What GAO Found In July 2025, GAO identified 11 open recommendations under the purview of the Environmental Protection Agency (EPA) Chief Information Officer (CIO), from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management. In addition, GAO has designated one of the 11 as a priority recommendation. For example, GAO previously recommended that EPA establish a process for conducting an organization-wide cybersecurity risk assessment. Further, GAO recommended that EPA fully implement all event logging requirements as directed by the Office of Management and Budget. GAO also previously recommended that the agency complete annual reviews of its IT portfolio consistent with federal requirements. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the agency. Why GAO Did This Study CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others. For more information, contact Nick Marinos at marinosn@gao.gov.

What GAO Found In July 2025, GAO identified 43 open recommendations under the purview of the Department of Homeland Security's (DHS) Chief Information Officer (CIO), including 15 that are relevant to component-level CIOs, from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation, (2) Improving IT Acquisitions and Management, or (3) Strengthening DHS IT and Financial Management Functions. In addition, GAO has designated seven of the 43 as priority recommendations. For example, GAO previously recommended that DHS fully implement Federal Risk and Authorization Management Program requirements, to include issuing an authorization for the cloud service used by the department for one of its systems. In addition, GAO recommended that DHS fully implement event logging requirements per federal guidance. GAO also previously recommended that DHS complete annual reviews of the department's IT portfolio per federal requirements. Further, GAO recommended that the department remediate known issues identified from testing, prior to declaring full operational capability for the Coast Guard's ongoing financial systems modernization efforts. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the department. Why GAO Did This Study CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others. For more information, contact Nick Marinos at marinosn@gao.gov.

What GAO Found In July 2025, GAO identified four open recommendations under the purview of the General Services Administration's (GSA) Chief Information Officer (CIO) from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management. For example, GAO previously recommended that GSA take steps to fully implement event logging requirements. Further, GAO recommended that GSA complete annual reviews of its IT portfolio in conjunction with the Federal CIO. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the agency. Why GAO Did This Study CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others. For more information, contact Nick Marinos at marinosn@gao.gov.