Open Recommendations

We recommend that the Commissioner of CBP develop and implement a corrective action plan to ensure firearms and ammunition video surveillance systems are installed in required areas, functioning, and correctly positioned at the 11 locations with issues identified in this report.

We recommend SSA ensure contracts from other Federal agencies are readily available to determine whether the contract includes required FAR clauses, by including a copy of the initial award issued by other Agencies in SSA’s Streamlined Acquisition System.

We recommend the U.S. Assistant Secretary for Occupational Safety and Health update the criteria for the number of establishments to be included in the Site-Specific Targeting programs’ universes to better reflect industry growth and the number of eligible establishments nationwide.

We recommend the U.S. Assistant Secretary for Occupational Safety and Health to develop specific, measurable inspection goals for the Site Specific Targeting program, including a baseline for the number of inspections in each Site-Specific Targeting category, and periodically monitor progress toward those goals.

We recommend the U.S. Assistant Secretary for Occupational Safety and Health develop a more effective enforcement strategy to improve employer Form 300A compliance.

We recommend the U.S. Assistant Secretary for Occupational Safety and Health assess Form 300A data categories and gather more specific supporting information about injuries to better identify the count and type of injuries reported, such as musculoskeletal disorders.

We recommend the U.S. Assistant Secretary for Occupational Safety and Health develop improved Form 300A data analyses to better identify trends among industries and establishments.

We recommend the U.S. Assistant Secretary for Occupational Safety and Health develop specific measurable inspection goals for the warehousing National Emphasis Program, including a baseline for the number of inspections to complete and periodically monitor progress toward those goals. Ensure the goals contain metrics that demonstrate the outcomes of the program.

We recommend the Principal Deputy Assistant Secretary for Employment and Training develop a document that captures lessons learned from the implementation of the pandemic-related UI programs that can be used to provide legislative technical assistance and operational guidance to Congress and states on any future emergency UI programs, including an assessment of fraud and fraud prevention methods in programs that allow for self-certification.

Ensure that all 1,286 noncompliant card readers are replaced with Federally compliant card readers and are properly configured.

Discuss and reinforce the updates made to Supervision and Regulation Letter 02-9 in response to recommendation 1 with Reserve Banks through training.

Develop and implement a plan for instructing Community Banking Organization and Regional Banking Organization examiners to take a forward-looking view of a bank’s risk profile and the possible and plausible outcomes of that risk profile when assigning CAMELS composite and component ratings, includinga. guidance for examiners on effectively balancing a bank’s financial results and condition with its risk profile when assigning CAMELS composite and component ratings, particularly for banks with concentrated business models susceptible to boom and bust cycles.b. guidance for examiners on circumstances that warrant a heightened sense of urgency to initiate CAMELS composite or component ratings downgrades, identify…

Develop guidance for examiners on preparing firms to transition from the Community Banking Organization portfolio to the Regional Banking Organization portfolio that includes references to updated and relevant guidance applicable to firms that cross the $10 billion asset size threshold.

Develop a plan to minimize the time necessary to establish a new Regional Banking Organization central point of contact and supervisory team for Community Banking Organizations approaching the $10 billion asset size threshold.

Develop guidance for examiners on supervising firms approaching the $10 billion total assets threshold that describesa. how to prepare for the transition, including the roles and responsibilities of the Board, the Community Banking Organization team, and the Regional Banking Organization team, and the expectations for sharing relevant information between the portfolio teams.b. procedures for developing and updating the supervisory plan before, during, and after the transition.

Develop guidance for examiners on supervising banks projecting or experiencing rapid growth. The guidance should includea. parameters for identifying significant, rapid growth that may hinder a bank’s ability to operate in a safe and sound manner and parameters for identifying when a bank is growing in an unchecked manner based on conditions in the market that have surpassed management’s capability to effectively manage it.b. actions examiners should take as a bank projects or experiences such growth or in response to sustained, unchecked growth, including any expected escalations.c. actions examiners should take when supervising banks susceptible to volatile market conditions.

Develop guidance for banks projecting or experiencing significant, rapid growth that includes expectations for ensuring that they have requisite staff and risk management capabilities and effective key control functions.

Update Supervision and Regulation Letter 02-9 to provide additional details on what may constitute a change in the general character of a state member bank’s business, including providing examiners with a variety of examples or scenarios that could help them to determine when a bank needs to file an application and receive approval from the Board under Regulation H.

The assistant secretary for information and technology ensure VA Directive and Handbook 6517 are updated to reflect the revised National Institute of Standards and Technology requirements.

Ensure vulnerabilities are remediated within OIT’s established time frames.

Ensure a video surveillance system is operational and monitored for the data center.

Ensure water detection sensors are implemented in the data center.

Conduct a cost, benefit, and feasibility analysis on potential options for increasing local delivery response rates and developing more easily understood survey terminology.

The Railroad Retirement Board's Bureaus of Information Services should fully implement the corrective actions developed in response to Railroad Retirement Board’s Office of Inspector General Report Number 17-08 recommendations 2, 3, 4, 5, 7, 9, and 10 by the completion timeline.

The Railroad Retirement Board's Bureau of Information Services should develop corrective action plans, to include timelines for completion, for Railroad Retirement Board’s Office of Inspector General Report Number 17-08 recommendations 6, 12, and 13.

The Railroad Retirement Board's Bureau of Information Serivces should establish a process to maintain detailed corrective action plans for all records and information management internal control deficiencies.

The Railroad Retirement Board’s Bureau of Information Services should develop action plans, with timelines for estimated completion, for the following fiscal year 2021 Federal Manager’s Financial Integrity Act Report program process improvements:• Program Process Improvement 7: Complete a comprehensive update of the Railroad Retirement Board’s Records Schedule Disposition Handbook; and • Program Process Improvement 8: Incorporate all new National Archives and Records Administration Digital Preservation Guidance into Railroad Retirement Board’s Records Management policies and procedures by June 30, 2024.

The Railroad Retirement Board's Bureau of Information Services should create a corrective action plan to ensure requirements identified in Administrative Circular Information Resources Management 4 have been implemented.

The Railroad Retirement Board's Bureau of Information Services should update Administrative Circular Information Resources Management 4 to include procedures that the Bureau of Information Services staff must implement in the absence of a records liaison.

The Railroad Retirement Board's Bureau of Information Services should develop a checklist to enable Bureau Heads to be made fully aware of their responsibilities and verify that their bureau or office complies with each requirement in Administrative Circular Information Resources Management 4.

Create a feature in the Manual Adjustment, Credit, and Award Data Entry system that allows Social Security Administration employees to review the notice and make any necessary corrections without requiring a separate action.

Implement two new alerts to identify Old-Age, Survivors and Disability Insurance (OASDI) benefits being withheld pending a windfall offset determination over 12 months that do not have a WOD line on the MBR.

We recommend that CPB management require KDHX-FM to identify the corrective actions and controls it will implement to ensure future compliance with Act and CPB requirements for open financial records.

We recommend that CPB management require KDHX-FM to update its Diversity Statement to fully address the CPB Diversity Statement requirements.

We recommend that CPB management require KDHX-FM to identify the corrective actions and controls it will implement to ensure future compliance with Diversity Statement requirements.

We recommend CBP’s Border Security Deployment Program Project Management Office: a. assess the impact that video surveillance system network (patching and scanning) updates have on live feeds and recording capabilities; b. develop and implement a mitigation plan as warranted based on the impacts identified in (a); and c. consider notification options to alert video surveillance system operators of recording gaps.

We recommend the CBP Office of Field Operations Executive Assistant Commissioner, Enterprise Services Executive Assistant Commissioner, and appropriate CBP program offices: a. conduct a program review to identify improvements required for the video surveillance system, equipment, and network infrastructure at land ports of entry and consider alternative solutions when infrastructure cannot be upgraded; and b. establish a risk-based process for upgrading video surveillance system and equipment including factors such as operating environment and limitations at each land port of entry.

We recommend CBP’s OFO Directors of Field Operations collaborate with CBP’s Border Security Deployment Program Project Management Office and relevant program offices to implement a process to ensure: a. continued awareness of and compliance with video surveillance requirements at land ports of entry, such as implementation of a training program for new and existing Centralized Area Video Surveillance System operators; and b. land ports of entry personnel coordinate with CBP’s Border Security Deployment Program Project Management Office and other program offices when upgrading video surveillance equipment or re-purposing rooms.

We recommend CBP’s Border Security Deployment Program Project Management Office, in coordination with other relevant program offices, establish a process requiring feasibility studies to identify network infrastructure needs for new video surveillance system equipment and installations and incorporate these outcomes as warranted.

We recommend the CBP Office of Information and Technology Assistant Commissioner implement a process to ensure video and audio surveillance equipment installed complies with applicable security and privacy controls required by DHS network standards, CBP information security policies, and Centralized Area Video Surveillance System Design Standards for design and operation, as applicable.

We recommend CBP’s Border Security Deployment Program Project Management Office, in collaboration with CBP’s OFO Directors of Field Operations, take immediate action to ensure all land ports of entry have the required privacy protections for hold rooms with lavatory facilities.

We recommend CBP’s Border Security Deployment Program Project Management Office, in collaboration with CBP’s OFO Directors of Field Operations, survey Centralized Area Video Surveillance System operators annually to obtain feedback related to video and audio equipment.

We recommend that CBP’s Office of Field Operations assign responsibility for ensuring STOP Act implementation, including: a. monitoring and resolving advance electronic data quality and quantity issues; b. documenting justifications for advance electronic data waivers; c. providing lists of advance electronic data waivers to International Mail Facilities and implementing routine, alternate screening for mail from countries with advance electronic data waivers; and d. enforcing penalties when the U.S. Postal Service accepts mail without advance electronic data.

We recommend that CBP’s Office of Field Operations establish and implement a process for: a. developing advance electronic data waivers using CBP data to assess a country’s risk eligibility; b. documenting justifications for waiver countries; and c. reporting advance electronic data waivers and justifications to Congress.

We recommend the TSA Assistant Administrator for Policy, Plans, and Engagement, in consultation with interagency partners, such as the Department of Transportation, complete rulemaking that will permanently codify critical cybersecurity requirements for pipelines.

We recommend the TSA Assistant Administrator for Surface Operations develop standard operating procedures and a formal tracking system to ensure consistent tracking and follow-up of the implementation of security directives and eventual regulations.

We recommend the TSA Assistant Administrator for Surface Operations include in TSA’s standard operating procedures developed in response to recommendation 2, a requirement to conduct follow-up inspections that ensure pipeline operators have completed mitigation activities to address cybersecurity vulnerabilities.

Develop and implement DOT's zero trust architecture plan for network traffic that cannot be routed through traditional Trusted-Internet Connections (TIC) access points as required by OMB M-19-26, Update to the TIC Initiative.

In coordination with Federal Aviation Administration (FAA), complete the pilot and testing of TIC 3.0 use cases and revise FAA policies to reflect requirements in OMB M-19-26, Update to TIC Initiative.

The DCSE should update the Processing Returns and Accounts of the President and Vice President internal guidelines to accurately reflect the process followed from receipt of a Presidential return through assignment and performance of the mandatory examination.