considered 
weaknesses in the security system at an airport that pose a direct 
threat to the safety and security of passengers, aircraft, and crew 
(i.e., screening and access control measures). 

[25] GAO, Transportation Security: Comprehensive Risk Assessments and 
Stronger Internal Controls Needed to Help Inform TSA Resource 
Allocation, [hyperlink, http://www.gao.gov/products/GAO-09-492] 
(Washington, D.C.: Mar. 27, 2009). 

[26] TSA also plans to develop additional 1 year implementation plans 
for future years, which will also include long-term foreign airport 
assessment program goals and objectives. 

[27] These courses consist of Preventive Security Measures, Incident 
Management and Response, Excellence in Screening Techniques, Cargo 
Security Management, Essential Instructor Skills, and a National 
Inspectors Workshop. Additional courses in the process of development 
include Instructional Systems Design, and National Programs: National 
Civil Aviation Security Program, National Civil Aviation Security 
Quality Control Program, National Civil Aviation Security Training 
Program, Information Gathering through Casual Conversation, and 
Incident Management and Response. 

[28] In the homeland security context, "harmonization" is a broad term 
used to describe countries' efforts to coordinate their security 
practices to enhance security and increase efficiency by avoiding 
duplication of effort. Harmonization efforts can include countries' 
mutually recognizing and accepting each other's existing practices-- 
which could represent somewhat different approaches to achieve the 
same outcome, as well as working to develop uniform standards. 

[29] The European Commission is the executive body of the European 
Union. The body is responsible for proposing legislation, implementing 
decisions, upholding the Union's treaties and the general day-to-day 
running of the Union. The Commission operates as a cabinet government, 
with 27 commissioners (one commissioner per member state). The 
Commission is required to monitor Member States' compliance with the 
aviation security legislation and carries out inspections of national 
appropriate authorities, airport inspections, and follow-up 
inspections to confirm the implementation of remedial actions. 

[30] The 27 member states of the European Union are Austria, Belgium, 
Bulgaria, Czech Republic, Denmark, Germany, Estonia, Greece, Spain, 
France, Ireland, Italy, Cyprus, Latvia, Lithuania, Luxembourg, 
Hungary, Malta, the Netherlands, Poland, Portugal, Romania, Slovenia, 
Slovakia, Finland, Sweden, and the United Kingdom. 

[31] According to TSA officials, if a table-top review does not 
provide TSA with sufficient information to make a determination on the 
security posture of the airport, TSA will conduct an independent 
assessment. 

[32] See 73 Fed. Reg. 53,034 (Sept. 12, 2008). The notice directed all 
U.S. and foreign air carriers (and their agents) providing service 
between the United States and Venezuelan airports, to provide notice 
to any passenger purchasing a ticket for transportation between the 
United States and these airports that DHS is unable to determine 
whether such airports maintain and carry out effective security 
measures, and further required that similar notices be posted at U.S. 
airports. The notice remains in effect. 

[33] TSA security requirements for U.S.-bound flights cover critical 
areas of aviation security including passenger, baggage, and cargo 
screening. 

[34] AIT produces an image of a passenger's body that a screener 
interprets. The image identifies metallic and nonmetallic threats 
including weapons, explosives, and other objects concealed under 
layers of clothing. 

[35] The State Department's ATA program seeks to provide partner 
countries the training, equipment, and technology they need to combat 
terrorism and prosecute terrorists and terrorist supporters. The Anti- 
Terrorism Assistance program was established in 1983. 

[36] The Organization of American States is made up of 35 member 
states, including the independent nations of North, Central, and South 
America and the Caribbean, and is a forum for strengthening democracy, 
promoting human rights, and confronting shared problems among its 
members, such as poverty, terrorism, illegal drugs, and corruption. 

[37] Its eight employees comprise the CDB Manager that oversees its 
International Instructions Development and Design group--two 
instructional systems design managers; an International Instructional 
Delivery group--three program analysts/instructors; and an 
International Technical Assistance group--two program managers for its 
ASSIST program. 

[38] Information on the specific number of countries with high-risk 
airports as identified by TSA is deemed SSI. 

[39] Specifically, by the end of fiscal year 2011, TSA is to finalize 
a coordinated set of procedures for the lending of decommissioned 
expendable and nonexpendable TSA aviation security equipment to 
partner countries, and develop a risk-based methodology for lending 
such equipment. In addition, by the end of fiscal year 2013, TSA is to 
implement the risk-based methodology through TSARs to the prioritized 
list of equipment recipients, and implement an evaluation plan to 
determine program impact. 

[40] See 49 U.S.C. § 114(m) (referencing § 106(l), (m)). 

[41] TSA also stated that it may also provide equipment deemed excess 
or surplus to foreign governments in accordance with General Services 
Administration guidance and regulations. 

[42] The dates of deployment were October 31-November 12, 2010, 
November 28-December 3, 2010, and January 21-25, 2011. 

[43] This includes foreign all-cargo operation airports as well as all-
cargo flights departing from airports that also provide passenger 
service to countries other than the United States. 

[44] According to TSA, the number of airports to which the agency 
assigns a risk ranking and that are therefore eligible for assessment, 
is constantly in flux, as air carriers start and stop service to the 
U.S. from foreign locations for a variety of reasons, such as seasonal 
service. While, as of January 1, 2011, TSA has categorized 277 foreign 
airports, TSA officials told us that the number of airports eligible 
for assessment typically ranges from about 275 to 300. In addition, 
our analyses are based primarily on data provided by TSA on May 9, 
2011. At that time, there were 35 ICAO standards against which TSA 
assessed airports, including 17 critical standards. The data also 
included assessments on 1 additional standard that had been used in 
previous fiscal years but was no longer active on May 9, 2011. 

[45] For example, this tool provides each airport's vulnerability 
category, or score, and includes information on the frequency with 
which each foreign airport complied with particular categories of ICAO 
standards, such as passenger screening, checked baggage screening, and 
access controls, among others. 

[46] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. 

[47] [hyperlink, http://www.gao.gov/products/GAO-07-729]. 

[48] Pub. L. No. 111-352, 124 Stat. 3866 (2011) (amending Pub. L. No. 
103-62, 107 Stat. 285 (1993)). See also 31 U.S.C. § 1115 (relating to 
performance measurement). 

[49] "Leading security indicators" refers to an airport's 
vulnerability rating for its security posture, ranked on a scale of 1 
(fully compliant) to 5 (egregious noncompliance). 

[50] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. 

[51] GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air 
Cargo Are in the Early Stages and Could Be Strengthened, [hyperlink, 
http://www.gao.gov/products/GAO-07-660] (Washington, D.C.: Apr. 30 
2007). 

[52] [hyperlink, http://www.gao.gov/products/GAO-07-660]. 

[53] See, 49 U.S.C. § 44907. 

[54] We did not visit the Singapore ROC due to travel costs and the 
small number of TSA inspectors at this location. 

[55] We conducted in-person interviews with TSARs during our site 
visits to Miami and Frankfurt. 

[56] These embassies included Canada, Mexico, France, United Kingdom, 
and Australia. 

[57] Since the actual numerical scores were not recorded in the 
assessment reports, it was only possible to identify those standards 
that were identified as not fully compliant (i.e., standards which 
corresponded to a score greater than 1 on the tracking sheet). 

[58] GAO, Standards for Internal Control in the Federal Government, 
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] 
(Washington, D.C.: November 1999). 

[59] GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air 
Cargo Are in the Early Stages and Could Be Strengthened, [hyperlink, 
http://www.gao.gov/products/GAO-07-660] (Washington, D.C.: Apr. 30 
2007). 

[60] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. 

[61] The Secretary may bypass the 90-day action and immediately 
provide public notification or withhold, revoke, or prescribe 
conditions on an air carrier's operating authority if the Secretary 
determines, after consultation with the Secretary of State, that a 
condition exists that threatens the safety or security of passengers, 
aircraft, or crew traveling to or from the airport. § 
4907(d)(2)(A)(ii). 
[62] Public notification includes publication of the airport's 
identity in the Federal Register, posting and displaying the airport's 
identity prominently at all U.S. airports at which scheduled air 
carrier operations are provided regularly, and notifying news media of 
the airport's identity. 49 U.S.C. § 44907(d)(1)(A). U.S. and foreign 
air carriers providing transportation between the United States and 
the airport shall also provide written notice that the airport is not 
maintaining and carrying out effective security measures on or with 
the ticket to each passenger buying a ticket. § 44907(d)(1)(B). 

[63] § 44907(d)(2)(C). 

[64] § 44907(d)(2)(D). 

[65] § 44907(e). Invoking this action does not require that the 
Secretary base the determination upon TSA's airport assessment 
results, though an assessment may provide the basis for invoking this 
action. 

[66] These standards and the recommended practice are reprinted with 
the permission of ICAO. 

[67] In addition, TSA is also trying to engage in negotiations with 
the Philippines about providing ASSIST in that country. The current 
status of TSA's Capacity Development Branch's (CDB) ASSIST program in 
the Philippines is that TSA is waiting for the Philippine government 
to sign a Memorandum of Agreement for the ASSIST program. TSA created 
the CDB in 2007 to manage all TSA international aviation security 
capacity building assistance efforts, including requests for 
assistance in response to a host government's airport assessment 
results. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: