About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

GAO-25-108537 1 (July 28, 2025)

handle is hein.gao/cifimoffcr0001 and id is 1 raw text is: G A O U.S. GOVERNMENT ACCOUNTABILITY OFFICE 441 G St. NW Washington, DC 20548 July 28, 2025 Mr. David A. Shive Chief Information Officer General Services Administration 1800 F Street NW, Washington, DC 20405 Chief Information Officer Open Recommendations: General Services Administration Dear Mr. Shive: I am writing to you with respect to your role as the Chief Information Officer (CIO) for the General Services Administration (GSA). As an independent, non-partisan agency that works for Congress, GAO's mission is to support Congress in meeting its constitutional responsibilities and help improve the performance and ensure the accountability of the federal government. Our work includes investigating matters related to the use of public funds, evaluating programs and activities of the U.S. Government at the request of congressional committees and subcommittees or on the initiative of the Comptroller General, and as required by public laws or committee reports. Our duties include reporting our findings and recommending ways to increase economy and efficiency in government spending. The purpose of this letter is to provide an overview of the open, publicly available GAO recommendations to GSA that call for the attention of the CIO. We identified recommendations that relate to the CIO's roles and responsibilities in effectively managing IT. They include strategic planning, investment management, and information security. We have previously reported on the significance of the CIO's role in improving the government's performance in IT and related information management functions.1 Your attention to these recommendations will help ensure the secure and effective use of IT at the agency. Currently, GSA has four open recommendations that call for the attention of the CIO. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management.2 Fully implementing these open recommendations could significantly improve GSA's ability to address threats and manage its critical systems, operations, and information. I have summarized selected recommendations here. See the enclosure for a full list and additional details on the recommendations. Ensuring the Cybersecurity of the Nation. GSA needs to make progress in its cybersecurity incident response preparedness by taking steps to improve its investigation and remediation capabilities. Specifically, we recommended that GSA fully implement event logging 1See for example, GAO, Federal Chief Information Officers: Critical Actions Needed to Address Shortcomings and Challenges in Implementing Responsibilities, GAO-18-93 (Washington, D.C.: Aug. 2, 2018). 2GAO, High-Risk Series: Heightened Attention Could Save Billions More and Improve Government Efficiency and Effectiveness, GAO-25-107743 (Washington, D.C.: Feb. 25, 2025). GAO-25-108537 GSA CIO Recommendations Page 1

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most