Defined Contribution Plans: Federal Guidance Could Help Mitigate Cybersecurity Risks in 401(k) and Other Retirement Plans

What GAO Found

In their role administering private sector employer-sponsored defined contribution (DC) retirement plans, such as 401(k) plans, plan sponsors and their service providers—record keepers, third party administrators, custodians, and payroll providers—share a variety of personally identifiable information (PII) and plan asset data among them to assist with carrying out their respective functions (see figure). The PII exchanged for DC plans typically include participant name, Social Security number, date of birth, address, username/password; plan asset data typically includes numbers for both retirement and bank accounts. The sharing and storing of this information can lead to significant cybersecurity risks for plan sponsors and their service providers, as well as plan participants.

Data Sharing Among Plan Sponsors and Service Providers in Defined Contribution Plans

Federal requirements and industry guidance exist that could mitigate cybersecurity risks in DC plans, such as requirements that pertain to entities that directly engage in financial activities involving DC plans. However, not all entities involved in DC plans are considered to have such direct engagement, and other cybersecurity mitigation guidance is voluntary. Federal law nevertheless requires plan fiduciaries to act prudently when administering plans. However, the Department of Labor (DOL) has not clarified fiduciary responsibility for mitigating cybersecurity risks, even though 21 of 22 stakeholders GAO interviewed expressed the view that cybersecurity is a fiduciary duty. Further, DOL has not established minimum expectations for protecting PII and plan assets. DOL officials told GAO that the agency intends to issue guidance addressing cybersecurity-related issues, but they were unsure when it would be issued. Until DOL clarifies responsibilities for fiduciaries and provides minimum cybersecurity expectations, participants’ data and assets will remain at risk.

Why GAO Did This Study

Cyber attacks against information systems (IT) are perpetuated by individuals or groups with malicious intentions, from stealing identities to appropriating money from accounts. DC plans, which allow individuals to accumulate tax-advantaged retirement savings, increasingly rely on the internet and IT systems for their administration. Accordingly, the need to secure these systems has become paramount. Ineffective data security controls can result in significant risks to plan data and assets. In 2018, DC plans enrolled 106 million participants and held nearly $6.3 trillion in assets, according to DOL.

This report examines (1) the data that sponsors and providers exchange during the administration of DC plans and their associated cybersecurity risks, and (2) efforts to assist sponsors and providers to mitigate cybersecurity risks during the administration of DC plans. GAO interviewed key entities involved with DC plans, such as sponsors and record keepers, DOL officials and industry stakeholders; and reviewed relevant federal laws, regulations, and guidance.

More from:

Hits: 0

News Network

  • Promoting and Protecting Human Rights: A Re-Dedication to the Universal Declaration of Human Rights
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • NASA Extends Deep Space Atomic Clock Mission
    In Space
    Smart phone apps provide [Read More…]
  • Secretary Pompeo’s Call with Iraqi Kurdistan Regional Government Prime Minister Barzani
    In Crime Control and Security News
    Office of the [Read More…]
  • NASA to Broadcast Mars 2020 Perseverance Launch, Prelaunch Activities
    In Space
    Starting July 27, news [Read More…]
  • Justice Department Files Title VII Sex Discrimination Lawsuit Against Alabama Sheriff’s Office and the Mobile County Sheriff
    In Crime News
    The Department of Justice announced today that it has filed a lawsuit against the Mobile County Sheriff’s Office, Alabama’s second-largest sheriff’s office, and the Mobile County Sheriff, in his official capacity (collectively, MCSO).
    [Read More…]
  • State-Sponsored Iranian Hackers Indicted for Computer Intrusions at U.S. Satellite Companies
    In Crime News
    An indictment was unsealed today charging three computer hackers, all of whom were residents and nationals of the Islamic Republic of Iran (Iran), with engaging in a coordinated campaign of identity theft and hacking on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC), a designated foreign terrorist organization, in order to steal critical information related to U.S. aerospace and satellite technology and resources.
    [Read More…]
  • Secretary Blinken’s Call with Colombian Foreign Minister Blum
    In Crime Control and Security News
    Office of the [Read More…]
  • Remarks to the Community of Democracies 20th Anniversary Virtual Conference
    In Human Health, Resources and Services
    Stephen Biegun, Deputy [Read More…]
  • Togo’s National Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Grenada Travel Advisory
    In Travel
    Exercise increased [Read More…]
  • Retirement Security: Older Women Report Facing a Financially Uncertain Future
    In U.S GAO News
    In all 14 focus groups GAO held with older women, women described some level of anxiety about financial security in retirement. Many expressed concerns about the future of Social Security and Medicare benefits, and the costs of health care and housing. Women in the groups also cited a range of experiences that hindered their retirement security, such as divorce or leaving the workforce before they planned to (see fig.). Women in all 14 focus groups said their lack of personal finance education negatively affected their ability to plan for retirement. Many shared ideas about personal finance education including the view that it should be incorporated into school curriculum starting in kindergarten and continuing through college, and should be available through all phases of life. Women Age 70 and Over by Marital Status Note: Percentages do not add up to 100 percent due to rounding Individual women's financial security is also linked to their household where resources may be shared among household members. According to the 2016 Survey of Consumer Finances, among households with older women, about 23 percent of those with white respondents and 40 percent of those with African American respondents fell short of a measure of retirement confidence, indicating their income was not sufficient to maintain their standard of living. The likelihood of a household reporting high retirement confidence rose in certain cases. For example among households of similar wealth, those with greater liquidity in their portfolio and those with defined benefit plan income were more likely to report high retirement confidence. This testimony summarizes the information contained in GAO's July 2020 report, entitled Retirement Security: Older Women Report Facing a Financially Uncertain Future (GAO-20-435). For more information, contact Tranchau Nguyen at (202) 512-2660 or NguyenTT@gao.gov.
    [Read More…]
  • LymeX: Applying Health+ for Patient-Powered Innovations
    In Human Health, Resources and Services
    April 12, 2021 By: Alex [Read More…]
  • Lebanon Travel Advisory
    In Travel
    Reconsider travel [Read More…]
  • Six Men Charged for Roles in Scheme to Defraud Businesses of Luxury Goods and Services
    In Crime News
    Six men were charged in an indictment unsealed on Wednesday for their alleged participation in a nation-wide scheme to defraud dozens of businesses across the United States of luxury goods and services announced Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department's Criminal Division and U.S. Attorney Andrew Lelling of the District of Massachusetts.
    [Read More…]
  • The Department of Justice Announces Standards for Certifying Safe Policing Practices by Law Enforcement Agencies
    In Crime News
    Today, the Department of Justice announced Standards for Certification that will be used by credentialing bodies so they can begin certifying thousands of law enforcement agencies over the next three months. The Standards of Certification are a result of President Trump’s June Executive Order 13929, Safe Policing for Safe Communities.
    [Read More…]
  • Global Entry for Panamanian Citizens
    In Travel
    How to Apply for Global [Read More…]
  • Secretary Pompeo’s Meeting with Japanese Prime Minister Suga
    In Crime Control and Security News
    Office of the [Read More…]
  • Science & Tech Spotlight: Tracing the Source of Chemical Weapons
    In U.S GAO News
    Why This Matters Some governments are suspected of using chemical weapons despite international prohibitions under the Chemical Weapons Convention. For example, sarin and VX nerve gas have been identified in attacks. Most recently, Novichok nerve agent was used in 2020. Technologies exist to identify chemical warfare agents and possibly their sources, but challenges remain in identifying the person or entity responsible. The Technology What is it? According to the Global Public Policy Institute, there have been more than 330 chemical weapons attacks since 2012. Such attacks are prohibited under the Chemical Weapons Convention. A set of methods called forensic chemical attribution has the potential to trace the chemical agent used in such attacks to a source. A set of methods called forensic chemical attribution has the potential to trace the chemical agent used in such attacks to a source. For example, investigators could use these methods to identify the geographic sources of raw materials used to make the agent, for example, or to identify the manufacturing process Such information can aid leaders in deciding on whether or how to respond to a chemical weapons attack. Figure 1. Forensic chemical attribution process How does it work? Forensic chemical attribution is a three-step process, though the third step is being developed (see Fig. 1). First, a sample is taken from a victim or the site of an attack. Second, the sample's chemical components are analyzed and identified (see Fig. 2), either at a mobile lab or at one of 18 authorized biomedical labs worldwide. Common identification methods are: Gas chromatography, which separates chemical components of a mixture and quantifies the amount of each chemical. Mass spectrometry, which measures the mass-to-charge ratio of ions (i.e., charged particles) by converting molecules to ions and separating the ions based on their molecular weight. Nuclear magnetic resonance (NMR), which can determine the structure of a molecule by measuring the interaction between atomic nuclei placed in a magnetic field and exposing it to radio waves. NMR works on is the same principle as magnetic resonance imaging (MRI) used in medical diagnostics. In the third step—still under development—investigators use the data from the forensic chemical identification and analysis and identification methods from step two to develop a "chemical fingerprint." The fingerprint can be matched to a database of information on existing methods or known sources to identify chemical agents (i.e., Source A matching Sample 1 of Fig. 2). However, a comprehensive database containing complete, reliable data for known agents does not exist. How mature is it? Forensic chemical analysis and identification (i.e., Step 2 of Fig.1) is mature for known chemical agents. For example, investigators determined the nerve agent sarin was used in an attack on civilians in 2017. The methods can also identify new agents, as when investigators determined the chemical composition of the Novichok nerve agent after its first known use, in 2018. Forensic chemical analysis and identification methods are also mature enough to generate data that investigators could use as a "chemical fingerprint"– that is, a unique chemical signature that could be used in part to attribute a chemical weapon to a person or entity. For example, combining gas chromatography and mass spectrometry can provide reliable information about the chemical components and molecular weight of an agent. To achieve Step 3, scientists could use this these methods in a laboratory experiment to match impurities in chemical feedstocks of the weapon to potentially determine who made it. In an investigation, such impurities could indicate the geographic origin of the starting material and the process used to create the agent. Figure 2. Example of forensic chemical identification and analysis, showing a match between Sample 1 and Source A. Opportunities An effective international system for forensic chemical attribution can open up several opportunities, including: Defense. Knowing the source of a chemical agent could help nations better defend against future attacks and, when appropriate, take military action in response to an attack.  Legal response. Source attribution may provide information to help find and prosecute attackers or to impose sanctions. Deterrence. The ability to trace chemical agents to a source might deter future use of chemical weapons.  Challenges Chemical database. Creating a comprehensive international database of chemical fingerprints would require funding and international collaboration to sample chemicals from around the world. Finding perpetrators. Matching a chemical to its sources does not reveal who actually used it in an attack. Almost all investigations require additional evidence. Samples. Collecting a sufficient sample for attribution can be challenging, as can storing and transporting it using a secure chain of custody—potentially over great distance—to one of the 18 authorized biomedical labs worldwide. International cooperation. Lack of cooperation can delay investigations and may compromise sample quality.  Cooperation is also essential for creating an international database. Standardization. Attribution methods are complex and require standardized, internationally accepted protocols to ensure results are reliable and trusted. Such protocols do not yet exist for attributing a chemical weapons attack. Policy Context and Questions The following questions are relevant to building an effective, trusted system for tracing attacks using forensic chemical attribution: How can federal agencies promote and contribute to the international standardization of scientific methods for forensic chemical attribution? Which agency or agencies should lead this effort? How can the international community create and implement a framework for cooperation and trust in forensic chemical attribution? What actions could promote or incentivize creation of an internationally accepted database of unique chemical fingerprints for attributing chemical agents to their sources? What can be done to fully identify and address the scientific and technological gaps in current capabilities for attributing a chemical agent to its source? For more information, contact Karen Howard at (202) 512-6888 or HowardK@gao.gov.
    [Read More…]
  • The Department of Justice Alleges Conditions at Cumberland County Jail Violate the Constitution
    In Crime News
    Today, the Justice Department’s Civil Rights Division and the U.S. Attorney’s Office for the District of New Jersey concluded that there is reasonable cause to believe that the conditions at the Cumberland County Jail in Bridgeton, New Jersey violate the Eighth and Fourteenth Amendments of the Constitution.
    [Read More…]
  • Justice Department Files Civil Action to Shut Down Chicago-Area Tax Return Preparer
    In Crime News
    The United States has filed a complaint seeking to bar a Chicago-area tax return preparer from preparing federal income tax returns for others, the Justice Department announced today. The civil complaint against Lavon Boyd was filed in the U.S. District Court for the Northern District of Illinois and alleges that Boyd prepared federal income tax returns for Chicago-area taxpayers that significantly understated his customers’ tax liabilities by fabricating business losses. The suit alleges that Boyd fabricated or exaggerated his customers’ business expenses. The suit also charges that Boyd allegedly fabricated childcare expenses on at least one of his customers’ tax returns.
    [Read More…]
  • Department of Justice Issues Statement Regarding Federal Civil Rights Review Into March 2020 Police Encounter with Daniel Prude
    In Crime News
    Pamela Karlan, Principal Deputy Assistant Attorney General for the Civil Rights Division of the Department of Justice, James P. Kennedy Jr., U.S. Attorney for the Western District of New York, and Stephen A. Belongia, Special Agent in Charge of the FBI Buffalo Field Office, released the following statement:
    [Read More…]
  • Tech Executive Pleads Guilty to Wire Fraud and Money Laundering in Connection with PPP Loans
    In Crime News
    A Washington man pleaded guilty today to wire fraud and money laundering in connection with his scheme to obtain over $5.5 million in Paycheck Protection Program (PPP) loans and laundering the proceeds.
    [Read More…]
  • Maryland Man Pleads Guilty to Submitting False Claim to Steal Funds Intended for Afghanistan Reconstruction
    In Crime News
    A Maryland man pleaded guilty today to filing a false claim for his role in a scheme to divert hundreds of thousands of dollars in State Department funds to his own use.
    [Read More…]
  • Passengers with Disabilities: Airport Accessibility Barriers and Practices and DOT’s Oversight of Airlines’ Disability-Related Training
    In U.S GAO News
    What GAO Found Passengers with disabilities face infrastructure, information, and customer service barriers at U.S. airports, according to representatives of selected airports, disability advocacy organizations, as well as a review of relevant literature. Infrastructure barriers can include complex terminal layouts and long distances between gates and can be difficult for some to navigate. Essential travel information is not always available in a format accessible to all. For example, a person with hearing loss could miss crucial gate information that is solely provided over a loudspeaker. A passenger might not receive appropriately sensitive service, such as wheelchair assistance, at the airport, although the service provided is required by the Air Carrier Access Act of 1986 (ACAA) regulations. According to stakeholders, while no solution meets all needs, a number of practices can help reduce or eliminate some of these barriers to equal access at airports. For example, some selected airports use external disability community and passenger groups to proactively engage in identifying barriers and develop solutions. Other airports have implemented technology-based solutions, such as mobile phone applications to make airport navigation easier. Examples of Stakeholder-Identified Features to Assist Airport Passengers with Disabilities The Office of Aviation Consumer Protection within the Department of Transportation (DOT) is responsible for oversight of airlines' compliance with the ACAA. In 2008, DOT updated its entire ACAA regulation, including adding new training requirements for airline personnel, such as requiring training to be recurrent. Following this update, DOT conducted outreach to domestic and foreign airlines on the changes and reviewed airlines' disability training sessions and materials. Agency officials said that in recent years, DOT has conducted reviews of airlines' training only when passengers' complaints indicate a possible problem, as officials' analyses have not shown training generally to be a significant cause of service violations. DOT officials and stakeholders said other factors, such as limited availability of staff to assist passengers with disabilities, at times may affect the service passengers with disabilities receive. DOT is assessing some of these factors through the statutorily mandated ACAA Advisory Committee, formed in late 2019 to make recommendations to improve accessibility to air travel. The committee met in 2020, established three subcommittees, and plans to reconvene by summer 2021. Why GAO Did This Study Approximately 43 million people in the United States have some type of disability, which may affect mobility, vision, hearing, and cognition. Without accessible airport facilities and accommodations—such as appropriate assistance from the check-in counter to the gate, or effective communication of flight information—air travel for people with disabilities can be extremely challenging. The FAA Reauthorization Act of 2018 includes provisions for GAO to review leading airport accessibility practices for passengers with disabilities, as well as required training for airline and contract service personnel who assist these passengers within the airport. This report examines, among other objectives: stakeholder-identified barriers that passengers with disabilities face when accessing airport facilities, accessibility practices to assist passengers with disabilities, as well as how DOT has overseen airlines' disability-related training. GAO reviewed relevant federal laws, regulations, DOT documents, literature, as well as information describing disability training provided by selected airlines and contractors. GAO interviewed a non-generalizable sample of stakeholders, including those at 16 U.S. airports selected based on size and geography, eight large and low-cost domestic airlines selected based on the greatest number of disability-related passenger complaints and enplanements, and six aviation service contractors working for those airlines. GAO also conducted interviews with DOT officials and 10 disability advocacy organizations, among others. For more information, contact Heather Krause at (202) 512-2834 or krauseh@gao.gov.
    [Read More…]
  • Taiwan Travel Advisory
    In Travel
    Exercise normal [Read More…]
  • China-Based Executive at U.S. Telecommunications Company Charged with Disrupting Video Meetings Commemorating Tiananmen Square Massacre
    In Crime News
    A complaint and arrest warrant were unsealed today in federal court in Brooklyn charging Xinjiang Jin, also known as “Julien Jin,” with conspiracy to commit interstate harassment and unlawful conspiracy to transfer a means of identification.  Jin, an employee of a U.S.-based telecommunications company (Company-1) who was based in the People’s Republic of China (PRC), allegedly participated in a scheme to disrupt a series of meetings in May and June 2020 held to commemorate the June 4, 1989 Tiananmen Square massacre in the PRC.  The meetings were conducted using a videoconferencing program provided by Company-1, and were organized and hosted by U.S-based individuals, including individuals residing in the Eastern District of New York.  Jin is not in U.S. custody.
    [Read More…]
  • Justice Department Issues Business Review Letter for Proposed University Technology Licensing Program
    In Crime News
    The Justice  Department’s Antitrust Division announced today that it has completed its review of a proposed joint patent licensing pool known as the University Technology Licensing Program (UTLP).  UTLP is a proposal by participating universities to offer licenses to their physical science patents relating to specified emerging technologies.
    [Read More…]
  • Iceland Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Secretary Blinken’s Call with Guatemalan Foreign Minister Brolo
    In Crime Control and Security News
    Office of the [Read More…]
  • Lithuania Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • The United States Leads the Fight Against Foreign Bribery and Transnational Corruption
    In Crime Control and Security News
    Cale Brown, Deputy [Read More…]
  • Request Denied for Preliminary Injunction on the Administration’s Landmark New Regulations Implementing under the National Environmental Policy Act
    In Crime News
    On Friday, Sept. 11, Judge James T. Jones of the U.S. District Court for the Western District of Virginia denied a request for a preliminary injunction against the Administration’s landmark new regulations implementing under the National Environmental Policy Act (NEPA), which will modernize environmental review, enhance the information-gathering process, and facilitate more meaningful public participation in the protection of our environment. These regulations had not been subject to a major revision since 1978, when they were first promulgated, and they were in need of modernization to improve the infrastructure permitting process.
    [Read More…]
  • Spotlight on Naloxone Co-Prescribing
    In Human Health, Resources and Services
    As we recognize [Read More…]
  • Kroger Shooter Pleads Guilty to Federal Hate Crimes and Firearm Offenses
    In Crime News
    A Kentucky man pleaded guilty today to federal hate crimes and firearm charges arising out of the racially motivated shootings of Black individuals at a grocery store.
    [Read More…]
  • Department of Justice Revises Policy Governing Grants Associated with Foreign-Made Unmanned Aircraft Systems
    In Crime News
    The Department of Justice today announced that its Office of Justice Programs (OJP) has issued a revised policy governing the award of grants for the purchase and operation of foreign-made Unmanned Aircraft Systems (UAS). The new policy requires grant recipients to utilize OJP funds to procure and operate UAS only in a manner that promotes public safety, protects individuals’ privacy and civil liberties, and mitigates the risks of cyber intrusion and foreign influence.
    [Read More…]
  • Reaffirming the Unbreakable U.S.-Japan Alliance
    In Crime Control and Security News
    Office of the [Read More…]
  • Readout of Deputy Attorney General Lisa O. Monaco’s First Day
    In Crime News
    Today, Lisa O. Monaco was sworn in as the 39th Deputy Attorney General (DAG) of the United States. She returns to the Department of Justice where she first arrived as an intern 26 years ago, and went on to hold a variety of leadership roles at both the Department and the FBI. DAG Monaco held a series of meetings with DOJ staff and received briefings on the January 6th Capitol Attack investigation and on national security. In an all hands meeting with her immediate staff, DAG Monaco reiterated her commitment to reaffirming the Department’s foundational mission and core values, pursuing the Constitution’s promise of equal justice, and ensuring the safety of all who call America home. Late in the day she sent an email to the DOJ workforce thanking them for their dedication, and conveying how honored she is to serve alongside them.   
    [Read More…]
  • On the Death of Colombian Defense Minister Trujillo
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Caltech Alum Robert Behnken Aboard Historic Demo-2 Launch
    In Space
    The SpaceX Crew Dragon [Read More…]
  • Disabilities Reported by Prisoners: Survey of Prison Inmates, 2016
    In Justice News
    (Publication)
    This brief presents findings based on data collected in the 2016 Survey of Prison Inmates, a survey conducted through face-to-face interviews with a national sample of state and federal prisoners across a variety of topics, such as their demographic characteristics, socio-economic background, health, and involvement with the criminal justice system.
    3/30/2021, NCJ 252642, Mariel Alper, Jennifer Bronson, Laura M. Maruschak [Read More…]
  • Texas Physician Sentenced for Multi-Million Medicare Fraud Scheme
    In Crime News
    A Texas physician was sentenced to five years in prison today for her role in a multi-million Medicare fraud scheme.
    [Read More…]
  • High-Risk Series: Dedicated Leadership Needed to Address Limited Progress in Most High-Risk Areas
    In U.S GAO News
    Overall ratings in 2021 for 20 of GAO's 2019 high-risk areas remain unchanged, and five regressed. Seven areas improved, one to the point of removal from the High-Risk List. Two new areas are being added, bringing our 2021 High-Risk List to 36 areas. Where there has been improvement in high-risk areas, congressional actions, in addition to those by executive agencies, have been critical in spurring progress. GAO is removing Department of Defense (DOD) Support Infrastructure Management from the High-Risk List. Among other things, DOD has more efficiently utilized military installation space; reduced its infrastructure footprint and use of leases, reportedly saving millions of dollars; and improved its use of installation agreements, reducing base support costs GAO is narrowing the scope of three high-risk areas by removing segments of the areas due to progress that has been made. The affected areas are: (1) Federal Real Property (Costly Leasing) because the General Services Administration has reduced its reliance on costly leases and improved monitoring efforts; (2) DOD Contract Management (Acquisition Workforce) because DOD has significantly rebuilt its acquisition workforce; and (3) Management of Federal Oil and Gas Resources (Offshore Oil and Gas Oversight) because the Department of the Interior's Bureau of Safety and Environmental Enforcement has implemented reforms improving offshore oil and gas oversight. National Efforts to Prevent, Respond to, and Recover from Drug Misuse is being added to the High-Risk List. National rates of drug misuse have been increasing, and drug misuse has resulted in significant loss of life and harmful effects to society and the economy. GAO identified several challenges in the federal government's response, such as a need for greater leadership and coordination of the national effort, strategic guidance that fulfills all statutory requirements, and more effective implementation and monitoring. Emergency Loans for Small Businesses also is being added. The Small Business Administration has provided hundreds of billions of dollars' worth of loans and advances to help small businesses recover from adverse economic impacts created by COVID-19. While loans have greatly aided many small businesses, evidence of fraud and significant program integrity risks need much greater oversight and management attention. Nine existing high-risk areas also need more focused attention (see table). 2021 High-Risk List Areas Requiring Significant Attention High-risk areas that regressed since 2019 High-risk areas that need additional attention USPS Financial Viability IT Acquisitions and Operations Decennial Census Limiting the Federal Government's Fiscal Exposure by Better Managing Climate Change Risks Ensuring the Cybersecurity of the Nation U.S. Government's Environmental Liability Strategic Human Capital Management Improving Federal Oversight of Food Safety EPA's Process for Assessing and Controlling Toxic Chemicals   Source: GAO. | GAO-21-119SP   GAO's 2021 High-Risk List High-risk area Change since 2019 Strengthening the Foundation for Efficiency and Effectiveness Strategic Human Capital Management ↓ Managing Federal Real Propertya ↑ Funding the Nation's Surface Transportation Systemb c n/a Modernizing the U.S. Financial Regulatory Systemb ● Resolving the Federal Role in Housing Financeb ● USPS Financial Viabilityb ↓ Management of Federal Oil and Gas Resourcesa ● Limiting the Federal Government's Fiscal Exposure by Better Managing Climate Change Risksb ● Improving the Management of IT Acquisitions and Operations ● Improving Federal Management of Programs That Serve Tribes and Their Members ● Decennial Census ↓ U.S. Government's Environmental Liabilityb ● Emergency Loans for Small Businesses (new)c n/a Transforming DOD Program Management DOD Weapon Systems Acquisition ● DOD Financial Management ↑ DOD Business Systems Modernization ● DOD Approach to Business Transformation ● Ensuring Public Safety and Security Government-wide Personnel Security Clearance Processb ↑ Ensuring the Cybersecurity of the Nationb ↓ Strengthening Department of Homeland Security Management Functions ● Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests ● Improving Federal Oversight of Food Safetyb ● Protecting Public Health through Enhanced Oversight of Medical Products ● Transforming EPA's Process for Assessing and Controlling Toxic Chemicals ↓ National Efforts to Prevent, Respond to, and Recover from Drug Misuse (new)c n/a Managing Federal Contracting More Effectively VA Acquisition Managementd n/a DOE's Contract and Project Management for the National Nuclear Security Administration and Office of Environmental Management ↑ NASA Acquisition Management ↑ DOD Contract Managementa ● Assessing the Efficiency and Effectiveness of Tax Law Administration Enforcement of Tax Lawsb ● Modernizing and Safeguarding Insurance and Benefit Programs Medicare Program & Improper Paymentse ● Strengthening Medicaid Program Integrityb ● Improving and Modernizing Federal Disability Programs ● Pension Benefit Guaranty Corporation Insurance Programsb c n/a National Flood Insurance Programb ● Managing Risks and Improving VA Health Careb ↑ (↑ indicates area progressed on one or more criteria since 2019; ↓ indicates area declined on one or more criteria ; ● indicates no change; n/a = not applicable) Source: GAO. | GAO-21-119SP aRatings for a segment within this high-risk area improved sufficiently that the segment was removed. bLegislation is likely to be necessary in order to effectively address this high-risk area. cNot rated, because this high-risk area is newly added or primarily involves congressional action. dRated for the first time, because this high-risk area was newly added in 2019. eOnly rated on one segment; we did not rate other elements of the Medicare program. The federal government is one of the world's largest and most complex entities; about $6.6 trillion in outlays in fiscal year 2020 funded a broad array of programs and operations. GAO's High-Risk Series identifies government operations with vulnerabilities to fraud, waste, abuse, and mismanagement, or in need of transformation to address economy, efficiency, or effectiveness challenges. This biennial update describes the status of high-risk areas, outlines actions that are still needed to assure further progress, and identifies any new high-risk areas needing attention by the executive branch and Congress. Solutions to high-risk problems save billions of dollars, improve service to the public, and strengthen government performance and accountability. GAO uses five criteria to assess progress in addressing high-risk areas: (1) leadership commitment, (2) agency capacity, (3) an action plan, (4) monitoring efforts, and (5) demonstrated progress. This report describes GAO's views on progress made and what remains to be done to bring about lasting solutions for each high-risk area. Addressing GAO's hundreds of open recommendations across the high-risk areas and continued congressional oversight and action are essential to achieving greater progress. For more information, contact Michelle Sager at (202) 512-6806 or sagerm@gao.gov.
    [Read More…]
  • Priority Open Recommendations: Nuclear Regulatory Commission
    In U.S GAO News
    What GAO Found In April 2020, GAO identified seven priority recommendations for the Nuclear Regulatory Commission (NRC). Since then, NRC implemented one of these recommendations by issuing a risk management strategy that addresses key elements foundational to effectively managing cybersecurity risks. The remaining six priority recommendations involve the following areas: addressing the security of radiological sources. improving the reliability of cost estimates. improving strategic human capital management. NRC's continued attention to these issues could lead to significant improvements in government operations. Why GAO Did This Study Priority open recommendations are the GAO recommendations that warrant priority attention from heads of key departments or agencies because their implementation could save large amounts of money; improve congressional and/or executive branch decision-making on major issues; eliminate mismanagement, fraud, and abuse; or ensure that programs comply with laws and funds are legally spent, among other benefits. Since 2015, GAO has sent letters to selected agencies to highlight the importance of implementing such recommendations. For more information, contact Mark Gaffigan at (202) 512-3841 or gaffiganm@gao.gov.
    [Read More…]
  • Public Health: Federal Programs Provide Screening and Treatment for Breast and Cervical Cancer
    In U.S GAO News
    The Centers for Disease Control and Prevention (CDC) operates the National Breast and Cervical Cancer Early Detection Program (the Early Detection Program) to provide cancer screening and diagnostic services to people who are low-income and uninsured or underinsured. For those screened under the program who require treatment, the Breast and Cervical Cancer Prevention and Treatment Act of 2000 (the Treatment Act) allows states to extend Medicaid eligibility to individuals not otherwise eligible for Medicaid. GAO analysis of CDC data show that the Early Detection Program screened 296,225 people in 2018, a decrease from 550,390 in 2011 (about 46 percent). The largest decrease occurred from 2013 to 2014 (see figure). According to a CDC-funded study, the number of people eligible for the Early Detection Program decreased from 2011 through 2017, by about 48 percent for breast cancer and about 49 percent for cervical cancer. CDC officials attributed these declines in screening and eligibility, in part, to improved access to screening under the Patient Protection and Affordable Care Act (PPACA). For example, PPACA required health plans to cover certain women's preventive health care with no cost sharing. Number of People Screened by CDC's Early Detection Program, 2011-2018 GAO analysis of Centers for Medicare & Medicaid Services' (CMS) data found that, in 2019, 43,549 people were enrolled in Medicaid under the Treatment Act to receive treatment for breast or cervical cancer, a decrease from 50,219 in 2016 (13.3 percent). Thirty-seven states experienced a decrease in Medicaid enrollment under the Treatment Act during this time period, 13 states experienced an increase, and one state had no change. CMS officials noted that Medicaid expansion to adults with incomes at or below 133 percent of the federal poverty level under PPACA (the new adult group) is a key factor that contributed to these enrollment trends. CMS officials said that, in Medicaid expansion states, there were some people who previously would have enrolled in Medicaid based on eligibility under the Treatment Act who instead became eligible for Medicaid in the new adult group. The CMS data show that total enrollment under the Treatment Act in Medicaid expansion states decreased by 25.6 percent from 2016 to 2019. In contrast, total enrollment under the Treatment Act in non-expansion states increased by about 1 percent during this time period. According to the CDC, tens of thousands of people die each year from breast or cervical cancer. Early screening and detection, followed by prompt treatment, can improve outcomes and, ultimately, save lives. Federal programs, like CDC's Early Detection Program, are intended to improve access to these services. GAO was asked to examine the implementation of the Early Detection Program and the states' use of Medicaid under the Treatment Act. This report provides information on the number of people who were 1) screened through the Early Detection Program and 2) enrolled in Medicaid under the Treatment Act. GAO analyzed CDC data on the number of people screened by the Early Detection Program from calendar years 2011 through 2018—the most recent available. GAO also analyzed CMS Medicaid enrollment data from 2016 through 2019—the most recent available. Additionally, GAO reviewed a 2020 study funded by CDC that examines the number of people eligible for the Early Detection Program from 2011 through 2017. Finally, GAO interviewed CDC and CMS officials and reviewed relevant CDC and CMS documents. For more information, contact John E. Dicken, (202) 512-7114, dickenj@gao.gov.
    [Read More…]
  • Justice Department Warns About Fake Unemployment Benefit Websites
    In Crime News
    The Department of Justice has received reports that fraudsters are creating websites mimicking unemployment benefit websites, including state workforce agency (SWA) websites, for the purpose of unlawfully capturing consumers’ personal information.
    [Read More…]
  • Federal Rulemaking: Selected EPA and HHS Regulatory Analyses Met Several Best Practices, but CMS Should Take Steps to Strengthen Its Analyses
    In U.S GAO News
    GAO reviewed 11 Executive Order (EO) 13771 rules—five significant Environmental Protection Agency (EPA) rules and six economically significant Department of Health and Human Services (HHS) rules. Seven of the 11 rules modified (i.e. repealed, amended, or delayed) existing rules (see table). GAO found that analyses for most of the seven rules monetized the same types of benefits and costs as analyses for the rules they modified, an indicator of consistency in the regulatory analyses. For example, one EPA rule modified an earlier rule that had established requirements for chemical risk management programs. EPA monetized anticipated changes to industry compliance costs for both rules. Where agencies monetized similar types of benefits and costs for both reviewed rules and modified rules, the value of some estimates differed, in part, because agencies had updated analytical assumptions, such as the number of entities subject to requirements or relevant wage data. Topics and Characteristics of 11 Environmental Protection Agency (EPA) and Department of Health and Human Services (HHS) Rules Selected for Review Agency Topics Modified existing rule(s) Monetized costs exceeded benefits EPA Risk management programs ● ○   Railroad ties as non-waste fuels ● ○   Chemical data reporting ● ●   Mercury reporting ○ ●   Effluent from dental offices ○ ● HHS, FDA Food labeling ● ○   Agricultural water requirements ● ● HHS, CMS End-stage renal disease treatment ● ●   Home health quality reporting ● ●   Patient discharge planning ○ ●   Diabetes prevention and appropriate use of imaging services ○ ● Legend: ● = Yes; ○ = No Source: GAO analysis of EPA, Food and Drug Administration (FDA), and Centers for Medicare & Medicaid Services (CMS) data. | GAO-21-151 Regulatory analyses for eight of the 11 rules GAO reviewed projected that monetized costs would exceed monetized benefits, though each identified other factors that may have led decision makers to determine that the total benefits justified the total costs, such as important, non-quantified effects. These eight analyses met about half of the selected best practices for economic analysis. However, some analyses developed by HHS's Centers for Medicare & Medicaid Services (CMS) did not fully meet best practices associated with analyzing regulatory alternatives, assessing important effects, and providing transparency. It is particularly important that agencies develop quality analyses for economically significant rules, such as those finalized by CMS. By meeting these best practices, CMS could help the public and other parts of government provide effective feedback and mitigate potential conflict with entities affected by rules. It could also help CMS assess whether a rule's benefits justify the costs. EO 13771 generally requires executive agencies to identify two rules for repeal for each new rule issued. Since EO 13771 went into effect in 2017, executive agencies have taken regulatory actions expected to generate over $50 billion in savings to society. Quality regulatory analysis provides agency decision makers and the public with a thorough assessment of the benefits and costs of different regulatory options. GAO was asked to review regulatory analyses for rules finalized under EO 13771. For selected agencies, this report examines (1) how the calculated economic effects of selected rules differed, if at all, from those of rules they modified; and (2) the extent to which agencies met best practices in analyzing the economic effects of selected rules for which monetized costs exceed monetized benefits. GAO reviewed analyses for 11 rules—and the rules they modified— finalized by EPA and HHS, the two agencies that finalized the most economically significant EO 13771 rules through fiscal year 2019. GAO compared analyses to selected best practices in GAO's Assessment Methodology for Economic Analysis . GAO recommends that CMS take steps to ensure its future regulatory analyses are consistent with best practices for analyzing alternatives, assessing important effects, and providing transparency. EPA said it appreciated GAO's findings. HHS generally agreed with the report, and CMS agreed with the recommendation directed to it. For more information, contact Yvonne D. Jones at (202) 512-6806 or jonesy@gao.gov.
    [Read More…]
  • Secretary Blinken’s Call with Salvadoran Foreign Minister Hill Tinoco
    In Crime Control and Security News
    Office of the [Read More…]
  • Next Generation Combat Vehicles: As Army Prioritizes Rapid Development, More Attention Needed to Provide Insight on Cost Estimates and Systems Engineering Risks
    In U.S GAO News
    The four efforts within the Next Generation Combat Vehicles (NGCV) portfolio all prioritize rapid development, while using different acquisition approaches and contracting strategies. Some of the efforts use the new middle-tier acquisition approach, which enables rapid development by exempting programs from many existing DOD acquisition processes and policies. Similarly, the efforts use contracting strategies that include both traditional contract types as well as more flexible approaches to enable rapid development of technology and designs. Vehicles of the Next Generation Combat Vehicles Portfolio The two programs within the portfolio that recently initiated acquisitions—Mobile Protected Firepower and Optionally Manned Fighting Vehicle—have taken some steps to mitigate risks in cost and technology consistent with GAO's leading practices. The Army's use of the middle-tier approach for these efforts may facilitate rapid development, but the programs could benefit from additional application of GAO's leading practices. For example, the programs identified some risks in their cost estimates, but because each presented a single estimate of the total cost—referred to as a point estimate—these estimates do not fully reflect how uncertainty could affect costs. Similarly, the programs took some steps to mitigate technical risk by limiting development to 6 years or less and incrementally introducing new technologies, steps consistent with GAO's leading practices. However, by delaying key systems engineering reviews, the programs took some steps not consistent with leading practices, which could increase technical risk. While trade-offs may be necessary to facilitate rapid development, more consistent application of GAO's leading practices for providing cost estimates that reflect uncertainty and conducting timely systems engineering reviews could improve Army's ability to provide insight to decision makers and deliver capability to the warfighter on time and at or near expected costs. The Army has taken actions to enhance communication, both within the Army and with Department of Defense stakeholders, to mitigate risks. Within the Army, these actions included implementing a cross-functional team structure to collaboratively develop program requirements with input from acquisition, contracting, and technology development staff. Program officials also coordinated with other Army and Department of Defense stakeholders responsible for cost and test assessment, even where not required by policy, to mitigate risk. The Army views the NGCV portfolio as one of its most critical and urgent modernization priorities, as many current Army ground combat vehicles were developed in the 1980s or earlier. Past efforts to replace some of these systems failed at a cost of roughly $23 billion. In November 2017, the Army began new efforts to modernize this portfolio. GAO was asked to review the Army's plans for modernizing its fleet of ground combat vehicles. This report examines (1) the acquisition approaches and contracting strategies the Army is considering for the NGCV portfolio, (2) the extent to which the Army's efforts to balance schedule, cost, and technology are reducing acquisition risks for that portfolio, and (3) how the Army is communicating internally and externally to reduce acquisition risks. GAO reviewed the acquisition and contracting plans for each of the vehicles in the portfolio to determine their approaches; assessed schedule, cost, and technology information—where available—against GAO's leading practice guides on these issues as well as other leading practices for acquisition; and interviewed Army and DOD officials. GAO is making three recommendations, including that the Army follow leading practices on cost estimation and systems engineering to mitigate program risk. In its response, the Army concurred with these recommendations and plans to take action to address them. For more information, contact Jon Ludwigson at (202) 512-4841 or ludwigsonj@gao.gov.
    [Read More…]
  • Former Rapides Parrish Corrections Officer Sentenced to 11 Months in Federal Prison for Assaulting Inmate
    In Crime News
    The Justice Department announced today that a former correctional officer with the Rapides Parish Sheriff’s Office (RPSO), Detention Center 1, in Alexandria, Louisiana, was sentenced today in federal court for assaulting an inmate detained at the facility.
    [Read More…]
  • Former Investment Manager Charged in Scheme to Defraud Life Insurance Company
    In Crime News
    A former investment manager was charged in an indictment unsealed today for his alleged participation in a scheme to defraud a North Carolina-based life insurance company out of over $34 million.
    [Read More…]
  • United States Reaches Agreement to Protect New Orleans Waterways and Lake Pontchartrain
    In Crime News
    Today, the U.S. Environmental Protection Agency (EPA) and the Department of Justice announced a settlement with the Churchill Downs Louisiana Horseracing Company LLC, d/b/a Fair Grounds Corporation (Fair Grounds) that will resolve years of Clean Water Act (CWA) violations at its New Orleans racetrack. Under the settlement, Fair Grounds will eliminate unauthorized discharges of manure, urine and process wastewater through operational changes and construction projects at an estimated cost of $5,600,000. The company also will pay a civil penalty of $2,790,000, the largest ever paid by a concentrated animal feeding operation in a CWA matter.
    [Read More…]
  • Sint Maarten Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Alabama High School Student Names NASA’s Mars Helicopter
    In Space
    Vaneeza Rupani’s [Read More…]
  • Alabama Salesman Sentenced to Prison for Tax Evasion
    In Crime News
    A Hoover, Alabama, salesman was sentenced to 24 months in prison yesterday for tax evasion, announced Principal Deputy Assistant Attorney General Richard E. Zuckerman of the Justice Department’s Tax Division and U.S. Attorney Prim F. Escalona for the Northern District of Alabama.
    [Read More…]
  • Operation Legend: Case of the Day
    In Crime News
    Each weekday, the Department of Justice will highlight a case that has resulted from Operation Legend. Today’s case is out of the Eastern District of Michigan. Operation Legend launched in Detroit on July 29, 2020, in response to the city facing increased homicide and non-fatal shooting rates.
    [Read More…]
  • Mississippi Tax Preparer Sentenced to Prison for False IRS Returns
    In Crime News
    A Moss Point, Mississippi, resident was sentenced to 22 months in prison for preparing false tax returns, announced Principal Deputy Assistant Attorney General Richard Zuckerman of the Justice Department’s Tax Division and U.S. Attorney Mike Hurst for the Southern District of Mississippi.
    [Read More…]
  • An Information-Centric Perspective on Coherence Collaboration: Analyses of Uganda and Ecuador (Penn State)
    In Human Health, Resources and Services
    Bureau of Population, [Read More…]
  • Connecticut Man Charged with Assaulting an Officer During U.S. Capitol Breach
    In Crime News
    A Connecticut man was charged yesterday in the U.S. District Court for the District of Columbia with assaulting an officer during the breach of the U.S. Capitol grounds on Jan. 6, 2021. He will be presented in U.S. District Court for the Southern District of New York today, before appearing in Washington D.C. 
    [Read More…]
  • Spinoff Highlights NASA Technology Paying Dividends in the US Economy
    In Space
    NASA’s technology [Read More…]
  • Information Technology: Key Attributes of Essential Federal Mission-Critical Acquisitions
    In U.S GAO News
    Federal agencies are undertaking information technology (IT) acquisitions that are essential to their missions. GAO identified 16 of these acquisitions as particularly critical to missions ranging from national security, to public health, to the economy (see table). GAO has previously reported on these acquisitions and the programs they support, and has made numerous recommendations to agencies for improvement. The amount agencies expect to spend on the selected acquisitions vary greatly depending on their scope and complexity, as well as the extent of transformation and modernization that agencies envision once the acquisitions are fully deployed. For example, the Department of Defense plans to spend $10.21 billion over 21 years on its health care modernization initiative, while the Department of Homeland Security intends to spend $3.19 billion over 30 years on its system supporting immigration benefits processing. Agencies reported potential cost savings associated with 13 of the 16 mission-critical acquisitions after deployment due to factors such as shutting down legacy systems, eliminating physical paper processing, and improving security, monitoring, and management. Eleven of the 16 selected acquisitions were rebaselined during their development, meaning that the project's cost, schedule, or performance goals were modified to reflect new circumstances. Agencies reported a number of reasons as to why their acquisitions were rebaselined, including delays in defining the cost, schedule, and scope; budget cuts and hiring freezes; technical challenges; and changes in development approach. As shown below, ten of the acquisitions relate to an additional programmatic area that GAO has designated high risk. Federal Agency Mission-Critical Information Technology Acquisitions Department of Agriculture Modernize and Innovate the Delivery of Agricultural Systems Department of Commerce 2020 Decennial Census* Department of Defense Defense Healthcare Management System Modernization* Global Combat Support System-Army* Department of Homeland Security Student and Exchange Visitor Information System Modernization* U.S. Citizenship and Immigration Services Transformation* Department of the Interior Automated Fluid Minerals Support System II* Department of Justice Next Generation Identification System Terrorist Screening System Department of State Consular System Modernization Department of Transportation Automatic Dependent Surveillance-Broadcast Department of the Treasury Customer Account Data Engine 2* Integrated Enterprise Portal* Department of Veterans Affairs Electronic Health Record Modernization* Small Business Administration Application Standard Investment Social Security Administration Disability Case Processing System 2* Legend: *= Acquisition relates to a programmatic area that GAO has previously designated as being high risk. Source: GAO analysis of agency data. | GAO-20-249SP The acquisition of IT systems has presented challenges to federal agencies. Accordingly, in 2015 GAO identified the management of IT acquisitions and operations as a high-risk area, a designation it retains today. GAO was asked to report on federal IT acquisitions. GAO's specific objective was to identify essential mission-critical IT acquisitions across the federal government and determine their key attributes. To identify acquisitions for the review, GAO administered a questionnaire to the 24 agencies covered by the Chief Financial Officers Act of 1990 asking them to identify their five most important mission-critical IT acquisitions. From a total of 101 acquisitions that were identified, GAO selected 16 mission-critical IT acquisitions to profile in this report. The selection was based on various factors, including the acquisition's criticality to providing service to the nation, its total life cycle costs, and its applicability to the President's Management Agenda. For each of the 16 selected acquisitions, GAO obtained and analyzed documents on cost, schedule, risks, governance, and related information; and interviewed cognizant agency officials. GAO requested comments from the 12 agencies with acquisitions profiled in its draft report and the Office of Management and Budget. In response, one agency (the Social Security Administration) provided comments that discussed the planned use of its system. For more information, contact Carol C. Harris at (202) 512-4456 or harriscc@gao.gov.
    [Read More…]