What GAO Found Nonprofit drug companies have more recently emerged as an alternative model to for-profit drug companies. While both bring brand-name and generic drugs to market in the U.S., nonprofit drug companies do not focus on achieving certain profit margins, and their drug development efforts are funded in large part by donations, which are not taxed, unlike for-profit companies. In this report, GAO describes seven nonprofit drug companies. Five focused their missions on lowering drug prices or making drugs available for specific patients (such as uninsured women), or both. Two focused their missions on ensuring a steady supply of generic drugs. Three received funding only from their company founders to support their efforts, two received funding only from organizations, and two received funding from both sources. All three companies with drugs on the market—Civica, Medicines360, and Harm Reduction Therapeutics—received funding in the form of grants or loans from organizations to support their drug development and other related work. These organizations included hospitals, charitable organizations, and a for-profit drug company. The companies' current and planned drugs varied and included drugs with a variety of clinical uses. Company representatives described challenges obtaining funding and expressed concerns about maintaining their tax-exempt status. Representatives from six companies described challenges obtaining enough funding for drug development. For example, representatives from one company described challenges obtaining enough funding from charitable organizations able to donate grants large enough to develop a drug, which the representatives attributed to the limited availability of large grants. Representatives from five companies expressed concerns about maintaining their tax-exempt status when using revenue from their drug sales to support their operations. One drug company reported a concern that revenue from its drug sales could be considered business income unrelated to the company's charitable purpose by the Internal Revenue Service (IRS) and thus taxable. IRS officials told GAO the agency has not taken a position on whether the sale of lower-priced drugs or the sale of drugs to specific patients, for example, serves a charitable purpose. Further, they told GAO that the agency has no set percentage or threshold amount of unrelated business taxable income that would result in the loss of an organization's tax-exempt status. Representatives from the three companies with drugs on the market described the effect of their ongoing efforts. For example, one company sold a new drug-device combination product at a discounted price to certain hospitals and health centers, and another one provided a steadier supply of generic injectable drugs in shortage to hospitals compared to other manufacturers, according to representatives from the two companies. Representatives from some of the hospitals and the health center GAO spoke with generally agreed with the drug companies' assessments of their effect. Why GAO Did This Study In addition to rising drug prices, the U.S. has experienced ongoing drug shortages. Understanding the role that nonprofit drug companies could have in addressing these issues is an interest of Congress and researchers. The Consolidated Appropriations Act, 2023, includes a provision for GAO to review what is known about nonprofit drug companies. This report describes (1) their missions, funding sources, and drug types; (2) challenges they reported; and (3) reported effect of their efforts. GAO defined a nonprofit drug company as an entity that primarily operates to develop, manufacture, and distribute drugs for the U.S. market and that has a federal tax-exempt status. GAO identified seven companies that met its definition. To describe their missions, drugs, challenges, and effect, GAO interviewed representatives from all seven companies and reviewed company documents and studies. GAO interviewed three hospitals, one distributor, and one health center that purchase drugs from the companies about their experiences. GAO selected them based on recommendations from nonprofit drug company representatives and research. GAO interviewed Department of the Treasury and IRS officials about a reported tax-exempt status challenge. For more information, contact John Dicken at dickenj@gao.gov.

Why This Matters Wildfires are becoming more frequent and dangerous. Los Angeles County reported at least 30 deaths from the 2025 wildfires, and property and economic losses could exceed $130 billion. Earlier wildfire detection could save lives and better protect communities. Key Takeaways Wildfire detection technologies are evolving, with improvements to satellites, sensors, and cameras.  Researchers continue to refine wildfire detection algorithms to more accurately detect wildfires. Open policy questions include how to manage large amounts of data and how to balance deploying detection technology with other fire prevention measures. The Technology What are they? Wildfire detection technologies include satellites, aircraft, drones, cameras, and sensors that collect imagery or environmental data. How do they work? Satellites. Satellites can capture images indicating fire over large areas. But image resolution is limited, clouds can interfere, and data lags may occur. Aircraft and drones. Agencies often deploy aircraft when a fire is reported or suspected, and they are exploring the use of drones for this purpose. Some utility companies use drones to mitigate risk by inspecting downed power lines and tree branches touching wires, which can cause fires. Ground-based camera and sensor networks. Cameras near wildlands can monitor for smoke or fire in real time. Sensors on or near trees can look for changes in heat, humidity, or fine particulate solids that may indicate a fire. Cameras and sensors can be arranged in networks within areas of high fire risk, which may enable faster detection and response. Data from these technologies can be analyzed by algorithms and human staff, with fire responders dispatched as needed (see figure). Figure 1: Current and Emerging Wildfire Detection Technologies How mature are they? U.S. government satellites have been used to detect wildfires for decades. But they were not designed for this purpose. Their altitudes and older sensors can make it hard for them to detect small fires before they escalate. Satellites have more often been used to track fire speed, direction, and size. A private nonprofit group launched a pilot satellite specifically for detecting wildfires in 2025. The group’s goals are to provide better resolution and faster data with 50 satellites in orbit by 2030, and to use artificial intelligence (AI) algorithms to spot fires. The U.S. has used aircraft for wildfire detection since the 1920s. Today, they are used ad hoc when weather or seasonal conditions warrant the cost to fly patrols, but smoke and fire pose risks to pilots. Staffing issues may arise, since drone and aircraft pilots need specific training and certification. The use of drones is being tested to address several safety issues before they can be widely adopted. These issues include flight range limitations and concerns about drones crashing if overtaken by smoke or fire. Development and deployment of wildfire cameras and sensors are also in the early phases. For example, the Department of Homeland Security has an ongoing study of hundreds of sensors. In addition, in 2023 California began using an AI system to detect wildfires using images from over 1,100 cameras statewide. More sensors and camera coverage may improve detection, but verification and data transmission may be challenging in remote areas. Additionally, the precise location of any suspected wildfire may still need to be determined by trained personnel and firefighters. Research is ongoing to increase the detection accuracy of algorithms and reduce false alerts, in part by using localized data from past wildfires and prescribed fires set to manage wildland vegetation. Some stakeholders have suggested the development of a unified tool to provide a real time common view of a wide range of wildfire data from federal, state, local, and private entities. Opportunities Faster detection. Emerging technologies and improved detection algorithms may enable quicker response and could save lives and property. Efficiency. Improving wildfire detection accuracy could better direct responders and save costs. Challenges Deployment strategies. The best mix of emerging technologies is not known because their effectiveness for detecting wildfires is still being assessed. Data compatibility. Public and private wildfire detection technologies and data may not be easily integrated and compatible for analyses and quick response. Privacy and data security concerns. Cameras and drones near residences may raise privacy concerns. If these technologies collect private data, those data may then need to be managed and safeguarded. Policy Context and Questions What combination of detection technologies could most cost-effectively maximize coverage and manage wildfire risk? How can data from the many and varied wildfire detection devices be securely accessed and analyzed to enable faster response? How should costs for wildfire detection technologies be balanced with costs for fire prevention management, such as clearing vegetation? Selected GAO Work Artificial Intelligence in Natural Hazard Modeling, GAO-24-106213. Air Quality Sensors, GAO-24-106393. Selected References Honary, Ryan, Jeff Shelton, and Pirouz Kavehpour. 2025. “A Review of Technologies for the Early Detection of Wildfires.” ASME Open Journal of Engineering 4 (January). https://doi.org/10.1115/1.4067645. Mohapatra, Ankita, and Timothy Trinh. 2022. “Early Wildfire Detection Technologies in Practice—a Review.” Sustainability 14 (19): 12270. https://doi.org/10.3390/su141912270. For more information, contact Brian Bothwell at bothwellb@gao.gov.

What GAO Found Cities use smart technologies to improve transportation and law enforcement services. Smart transportation systems include technologies that can be used to detect the number and speed of vehicles traveling along roadways. Data from these technologies generally feed into a transportation management center, which enables traffic managers to analyze this information. Smart technologies that support traffic management use data collected from roadside sensors and sensors within vehicles. Some cities use automatic license plate readers and acoustic gunshot detection systems to support law enforcement operations. Among other uses, automatic license plate readers can be used to cross reference images of license plates with lists of wanted vehicles. When a match is identified, police can be dispatched to the vehicle’s location. Similarly, acoustic gunshot detection systems can pinpoint gunfire location. Houston TranStar Traffic Management Center City officials stated that smart technologies can benefit their delivery of transportation and law enforcement services. However, assessments of benefits are difficult to develop. Researchers stated that agencies may use multiple law enforcement or transportation technologies, making any attribution of effectiveness for individual technologies difficult. For example, Houston TranStar officials stated that its operational success can be attributed to technologies and personnel and that any benefits cannot be attributed to any single technology. Similarly, a law enforcement official stated that in a large city, it can be difficult to expand the use of technologies for law enforcement throughout the city. For example, acoustic gunshot detection systems may not reduce gun crime in the city but only shift it to another area. Experts stated that cities generally lack transparency on smart technologies’ intended use because individuals are told of potential benefits but not potential risks. These experts said that, as a result, individuals and communities often have little knowledge about how smart technologies function or the risk they may face from misuse of their data. Research has found that smart technology data may be used to identify individuals, which increases the potential for scams and can result in economic harms such as increased insurance costs. Experts stated that individuals should ideally be able to consent to use of their data. However, absent conditions for individuals to provide consent, local elected representatives may have a role in approving the use of smart technologies that collect data on individuals. These officials could, for example, establish privacy advisory boards and support use of data governance practices in cities’ contracts with vendors. GAO identified three policy options, in addition to the status quo, that may help with implementation of smart city technologies. The purpose of these options is to provide policymakers—who may include Congress, federal agencies, state and local governments, academia, industry, and other interested groups—with a broader base of information for decision-making. Policy options that could enhance the benefits or address the challenges to the implementation and operation of smart technologies within cities Policy Option Opportunities Considerations Facilitate improved collaboration to evaluate technology use Implementation approach: Policymakers could facilitate collaboration among stakeholders to conduct and share more evaluations on the effectiveness and risks of smart technologies in transportation and law enforcement. Partnerships between local or state governments and academic researchers could better focus on local needs and the extent to which smart technologies can be effective in particular communities. Academics and other stakeholders could better coordinate research efforts and help ensure that existing research resources are better targeted and results more widely shared, helping to avoid duplication, overlap, or fragmentation of research efforts. Partnerships between local or state governments and academic researchers may require deliberate planning and consultation across sectors to identify roles and responsibilities of groups best suited to conduct research and make effective use of resources. Some government entities and experts may require additional resources, such as staff with specific skill sets, to fully collaborate in research efforts. Increase transparency when procuring and using smart technologies Implementation approach: Cities could increase transparency in the use of smart technologies by (1) providing information to individuals and the public of the potential benefits and the potential risks associated with the use of smart technologies, including from the misuse of data collected by smart technologies, and (2) requiring third parties to obtain consent before collecting data, where practical. City governments could help build trust between the city governments and individuals by providing a clear understanding of (1) how smart technologies function; (2) the means by which the city will store, protect, and dispose of data on individuals and control access to these data by third parties, such as data brokers; and (3) the costs, benefits, challenges, and risks presented by use of the technologies. Transparency may reduce the chance that use of the technologies will be disrupted due to misconceptions about their use. Informing individuals about smart technologies and its implementation—considering that multiple language translations might be needed—may be time consuming, which can delay implementation. Informing individuals about smart technologies may require multiple approaches that may become prohibitively expensive. Develop and share effective data governance practices or standards Implementation approaches: Policymakers could work to develop effective practices or standards for data governance and provide training for city procurement officials on them to ensure all city employees, as well as all vendors and contractors, adhere to or adopt such practices and standards. Data governance standards for cities and vendors may help protect individuals from bad actors and may reduce instances of scams, stalking, or other harms. Cities’ data governance agreements with vendors could set terms that protect data on individuals, thereby reducing the likelihood of harmful outcomes. Data governance standards can help individuals understand how their data will be protected. Different levels of government (federal, state, local) may be better suited to implement different data governance standards. City procurement officials may require training or technical assistance to write contracts that protect data, clarify data ownership, and provide a means to ensure vendor compliance through monitoring or enforcement. Status quo   Implementation approach: Policymakers could take no further interventions, allowing current activities to continue. Policymakers could observe outcomes achieved under the status quo and later consider policy actions. Cities not currently using smart technologies could delay acquisition until sufficient evidence regarding their effectiveness is available and issues regarding privacy are addressed. Maintaining the status quo may not be responsive to transparency and data governance challenges, resulting in unresolved or exacerbated risks with increased use of smart technologies.. Source: GAO. | GAO-25-107019 Why GAO Did This Study Cities are increasing their use of smart technologies, which are at various stages of adoption, to improve services. Smart technologies integrate cameras and other sensors with communications equipment that transmits data, which can be analyzed to improve city functions. Those cities using smart technologies may collect large quantities of data obtained either directly or purchased from data brokers. Experts stated that transparency on the use of technologies and controls around managing data is important to successful implementation. Because data from some smart technologies can potentially be used to identify individuals, cities also face issues related to privacy and civil liberties. This report examines (1) how smart technologies can impact a city’s ability to deliver services, (2) the benefits and challenges of using smart technologies, and (3) policy options that could help enhance the benefits or mitigate the challenges of using smart technologies. Based on GAO analysis of different areas where cities use smart technologies, this report focuses on transportation and law enforcement services. To conduct this work, GAO reviewed working papers and other documents; interviewed federal and city officials, academics, and stakeholders from industry; conducted site visits in Atlanta, Houston, San Diego, and the San Francisco Bay area; and convened a 2-day meeting of experts with assistance from the National Academies of Sciences, Engineering, and Medicine. GAO is identifying policy options in this report. For more information, contact Brian Bothwell at BothwellB@gao.gov.

What GAO Found A genome is the complete set of an organism's genes—all the information needed to build and maintain an organism (human or nonhuman) throughout its life. Genetic testing of a person's genome has multiple uses, such as diagnosing disease and identifying gene changes that may increase the risk of disease or that could be passed on to children. Within the Department of Health and Human Services (HHS), the National Institutes of Health (NIH) funds genomic research, the Centers for Disease Control and Prevention (CDC) conducts genomic research, and the Centers for Medicare & Medicaid Services (CMS) pays for medically appropriate genetic testing. In addition, NIH and CDC have repositories for researchers to collect and store genomic data for future research. Foreign regimes in certain countries of concern pose risks to Americans' genomic data, according to the Office of the Director of National Intelligence (ODNI), other federal agencies, and selected experts, but HHS has not fully implemented mitigation measures. In 2021 and 2022, ODNI issued public warnings on the economic, intelligence, privacy, and military risks of Americans' genomic information being collected by foreign governments, noting China as having the motivation and capability to collect such information (see figure). Risks to Americans' Human Genomic Information HHS officials described strategies to mitigate risks to genomic data through existing efforts, including the agency's policy to safeguard the acquisition of mission-critical products, materials, and services that it uses or funds through certain awards, including research grants. However, the HHS Office of National Security (ONS) has not implemented all elements of this policy. Specifically, ONS is required to, among other things, develop and share risk assessment standards and training for operating divisions, such as NIH and CDC, to apply when reviewing grants and mission-critical acquisitions. However, limited resources and differing funding priorities among HHS operating divisions have delayed efforts. Without risk assessment standards and training, operating divisions and HHS leadership are less equipped to apply the policy to grants and acquisitions related to human genomic information. HHS officials and five selected funding recipients GAO spoke with described mostly using domestic genetic testing entities for research and treatment of patients. NIH officials described ways the agency monitors researchers' use of foreign entities, such as reviewing and approving requests to add foreign components to grant awards. However, NIH does not systematically track the use of foreign entities, in part because it collects limited information about genetic services for research. For work conducted by NIH's internal researchers, agency officials attributed this to limitations in NIH's procurement system, such as its inability to distinguish between funding for genetic services and funding for other research and laboratory services. NIH also did not have a code in its database of awards to track whether awards to researchers at external entities involved genetic services. NIH officials described measures they could implement to overcome these limitations, such as collecting more granular data from funding recipients on purchases from foreign entities. While researchers may mostly use domestic entities for genetic services, having information on researchers' use of foreign entities may allow NIH to help inform HHS decisions on how to restrict access to Americans' bulk genomic and other sensitive personal data by countries of concern. NIH and CDC maintain repositories of genomic data and require researchers generating or using these data to follow data management and security measures. For example, pursuant to NIH policy researchers should strip data of personal identifiers according to specified regulations. The agencies also restrict access to certain repositories and investigate data management or security violations. NIH provided GAO with information on various types of confirmed violations between July 2018 and May 2024 (see table). NIH identified these violations through its review of researcher progress updates, researcher self-reports, or whistleblowers. Examples of NIH Genomic Data Management and Security Violations, July 2018 – May 2024 Research conducted outside of the approved request Security breach, such as compromised servers Research outside of secondary use limitations, such as for-profit research Data accessed by unapproved users Data identifiers were not removed Source: GAO analysis of genomic data management violations from the National Institutes of Health (NIH). | GAO-25-107377 However, NIH has not developed or implemented procedures to comprehensively monitor researchers' compliance with data management and security requirements. For example, NIH expects researchers who submit data to its repositories to certify that they meet certain data management and security requirements and restrict physical access to servers storing genomic data. In addition, NIH does not proactively audit the implementation of specific data security requirements, such as data encryption. Similarly, CDC officials stated that not all its centers that have repositories conduct oversight of whether funding recipients comply with data management or security measures for safeguarding health data, including genomic data, as stated in its policies. Therefore, NIH and CDC may be missing violations related to the data management and security of human genomic data that go unreported by researchers. Such violations could leave Americans' genomic data at risk of improper use by foreign regimes in countries of concern. Why GAO Did This Study Research and data on the human genome enable better ways to diagnose and treat diseases such as cancer. However, ODNI and others have warned of national security and other risks to Americans' genomic data. In February 2024, the President signed Executive Order 14117 to prevent access to Americans' bulk sensitive personal data, including personal health and human genomic data, and U.S. government-related data, by countries of concern. These countries, identified by the Department of Justice as directed by the Executive Order, are China, Russia, Iran, North Korea, Cuba, and Venezuela. Congress included a provision in statute for GAO to review the risks and security measures to protect U.S. human genomic information. This report assesses (1) the risks and HHS's efforts to mitigate them, (2) HHS's and selected funding recipients' tracking of the use of genetic services from entities with ties to countries of concern, and (3) the data management and security policies and procedures that protect large-scale human genomic repositories. GAO reviewed documents and interviewed officials from ODNI and from HHS operating divisions involved in national security and genomics research or testing. GAO interviewed five subject matter experts who were selected to provide a mix of perspectives, based on their published works. GAO also interviewed eight HHS funding recipients selected based on the amount of funding from HHS for human genomic-related research. The selected recipients include a mix of research institutions, universities, and hospitals.

What GAO Found The Department of Commerce's National Marine Fisheries Service (NMFS) is responsible for administering the fishery resource disaster program. The process to provide assistance and disburse funds involves several phases. Since January 2014, NMFS received 111 fishery disaster requests. For 56 of the most recently approved requests, NMFS took between 1.3 years and 4.8 years to disburse $642 million. Changes made by 2022 legislation added timelines to the steps; if followed and funding is available, the process should take a little over a year. Process to Provide Fishery Resource Disaster Assistance Stakeholders cited program challenges like long processing times for requests and inadequate communication about request status. NMFS started to implement the timelines created by the 2022 legislation and use a new data system to track requests. But access to this system is limited. Granting access to NMFS officials working on the program could help them respond to questions about request status. Tribal and state officials told GAO they would like more detailed information on the process, including what to include in requests and spend plans. Providing more detailed information on its website would better inform requesters about the information they need to submit. NMFS' workload has increased to implement the statutory timelines added in 2022, but NMFS has not assessed staffing levels for the program. Assessing staffing capacity would help NMFS ensure it has sufficient staffing to administer the program. Some stakeholders said the fishery resource disaster program could learn from other federal programs. GAO reviewed its past work on four disaster-related assistance programs with various design features identified and programmatic challenges compared with the fishery program. Design features included eligible uses of assistance and source of program funding. For example, under the federal crop insurance program, farmers receive financial protection against losses. However, the federal government heavily subsidizes this program and its high cost is a challenge. GAO has made suggestions to Congress to address the program's costs, but they have not been implemented. Why GAO Did This Study Marine fisheries are critical to the nation's economy, generating $321 billion in production sales and supporting approximately 2.3 million jobs in 2022. The number of fish caught and revenue generated can be subject to disasters, such as hurricanes or oil spills. When a disaster occurs, an eligible entity—such as a Tribe, state, or territory—may request federal assistance from the fishery resource disaster program to help fishers and the community recover. GAO was asked to review various aspects of this program. This report addresses, (1) the process to provide assistance; (2) the number of disaster requests from January 2014 through June 2024; (3) challenges with the program; and (4) GAO's past work on selected disaster-related assistance programs and how they compare. GAO reviewed relevant laws, NMFS policies and documents, and NMFS data on fishery resource disaster requests submitted from January 1, 2014, to June 30, 2024. GAO interviewed NMFS officials and stakeholders from 10 states, five tribes, and 11 fishing industry groups and others, selected because of their experience with the program and to reflect different regions. GAO also conducted site visits to Alaska and Louisiana.

What GAO Found The Federal Employees Pay Comparability Act of 1990 (FEPCA) authorized locality pay for General Schedule (GS) employees to address agencies' challenges with recruitment and retention of skilled employees in areas where nonfederal wages exceeded federal wages. Under FEPCA, the President's Pay Agent and Federal Salary Council recommend locality pay adjustments to help reduce pay gaps. The Pay Agent is comprised of the Secretary of Labor and the Directors of the Office of Personnel Management (OPM) and the Office of Management and Budget (OMB). The council is an advisory group—appointed by the President—comprised of three experts in pay and labor relations and six representatives of employee organizations. Of the 2.3 million federal civilian employees in the data analyzed for fiscal year 2023, approximately 1.4 million, or 60 percent, received locality pay. These employees consisted primarily of GS employees, along with certain non-GS employees, such as administrative law judges, authorized by the President to receive locality pay under Title 5. Number of Federal Civilian Employees and Those Who Received Locality Pay Under Title 5, Fiscal Years 2019—2023 The council and Pay Agent use data collected by the Bureau of Labor Statistics (BLS) and OPM to determine the gap between federal and nonfederal pay. Since 2019, the council and Pay Agent have considered, but not agreed upon, ways to enhance the credibility of the methodology used to calculate locality pay. For example: using indicators—such as attrition data—to verify pay gap calculations, including nonsalary benefits when comparing federal to nonfederal pay, and calculating separate rates by major occupational group. All proposed alternatives would have additional costs, but these costs are largely unknown, according to the council and BLS officials. Why GAO Did This Study FEPCA created annual locality-based pay adjustments for GS employees to reduce reported pay gaps between federal and nonfederal employees in each locality area to no more than 5 percent. However, the goal to reduce the pay gap has not been met since 1994—the first year of FEPCA's implementation. This is due to actions taken by the President, Congress, or both since that time. Over time, the Pay Agent and the council have raised budgetary and methodological concerns with how the pay gap is calculated. House Report 118-529, accompanying the National Defense Authorization Act for Fiscal Year 2025, includes a provision for GAO to review locality pay determinations and potential alternatives for the locality pay formula under Title 5, which refers to the pay comparability system established by FEPCA. This report describes (1) the number of federal civilian employees who received locality pay, by agency and pay plan, in fiscal years 2019 through 2023; and (2) the methodology used to calculate locality pay, alternative methods identified by federal agencies and advisory councils, and costs of the alternative methods. GAO analyzed data from OPM on federal employees. GAO also reviewed relevant federal laws, council memorandums, Pay Agent reports, and OPM and BLS documents; and conducted a literature search to identify alternatives. GAO also interviewed OPM and BLS officials, OMB staff, and council members. For more information, contact Dawn G. Locke at locked@gao.gov.

What GAO Found During GAO's audits of the Federal Housing Finance Agency's (FHFA) fiscal year 2024 financial statements, GAO identified deficiencies in FHFA's internal controls. Although these control deficiencies did not affect GAO's overall audit opinion on FHFA's financial statements or internal controls over financial reporting, they nonetheless warrant the attention of FHFA management. Of the control deficiencies identified, GAO considered one—which was related to FHFA not having sufficient guidance for the determination and supervisory review of accounts payable accruals—to be a significant deficiency. GAO identified another deficiency that while less significant, still warrants the attention of FHFA management. This deficiency was related to FHFA's communication of financial accounting requirements between its accounting office and business units. By addressing these deficiencies, FHFA can make it more likely that agency management and employees will prevent, or detect and correct, misstatements in financial reporting. Why GAO Did This Study In November 2024, GAO reported on the results of its audits of FHFA's fiscal year 2024 financial statements and identified deficiencies in FHFA's internal controls. This report presents (1) the internal control deficiencies GAO identified during its fiscal year 2024 audit, (2) recommendations to address the new internal control deficiencies identified, and (3) the status of FHFA's corrective actions to address open recommendations related to internal control deficiencies identified in prior reports. To evaluate FHFA's internal control over financial reporting during its fiscal year 2024 audit, GAO reviewed FHFA policies and procedures; interviewed FHFA management and staff; observed controls in operation; and conducted tests of controls to determine whether controls were designed, implemented, and operating effectively. GAO also determined the status of FHFA's efforts to address recommendations related to internal control deficiencies that GAO identified in prior reports, and that remained open as of September 30, 2023.

What GAO Found The Department of Defense (DOD) employed fewer civilian firefighters than authorized in fiscal years 2019 through 2023, the most current 5 years of data available. According to DOD and Office of Personnel Management (OPM) data, DOD employed approximately 93 percent of its authorized civilian firefighter positions in fiscal years 2019 through 2023. DOD stated that the authorizations represent the minimum staffing that must be maintained to ensure safe operations and that staffing below the authorized levels increases the department’s risk of property loss and environmental damage. DOD has taken limited steps to address long-standing staffing gaps in its civilian firefighter workforce. Since 2003 DOD has identified causes of civilian firefighter staffing gaps (see figure), such as competition from local fire departments. DOD has taken some steps, such as including strategies for civilian firefighter retention in the department’s strategic workforce plan updates, to address these gaps. Causes of the Civilian Firefighter Staffing Gaps Identified by DOD Since 2003 However, DOD has not fully addressed the identified causes of its civilian firefighter staffing gaps through sustained or coordinated efforts. Specifically: DOD has not developed and implemented a department-wide strategy to mitigate the causes of and close civilian firefighter staffing gaps. Such a strategy is required by DOD policy and federal regulations. Developing this would better position DOD to address long-standing civilian firefighter staffing gaps that put firefighters at increased risk of injury. DOD has not consistently set staffing targets for its civilian firefighter workforce or reported on progress in closing identified gaps. Monitoring such efforts will provide DOD leadership better visibility over progress in closing the identified staffing gaps that have the potential to put a strategic program or goal at risk of failure. The military services have not consistently developed or implemented Fire and Emergency Services civilian strategic human capital plans. Such plans, as required by DOD policy, would assess the current state of the workforce and forecast future requirements to manage risks. GAO also found that DOD civilian firefighters at all five selected locations worked more hours than local firefighters and made less per hour in base compensation, while total cash compensation varied. Including an analysis of DOD and local fire departments’ work hours and compensation differences within its department-wide strategy would help DOD make progress toward addressing staffing gaps. Why GAO Did This Study DOD’s Fire and Emergency Services community supports efforts to safeguard and advance vital U.S. national interests by ensuring safety and minimizing loss on DOD installations. DOD civilian firefighters comprise 95 percent of all federal civilian firefighters who provide structural firefighting services, such as responding to building fires. According to DOD, meeting firefighter staffing requirements is important to maintain safe operations. GAO was asked to review issues facing federal agencies with civilian firefighter workforces. This report (1) compares DOD civilian firefighter authorizations with staffing levels, (2) assesses DOD’s efforts to address civilian firefighter staffing gaps, and (3) compares DOD and local government firefighter work schedules and compensation at five locations. GAO reviewed relevant regulations and policies; analyzed DOD and OPM data on staffing, compensation, and hours worked; and interviewed cognizant DOD and OPM officials. GAO interviewed a nongeneralizable sample of firefighters and officials at five DOD installations, selected to obtain variation among the services.

What GAO Found In this ninth annual review, GAO found that the federal agencies that could be subject to the Federal Civil Penalties Inflation Adjustment Act of 1990, as amended (IAA), have published civil monetary penalty inflation adjustments for 2024 in the Federal Register and reported related information in their 2024 or 2023 agency financial reports or equivalent. Why GAO Did This Study The IAA includes a provision, added in 2015, for GAO to annually submit to Congress a report assessing agencies' compliance with the annual inflation adjustments the act requires. For more information, contact Paula M. Rascona at rasconap@gao.gov.

What GAO Found The Department of State leads U.S. government international cyber diplomacy efforts to advance U.S. interests in cyberspace. To help achieve those objectives, State established the Bureau of Cybersecurity and Digital Policy (CDP) in April 2022. In doing so, State addressed GAO's recommendations to involve federal stakeholders and use data and evidence in planning for the bureau. State created the bureau to elevate cyberspace as an organizing concept for U.S. diplomacy by consolidating efforts and leadership of cyber-related activities into a single unit. CDP's cyber diplomacy strategic objectives include building coalitions, strengthening capacity, and reinforcing norms. New Entities State Created in 2022 to Elevate Cyber Priorities In 2024, GAO reported that State conducts a range of diplomatic and foreign assistance activities aligned with U.S. cyber objectives. For example, State works to build coalitions of countries that share U.S. strategic objectives to (1) counter threats to the U.S. digital ecosystem and (2) reinforce global norms of responsible state behavior. CDP leads or coordinates many of these activities for State. For example, CDP rallies countries that share U.S. goals to coordinate policies that advance an open, free, global, interoperable, reliable and secure internet. CDP also facilitates bilateral diplomacy efforts through activities such as interagency whole-of-government cyber dialogues, which involve communication with partner nations. GAO also reported that CDP faced ongoing organizational challenges, including clarifying roles, hiring staff, and ensuring it had the expertise needed to carry out its goals. Although cyber responsibilities are defined under the new structure, roles remain deliberately shared across government, making clarification an ongoing challenge. CDP was also working to clarify State's role in the interagency process and maintain its lead in cyber diplomacy. CDP officials noted that defining roles across overlapping issues and sustaining internal communication and visibility remain key challenges, especially given the broad scope of cyber issues. Ensuring the bureau has trained staff to carry out its goals may also be a challenge. State must effectively navigate these challenges for CDP to achieve its stated goals. Why GAO Did This Study As international trade, communication, and critical infrastructure grow more dependent on cyberspace and digital technology, the U.S. and its allies face intensifying foreign cyber threats in critical areas. Foreign governments and non-state actors are increasingly using cyberspace as a platform from which to target critical infrastructure and U.S. citizens. This undermines democracies and international institutions and organizations. It also undercuts fair competition in the global economy by stealing ideas when they cannot create them. CDP's mission is to promote U.S. national and economic security by leading, coordinating, and elevating foreign policy on cyberspace and digital technologies. This statement discusses: the evolution of cyber diplomacy at State that led to the eventual creation of CDP, including the status of recommendations GAO made during its creation; how the bureau has organized itself to accomplish cyber diplomacy goals and the types of efforts it undertakes; and challenges the bureau faces in fulfilling its goals. This statement is based on three GAO reports related to State's cyber diplomacy programs— GAO-20-607R, GAO-21-266R, and GAO-24-105563. For that work, GAO analyzed State documents and data and interviewed agency officials. For a full list of the reports, see Related GAO Products at the conclusion of this statement. For more information, contact Latesha Love-Grayer at lovegrayerl@gao.gov.

To alert the audit community to changes in professional standards, we periodically issue Professional Standards Updates (PSU). These updates highlight the effective dates of recently issued standards and guidance related to engagements conducted in accordance with Government Auditing Standards. PSUs contain summary information only, and those affected by a change should refer to the respective standard or guidance for details.

In fiscal year 2024, GAO's work yielded over $67.5 billion in financial benefits. Our average return on investment for the past 6 years is $123 for every dollar invested in GAO. In fiscal year 2024, GAO also identified 1,232 programmatic and operational benefits that led to improved services to the American people, strengthened public safety, and spurred improvements across government. Congress routinely uses GAO's work to inform key legislative decisions. For example, based on GAO recommendations, Congress: directed DOD to establish minimum standards for military housing to address poor conditions; required the FAA to develop a strategy to safely integrate drones into the national airspace; and directed the National Nuclear Security Administration to improve cybersecurity practices. GAO's fiscal year 2026 request reflects continued high demand for GAO services. Over the past 4 years, GAO has received, on average, 627 new congressional requests for studies each year, which includes requests from committee leadership and mandates (provisions in legislation and related reports). For example, the latest National Defense Authorization Act and related reports included 95 mandates for GAO; the Water Resources Development Act of 2024 included 26 mandates; and the Federal Aviation Administration Reauthorization Act of 2024 included 36 mandates. In addition to conducting work for new mandates, GAO has over 150 mandates that have recurring reporting requirements. For example, GAO performs annual financial audits of the SEC, FDIC, and IRS, among others. GAO also provides an increasing amount of technical assistance to Members and committees. In fiscal year 2024, GAO provided over 1,100 instances of this informal, quick-turnaround assistance. GAO's fiscal year 2026 budget request is for $933.9 million in appropriated funds and $72.2 million in offsetting receipts. GAO's workforce is projected to shrink by 126 employees in fiscal year 2025 due to the full-year continuing resolution. The fiscal year 2026 budget request would allow GAO to build back some, but not all, of this loss. These resources will enable GAO to meet the priority needs of the Congress, including five key areas of importance to the nation and Congress: National Security Enterprise. GAO evaluates an array of national security efforts in areas such as military readiness, major weapons systems acquisitions, space programs, and the U.S. nuclear complex. The size and complexity of these efforts continue to grow; the fiscal year 2025 continuing resolution increased defense spending by $6 billion over fiscal year 2024 enacted levels. Science and Technology. There is growing demand for GAO's science and technology work. GAO has focused on enhancing this area to meet increased demands from Congress. GAO's science and technology team, for example, provided over 90 technical consultations to Congress in 2024 alone. GAO's portfolio of ongoing and future work includes many aspects of artificial intelligence, medical research and applications, critical minerals recovery, and quantum computing. Fraud Prevention. GAO examines government efforts to safeguard programs from fraud by focusing agencies more on prevention. In 2024, GAO estimated the federal government lost between $233 billion and $521 billion annually between fiscal years 2018-2022. Similarly, GAO reported that agencies estimated $162 billion in improper payments in 2024, but this does not represent the full extent of this problem. Cybersecurity. GAO assesses the development and execution of a comprehensive national cybersecurity strategy, the cybersecurity of 16 critical infrastructure sectors across the U.S., and the security of federal information systems. Health Care Costs. GAO examines the sustainability and integrity of the Medicare and Medicaid programs, Veterans Affairs, DOD, and Indian Health Service health care services. The fiscal year 2026 budget request will also allow GAO to address internal operational needs as well as critical projects and initiatives deferred in fiscal year 2025. Specifically, GAO will advance ongoing IT modernization, cloud management, and storage solutions initiatives while also enhancing internal cyber security controls. Additionally, GAO will continue space optimization projects at both our headquarters building and field offices to increase leasable space and address critical building infrastructure enhancements to improve safety, strengthen reliability, and reduce costs. Background GAO's mission is to support Congress in meeting its constitutional responsibilities and to help improve the performance and ensure the accountability of the federal government for the benefit of the American people. GAO's work spans the full breadth and scope of the federal government's responsibilities. Congress relies on GAO's nonpartisan, objective, and high-quality work to help inform congressional deliberations as well as oversight of the executive branch. GAO routinely conducts work for the Chairs or Ranking Members of over 90 percent of all standing committees. Since fiscal year 2002, GAO's work has resulted in over: $1.45 trillion dollars in financial benefits; and Over 29,000 program and operational benefits that helped to change laws, improve public safety, and promote sound management throughout government. For more information, contact A. Nicole Clowers at ClowersA@gao.gov.

What GAO Found The Department of Defense (DOD) has made some progress in improving its financial management efforts. However, more remains to be done to address significant remaining issues and for DOD to realize its goal of achieving an unmodified (“clean”) audit opinion by the end of 2028. In February 2025, GAO found that DOD's efforts to address its financial management and business systems modernization high-risk areas demonstrated leadership's commitment to addressing them. However, GAO also found that other areas, such as action plans and demonstrating results, needed further attention. GAO also expanded the financial management high-risk area to include fraud risk management. For fiscal years 2017 through 2024, DOD reported about $10.8 billion in confirmed fraud. The full extent of fraud affecting DOD is not known but is potentially significant. Until DOD implements a comprehensive antifraud strategy that effectively aligns with leading practices, as GAO has recommended, its programs and significant expenditures will remain at substantial risk of fraud. DOD has also taken steps to address audit findings in pursuit of its goal of achieving a clean audit opinion in 2028. These have included identifying priority areas and developing a strategy, plans, and roadmaps to systematically address major impediments. According to DOD, it is also studying lessons learned from the Marine Corps' approach, which resulted in clean audit opinions for fiscal years 2023 and 2024. Nevertheless, the DOD Inspector General has identified 17 scope-limiting material weaknesses that are significant roadblocks to DOD's clean audit opinion goal. DOD has developed a timeline for addressing these weaknesses (see figure). DOD's Timeline for Addressing Selected Scope-Limiting Material Weaknesses DOD has made progress in addressing some of its scope-limiting material weaknesses. However, DOD needs to accelerate the pace at which it addresses these long-standing issues. DOD has also achieved a variety of benefits from its efforts to improve its financial management, including cost savings and avoidances and improvements to financial systems and data. GAO has over 100 open recommendations aimed at improving DOD financial management. To make greater progress, DOD needs to address these open recommendations associated with, among other things, challenges DOD faces in meeting target remediation dates, addressing auditor-identified deficiencies, and improving efforts to manage fraud risk. Addressing these recommendations and the DOD Inspector General's material weaknesses will help DOD achieve the benefits of a clean audit opinion and improved program integrity. Why GAO Did This Study DOD is responsible for about half of the federal government's discretionary spending and about 82 percent of the federal government's total physical assets. DOD obtaining a clean audit opinion is important to ensure that its financial statements and underlying financial management information are reliable for decision-making. DOD's financial management and business systems modernization efforts have both been on GAO's High-Risk List since 1995. DOD has taken steps over the last 30 years to improve these areas. However, the department needs to address pervasive weaknesses in its finances, fraud risk management, and IT acquisition management. To help DOD improve its financial management, DOD's auditors have issued thousands of notices of findings and recommendations and identified associated material weaknesses. DOD has taken important steps to address these findings and weaknesses but has faced challenges in meeting target remediation dates. This testimony discusses (1) GAO's high-risk areas of DOD financial management (including fraud risk management) and DOD business systems modernization; (2) DOD's efforts to address audit findings and associated impediments; and (3) DOD's progress, audit benefits, and next steps to achieving a clean audit opinion in 2028. This testimony is based on GAO work from 2020 through 2025 related to DOD financial management. Details on GAO's methodology can be found in each of the reports cited in this statement. For more information, contact Asif Khan at khana@gao.gov, Vijay D’Souza at dsouzav@gao.gov, or Seto Bagdoyan at bagdoyans@gao.gov.

This supplement is a companion to GAO's report entitled Subminimum Wage Program: Employment Outcomes and Views of Former Workers in Two States, GAO-25-106471. The purpose of this supplement is to provide an "Easy Read" version of the report. Easy Read reports are one way some groups make their written information easier to understand. For example, Easy Read documents use short sentences and plain language. Some employers are allowed to pay wages below the federal minimum to people with disabilities. These jobs are called subminimum wage jobs. GAO found that 16 states have passed laws to end subminimum wage jobs. GAO looked at what happened in two of these states, Colorado and Oregon. GAO found that the states could not track what happened to all people who used to work in subminimum wage jobs. Of the people they could track, about half went to community or other jobs. The remaining people the states could track went to unpaid programs like day services or programs that offered job skills training. GAO asked people and their caregivers in these two states about their experiences working in subminimum wage jobs and after subminimum wage jobs ended. They told GAO about both positive and challenging experiences they had in their subminimum wage jobs, as well as in community jobs. For both kinds of jobs, more people talked about positive experiences than challenges they had. For more information, contact Elizabeth Curda at EWISInquiry@gao.gov.

What GAO Found As of January 2025, 16 states had enacted legislation to eliminate the use of 14(c) certificates, according to the Department of Labor (DOL) and state officials. DOL can grant these certificates to employers to pay wages below the federal minimum to certain individuals with disabilities. These states enacted legislation between 2015 and 2025, according to DOL and state officials. States That Have Enacted Legislation Eliminating the Use of 14(c) Certificates as of January 2025, According to DOL and State Information GAO's analysis of data from two selected states that eliminated the use of 14(c) certificates—Colorado and Oregon—provides a partial picture of outcomes in those states. As of 2023 (the most recent data available), fewer than half of the approximately 1,000 people these states were able to track had moved from 14(c) to some other type of employment. This included competitive integrated employment (CIE), which entails earning a competitive wage at or above the federal minimum alongside people without disabilities. The remaining 54 to 61 percent of people the states were able to track were not working but were receiving non-employment services funded by Medicaid, such as day services to build socialization and daily living skills. Both states were not able to easily track outcomes for people who no longer received Medicaid services. Those individuals may or may not be working; may have chosen to retire; may have lost eligibility; or may no longer be living, according to state officials. People who previously worked in 14(c) employment and their caregivers in the selected states discussed positive and challenging experiences related to 14(c) employment and CIE. For both types of employment, more interview participants discussed positive experiences than challenging ones. For instance, people frequently cited liking the tasks they completed and the interpersonal relationships they had in both 14(c) employment and CIE. People also discussed a range of experiences with their transition out of 14(c) employment, such as opportunities for new social connections and challenges related to finding CIE. Why GAO Did This Study The 14(c) program originated from a provision of the Fair Labor Standards Act of 1938. Almost 40,000 people with disabilities were working under 14(c) certificates as of November 2024. Proposed federal legislation to eliminate the use of 14(c) certificates has raised questions about what happens to people when the program is eliminated. GAO was asked to review the effects of eliminating the use of 14(c) certificates on 14(c) workers. This report examines (1) which states have eliminated the use of 14(c) certificates and are collecting outcome data on former employees, (2) post-14(c) employment outcomes in two selected states, and (3) the views of people who previously worked in 14(c) employment and their caregivers in selected states about the transition away from 14(c) employment. GAO selected a nongeneralizable sample of two states, selected in part because they collected multiple years of relevant data. In Colorado, GAO analyzed data on former 14(c) workers from July 2021 to February 2024. In Oregon, GAO analyzed data on former 14(c) workers from July 2014 to April 2024. GAO also conducted in-person interviews with a nongeneralizable sample of 19 individuals from these two states who previously worked in 14(c) employment and their caregivers, selected to represent a range of experiences with the transition out of 14(c) employment in rural and urban settings. For more information, contact Elizabeth H. Curda at EWISInquiry@gao.gov.

What GAO Found The General Services Administration (GSA) selected 362 projects in federal buildings across the U.S. to receive Inflation Reduction Act (IRA) funding, as of January 31, 2025. The funding was targeted to support low-embodied carbon materials, emerging and sustainable technologies, and high-performance green building features. Selected applications included low-emissions concrete, electric heat pumps, and building-level energy meters. GSA's estimated costs for these projects accounted for 99 percent of its total available IRA funding. As of January 31, 2025, GSA reported obligating 49 percent of its available IRA funding and had expended 5 percent (see table). As of February 2025, GSA officials stated that the IRA program is under review and priorities and goals could change. General Services Administration (GSA) Recorded Total Obligations and Expenditures Under the Inflation Reduction Act, as of January 31, 2025 Dollars in millions Inflation Reduction Act program Available Obligated (%) Expended (%) Low embodied carbon materials $2,150 $767 (36%) $102 (5%) Emerging and sustainable technologies $975 $683 (70%) $49 (5%) High-performance green buildings $250 $204 (82%) $25 (10%) Total $3,375 $1,654 (49%) $176 (5%) Sources: GAO (analysis); GSA (data). | GAO-25-107349 GSA followed leading practices in capital decision-making when selecting projects for two of its three IRA programs. Specifically, GSA developed a framework for evaluating and selecting projects for the low embodied carbon and emerging and sustainable technology programs. In contrast, GSA had not established a selection framework for evaluating and selecting projects for the high-performance green building program. GSA officials explained that they focused on developing selection frameworks for the two IRA programs with earlier statutory deadlines of 2026 for obligating funds (the deadline for the high-performance green building program is 2031). Nevertheless, establishing a selection framework with criteria for selecting high-performance green building projects would help ensure that GSA makes sound capital investment decisions for this program, including any adjustments to existing selections that it may choose to make. GSA established 11 performance goals to track progress across its IRA programs as of December 31, 2024. Each goal had one or more quantitative targets with associated time frames. The time frames were typically upon completion of the final IRA project, which was at least several years in the future. However, GSA had not established interim targets for any of the 11 performance goals, which is a practice that could help the agency assess whether it is achieving its goals over time. In addition, no one public document contained all the goals, and the public descriptions of three of the goals did not mention the goals' targets. GSA officials noted that the IRA does not require it to publish performance goals. They said that GSA often chooses not to publish goals beyond those required, instead using them internally to help ensure effectiveness. However, without readily accessible and more complete performance information, Congress and the public will have only limited insight into whether GSA's $3.375 billion in IRA project investments are achieving their intended goals. Why GAO Did This Study GSA maintains more than 1,500 federally owned buildings. The Council on Environmental Quality has identified these buildings as a major source of the federal government's greenhouse gas emissions and energy and water use. The IRA provided GSA with a combined $3.375 billion for sustainability improvements. GAO was asked to review GSA's IRA activities. The IRA also includes a provision for GAO to support oversight of the use of IRA funds. This report examines, as of December 31, 2024, (1) how GSA planned to use its IRA funds, (2) the extent to which it followed leading practices when selecting projects to fund, and (3) the extent to which it established IRA performance goals, among other issues. GAO analyzed GSA's IRA spending plan, including updates as of January 31, 2025, its IRA risk management plan, and other agency documents. GAO interviewed officials who manage GSA's IRA programs and visited three IRA project sites, representing a range of building types and IRA funding programs to observe progress. GAO assessed GSA's efforts for project selection against two leading practices for capital decision-making.

What GAO Found Fifteen federal agencies reported that in total they were appropriated approximately $711.8 billion in Infrastructure Investment and Jobs Act (IIJA) funding available to award as grants to Tribes, states, localities, and territories across over 100 programs. The Department of Transportation was appropriated 74 percent of the available funds for these recipients. Agency Reported Infrastructure Investment and Jobs Act Appropriations for Grant Funding Available to Tribes, States, Localities, and Territories Notes: Agency officials provided these data between September 2024 and March 2025. Grants include federal funding obligated through cooperative agreements. Some of the appropriated funds are also available to entities other than Tribes, states, localities, and territories as determined by the agencies. Appropriations data excludes all actual and projected set-asides, administrative expenses, transfers to inspectors general, and other expenses reported by the agencies. The totals by agency may not add up to the $711.8 billion in Infrastructure Investment and Jobs Act funds identified by agencies as available to Tribes, states, localities, and territories due to rounding. Of the $711.8 billion in potential IIJA funds for grants identified, $580.6 billion (82 percent) became available to the 15 agencies to obligate toward infrastructure projects between fiscal year 2022 and fiscal year 2025. The remaining $131.2 billion (18 percent) will become available for obligation in fiscal year 2026. The obligation deadline for these funds varies depending on the program receiving funds According to data obtained from USAspending.gov, as of December 31, 2024, agencies reported obligating $275.1 billion (47 percent) and outlaying $119.4 billion (21 percent) of the $580.6 billion available between fiscal year 2022 and fiscal year 2025. These obligations and outlays represent 39 and 17 percent, respectively, of the $711.8 billion in IIJA funds identified as available to these recipients. On January 20, 2025, President Trump signed Executive Order “Unleashing American Energy,” which directs agencies to pause disbursement of IIJA funds and review the processes, policies, and programs for issuing grants for the corresponding programs. On January 21, 2025, the Office of Management and Budget issued a memorandum clarifying that the pause on IIJA funds disbursement applies only to funds supporting programs, projects, or activities that contravene administration policies outlined in the executive order. Additionally, on February 26, 2025, President Trump signed an Executive Order directing agencies to review certain grant programs in order to reduce spending and promote efficiency. The extent of public reporting on performance measures and results for IIJA programs varied by agency as of January 2025. Some agencies told GAO that they plan to report more performance information about their IIJA programs in the future. Why GAO Did This Study The IIJA, enacted in November 2021, appropriated funds to federal agencies to support transportation, clean energy and power, broadband, and other infrastructure projects. Agencies continue to distribute much of this funding through grants to Tribes, states, localities, and territories. GAO prepared this report at the initiative of the Comptroller General. This report describes IIJA grant funding and the status of that funding to Tribes, states, localities, and territories. It also describes how agencies are reporting on the implementation of the funds. To conduct this work, GAO reviewed federal laws, regulations, and guidance as well as agency documentation. GAO analyzed publicly available agency data, including data on USAspending.gov, and interviewed officials from 15 agencies that were appropriated IIJA funds available to issue grant awards to Tribes, states, localities, and territories. For more information, contact Jeff Arkin at arkinj@gao.gov.

What GAO Found Pursuant to federal law, the Department of Homeland Security (DHS) implemented a grant program to help state, local, tribal, and territorial governments address cybersecurity risks and threats. As of August 1, 2024, DHS provided about $172 million in grants to 33 states and territories. The grants are funding 839 state and local cybersecurity projects that align with core cybersecurity functions as defined by the National Institute of Standards and Technology (see figure). The projects include developing cybersecurity policy, hiring cybersecurity contractors, upgrading equipment, and implementing multi-factor authentication. Such projects are essential to identifying risks, protecting systems, detecting events, and responding to and recovering from incidents. Overview of Cybersecurity Project Types Approved for State and Local Cybersecurity Grant Program Funding for Fiscal Years 2022 and 2023 In administering the State and Local Cybersecurity Grant Program, DHS's Federal Emergency Management Agency (FEMA) and Cybersecurity and Infrastructure Security Agency (CISA) are responsible for reviewing (1) cybersecurity grant applications and (2) applicants' proposed cybersecurity projects. GAO found that the review and selection processes used by these agencies met the law's specific requirements. For example, CISA used a checklist to validate that applicants' cybersecurity plans contained 16 elements required by the act. GAO also found that seven selected applicants met the grant program's eligibility requirements, with allowed exceptions. For example, applicants were allowed to submit investment justifications without detailing project-level information if they were not yet ready when the applications were due. In these cases, DHS held awarded funds until applicants addressed requirements. Selected state and territory officials had positive feedback about the grant program, such as FEMA's willingness to make improvements to the application process. Officials also noted challenges, including sustaining cybersecurity projects after the grant program ends. For example, officials from three states emphasized the importance of reauthorizing the program. However, officials from other states said that they plan to use other federal grant programs or state and local-level funds to continue funding cybersecurity projects. Why GAO Did This Study State, local, tribal, and territorial governments provide essential services, including public utilities, healthcare, and public safety. To help address cybersecurity risks and threats to these essential services, DHS implemented a cybersecurity program under the State and Local Cybersecurity Improvement Act. The act includes a provision in statute for GAO to review DHS's grant program. This report (1) identifies, categorizes, and describes the projects funded by the grant program, (2) examines the extent to which DHS's grant program review process met the requirements of the act, (3) examines the extent to which selected applicants met eligibility requirements, and (4) describes selected state and territory officials' views on the program. GAO identified and summarized approved cybersecurity projects under the State and Local Cybersecurity Grant Program. GAO analyzed requirements for FEMA and CISA in administering the grant program. GAO also selected a nongeneralizable random sample of seven state and territory grant applicants from various regions of the country to examine the extent to which applicants met eligibility requirements. GAO interviewed selected officials from seven states and two territories who agreed to provide their views on the program. For more information, contact David B. Hinchman at hinchmand@gao.gov, or Tina Won Sherman at shermant@gao.gov.

What GAO Found The Department of Veterans Affairs (VA) is the only federal entity that oversees all state veterans homes. The Centers for Medicare & Medicaid Services (CMS) and state agencies also have an oversight role in some of these homes. While these homes are owned and operated by states, VA helps pay for care for eligible veterans and is required to ensure each home meets VA's quality standards. To do this, VA conducts regular inspections. Homes that do not meet standards can be cited for deficiencies. CMS also conducts inspections in homes that receive Medicare or Medicaid payments and can also cite deficiencies. For example, as of January 2022, CMS inspected 116 of the 153 state veterans homes. In response to GAO's 2022 national survey of state agencies that operate state veterans homes, 43 states also reported inspecting homes for compliance with state-specific regulations. VA has implemented three of four GAO recommendations to strengthen oversight of state veterans homes. For example, VA developed a process to consistently follow up with homes that have not implemented their corrective action plans by agreed upon dates. However, VA has not addressed GAO's recommendation to identify a range of enforcement actions to bring state veterans homes into compliance with quality standards. Unlike CMS, VA lacks a range of enforcement actions (see figure). At the time of GAO's report, over 40 percent of homes were deficient in the same standard in both 2019 and 2021. VA had never used its only enforcement action, withholding payment, considering it too severe for most situations. VA officials said they were considering seeking legislative authority to take additional enforcement actions to ensure compliance with quality standards. Available Enforcement Actions for Department of Veterans Affairs and Selected Actions for Centers for Medicare & Medicaid Services, as of November 2022 However, in 2025, VA officials said they are no longer pursuing the identification of additional enforcement actions and corresponding legislative authority. Instead, in 2024 VA developed a new enforcement plan that strengthens timelines and increases the amount of follow-up with homes that have deficiencies. However, the plan does not include a mechanism to compel compliance with VA's quality standards. GAO maintains that having a range of enforcement options would help VA meet its program goals, align VA's practices with CMS's, and help VA ensure veterans receive quality care in state veterans homes. Why GAO Did This Study Veterans—like many other Americans—rely on nursing home care to help meet their health needs as they age. In fiscal year 2023, VA paid about $1.5 billion for veteran nursing home care provided in state veterans homes. This statement describes (1) oversight of state veterans homes; and (2) the status of VA efforts to implement GAO recommendations to strengthen oversight of state veterans homes. This statement is based on GAO's November 2022 report (GAO-23-105167) on oversight of state veterans homes. To do that work, GAO conducted a nationwide survey to collect information on the 153 state veterans homes providing nursing home care. GAO also reviewed relevant laws and VA documents and interviewed federal and state officials, state veterans homes' officials, and other organizations involved with veteran care, such as veterans service organizations. For this statement GAO reviewed expenditure and utilization data for fiscal year 2023 and provided updates on the status of GAO's recommendations.

What GAO Found The Department of Veterans Affairs' (VA) Accreditation, Discipline, and Fees (ADF) program accredits representatives who help veterans file claims for VA benefits. A key responsibility for ADF staff is reviewing accreditation applications. The ADF program has policies that help staff carry out program responsibilities, such as ensuring representatives are knowledgeable and have good character. For example, it has policies on when to obtain more information if an applicant has a criminal history and how to consider this information when making approval decisions. GAO reviewed a nongeneralizable sample of 35 applications approved in fiscal year 2023 and found that staff generally followed VA's policies. ADF staff also address complaints; however, staff responses depend on whether the subject of the complaint is accredited. Accredited representatives are subject to VA oversight, and ADF staff follow procedures to determine if a program violation occurred and what actions, if any, should be taken. In contrast, ADF officials told GAO they have limited options regarding complaints about unaccredited individuals because VA lacks enforcement authority over them. (Legislation had been proposed to impose criminal penalties in certain circumstances.) ADF officials said they investigate complaints received, issue a “cease-and-desist” letter if warranted, and can refer the complaint to state or federal law enforcement if the unaccredited individual may have committed crimes. In GAO's nongeneralizable sample of 10 complaints against accredited and unaccredited individuals, ADF staff generally followed program procedures. VA is addressing ADF program challenges, but its efforts do not fully apply sound planning practices that could help ensure success. Initiatives and other actions to address key challenges that VA and outside stakeholders have identified include: Training requirements. VA has issued a proposed rule that would increase the frequency of required training hours to ensure representatives are better qualified to provide representation. Deterrence of unaccredited individuals. VA is educating veterans about the safeguards tied to using accredited representatives. Insufficient IT System Capabilities: VA is developing a new IT system to allow staff to track program performance and automate routine tasks. Lacking sufficient workforce resources. VA developed a strategic plan and is analyzing workforce needs to help ADF staff carry out program responsibilities in a timely manner. However, VA has not fully developed plans that detail how it will implement and monitor these program initiatives, contrary to sound planning practices identified in prior GAO work. Specifically, ADF plans do not fully identify specific activities, timelines, or resources needed to complete each of the initiatives. Officials also have not assessed the risks that could affect their plans, or established how they will monitor and report performance. Fully applying these practices will help ensure the success of ADF program initiatives and ensure veterans receive responsible and qualified representation on their VA benefit claims. Why GAO Did This Study Representatives accredited by VA's ADF program serve an important role in helping veterans or their families apply for VA benefits. Accredited representatives must be of good character and meet other requirements established in federal law and regulations. GAO was asked to review VA's ADF program. This report examines (1) VA policies for ensuring representatives are knowledgeable and have good character, (2) how the ADF program addresses complaints against representatives and unaccredited individuals, and (3) the extent to which VA has addressed ADF program challenges. GAO reviewed ADF policies for reviewing applications and addressing complaints. GAO also reviewed nongeneralizable samples of applications and complaints from fiscal year 2023. Further, GAO identified challenges that ADF faces by reviewing VA documents and interviewing VA officials and selected stakeholders familiar with the ADF program, such as veteran service organizations. GAO assessed the ADF program's plans to address challenges against GAO-identified sound planning practices.