What GAO Found Four selected agencies—the Departments of State, Transportation, Veterans Affairs (VA), and the Small Business Administration (SBA)—varied in their efforts to implement and ensure contractor compliance with three key cloud security practices. Specifically, one agency had fully implemented all three practices for two of its systems and one agency had fully implemented the practices for one of its systems. The agencies partially implemented the practices for the remaining five systems (see figure). Agencies’ Implementation of Key Cloud Security Practices aDue to sensitivity concerns, GAO is not disclosing the names of the selected systems in this report. Systems are identified by their cloud service model. For example, agencies fully performed continuous monitoring for three of the eight selected systems. Although most of the agencies developed and implemented a plan for continuous monitoring, they did not always review continuous monitoring deliverables from the provider. Agencies fully implemented the practice regarding service level agreements for five out of eight systems. For the remaining three systems, agencies’ agreements did not consistently define performance metrics, including how they would be measured and the enforcement mechanisms. Fully implementing the key practices will support the agencies’ efforts to ensure the confidentiality, integrity, and availability of agency information in their cloud systems. For example, without a robust continuous monitoring program, the agencies may have diminished ability to identify and mitigate control deficiencies and emerging threats. Additionally, the agencies may not promptly detect unauthorized access attempts or anomalous activity, leaving critical systems and data exposed to compromise. Why GAO Did This Study Federal agencies are faced with the need to accelerate their adoption of cloud services while ensuring the systems that support their missions are secure. Consequently, working with cloud service providers to effectively implement information security controls is a vital part of reducing risks to agency systems. The Federal Information Security Modernization Act of 2014 includes a provision for GAO to periodically evaluate federal agencies’ information security policies and practices. This report assesses the extent to which selected agencies are ensuring contractor compliance with key cloud computing security practices. To do so, GAO selected four agencies (State, Transportation, VA, SBA) based on their number of cloud authorizations, excluding agencies profiled in recent GAO reports. GAO reviewed two cloud systems at each agency, each of which represented a range of services. GAO administered a standard set of questions, compared documentation on the implementation of key cloud-related practices for each system identified in federal policies and guidance, and interviewed agency officials. GAO rated each agency as having fully, partially, or not implemented each practice for the selected systems.

The Big Picture The Department of Defense (DOD) military health system provides medical care to 9.4 million beneficiaries, including service members and their families around the globe. This care is delivered through over 700 medical facilities with more than 100,000 military, civilian, and contractor employees, and a vast network of private sector health care providers. DOD estimates that it will spend over $72.5 billion for the military health system in fiscal year 2027. For more than a decade, DOD has taken actions to reform its health system in response to legislative requirements and to more effectively manage the system. For example, in response to December 2016 legislation, the Defense Health Agency (DHA)—a combat support agency—took over the administration and management of DOD’s medical facilities from the Army, Navy, and Air Force. In making this change, DOD sought to create a more efficient oversight structure for the medical facilities that would help lower costs and improve beneficiary care, in part by shifting some patients to private sector care. Military Health System Organizational Reforms Since 2016 However, as GAO reported in July 2025, the ability to supply health care across the military health system remains constrained by insufficient numbers of medical personnel and allocation of fiscal resources to other readiness priorities, according to DHA officials. DOD continued to examine the need for further reform and adopted a new strategy to increase the capacity of DOD’s medical facilities to provide both beneficiary care and training opportunities for military medical personnel. According to DOD, such efforts are intended to stabilize the military health system by reattracting beneficiaries to its facilities from private sector care. Key Challenges Identified by GAO GAO’s work has identified various organizational reform and personnel management challenges that affect the success of the military health system. Organizational reform challenges. DOD has not identified the necessary resources or conducted sufficient oversight to support its reform efforts. Personnel management challenges. DOD does not have key information needed to manage and oversee its military medical personnel nor sufficient metrics to assess their clinical readiness. Implications for National Security The military health system supports the health of service members so that they are ready to deploy. In addition, the system exists to ensure that military medical personnel are prepared to provide medical care in support of missions that include operational, wartime, and mass casualty events. This is referred to as clinical readiness. GAO has reported on a long-standing concern that DOD’s medical facilities may not be able to provide sufficient opportunities to sustain the skills of some military medical personnel, such as those who provide trauma and critical care services. DOD’s efforts to address legislative reforms over time have been, in part, intended to address this concern by increasing the clinical readiness of military medical personnel. Addressing the persistent challenges identified in this product, such as by implementing GAO’s related recommendations, would enhance DOD’s ability to ensure the clinical readiness of its medical personnel in operational and wartime environments. This would further help DOD achieve its goal of stabilizing and improving the health system. DOD generally concurred with the recommendations listed in this product and has stated plans to address them over time. GAO Recommendations Selected GAO Open Recommendations Related to DOD’s Military Health System from Fiscal Year 2019 Through June 2026 Resources needed to support organizational reform efforts The Department of Defense (DOD) has not fully determined the resources necessary for implementing its organizational reform. DOD should validate headquarters-level personnel requirements and identify the least costly mix of military, civilian, and contractor personnel needed to achieve mission objectives. (GAO-19-53) DOD should issue guidance detailing processes to determine and validate the number of personnel needed to manage and support its medical facilities. (GAO-25-107432) DOD should review Defense Health Agency business functions to determine which ones it will consolidate to manage and support its medical facilities. (GAO-25-107432) Oversight of organizational reform efforts DOD has not comprehensively monitored or involved Congress in the development of its organizational reform efforts. DOD should establish a systematic process to comprehensively monitor actions taken to address statutory requirements for military health system reforms, such as by consolidating responsible leaders, actions taken, and time frames into a single data source. (GAO-23-105710) DOD should continuously involve key stakeholders including Congress in developing and implementing its network structure to manage its medical facilities and ensure congressional views are reflected. (GAO-25-107432) Management and oversight of medical personnel DOD does not have key information needed to better monitor medical facility staffing and address staffing gaps. DOD should develop a strategic total workforce plan which includes, among other things, strategies, tools, and metrics to monitor and evaluate progress toward reducing personnel gaps. (GAO-19-102) DOD should issue guidance to assess the potential effect of medical personnel reductions on medical facilities. (GAO-23-106094) DOD should take actions, such as issuing guidance and addressing data quality issues, to improve the use of timecard data to monitor military medical personnel work time at medical facilities. (GAO-25-106988) Efforts to monitor clinical readiness of medical personnel DOD has not developed sufficient metrics to assess and monitor clinical readiness of medical personnel. DOD should develop metrics to assess medical facility contributions toward enlisted medical personnel wartime medical skills sustainment. (GAO-21-337) DOD should issue guidance for collecting complete clinical activity data from military-civilian partnerships for certain personnel. (GAO-26-107677) The military departments (Army, Navy, and Air Force) should each establish processes to fully assess the contributions of civilian training partnerships to the clinical readiness of military medical personnel. (GAO-26-107677) For more information, contact Rashmi Agarwal at AgarwalR@gao.gov.

What GAO Found Empirical studies assessing the effects of domestic airline mergers generally found that, in the short run, consumers faced higher fares and lower service quality (e.g., on-time performance) on routes where the merger resulted in fewer competitors. For example, based on three studies that used particularly strong methodologies, fares increased between 1 and 8 percent following the merger. Other studies found mergers sometimes led to some improvements in airlines’ efficiencies (e.g., cost reductions), but challenges, such as combining workforces, sometimes reduced or eliminated anticipated gains. GAO’s analyses of airline competition metrics provide a longer-term perspective than the studies and suggest that there has been increased competition in the past two decades. For example, estimated domestic fares that incorporated available airline ancillary fees were lower in 2024 as compared to 2007—even after they were higher in 2012, around the time of a wave of domestic airline mergers. In addition, market share and other key market structure indicators show increased presence of ultra-low-cost airlines in 2022 compared to 2007. These indicators remained largely unchanged from 2022 through 2024. Note: GAO divided domestic routes into five “quintiles” (based on number of passengers), where the first quintile generally includes the most-travelled routes, and the fifth generally includes the least. Stakeholders identified five key factors that affect airline competition, including airport access and introduction of basic economy fares by network airlines. Most stakeholders GAO interviewed described intense competition in an uneven environment, posing challenges for lower-cost airlines going forward. They also pointed to a relatively recent development: the increasing importance of airline credit card revenue. This helps airlines weather industry volatility, while also bolstering passenger loyalty by providing rewards (e.g., seat upgrades). Some stakeholders said these cards provide competitive advantages for larger airlines because consumers are less attracted to cards offered by lower-cost airlines, which generally have smaller operations and reward programs. Why GAO Did This Study Domestic airlines carried nearly 850 million passengers throughout the U.S. in 2025, according to Department of Transportation (DOT) data. Robust competition in the air transportation industry can promote lower fares and provide consumers with more travel options and destinations. Some observers, however, have raised questions about the effects of mergers, suggesting that consumers may ultimately face higher airfares and reduced service. The FAA Reauthorization Act of 2024 includes a provision for GAO to review competition and consolidation in the U.S. airline industry. This report examines (1) findings from empirical studies since 2005 on the effects of U.S. airline mergers on consumers and on airlines’ efficiency, (2) the current state (2022-2024) of airline competition in the U.S. compared to 5, 10, and 15 years prior, and (3) stakeholders’ views on the factors affecting the evolution of competition in the U.S. airline industry. GAO summarized the findings of 40 empirical studies with sufficiently rigorous methodologies that assessed the effects of U.S. airline mergers. Of those, GAO found 13 studies particularly robust and reported quantitative effects that are statistically significant. GAO also analyzed airline data collected by DOT to examine U.S. airline competition over time. GAO interviewed or obtained written responses from all 12 major U.S. airlines and 19 other knowledgeable stakeholders, including academic researchers, consumer advocacy groups, and equity analysts. GAO selected stakeholders based on its prior work, recommendations from others, and the stakeholders’ knowledge of the U.S. airline industry. GAO also interviewed officials from DOT and the Department of Justice. For more information, contact: Danielle T. Giese at GieseD@gao.gov or Michael Hoffman at HoffmanME@gao.gov.

What GAO Found In fiscal year 2025 FraudNet processed over 9,350 allegations and referred about 3,100 of these to various organizations for further inquiry. FraudNet also conducted over 900 queries of commercial and law enforcement databases to assist GAO audits and investigations. FraudNet Processed over 9,350 Allegations In FY 2025, FraudNet processed over 9,350 allegations received from the public, as well as government employees and contractors. Of these, FraudNet referred about 3,100 to other entities for potential action, including investigation. FraudNet referred allegations to over 60 entities, including the Offices of the Inspector General (OIG) at the Departments of Agriculture, Defense, Health and Human Services, Justice, and Veterans Affairs. FraudNet’s Investigative Research Analysts (IRA) review and document each allegation received. If IRAs determine an allegation should be referred elsewhere, they send it to federal OIGs or other federal, state, and local entities for potential action. The receiving entities determine whether and how they will address the allegation. To avoid duplication of efforts, FraudNet generally does not refer allegations when the complainant indicates that the matter has already been submitted to another entity. GAO does not independently investigate allegations of fraud, waste, or abuse submitted to FraudNet. Instead, FraudNet records all allegations in its case management system and makes them available to inform ongoing or future GAO work. FraudNet IRAs Provided Research Support to GAO Audits and Investigations In FY 2025, FraudNet conducted over 900 queries of commercial and law enforcement databases to support 10 GAO audits and investigations. For example, information from FraudNet queries aided GAO investigators when they made covert calls to ineligible providers with a history of billing insurance carriers participating in the Federal Employees Health Benefits (FEHB) program. As discussed in the April 2026 report (GAO-26-108139), these calls identified instances when ineligible providers were willing to accept patients with FEHB insurance, demonstrating ongoing fraud and improper payment risks within the program. FraudNet IRAs do not alter any information submitted via the Online Complaint Form. When necessary, IRAs may contact complainants to request additional information. GAO cannot accept classified information through the Online Complaint Form. Please call 1-800-424-5454 for guidance on submitting allegations that involve classified information. Why This Matters FraudNet’s primary mission is to facilitate the reporting of allegations of fraud, waste, abuse, or mismanagement of federal funds. It also supports GAO audits and investigations. This is a summary of FraudNet’s activities for fiscal year (FY) 2025. Report Fraud, Waste, and Abuse FraudNet’s preferred method for receiving allegations of fraud, waste, abuse, and mismanagement involving unclassified information is the Online Complaint Form. The form’s prepopulated questions guide complainants in providing the key elements IRAs need to effectively assess and, as appropriate, refer allegations. The form is always available and allows complainants to upload supporting documentation at the time of submission. For more information, contact Howard Arp at arpj@gao.gov.

What GAO Found The National Defense Authorization Act for Fiscal Year 2017 (2017 NDAA) requires the Department of Homeland Security (DHS) to develop an annual report containing 43 specific metrics to measure the effectiveness of border security. DHS reported on 40 of these metrics in its 2023 Border Security Metrics Report, which it submitted in January 2025. These 40 metrics included two that DHS first included in its 2022 report and one that it first included in its 2023 report. Of the 40 metrics, 21 generally corresponded with their 2017 NDAA definitions, while 19—including the three additional metrics—differed in scope or calculation. GAO previously reviewed DHS's Border Security Metrics Reports in 2019, 2021, and 2023. Six of the recommendations GAO made in these reports remain open. DHS agreed with these recommendations, which highlight an ongoing opportunity for DHS to improve its reporting on border security metrics. Fully addressing these recommendations will help DHS ensure the information it reports is useful to Congress. For example: DHS's Office of Homeland Security Statistics (OHSS)—which is responsible for developing the report—has taken some steps to engage with DHS components, such as by working with the Coast Guard to include two of the newly reported metrics related to maritime threat response. However, OHSS officials have not engaged with components to ensure that certain previously reported metrics—such as those related to illicit drug removal—corresponded with the 2017 NDAA definitions. OHSS officials also have not engaged with Congress on metrics that have been challenging to report, as we previously recommended. By doing so, OHSS could help clarify definitions for these metrics and identify opportunities to refine them. OHSS identified some data limitations in its 2023 Border Security Metrics Report but has not developed a process to systematically review the reliability of data and communicate limitations in its report, as we previously recommended. Such a process would involve OHSS assessing whether the data underlying each of the metrics in the report are reliable and whether any limitations exist that would affect how they are used in the report. Having such a process may help to improve the quality of the metrics in the report and Congress, policymakers, and the public's understanding of the metrics. OHSS has not assessed a statistical model it uses to estimate certain metrics related to unlawful entries into the U.S. since its development in 2016, raising questions about the extent to which the model reflects current southwest border conditions. While OHSS used historical data to account for unavailable survey data in its 2023 Border Security Metrics Report, this modification did not assess whether the inputs to the model or model type remain sufficiently predictive, as we previously recommended. OHSS officials told us they plan to continue using their current statistical model until an alternative model's estimates are valid. Assessing or updating aspects of OHSS's current model could help ensure that it remains predictive and reflects current southwest border conditions. Why GAO Did This Study The U.S. has approximately 6,000 miles of land borders, 95,000 miles of coastline, and more than 300 ports of entry where travelers and cargo are inspected. Securing U.S. border areas is a key part of DHS's mission. Its ability to measure border security activities is essential to managing its responsibilities effectively. The 2017 NDAA requires DHS to report annually on 43 border security metrics. The act also includes a provision for GAO to review and report on DHS's first report and complete biennial reviews for the following 10 years. Since March 2019, we have issued three reports on this topic. This fourth report assesses the extent DHS took steps in its 2023 Border Security Metrics Report to (1) more fully report and increase the usefulness of the metrics reported and (2) improve the quality of the information underlying the metrics reported, as previously recommended. GAO assessed the methodology and data in DHS's report, analyzed DHS's use of statistical models, and interviewed officials from DHS offices and components involved in developing the metrics.

What GAO Found In June 2025, GAO identified six priority recommendations for the Office of Science and Technology Policy (OSTP). Since then, OSTP has implemented three of those recommendations. In June 2026, GAO identified one additional priority recommendation, bringing the total to four. GAO is highlighting the following two areas that warrant timely and focused attention: Planning and tracking progress toward national science and technology goals, and Addressing research security risks. Addressing GAO's recommendations in these areas would help OSTP better marshal interagency efforts to plan for, or track progress toward, national goals and overcome challenges with sharing information on research security risks across agencies. Why GAO Did This Study Priority open recommendations are the GAO recommendations that warrant priority attention from heads of key departments or agencies because their implementation could save large amounts of money; improve congressional and/or executive branch decision-making on major issues; eliminate mismanagement, fraud, and abuse; or make progress toward addressing a high risk or duplication issue, among other benefits. Since 2015, GAO has sent letters to selected agencies to highlight the importance of implementing such recommendations. For more information, contact John Neumann at neumannj@gao.gov.

What GAO Found In May 2025, GAO identified 12 priority recommendations for the Department of Labor (DOL). Since then, DOL has implemented two of those recommendations, bringing the total to 10 priority recommendations in June 2026. GAO is highlighting the following three areas that warrant timely and focused attention: Protecting sensitive information, Enhancing unemployment insurance (UI), and Strengthening worker safety and health protections. Addressing GAO's recommendations in these areas would better ensure effective implementation of critical protections for sensitive personal information; help the agency stabilize the UI system for future economic downturns and monitor whether states' UI systems are performing efficiently and effectively; and better protect workers at warehouses, delivery companies and health care facilities from harm. Taking action to implement all of GAO's open priority recommendations would help enhance the efficiency and effectiveness of operations across DOL. Why GAO Did This Study Priority open recommendations are the GAO recommendations that warrant priority attention from heads of key departments or agencies because their implementation could save large amounts of money; improve congressional and/or executive branch decision-making on major issues; eliminate mismanagement, fraud, and abuse; or make progress toward addressing a high risk or duplication issue, among other benefits. Since 2015, GAO has sent letters to selected agencies to highlight the importance of implementing such recommendations. For more information, contact Cindy Brown Barnes at brownbarnesc@gao.gov.

What GAO Found Senior agency officials from 22 of 24 selected agencies reported primarily relying on historical procurement data to help make cloud decisions. Timely implementation of the many recommendations GAO has made to federal agencies to improve these data could result in high-quality information. Senior officials in the 24 agencies most frequently reported the following cloud procurement challenges. Challenges Reported by 24 Selected Federal Agencies on Cloud Procurement Challenge identified Number of agencies reporting challenge Control of cloud costs required changes in IT management approaches. 17 Conflicting Office of Management and Budget and National Institute of Standards and Technology-issued software guidance caused confusion. 17 Outdated Federal Acquisition Regulations impeded cloud procurements. 15 Agencies encountered difficulties in obtaining authorized cloud solutions. 15 Multi-vendor cloud adoption faced new technical considerations such as interoperability. 11 Resource constraints hindered cloud workforce acquisition. 10 Source: GAO analysis of agency interviews and federal guidance documentation. | GAO-26-107530 Agencies are addressing challenges in controlling cloud costs, obtaining authorized cloud solutions, and issuing guidance and responding to cloud staffing limitations. Agencies’ ongoing and planned actions, if implemented effectively, demonstrate promise for tackling these challenges and could lead to substantial savings. In contrast, the challenges of conflicting software guidance, outdated Federal Acquisition Regulations (FAR), and multi-vendor cloud solutions remain. The Office of Management and Budget (OMB) and National Institute of Standards and Technology issued conflicting guidance to agencies that created unnecessary burdens for collecting and storing key software components. The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency is well positioned to address this conflict by providing additional guidance on implementation to agencies. The FAR remains out of date in areas impacting cloud procurement. Although significant changes were made to the FAR between April 2025 and October 2025, the FAR still does not have a definition of cloud computing, the definition of IT is 20 years old, and the definition of a commercial product or service does not align with cloud computing. Updating the FAR to reflect present day computing is essential to effectively contracting for cloud services. Several larger agencies are using multiple cloud vendors to achieve efficiencies but are also experiencing new challenges such as interoperability. Sharing multi-cloud leading practices would enable other agencies to learn from each other and improve implementation efforts. Why GAO Did This Study Federal IT acquisitions of cloud services have the potential to reduce costs and improve operational efficiencies. Cloud computing enables on-demand access to shared computing resources. Cloud services use a consumption-based model, and providers generally bill customers based on actual usage of resources (i.e., data storage, computing power, backup, development tools, applications). GAO was asked to review agencies’ efforts to address cloud procurement. This report assesses, among other things, (1) the cloud procurement data agencies and OMB use and collect to inform acquisition decision making, and (2) agency challenges procuring cloud services and efforts to address the challenges. For each of the 24 Chief Financial Officers Act agencies, GAO analyzed relevant cloud procurement data, policies, and guidance. Further, GAO interviewed senior officials in the 24 agencies’ Offices of the Chief Information Officer (CIO) and Senior Procurement Executive. GAO also interviewed staff in OMB’s Office of the Federal CIO and Office of Federal Procurement Policy and staff in the General Services Administration’s (GSA) Office of Government-wide Policy and Federal Acquisition Service.

What GAO Found Rural communities that are not currently served by drinking water or wastewater utilities (unserved communities) often face challenges addressing their drinking water or wastewater infrastructure needs. The U.S. Department of Agriculture (USDA) and U.S. Environmental Protection Agency (EPA) have limited data about these unserved communities but can obtain some information through their agencies’ programs and datasets. The rural unserved communities known to USDA and EPA are often in unincorporated areas and frequently have financial and other constraints that limit their ability to address their water infrastructure needs, according to agency officials. Homes Without Wastewater Services in Alabama and West Virginia in 2024 GAO identified 28 USDA and EPA programs that can provide rural unserved communities with financial and technical assistance to help build or improve drinking water or wastewater infrastructure. However, these communities sometimes face difficulty accessing this assistance. For example, communities or their representatives often need to apply for multiple grants from various federal and state funding sources, which can be difficult because of varying application and funding timelines and restrictions on how and when funds can be used. Delays with funding from one source can jeopardize other funding sources and the project itself. For example, one community that was awarded a federal grant did not receive the funding in time to get a matching state grant. To help rural communities access financial resources for water infrastructure, USDA and EPA have taken steps to improve coordination with each other and states, including signing a 2017 joint memorandum. The memorandum outlines best practices states can use to help rural communities access federal and state financial assistance, such as reviewing processes for opportunities to streamline applications for financial assistance and increase coordination among funding partners. However, USDA and EPA have not collaborated to update and monitor the memorandum. Regularly updating and monitoring the joint memorandum, in consultation with states, would help the agencies better collaborate with each other to address the challenges rural communities face with accessing financial assistance for these projects. In addition, EPA’s technical assistance providers can help rural unserved communities navigate available resources, but EPA does not provide them with guidance or other resources to ensure these providers are aware of local capacity and incorporate local knowledge. Doing so could help providers work with rural unserved communities more effectively. Why GAO Did This Study Some rural unserved communities across the U.S. lack water infrastructure or rely on private wells and wastewater treated through septic or onsite systems. Lack of access to safe drinking water or treated wastewater poses risks to public health. GAO was asked to review issues related to rural water infrastructure. This report examines, among other things, (1) what USDA and EPA know about rural unserved communities; (2) which USDA and EPA programs can provide financial and technical assistance to these communities; (3) and challenges these communities face in accessing this assistance. GAO reviewed USDA and EPA program documents and data; interviewed federal agency officials and officials from 10 selected states; and conducted site visits with rural unserved communities in three of these states and one Tribe.

What GAO Found The Department of State must report to Congress all international agreements and qualifying nonbinding instruments twice: (1) after being signed, concluded, or otherwise finalized, including their authorizing authority, and (2) after entering into force or becoming operative, including any implementing authority. This twofold reporting enables Congress to provide oversight of U.S. government agencies’ agreements and instruments before and after they enter into force or become operative. State reported 311 agreements and instruments to Congress between October 2023 and March 2025, but nearly one-third were reported late at one or both points. Late-reported agreements and instruments were on average 2.3 reporting cycles late. For example, an agreement concluded on November 4, 2024, was to have been reported by the end of December 2024 but was not reported until the end of March 2025 (three reporting cycles late). This means Congress was notified about the agreement about 5 months after its conclusion. GAO found that State does not track the timeliness of State bureaus or offices or other federal agencies in submitting their agreements or instruments for State to report to Congress. Doing so would better position State to identify and address potential related challenges. State also does not collect, from agencies or State bureaus or offices, the legal authorities for their instruments, although it is required to report this information to Congress. The timing and completeness of State’s reporting is critical for Congress to meaningfully oversee the agreements and instruments, including to evaluate whether they align with U.S. national security and foreign policy interests. Timeliness of State Reporting of International Agreements and Qualifying Nonbinding Instruments to Congress Between October 2023 and March 2025 Note: A late-reported agreement or instrument is one that was signed, concluded, or otherwise finalized during the prior month, or that entered into force or became operative during the prior month, but was not reported during the following month. GAO’s analysis of a generalizable sample of agreements and instruments found that State generally published text and legal authority information for agreements and instruments on its website but missed the 120-day statutorily mandated deadline about half of the time. GAO also found State’s website for agreements and instruments does not enable Congress or the public to find information efficiently, when compared to best practices. Specifically, State posted fragmented information on agreements, instruments, and their legal authorities across four webpages on its website, without a way to search across the universe of agreements and instruments, such as by country, agency, or subject. By establishing written, standard operating procedures to help ensure information is published within the 120-day deadline, and optimizing its website for efficiency and searchability, State could maximize transparency for Congress and the public, and the usability of its website. Why GAO Did This Study Amendments in the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, which took effect on September 19, 2023, expanded the Case-Zablocki Act’s transparency provisions. For the first time, qualifying nonbinding instruments—commitments that do not legally bind the U.S. to their terms—must generally be reported to Congress and made available to the public. Previously, reporting and publishing requirements applied only to international agreements, which are legally binding under international law. The statute mandates that U.S. government agencies report their agreements and instruments to State. State is responsible for reporting them to Congress and publishing them on State’s website. Congress included a provision in statute for GAO to review State’s implementation of the amended requirements. This report examines the extent to which State addressed reporting and publishing requirements related to international agreements and qualifying nonbinding instruments and any challenges to meeting those requirements. GAO assessed information State reported to Congress between October 2023 and March 2025 and posted to its website in relation to statutory requirements. GAO interviewed officials from State and six other agencies about late reporting.

What GAO Found For decades, GAO has found that the federal government does not sufficiently coordinate or integrate crosscutting activities to improve its performance or address crosscutting management weaknesses. GAO held discussions with participants including former Office of Management and Budget (OMB) political appointees and staff, former cross-agency priority (CAP) goal leaders, and subject-matter specialists in performance management from outside of government. Participants said that CAP goals (4-year outcome-oriented goals) have provided a framework for addressing crosscutting federal performance issues. However, participants in all three groups told GAO that the implementation of CAP goals could be strengthened. Discussion group participants shared their views on ways to help OMB and agencies more effectively implement CAP goals. These views are summarized as five broad approaches in the figure. Figure: Approaches to Improve CAP Goal Implementation Identified by Discussion Groups Note: These actions are not listed in any specific rank or order, and their inclusion should not be interpreted as a GAO endorsement. Implementing any one action or a combination of actions could require considerations such as implementation feasibility, resource and legal constraints, and tradeoffs between actions or taking no action at all. Discussion group participants in all three discussion groups told GAO that the established CAP goal framework often helped to define ownership, created energy around shared priorities, and formed opportunities for agencies to work together. For example, participants shared that customer service CAP goals resonated across multiple administrations and tended to gain momentum over time. However, participants from all three groups also stated that CAP goals’ implementation challenges remained, including the use of inconsistent tools for assessing progress; varying levels of leadership engagement; and limited resources, such as staff and funding, to sustain efforts over time. Discussion group participants suggested actions to help agencies more effectively implement CAP goals. Some of these actions include embedding CAP goal management efforts within federal agencies, capturing and publicly reporting accurate and appropriate data to assess progress, and providing resources to OMB and agencies to accomplish implementation. Participants also highlighted other opportunities and mechanisms to address crosscutting federal performance challenges. Opportunities included creating a national performance council focused on mission delivery. Why GAO Did This Study GAO’s work continues to identify challenges the federal government faces in effectively managing its activities and addressing crosscutting challenges, such as in GAO’s high-risk areas of improving food safety oversight and ensuring cybersecurity. The GPRA Modernization Act of 2010 (GPRAMA) updated the Government Performance and Results Act of 1993 (GPRA) to create a more integrated, crosscutting performance planning and reporting framework to support the federal government’s achievement of results. It requires OMB to work with federal agencies to establish CAP goals to address crosscutting mission areas as well as management challenges. GPRAMA includes a provision for GAO to periodically assess the act’s implementation, including the CAP goals. This report examines discussion participants’ views on the CAP goal framework for addressing crosscutting federal performance challenges, and approaches to more effectively implement CAP goals and other opportunities. GAO held a series of discussion groups and interviews in May and June 2025. Participants in these discussion groups and interviews represented three previous administrations that had implemented CAP goals. GAO also reviewed requirements related to CAP goals; related OMB A-11 guidance; information about CAP goals on Performance.gov; and GAO’s prior work on CAP goals, GPRAMA implementation, and performance management. For more information, contact Lori Atkinson at atkinsonl@gao.gov.

What GAO Found The Federal Emergency Management Agency (FEMA) obligated about $13.6 million for 14 renewable energy projects through hazard mitigation assistance programs from fiscal years 2022 through 2024, the most recent 3 years of available data. These projects included small-scale solar generation, such as rooftop solar panels, microgrids, or solar generators for backup power for communities or public buildings. For example, projects included solar panels for a hospital, a sheriff’s office, and a recreation center to provide backup power during outages. FEMA provided this funding through FEMA’s hazard mitigation assistance programs, which include the Hazard Mitigation Grant Program, Pre-Disaster Mitigation Congressionally Directed Spending, and Building Resilient Infrastructure and Communities program. Figure 1: Residential Rooftop Solar Panels For these projects, FEMA generally required applicants to demonstrate the cost effectiveness of their projects through a benefit-cost analysis—a quantitative analysis comparing the project’s avoided future damage to the costs over the project lifetime. Under federal laws and FEMA policy, only cost-effective hazard mitigation activities are eligible for funding from FEMA’s Hazard Mitigation Grant Program, Pre-Disaster Mitigation Congressionally Directed Spending, and Building Resilient Infrastructure and Communities program. FEMA provides applicants with a benefit-cost analysis toolkit to assist applicants with conducting benefit-cost analyses. GAO reported on the challenges applicants face performing a benefit-cost analysis, including the amount of resources and data needed, as well as steps FEMA was taking to make completing benefit-cost analyses easier for state and local jurisdictions. Why GAO Did This Study Natural hazards can damage energy and other infrastructure—including renewable energy—and pose threats to the reliability of the electricity grid. Specifically, extreme weather events have been the principal contributors to an increase in the frequency and duration of power outages in the United States. Power outages can affect residential, commercial, industrial, and other customers’ ability to use electricity for lighting, heating, cooling, refrigeration, public transportation, and other daily needs. FEMA manages several assistance programs that can be used to fund projects to mitigate the impacts of natural hazards. These can include renewable energy projects, such as microgrids or backup power, to minimize the impact of power outages. This report examines what funding FEMA has provided for renewable energy projects from fiscal years 2022 through 2024, and what FEMA requires from applicants to demonstrate cost effectiveness of projects. To do this work, GAO reviewed relevant legal requirements, FEMA data, FEMA program policies and guidance, and prior GAO reports. GAO also interviewed FEMA and Department of Energy officials and selected stakeholders knowledgeable about the role of renewable energy in hazard mitigation and FEMA funding. For more information, contact Janet McKelvey at mckelveyj@gao.gov.

What GAO Found The Financial Crimes Enforcement Network (FinCEN) collects and shares beneficial ownership information to help prevent misuse of corporate structures to conceal illicit financial activities. Beneficial owners are individuals who directly or indirectly own or control a certain percentage of ownership interests in, or exercise substantial control over, a reporting company. In early 2024, FinCEN began to securely collect, process, store, and manage in its IT system beneficial ownership information submitted by required filers. It also began to implement a five-phase program to allow authorized users—such as federal agencies engaged in national security, intelligence, or law enforcement—to request access to the system. FinCEN completed its first phase (a pilot program) by granting six federal law enforcement agencies access to its IT system. Agency searches fell sharply in October 2024 and generally remained low through March 2026 (see figure). FinCEN attributed the decline to lawsuits, program changes, and its March 2025 interim final rule, which exempted about 99 percent of entities previously required to report their information. Three agencies also ended the pilot program. Beneficial Ownership Information System Searches Conducted by Six Federal Agencies, June 2024–March 2026 FinCEN paused accepting and processing access requests under its second phase in December 2024 because of ongoing lawsuits but resumed its efforts in spring 2025. As of August 2025, FinCEN was processing requests from 22 federal agencies but largely paused its efforts again in December 2025 while working to finalize its interim final rule. FinCEN also delayed time frames for implementing the remaining program phases. To protect the security and confidentiality of beneficial ownership information, FinCEN implemented processes to oversee agencies and revised its oversight procedures. FinCEN conducts monthly reviews to monitor individual users’ access to and use of its IT system and automatically deletes inactive users. FinCEN officials said the agency also began annual audits of four pilot agencies to assess their compliance with program requirements. In early 2025, FinCEN revised its oversight procedures to include guidance for escalating compliance concerns. The new procedures do not specify the types of noncompliance that would result in suspension or termination of an agency’s access. However, in March 2026, FinCEN officials said the agency was developing additional procedures to address noncompliance, including suspensions or termination of access, as additional agencies may be granted access under the second phase. Why GAO Did This Study The Corporate Transparency Act, enacted in 2021, requires certain legal entities to report their beneficial ownership information to FinCEN. This requirement supports U.S. efforts to prevent bad actors from using shell companies or other opaque ownership structures to benefit from illicit activity. The act required FinCEN to adopt regulations to safeguard this information from unauthorized use. In late 2024 and early 2025, lawsuits challenging the Corporate Transparency Act resulted in two district courts initially pausing reporting deadlines. In February 2025, FinCEN extended the reporting deadlines for most reporting companies because of the litigation. In March 2025, FinCEN issued an interim final rule that exempted all U.S. companies and U.S. persons from the beneficial ownership information reporting requirements. The act also includes a provision for GAO to determine how FinCEN is protecting access to and use of beneficial ownership information. This report is the second in a series of seven annual reports (beginning with GAO-25-107403). This report examines (1) the status of FinCEN’s efforts to grant agencies access to beneficial ownership information and (2) the mechanisms it implemented to oversee agencies’ access to and use of the information. GAO reviewed FinCEN’s policies and procedures for beneficial ownership information access, analyzed related documents, and interviewed FinCEN officials. For more information, contact Michael E. Clements at clementsm@gao.gov.

What GAO Found The Federal Agency Performance Act of 2024 (FAPA) amends statutory requirements for the Office of Management and Budget (OMB) and federal agencies to manage performance and address crosscutting issues, such as improving food safety and ensuring cybersecurity. For example, OMB is now required to achieve crosscutting goals within a presidential term and agencies are required to conduct strategic reviews to assess whether relevant organizations, programs, and activities are contributing as planned to progress on agency goals. OMB has made limited progress in implementing new requirements. For example, OMB established new crosscutting goals in December 2025—within the first year of the administration as required. However, OMB’s August 2025 guidance to agencies does not address all statutory requirements for strategic reviews. For example, the guidance does not fully address four requirements related to involving agency leaders and stakeholders. Without guidance that accurately communicates each requirement, agencies risk conducting ineffective strategic reviews, limiting the usefulness of the information decision-makers have to improve performance and ensure that crosscutting issues are addressed. The Departments of Homeland Security (DHS) and the Treasury had policies, procedures, and guidance for their strategic review processes that addressed most, but not all requirements. The Department of State and the General Services Administration (GSA) have not developed such documents. Further, none of the four agencies GAO selected had fully implemented new requirements for strategic reviews. Without documents that fully reflect requirements, the four agencies risk conducting strategic reviews that do not sufficiently assess progress toward their goals nor provide agency leaders with the information they need to identify risks and improve performance. Extent to Which Strategic Review Documents Address Requirements DHS, Treasury, and GSA have plans to implement strategic reviews in 2026—the first year after OMB issued guidance—but State would not confirm plans to do so. Without conducting annual reviews, State leadership is missing a critical opportunity to assess performance to learn what worked well and what did not and identify actions to improve results moving forward. Why GAO Did This Study To effectively address crosscutting issues such as delivering disaster relief, the federal government needs to coordinate efforts across organizational boundaries. GAO’s work continues to identify challenges the federal government faces in effectively managing its activities and addressing crosscutting issues. FAPA includes provisions for GAO to review its implementation. This report assesses the extent to which (1) OMB implemented FAPA’s new government-wide requirements, and (2) selected agencies addressed FAPA’s strategic review requirements. To do so, GAO reviewed information on Performance.gov and OMB’s 2025 annual update to guidance. GAO also reviewed policies, procedures, and guidance and interviewed relevant officials at the four selected agencies about their strategic review processes and coordination with OMB. GAO selected four agencies from a population of 13 that were included in its past work on strategic reviews. The four selected agencies ranged in size (i.e., number of full-time equivalent employees) and varied in types of missions, programs, and activities.

What GAO Found The Department of Veterans Affairs (VA) is responsible for securing its facilities. GAO has identified security challenges at VA medical facilities and made recommendations to help manage related risks. In January 2018, for example, GAO found limitations with VA’s risk assessment methodology and recommended VA review and revise its risk management policies to reflect interagency standards and develop an oversight strategy to assess its facilities’ risk management programs. VA has not fully implemented these recommendations. In April 2026, GAO reported that its 2025 covert testing found security vulnerabilities at selected VA facilities related to security vulnerabilities that VA had previously identified in its risk assessments of its medical facilities. Specifically, VA failed to detect almost all of GAO’s covert tests. For example: In all 30 tests, VA staff did not detect a prohibited weapon that GAO investigators carried into the VA facilities, including two that had metal detectors. Twenty-eight facilities did not have metal detectors, as they are not required to. In 25 of 26 tests, VA staff did not confront an investigator drinking in plain view from a bottle labeled “vodka”—which is generally prohibited at VA facilities. Undercover GAO Investigator Appearing to Drink Alcohol in a VA Medical Facility Taking actions to address GAO’s recommendations would better provide VA with information it needs to make informed decisions, allocate resources effectively, and prioritize security efforts to create a safe environment for veterans and VA staff. Why GAO Did This Study VA oversees the largest integrated health care system in the U.S., serving 9 million enrolled veterans at over 1,300 facilities. VA employees, veteran patients, and medical facilities have been the targets of violence, threats, and other security-related incidents in recent years, including nonviolent crimes such as disorderly conduct and theft. The Interagency Security Committee (ISC)—of which VA is a member—developed a risk management standard that federal agencies must follow to identify and address the types of security vulnerabilities impacting their facilities. GAO has conducted work related to the ISC’s risk management standard and security at VA medical facilities. This statement, based primarily on three reports published between January 2013 and April 2026, discusses challenges VA faces related to the security of its facilities and actions that could help address those challenges, among other issues.

This report presents the Government Accountability Office's (GAO) Performance Plan for Fiscal Year 2027. In the spirit of the Government Performance and Results Act, this annual plan informs the Congress and the American people about what we expect to accomplish on their behalf in the coming fiscal year. It sets forth our plan to make progress toward achieving our strategic goals for serving the Congress and the American people. This framework shows the relationship between our strategic goals and strategic objectives, as well as major themes that could potentially affect our work. For more information, contact Arte Ledyard at ledyarda@gao.gov.

What GAO Found In April 2025, GAO identified 9 priority recommendations for the Environmental Protection Agency (EPA). Since then, EPA has implemented one of those recommendations, bringing the total to 8 as of May 2026. GAO is highlighting the following two areas that warrant timely and focused attention: Managing the nation's air quality issues, and Protecting the nation's water quality. Addressing GAO's recommendations in these areas would allow EPA to target its resources to the highest priorities for wildfire smoke events and help EPA better position the national ambient air quality monitoring system to provide critical information for managing air quality and protecting public health. It would also enhance EPA efforts to manage threats to water quality and safety, such as those posed by harmful algal blooms and hypoxia. Taking action to implement all of GAO's open priority recommendations would help enhance the efficiency and effectiveness of operations across EPA. Why GAO Did This Study Priority open recommendations are GAO recommendations that warrant priority attention from heads of key departments or agencies because their implementation could save large amounts of money; improve congressional and/or executive branch decision-making on major issues; eliminate mismanagement, fraud, and abuse; or make progress toward addressing a high risk or duplication issue, among other benefits. Since 2015, GAO has sent letters to selected agencies to highlight the importance of implementing such recommendations. For more information, contact Allison Bawden at bawdena@gao.gov.