The IT Law Wiki

1== Overview ==

The following are the GAO reports published in 2018 that are discussed in this wiki (in reverse chronological order). Those reports that have already been summarized are in blue; those that have not yet been summarized are in red.


  • Information Security: Significant Progress Made, but CDC Needs to Take Further Action to Resolve Control Deficiencies and Improve Its Program (GAO-19-70) (Dec. 20, 2018).
  • Critical Infrastructure Protection: Protecting the Electric Grid from Geomagnetic Disturbances (GAO-19-98) (Dec. 19, 2018).
  • Information Security: Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions (GAO-19-105) (Dec. 18, 2018).
  • Open Data: Treasury Could Better Align with Key Practices and Search Requirements (GAO-19-72) (Dec. 13, 2018).
  • Emergency Communications: Office of Emergency Communications Should Take Steps to Help Improve External Communications (GAO-19-171) (Dec. 12, 2018).
  • Information Technology: Implementation of Recommendations Is Needed to Strengthen Acquisitions, Operations, and Cybersecurity (GAO-19-275T) (Dec. 12, 2018).
  • Information Technology: Agencies Need Better Information on the Use of Noncompetitive and Bridge Contracts (GAO-19-63) (Dec. 11, 2018).
  • Cybersecurity:Federal Agencies Met Legislative Requirements for Protecting Privacy When Sharing Threat Information (GAO-19-114R) (Dec. 6, 2018).
  • Fraud Risk Management: OMB Should Improve Guidelines and Working-Group Efforts to Support Agencies' Implementation of the Fraud Reduction and Data Analytics Act (GAO-19-34) (Dec. 4, 2018).


  • Tribal Broadband: FCC Should Undertake Efforts to Better Promote Tribal Access to Spectrum (GAO-19-75) (Nov. 14, 2018).
  • Information Security: OPM Has Implemented Many of GAO's 80 Recommendations, but Over One-Third Remain Open (GAO-19-143R) (Nov. 13, 2018).
  • Information Technology: Departments Need to Improve Chief Information Officers' Review and Approval of IT Budgets (GAO-19-49) (Nov. 13, 2018).


  • Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities (GAO-19-128) (Oct. 9, 2018).
  • Tribal Broadband: FCC's Data Overstate Access, and Tribes Face Barriers Accessing Funding (GAO-19-134T) (Oct. 3, 2018).


  • Tribal Broadband: Few Partnerships Exist and the Rural Utilities Service Needs to Identify and Address Any Funding Barriers Tribes Face (GAO-18-682) (Sept. 28, 2018).
  • Information Technology: SSA Has Improved Acquisitions and Operations, but Needs to Fully Address the Role of Its Chief Information Officer (GAO-18-703T) (Sept. 27, 2018).
  • Identity Theft: Strengthening Taxpayer Authentication Efforts Could Help Protect IRS Against Fraudsters (GAO-18-702T) (Sept. 26, 2018)
  • Science and Technology: Considerations for Maintaining U.S. Competitiveness in Quantum Computing, Synthetic Biology, and Other Potentially Transformational Research Areas (GAO-18-656) (Sept. 26, 2018).
  • Cybersecurity: Office of Federal Student Aid Should Take Additional Steps to Oversee Non-School Partners' Protection of Borrower Information (GAO-18-518) (Sept. 17, 2018).
  • Electronic Health Records: Clear Definition of the Interagency Program Office's Role in VA's New Modernization Effort Would Strengthen Accountability (GAO-18-696T) (Sept. 13, 2018).
  • Positive Train Control: Most Railroads Expect to Request an Extension, and Substantial Work Remains Beyond 2018 (GAO-18-692T) (Sept. 13, 2018).
  • Broadband Internet: FCC's Data Overstate Access on Tribal Lands (GAO-18-630) (Sept. 7, 2018).
  • High-Risk Series: Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the Nation (GAO-18-622) (Sept. 6, 2018).
  • Defense Infrastructure: Guidance Needed to Develop Metrics and Implement Cybersecurity Requirements for Utilities Privatization Contracts (GAO-18-558) (Sept. 4, 2018).


  • 2020 Census: Continued Management Attention Needed to Address Challenges and Risks with Developing, Testing, and Securing IT Systems (GAO-18-655) (Aug. 30, 2018).
  • Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach (GAO-18-559) (Aug. 30, 2018).
  • Federal Chief Information Officers: Critical Actions Needed to Address Shortcomings and Challenges in Implementing Responsibilities (GAO-18-93) (Aug 2, 2018).


  • Information Security: IRS Needs to Rectify Control Deficiencies That Limit Its Effectiveness in Protecting Sensitive Financial and Taxpayer Data (GAO-18-391) (July 31, 2018).
  • Information Security: Supply Chain Risks Affecting Federal Agencies (GAO-18-667T) (July 12, 2018).


  • Information Technology: IRS Needs to Take Additional Actions to Address Significant Risks to Tax Processing (GAO-18-298) (June 28, 2018).
  • Artificial Intelligence: Emerging Opportunities, Challenges, and Implications for Policy and Research (GAO-18-644T) (June 26, 2018).
  • Bank Secrecy Act: Further Actions Needed to Address Domestic and International Derisking Concerns (GAO-18-642T) (June 26, 2018).
  • VA IT Modernization: Preparations for Transitioning to a New Electronic Health Record System Are Ongoing (GAO-18-636T) (June 26, 2018).
  • Freedom of Information Act: Agencies Are Implementing Requirements but Additional Actions Are Needed (GAO-18-365) (June 25, 2018).
  • Federal Research: Additional Actions Needed to Improve Licensing of Patented Laboratory Inventions (GAO-18-327) (June 19, 2018).
  • Cybersecurity Workforce: Agencies Need to Improve Baseline Assessments and Procedures for Coding Positions (GAO-18-466) (June 14, 2018).


  • Emergency Communications: Increased Regional Collaboration Could Enhance Capabilities (GAO-18-379) (Apr. 26, 2018).
  • Small Unmanned Aircraft Systems: FAA Should Improve Its Management of Safety Risks (GAO-18-110) (May 24, 2018).
  • DOD Major Automated Information Systems: Adherence to Best Practices Is Needed to Better Manage and Oversee Business Programs (GAO-18-326) (May 24, 2018).
  • Data Center Optimization: Continued Agency Actions Needed to Meet Goals and Address Prior Recommendations (GAO-18-264) (May 23, 2018).
  • Information Technology: Continued Implementation of High-Risk Recommendations Is Needed to Better Manage Acquisitions Operations and Cybersecurity (GAO-18-566T) (May 23, 2018).
  • NASA Information Technology: Urgent Action Needed to Address Significant Management and Cybersecurity Weaknesses (GAO-18-337) (May 22, 2018).
  • Protecting Classified Information: Defense Security Service Should Address Challenges as New Approach Is Piloted (GAO-18-407) (May 14, 2018).


  • Cybersecurity: DHS Needs to Enhance Efforts to Improve and Promote the Security of Federal and Private-Sector Networks (GAO-18-520T) (Apr. 24, 2018).
  • Management Report: Areas for Improvement in the Federal Reserve Banks' Information System Controls (GAO-18-334R) (Apr. 5, 2018).


  • Technology Assessment: Artificial Intelligence: Emerging Opportunities, Challenges, and Implications (GAO-18-142SP) (Mar. 28, 2018).
  • Science, Technology, Engineering, and Mathematics Education: Actions Needed to Better Assess the Federal Investment (GAO-18-290) (Mar. 23, 2018).
  • U.S. Patent and Trademark Office: Observations on the Covered Business Method Patent Review Program (GAO-18-451) (Mar. 20, 2018).
  • Border Security: Progress and Challenges with the Use of Technology, Tactical Infrastructure, and Personnel to Secure the Southwest Border (GAO-18-397T) (Mar. 15, 2018).
  • Customs and Border Protection: Automated Trade Data System Yields Benefits but Interagency Management Approach Is Needed (GAO-18-271) (Mar. 14, 2018).
  • Information Technology: Further Implementation of Recommendations Is Needed to Better Manage Acquisitions and Operations (GAO-18-460T) (Mar. 14, 2018).
  • Freedom of Information Act: Agencies Are Implementing Requirements but Need to Take Additional Actions (GAO-18-452T) (Mar. 13, 2018).
  • Freedom of Information Act: Federal Court Decisions Have Not Required the Office of Special Counsel to Initiate Disciplinary Actions for the Improper Withholding of Records (GAO-18-235R) (Mar. 13, 2018).
  • U.S. Patent and Trademark Office: Assessment of the Covered Business Method Patent Review Program (GAO-18-320) (Mar. 12, 2018).
  • Cybersecurity Workforce: DHS Needs to Take Urgent Action to Identify Its Position and Critical Skill Requirements (GAO-18-430T) (March 7, 2018).
  • Electronic Health Information: CMS Oversight of Medicare Beneficiary Data Security Needs Improvement (GAO-18-210) (Mar. 6, 2018).



  • Next Generation 911: National 911 Program Could Strengthen Efforts to Assist States (GAO-18-252) (Jan. 31, 2018).
  • Small Business Research Programs: Agencies Need to Take Steps to Assess Progress Toward Commercializing Technologies (GAO-18-207) (Jan. 31, 2018).
  • Coast Guard Health Records: Timely Acquisition of New System Is Critical to Overcoming Challenges with Paper Process (GAO-18-363T) (Jan. 30, 2018).
  • Federal Buildings: GSA Should Establish Goals and Performance Measures to Manage the Smart Buildings Program (GAO-18-200) (Jan. 30, 2018).
  • Homeland Defense: Urgent Need for DOD and FAA to Address Risks and Improve Planning for Technology That Tracks Military Aircraft (GAO-18-177) (Jan. 18, 2018).
  • VA Health IT Modernization: Historical Perspective on Prior Contracts and Update on Plans for New Initiative (GAO-18-208) (Jan. 18, 2018).
  • Information Technology: Agencies Need to Involve Chief Information Officers in Reviewing Billions of Dollars in Acquisitions (GAO-18-42) (Jan. 10, 2018).

Other GAO Reports[]

The following entries list GAO Reports in chronological order by year: