Michael R. Pompeo, Secretary of State
On behalf of the Government of the United States of America and the American people, I offer best wishes to all Austrians on the 65th anniversary of your National Day.
Austria is an indispensable partner in advancing human rights, generating prosperity, and ensuring peace and security in Europe and around the world. I witnessed your dedication to these shared values during my visit to Vienna in August when I met with President Van der Bellen, Chancellor Kurz and his ministers, and inaugurated one of the two U.S.-Austria Friendship Trams – a symbol of our lasting relationship. Our two nations enjoy a long history of friendship and cooperation, which will continue to flourish as we together fight COVID-19 and confront new challenges.
As the people of Austria celebrate this anniversary, I congratulate you and look forward to expanding our ties and deepening our alliance.
- Former Mexican police officer gets 30 years for sexually exploiting childBy Sam NewsIn Justice NewsDecember 8, 2021A 38-year-old resident [Read More…]
- Defense Contractor Cybersecurity: Stakeholder Communication and Performance Goals Could Improve Certification FrameworkBy Sam NewsDecember 8, 2021What GAO Found For years, malicious cyber actors have targeted defense contractors to access sensitive unclassified data. In response, since 2019, the Department of Defense (DOD) has engaged with a range of stakeholders to develop and refine a set of cybersecurity practices and processes for contractors to use to help assure security of the data. For relevant contracts, this Cybersecurity Maturity Model Certification (CMMC) requires that defense contractors implement these practices and processes on their information systems and networks. Key Steps in CMMC Verification Process DOD began CMMC implementation with an interim rule that took effect in November 2020, but the rollout of the 5-year pilot phase is delayed. For example, DOD planned to pilot the CMMC requirement on up to 15 acquisitions in fiscal year 2021 but has not yet included the requirement in any acquisitions, in part due to delays in certifying assessors. Industry—in particular, small businesses—has expressed a range of concerns about CMMC implementation, such as costs and assessment consistency. DOD engaged with industry in refining early versions of CMMC, but it has not provided sufficient details and timely communication on implementation. Until DOD improves this communication, industry will be challenged to implement protections for DOD's sensitive data. DOD has identified plans to assess aspects of its CMMC pilot, including high-level objectives and data collection activities, but these plans do not fully reflect GAO's leading practices for effective pilot design. For example, DOD has not defined when and how it will analyze its data to measure performance. Further, GAO found that DOD has not developed outcome-oriented measures, such as reduced risk to sensitive information, to gauge the effectiveness of CMMC. Without such measures, the department will be hindered in evaluating the extent to which CMMC is increasing the cybersecurity of the defense industrial base. In November 2021, DOD announced CMMC 2.0, which includes a number of significant changes, including eliminating some certification levels, DOD-specific cybersecurity practices, and assessment requirements. DOD also announced that it intended to suspend the current CMMC pilot and initiate a new rulemaking period to implement the revised framework. Why GAO Did This Study DOD relies on thousands of defense contractors for goods and services ranging from weapon systems to analysis to maintenance. In doing business with DOD, these companies access and use sensitive unclassified data. Accordingly, the department has taken steps intended to improve the cybersecurity of this defense industrial base. A Senate report included a provision for GAO to review DOD's implementation of CMMC. This report addresses (1) what steps DOD took to develop CMMC, (2) the extent to which DOD made progress in implementing CMMC, including communication with industry, and (3) the extent to which DOD has developed plans to assess the effectiveness of CMMC. GAO reviewed DOD documents related to the design and implementation of CMMC and interviewed DOD officials involved in designing and managing it. GAO also interviewed representatives from defense contractors, industry trade groups, and research centers.[Read More…]
- Iowa Man Pleads Guilty to Selling Misbranded Vitamin B12 InjectablesBy Sam NewsDecember 8, 2021An Iowa man pleaded guilty today to a felony charge related to the sale of misbranded vitamin B12 injectable drugs, the Department of Justice announced.[Read More…]
- Secretary Blinken’s Call with Qatari Deputy Prime Minister and Minister of Foreign Affairs Al-ThaniBy Sam NewsJuly 9, 2021
- OPCW Condemns Syria’s Repeated Use of Chemical WeaponsBy Sam NewsApril 22, 2021
- Drug Control Grants: ONDCP Should Document Its Process for Identifying Duplication, Overlap, and FragmentationBy Sam NewsDecember 8, 2021What GAO Found As the lead for the nation's drug control efforts, the Office of National Drug Control Policy (ONDCP) posted drug control grant information to its website and is taking steps to ensure it is complete. Specifically, ONDCP collects grant information from relevant federal agencies on an annual basis. For 2020, ONDCP posted this information, which included grant funding opportunities, past awards, and performance information on the grant programs. However, GAO identified at least seven drug control grant programs with publicly available grant performance information that were not posted. Subsequently, ONDCP reviewed and posted the additional information and plans to take steps to validate the completeness of the performance information going forward. Office of National Drug Control Policy Website with Drug Control Grant Resources ONDCP also requires relevant federal agencies to annually report barriers that potential grantees face when applying for drug control grants. ONDCP collected this information in November 2020, and officials stated that they plan to share this information with agencies to help the agencies reduce any systemic barriers. ONDCP officials stated they met the Substance Use-Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act (SUPPORT Act) requirement to facilitate the identification of duplication, overlap, and fragmentation (DOF) among drug control grants by assessing for DOF during their annual budget review process. However, we could not verify ONDCP's actions to assess for DOF because ONDCP has not documented its process. Federal standards for internal controls call for documentation to demonstrate the design, implementation, and operating effectiveness of an entity's internal control system. Documenting the process for identifying DOF will help ONDCP ensure that it retains organizational knowledge and can communicate and demonstrate the effectiveness of its internal control system to identify DOF. Why GAO Did This Study According to the most recent provisional data from the Centers for Disease Control and Prevention, a predicted record high of about 100,300 drug overdose deaths occurred during the 12-month period ending in April 2021. The federal drug control budget for fiscal year 2021 was nearly $36 billion and the federal government has enlisted more than a dozen agencies to address drug misuse and its effects. ONDCP is responsible for overseeing the implementation of the nation's national drug control policy and leading the national drug control efforts. The SUPPORT Act included a provision for GAO to examine ONDCP's tracking of federally funded drug control grants. This report addresses the extent to which ONDCP (1) took steps to provide the public with information on federal drug control grants, (2) took steps to identify barriers when applying for drug control grants, and (3) facilitated federal efforts to identify DOF in drug control grants. To answer these questions, GAO analyzed ONDCP documents on its efforts to identify drug control grants, any barriers to these grants, and its DOF assessments. GAO also analyzed information that ONDCP posted publicly on the 46 drug control grant programs it identified. In addition, GAO interviewed ONDCP officials about these efforts.[Read More…]
- Sudan Travel AdvisoryBy Sam NewsIn TravelSeptember 26, 2020Reconsider travel to [Read More…]
- Terrorist Designation of Abd al-Aziz Malluh Mirjirash al-MuhammadawiBy Sam NewsJanuary 13, 2021
- Justice Department Awards More Than $17.5 Million to Support Project Safe NeighborhoodsBy Sam NewsDecember 9, 2021The Department of Justice announced today that it has awarded more than $17.5 million in grants to support the Project Safe Neighborhoods (PSN) Program. Funding will support efforts across the country to address violent crime, including the gun violence that is often at its core.[Read More…]
- Priority Open Recommendations: Nuclear Regulatory CommissionBy Sam NewsApril 28, 2021What GAO Found In April 2020, GAO identified seven priority recommendations for the Nuclear Regulatory Commission (NRC). Since then, NRC implemented one of these recommendations by issuing a risk management strategy that addresses key elements foundational to effectively managing cybersecurity risks. The remaining six priority recommendations involve the following areas: addressing the security of radiological sources. improving the reliability of cost estimates. improving strategic human capital management. NRC's continued attention to these issues could lead to significant improvements in government operations. Why GAO Did This Study Priority open recommendations are the GAO recommendations that warrant priority attention from heads of key departments or agencies because their implementation could save large amounts of money; improve congressional and/or executive branch decision-making on major issues; eliminate mismanagement, fraud, and abuse; or ensure that programs comply with laws and funds are legally spent, among other benefits. Since 2015, GAO has sent letters to selected agencies to highlight the importance of implementing such recommendations. For more information, contact Mark Gaffigan at (202) 512-3841 or firstname.lastname@example.org.[Read More…]
- Justice Department Settles with Newark Public Schools to Protect English Learner StudentsBy Sam NewsSeptember 1, 2021Today the Justice Department announced a settlement agreement with Newark Public Schools to resolve the department’s investigation into the school district’s programs for its English learner students. The agreement ends the district’s longstanding and common practice of removing students from English learner programs before they become fluent in English. The district has agreed to improve services for English learner students so they can access the same educational opportunities as other students in the Newark Public Schools.[Read More…]
- Senior Advisor Hochstein’s Trip to IsraelBy Sam NewsNovember 6, 2021
- Small Business Research Programs: Agencies Should Further Improve Award TimelinessBy Sam NewsOctober 14, 2021What GAO Found Most federal agencies that participate in the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs did not consistently issue timely awards to small businesses in fiscal year 2020. The Small Business Administration's (SBA) SBIR/STTR policy directive recommends that most agencies issue such awards within 180 days of the closing date of the solicitation. On the one hand, timeliness across agencies has improved since fiscal year 2017. Agencies issued 69 percent of awards within the recommended time that year, compared to 82 percent of awards that we reviewed for fiscal year 2020. On the other hand, only nine of the 29 participating agencies were consistently on time in fiscal year 2020, meaning they issued at least 90 percent of their awards within 180 days. This lack of timeliness dates back at least 5 years: 20 agencies were routinely late during that period, issuing fewer than 90 percent of their awards on time for 3 or more of the 5 fiscal years since 2016 (see figure). Total Number and Value of Late Awards Issued by Routinely Late Agencies Nearly all of the agencies that were routinely late in issuing awards to small businesses have taken some steps to address risks to the timeliness of their awards. Such risks included not having standardized proposal review procedures and a lack of dedicated staff to issue awards. Agencies have taken some steps to improve timeliness by, for example, streamlining proposal reviews and the award contracting process. However, they have not fully addressed risks they identified or evaluated steps already taken and may continue to issue late awards until they do so. Although the Department of Defense (DOD) has taken some steps to improve timeliness, it has not established a required pilot program. According to officials, DOD has not done so, in part, because it would be too difficult to standardize practices across the department. GAO found that 12 of the 13 DOD participating agencies are not consistently issuing timely awards to small businesses. Without addressing the pilot program requirements, or by not reporting to Congress if the requirements are infeasible, DOD may be missing an opportunity to obtain technologies more quickly, as well as sustain small businesses that can provide such technologies. Why GAO Did This Study SBIR and STTR participating agencies awarded over $3 billion to small businesses in fiscal year 2020 to develop and commercialize new technologies. Timely issuance of these awards can affect the speed with which small businesses receive funds and begin work, according to the SBA. SBA's SBIR/STTR policy directive provides time frames for notification and award issuance—90 days for award notification and 180 days for award issuance. The Fiscal Year 2019 National Defense Authorization Act (NDAA) included a provision for GAO to review the timeliness of award notification and issuance. The Fiscal Year 2021 NDAA conference report included a provision for GAO to review instances of agencies not following through with awards. This report, GAO's third, examines, among other things: (1) agencies' timeliness in notification and issuance, (2) the extent to which agencies have addressed risks to award timeliness, and (3) the extent to which DOD established a pilot program to improve timeliness. GAO analyzed SBIR and STTR award data, reviewed documentation, interviewed SBA officials, and sent a questionnaire to all 29 participating agencies and select small businesses.[Read More…]
- Two Virginia Men Convicted for Their Roles in Investment Fraud SchemeBy Sam NewsNovember 3, 2020A federal jury found two representatives of a purported investment company based in the United Kingdom guilty on Oct. 30 for their roles in an investment fraud scheme by which they stole at least $5 million from victim investors.[Read More…]
- Cybersecurity: DHS and Selected Agencies Need to Address Shortcomings in Implementation of Network Monitoring ProgramBy Sam NewsAugust 18, 2020Selected agencies—the Federal Aviation Administration, Indian Health Services, and Small Business Administration—had generally deployed tools intended to provide cybersecurity data to support the Department of Homeland Security's (DHS) Continuous Diagnostics and Mitigation (CDM) program. As depicted in the figure, the program relies on automated tools to identify hardware and software residing on agency networks. This information is aggregated and compared to expected outcomes, such as whether actual device configuration settings meet federal benchmarks. The information is then displayed on an agency dashboard and federal dashboard. Continuous Diagnostics and Mitigation Program Data Flow from Agencies to the Federal Dashboard However, while agencies reported that the program improved their network awareness, none of the three agencies had effectively implemented all key CDM program requirements. For example, the three agencies had not fully implemented requirements for managing their hardware. This was due in part to contractors, who install and troubleshoot the tools, not always providing unique identifying information. Accordingly, CDM tools did not provide an accurate count of the hardware on their networks. In addition, although most agencies implemented requirements for managing software, they were not consistently comparing configuration settings on their networks to federal core benchmarks intended to maintain a standard level of security. The agencies identified various challenges to implementing the program, including overcoming resource limitations and not being able to resolve problems directly with contractors. DHS had taken numerous steps to help manage these challenges, including tracking risks of insufficient resources, providing forums for agencies to raise concerns, and allowing agencies to provide feedback to DHS on contractor performance. In 2013, DHS established the CDM program to strengthen the cybersecurity of government networks and systems by providing tools to agencies to continuously monitor their networks. The program, with estimated costs of about $10.9 billion, intends to provide capabilities for agencies to identify, prioritize, and mitigate cybersecurity vulnerabilities. GAO was asked to review agencies' continuous monitoring practices. This report (1) examines the extent to which selected agencies have effectively implemented key CDM program requirements and (2) describes challenges agencies identified in implementing the requirements and steps DHS has taken to address these challenges. GAO selected three agencies based on reported acquisition of CDM tools. GAO evaluated the agencies' implementation of CDM asset management capabilities, conducted semi-structured interviews with agency officials, and examined DHS actions. GAO is making six recommendations to DHS, including to ensure that contractors provide unique hardware identifiers; and nine recommendations to the three selected agencies, including to compare configurations to benchmarks. DHS and the selected agencies concurred with the recommendations. For more information, contact Vijay A. D'Souza at (202) 512-6240 or email@example.com.[Read More…]
- Worldwide CautionBy Sam NewsIn TravelSeptember 26, 2020This latest update to [Read More…]
- Visa Waiver Program: Actions Are Needed to Improve Management of the Expansion Process, and to Assess and Mitigate Program RisksBy Sam NewsAugust 31, 2021The Visa Waiver Program, which enables citizens of participating countries to travel to the United States without first obtaining a visa, has many benefits, but it also has risks. In 2006, GAO found that the Department of Homeland Security (DHS) needed to improve efforts to assess and mitigate these risks. In August 2007, Congress passed the 9/11 Act, which provides DHS with the authority to consider expanding the program to countries whose short-term business and tourism visa refusal rates were between 3 and 10 percent in the prior fiscal year. Countries must also meet certain conditions, and DHS must complete actions to enhance the program's security. GAO has examined DHS's process for expanding the Visa Waiver Program and evaluated the extent to which DHS is assessing and mitigating program risks. GAO reviewed relevant laws and procedures and interviewed agency officials in Washington, D.C., and in U.S. embassies in eight aspiring and three Visa Waiver Program countries.The executive branch is moving aggressively to expand the Visa Waiver Program by the end of 2008, but, in doing so, DHS has not followed a transparent process. DHS did not follow its own November 2007 standard operating procedures, which set forth key milestones to be met before countries are admitted into the program. As a result, Departments of State (State) and Justice and U.S. embassy officials stated that DHS created confusion among interagency partners and aspiring program countries. U.S. embassy officials in several aspiring countries told us it had been difficult to explain the expansion process to foreign counterparts and manage their expectations. State officials said it was also difficult to explain to countries with fiscal year 2007 refusal rates below 10 percent that have signaled interest in joining the program (Croatia, Israel, and Taiwan) why DHS is not negotiating with them, given that DHS is negotiating with several countries that had refusal rates above 10 percent (Hungary, Latvia, Lithuania, and Slovakia). Despite this confusion, DHS achieved some security enhancements during the expansion negotiations, including agreements with several aspiring countries on lost and stolen passport reporting. DHS, State, and Justice agreed that a more transparent process is needed to guide future program expansion. DHS has not fully developed tools to assess and mitigate risks in the Visa Waiver Program. To designate new program countries with refusal rates between 3 and 10 percent, DHS must first make two certifications. First, DHS must certify that it can verify the departure of not less than 97 percent of foreign nationals who exit from U.S. airports. In February 2008, we testified that DHS's plan to meet this provision will not help mitigate program risks because it does not account for data on those who remain in the country beyond their authorized period of stay (overstays). DHS has not yet finalized its methodology for meeting this provision. Second, DHS must certify that the Electronic System for Travel Authorization (ESTA) for screening visa waiver travelers in advance of their travel is "fully operational." While DHS has not announced when it plans to make this certification, it anticipates ESTA authorizations will be required for all visa waiver travelers after January 12, 2009. DHS determined that the law permits it to expand the program to countries with refusal rates between 3 and 10 percent after it makes these two certifications, and after the countries have met the required conditions, but before ESTA is mandatory for all Visa Waiver Program travelers. For DHS to maintain its authority to admit certain countries into the program, it must incorporate biometric indicators (such as fingerprints) into the air exit system by July 1, 2009. However, DHS is unlikely to meet this timeline due to several unresolved issues.In addition, DHS does not fully consider countries' overstay rates when assessing illegal immigration risks in the Visa Waiver Program. Finally, DHS has implemented many recommendations from GAO's 2006 report, including screening U.S.-bound travelers against Interpol's lost and stolen passport database, but has not fully implemented others. Implementing the remaining recommendations is important as DHS moves to expand both the program and the department's oversight responsibilities.[Read More…]
- Last defendant convicted in nationwide synthetic narcotics distributionBy Sam NewsIn Justice NewsSeptember 7, 2021A 47-year-old man will [Read More…]
- Secretary Antony J. Blinken Remarks at a Virtual Discussion with Young Democratic Leaders from Around the World Summit for DemocracyBy Sam NewsDecember 8, 2021Antony J. Blinken, [Read More…]
- California Man Pleads Guilty to 113-Count Federal Hate Crime Indictment for 2019 Poway Synagogue Shooting and Mosque ArsonBy Sam NewsSeptember 17, 2021John T. Earnest, 22, pleaded guilty in federal court to a 113-count indictment for the religiously- and racially-motivated murder of one person and the attempted murders of 53 other persons.[Read More…]