United States Government Accountability Office
Report to Congressional Committees
TRANSPORTATION
January 2019
SECURITY
ACQUISITION
REFORM ACT
TSA Generally
Addressed
Requirements,
but Could Improve
Reporting on Security-
Related Technology
GAO-19-96
January 2019
TRANSPORTATION SECURITY ACQUISITION
REFORM ACT
TSA Generally Addressed Requirements, but Could
Highlights of GAO-19-96, a report to Improve Reporting on Security-Related Technology
congressional committees
Why GAO Did This Study What GAO Found
Enacted in December 2014, TSARA Since 2016, the Transportation Security Administration (TSA) generally
introduced legislative reforms to addressed Transportation Security Acquisition Reform Act (TSARA)
promote greater transparency and requirements through its policies and procedures for acquisition justifications,
accountability in TSA’s SRT baseline requirements, and management of inventory. TSA also, among other
acquisitions. actions, submitted a technology investment plan and annual small-business
contracting goals reports to Congress as required.
TSARA contains a provision that GAO
submit two reports to Congress on Since December 2014, TSA reported limited security-related technology (SRT)
TSA’s progress in implementing acquisitions to Congress under TSARA, submitting its first report in August 2018.
TSARA. In February 2016, GAO TSARA contains a report and certification provision pursuant to which TSA is to
issued the first report that found TSA submit information to Congress 30 days prior to the award of a contract for an
had taken actions to address TSARA. SRT acquisition exceeding $30 million. Through July 2018, TSA obligated about
This second report examines TSA’s (1) $1.4 billion on SRT and associated services. TSA officials explained that none of
progress in addressing TSARA these obligations—including 7 SRT orders, each in excess of $30 million—
requirements since 2016, (2) reporting invoked the report and certification provision because the obligations did not
to Congress on SRT acquisitions, and align with TSA’s implementation policy, which provides that the $30 million
(3) internal communication of its threshold relates to the contract ceiling of the initial SRT contract and not to
implementation decisions. GAO individual task and delivery orders. Revising TSA’s policy to include contracts for
examined TSARA and TSA documents services that enhance the capabilities of SRT, including any orders for SRT and
and guidance; analyzed TSA contract associated services in excess of $30 million, would better ensure that Congress
data and reports from TSARA’s has the information it needs to effectively oversee TSA’s SRT acquisitions.
enactment in December 2014 through
July 2018 and September 2018, TSA has not effectively communicated internally its implementation decisions for
respectively; and interviewed DHS and what constitutes an SRT under TSARA. TSA officials described to GAO that SRT
TSA officials on actions taken to must be equipment that is public facing, but TSA’s policy does not clearly state
implement TSARA. GAO also the parameters of what is considered an SRT. Without clear guidance, TSA staff
conducted interviews with TSA officials may be unaware of these parameters and how they apply to future acquisitions
on parameters for reporting on SRT under TSARA. For example, TSA acquisition program staff were initially unable
acquisitions. to confirm for GAO whether the technologies TSA had acquired were SRTs and
thus subject to TSARA. Updating TSA policy to include detailed parameters for
What GAO Recommends what constitutes an SRT would better ensure consistency in applying the act.
GAO recommends that TSA revise its
Examples of Security-Related Technology
policies for the report and certification
provision of TSARA to include
reporting on task and delivery orders
and services associated with SRT, and
clarify in policy what constitutes an
SRT under TSARA. DHS generally
concurred with the recommendations
and described steps it plans to take to
implement them.
View GAO-19-96. For more information,
contact William Russell at (202) 512-8777 or
russellw@gao.gov.
United States Government Accountability Office
Contents
Letter 1
Background 4
TSA Generally Addressed TSARA Requirements 9
TSA’s Narrow Application of TSARA Has Resulted in Limited
Reporting to Congress on SRT-related Acquisitions 14
TSA Has Not Effectively Communicated Internally Its TSARA
Implementation Decisions 24
Conclusion 25
Recommendations for Executive Action 26
Agency Comments and our Evaluation 27
Appendix I Transportation Security Acquisition Reform Act Requirements 29
Appendix II Comments from the Department of Homeland Security 36
Appendix III GAO Contact and Staff Acknowledgements 40
Tables
Table 1: Transportation Security Administration Contract
Obligations for Security-Related Technology (SRT) and
Associated Services, December 18, 2014 through July 31,
2018 16
Table 2: Transportation Security Administration (TSA) Policy for
What Constitutes a Security-Related Technology (SRT)
and a Contract Award for an SRT Acquisition Under the
Transportation Security Acquisition Reform Act (TSARA) 17
Table 3: The Strategic Five-Year Technology Investment Plan 6
U.S.C. § 563 29
Table 4: Acquisition Justification 6 U.S.C. § 563 31
Table 5: Baseline Requirements 6 U.S.C. § 563b 32
Table 6: Inventory Management 6 U.S.C. § 563c 34
Table 7: Small Business Contracting Goals Report 6 U.S.C. §
563d 35
Table 8: Federal Acquisition Regulation Consistency 6 U.S.C. §
563e 35
Page i GAO-19-96 TSA Acquisitions
Figures
Figure 1: Examples of Security-Related Technology Acquired by
the Transportation Security Administration 6
Figure 2: Department of Homeland Security (DHS) Acquisition Life
Cycle for Acquisition Programs 7
Figure 3: Video of the Transportation Security Administration
Innovation Task Force Demonstration of Automated
Screening Lanes 13
Figure 4: Example of the Timeline for a Transportation Security
Administration (TSA) Explosives Detection Systems
Contract 22
Abbreviations
AIT Advanced Imaging Technology
DHS Department of Homeland Security
EDS Explosives Detection System
FPDS-NG Federal Procurement Data System-Next Generation
IDIQ Indefinite-Delivery/Indefinite-Quantity
SRT Security-Related Technology
STIP Security Technology Integrated Program
TSA Transportation Security Administration
TSARA Transportation Security Acquisition Reform Act
This is a work of the U.S. government and is not subject to copyright protection in the
United States. The published product may be reproduced and distributed in its entirety
without further permission from GAO. However, because this work may contain
copyrighted images or other material, permission from the copyright holder may be
necessary if you wish to reproduce this material separately.
Page ii GAO-19-96 TSA Acquisitions
Letter
441 G St. N.W.
Washington, DC 20548
January 17, 2019
The Honorable Roger F. Wicker
Chairman
The Honorable Maria Cantwell
Ranking Member
Committee on Commerce, Science, and Transportation
United States Senate
The Honorable Bennie G. Thompson
Chairman
The Honorable Mike Rogers
Ranking Member
Committee on Homeland Security
House of Representatives
The Transportation Security Administration (TSA) relies on security-
related screening technologies–such as explosives detection systems–to
deter, detect, and prevent prohibited items on board commercial aircraft.
TSA, a component of the Department of Homeland Security (DHS),
anticipates spending a significant portion of its $3.6 billion security
capability acquisition budget on these technologies by fiscal year 2020. 1
Such technologies are vital to TSA efforts to prevent a terrorist attack on
an aircraft using explosives or other prohibited items. In 2017, TSA was
responsible for the screening of about 2.4 million passengers, 4.4 million
carry-on bags, and 1.2 million checked bags at over 440 TSA-regulated
airports in the United States on an average day.
In past work, we found that TSA encountered challenges in effectively
acquiring and deploying passenger and checked baggage screening
technologies and had not consistently implemented DHS policy and best
practices for procurement. 2 Additionally, Congress has recognized that
TSA historically faced challenges in meeting key performance
requirements for several major acquisitions and procurements, resulting
in reduced security effectiveness and inefficient expenditures among
1
TSA, Strategic Five-Year Technology Investment Plan for Aviation Security: 2015 Report
to Congress (Aug.12, 2015).
2
GAO, Advanced Imaging Technology: TSA Needs Additional Information before
Procuring Next-Generation Systems, GAO-14-357 (Washington, D.C.: Mar. 31, 2014).
Page 1 GAO-19-96 TSA Acquisitions
other things. 3 Enacted in December 2014, the Transportation Security
Acquisition Reform Act (TSARA) introduced legislative reforms to
promote greater transparency and accountability with respect to TSA’s
acquisitions of security-related technology (SRT). 4
Under TSARA, we were directed to submit a report to Congress not later
than 1 year after enactment, and are to submit a subsequent report 3
years thereafter, evaluating TSA’s progress in implementing the act. 5 We
provided Congress with the first report in February 2016. We found that
TSA was using its existing acquisitions policies, among other actions, to
meet TSARA requirements. 6 This second report examines (1) TSA’s
progress in addressing TSARA requirements since 2016, (2) the extent to
which TSA reports to Congress on security-related technology
acquisitions under TSARA, and (3) the extent to which TSA internally
communicates its TSARA implementation decisions.
To determine TSA’s progress in addressing TSARA requirements since
2016, we reviewed any updated policy documents and interviewed
officials from DHS and TSA with responsibilities for implementing TSARA
to gain insights on the extent to which TSA’s policies and procedures
have changed since our February 2016 report. In addition, to determine
the extent to which TSA addressed the requirements for the Strategic
Five-Year Technology Investment Plan (technology investment plan) and
3
See, e.g., H.R. Rpt. No. 113-275 (Nov. 21, 2013); (accompanying H.R. 2719, 113th
Cong. (1st Sess. 2013)); S. Rep. No. 113-274 (Nov. 17, 2014) (accompanying S. 1893,
113th Cong. (2d Sess. 2013)).
4
See Pub. L. No. 113-245, 128 Stat. 2871 (2014). (amending title XVI of the Homeland
Security Act of 2002, Pub. L. No. 107-296, 116 Stat. 2135). See also H.R. Rep. No. 113-
275, at 7. TSARA defines “security-related technology” as any technology that assists
TSA in the prevention of, or defense against, threats to United States transportation
systems, including threats to people, property, and information.6 U.S.C. § 561(4). Unless
otherwise indicated, reference to specific provisions of TSARA will be cited using the U.S.
Code.
5
See Pub. L. No. 113-245, § 4(b), 128 Stat. at 2878.
6
We submitted a draft of the first report to the Chairmen and Ranking Members of the
Committee on Commerce, Science, and Transportation United States Senate and the
Committee on Homeland Security House of Representatives on December 18, 2015, in
accordance with TSARA, and subsequently issued a final report that incorporated agency
comments in February of 2016. See GAO, Transportation Security: TSA Has Taken
Actions to Address Transportation Security Acquisition Reform Act Requirements,
GAO-16-285 (Washington D.C.: Feb 17, 2016). See GAO-16-285 appendix I: Status of
TSA Efforts to Address TSARA Requirements, for a list of TSARA’s requirements and the
status of each requirement at the time of issuance.
Page 2 GAO-19-96 TSA Acquisitions
the small business contracting reports in TSARA, we reviewed TSA’s
technology investment plan and TSA’s fiscal years 2015 through 2017
small business contracting reports. Specifically, we (1) analyzed the
updated technology investment plan and small business reports against
TSARA’s requirements and (2) interviewed agency officials to provide
insights into the procedures they used to develop the technology
investment plan and the small business report. To determine whether
TSA is able to ensure it executes its responsibilities under TSARA in a
manner consistent with and not duplicative of the Federal Acquisition
Regulation and departmental policies and directives, we reviewed TSA’s
TSARA Implementation Strategy Memo and supporting documentation,
and interviewed DHS and TSA acquisition officials to verify that policies
contain such assurances. 7 We also interviewed security industry
representatives to gain their perspective on the usefulness of TSA’s
technology investment plan.
To determine the extent that TSA reports to Congress on SRT
acquisitions under TSARA, we reviewed TSA’s TSARA Implementation
Strategy Memo—which recognizes awards for both indefinite-quality
contracts and blanket purchase agreements as subject to TSARA—and
other supporting documentation to identify TSA’s policy for reporting SRT
acquisitions under TSARA and obtained information that TSA submitted
to Congress regarding SRT acquisitions. We interviewed agency officials
to clarify information and provide insights into the rationale for TSA’s
reporting policy. We also interviewed select security manufacturing
vendors for their perspective on TSARA. We reviewed congressional
committee reports to understand the legislative history behind TSARA. To
determine TSA’s obligations for SRT-related acquisitions, we asked TSA
to identify its contracts used for acquisitions of SRT and services
associated with the operation of SRT. We analyzed data from Federal
Procurement Data System-Next Generation (FPDS-NG) from December
18, 2014—TSARA’s date of enactment—through July 2018 on obligations
for SRT contracts and task and delivery orders issued under those
contracts. 8 We obtained FPDS-NG data on obligations for the same time
period for contracts and orders that provide services associated with the
7
TSA, Transportation Security Acquisition Reform Act of 2014 Implementation Strategy
(June 3, 2015). For the purposes of this report, this document is called the TSARA
Implementation Strategy Memo, TSA’s implementation policy, or implementation strategy
memo.
8
The Federal Procurement Data System-Next Generation is a comprehensive, web-based
tool for government agencies to report certain contracts and associated modifications.
Page 3 GAO-19-96 TSA Acquisitions
installation, operation, networking, and maintenance of SRT. Additionally,
we reviewed any of TSA’s TSARA-related reporting to Congress from
December 18, 2014 through September 2018. We assessed the reliability
of the FPDS-NG data by performing electronic testing to identify missing
data or data that is out of the appropriate range and comparing it to data
from TSA’s financial management and accounting system. We
determined that the FPDS-NG data are sufficiently reliable for the
purposes of this report. We interviewed TSA officials responsible for
managing TSA’s security screening programs, related acquisitions, and
the implementation of TSARA to clarify information and provide insights
into the rationale for TSA’s reporting policy.
To determine the extent to which TSA internally communicates its TSARA
implementation decisions, we reviewed TSA’s TSARA Implementation
Strategy Memo for consistency with the parameters TSA officials
described for what constitutes an SRT. We interviewed TSA officials to
gain insights on TSA’s implementation approach—including their
parameters—and how TSA communicates that approach to staff and
compared the implementation approach to relevant federal internal
control standards. 9
We conducted this performance audit from November 2017 to January
2019 in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit to
obtain sufficient, appropriate evidence to provide a reasonable basis for
our findings and conclusions based on our audit objectives. We believe
that the evidence obtained provides a reasonable basis for our findings
and conclusions based on our audit objectives.
The Aviation and Transportation Security Act established TSA as the
Background federal agency with primary responsibility for securing the nation’s civil
aviation system, which includes acquiring technology to screen and
secure travelers at the nation’s TSA-regulated airports. 10 TSARA defines
SRT as any technology that assists TSA in the prevention of, or defense
against, threats to United States transportation systems, including threats
9
GAO, Standards for Internal Control in the Federal Government, GAO-14-704G
(Washington, D.C.: September 2014).
10
See generally Pub. L. No. 107-71, 115 Stat. 597 (2001); 49 U.S.C. § 114.
Page 4 GAO-19-96 TSA Acquisitions
to people, property, and information. 11 As illustrated in figure 1, TSA
acquired various SRT for passenger and baggage screening, including:
• Advanced Imaging Technology (AIT)—screens passengers for
metallic and nonmetallic threats;
• Explosives Trace Detection—detects various types of commercial and
military explosives through chemical analysis on passengers and their
property; and
• Explosives Detection System (EDS)—provides imaging, screening,
and detection capabilities to identify possible threats in checked
baggage contents. 12
11
6 U.S.C. § 561(4).
12
TSA generally does not acquire SRT for air cargo or surface transportation systems.
According to TSA officials, a limited number of explosives trace detection units are
purchased every few years for their air cargo testing facility. Officials stated that TSA’s air
cargo and surface transportation programs largely focus on the development of security
policy, industry engagement, and evaluation of research and development of relevant
security technologies. In general, TSA must ensure that all cargo transported on
passenger aircraft is screened using TSA-approved methods. See 49 U.S.C. § 44901(g).
Page 5 GAO-19-96 TSA Acquisitions
Figure 1: Examples of Security-Related Technology Acquired by the Transportation Security Administration
Page 6 GAO-19-96 TSA Acquisitions
DHS Acquisition Process TSA follows DHS’s policies and procedures for managing its acquisition
programs, including for acquisition management, test and evaluation, and
resource allocation of its SRT. TSA’s acquisition programs and policies
are primarily set forth in DHS Acquisition Management Directive 102-01
(DHS’s acquisition directive) and DHS Instruction Manual 102-01-001,
Acquisition Management Instruction/Guidebook. 13 DHS acquisition policy
establishes that an acquisition program’s decision authority should review
the program at a series of predetermined acquisition decision events to
assess whether the program is ready to proceed through the acquisition
life cycle phases. An acquisition program is established once it has
passed through the phases that establish the acquisition need and
selects an option that meets this need. Figure 2 depicts the DHS
acquisition life cycle.
Figure 2: Department of Homeland Security (DHS) Acquisition Life Cycle for Acquisition Programs
Under DHS’s acquisition directive, TSA is to ensure, among other things,
that required acquisition documents are completed. Two of these key
acquisition documents are:
(1) the life cycle cost estimate, which provides an exhaustive and
structured accounting of all resources and associated cost elements
required to develop, produce, deploy, and sustain a program; and
13
For the purposes of this report, we refer to DHS Acquisition Management Directive 102-
01 as DHS’s acquisition directive. TSA’s acquisition programs are generally subject to the
Federal Acquisition Regulation, which establishes uniform acquisition policies and
procedures for executive agencies, as well as the DHS Acquisition Regulation, which
supplements the Federal Acquisition Regulation through additional acquisition policies and
procedures for the Department. See 48 C.F.R. §§ 1.101, 3001.101.
Page 7 GAO-19-96 TSA Acquisitions
(2) the acquisition program baseline, which establishes a program’s cost,
schedule, and performance metrics.
These documents are used throughout the process to identify instances
when an acquisition program exceeds cost, schedule, or performance
thresholds.
TSA’s acquisition policies, which supplement DHS policies, generally
designate roles and responsibilities and identify the procedures that TSA
is to use to implement the requirements in DHS policies. In December
2017, TSA reorganized its acquisition offices, which are responsible for
implementing TSARA’s requirements, from two offices (Office of
Acquisition and Office of Security Capabilities) into three offices:
Requirements and Capabilities, Acquisition Program Management, and
Contracting and Procurement.
TSARA Requirements TSARA includes a number of requirements for TSA, including developing
and submitting a biennial technology investment plan and annual small
business contracting goals reports to Congress, adhering to various
acquisition and inventory policies and procedures, and ensuring
consistency with Federal Acquisition Regulation and departmental
policies and directives. 14 TSARA also includes requirements for justifying
acquisitions and establishing acquisition baselines, which largely codify
aspects of DHS’s existing acquisition policy described in DHS’s
acquisition directive. 15 TSA fulfills these requirements through the
processes outlined in DHS’s acquisition directive when establishing a new
acquisition program or modifying an existing acquisition program. See
Appendix I for the list of TSARA’s requirements.
14
TSA, Strategic Five-Year Technology Investment Plan Biennial Refresh: 2017 Report to
Congress (Dec. 19, 2017). TSA, Small-Business Contracting Goals Report: Fiscal Year
2015 Report to Congress (Apr. 28, 2016); TSA, Small-Business Contracting Goals Report:
Fiscal Year 2016 Report to Congress (Apr. 7, 2017) and TSA, Small-Business Contracting
Goals Report: Fiscal Year 2017 Report to Congress (Mar. 6, 2018).
15
See, e.g., 6 U.S.C. § 563a(a) (establishing criteria for determining whether an
acquisition is justified).
Page 8 GAO-19-96 TSA Acquisitions
Since 2016, TSA generally addressed TSARA requirements through its
TSA Generally acquisitions policies and procedures. Since our February 2016 report,
Addressed TSARA TSA has also developed and issued an updated technology investment
plan. Further, TSA has continued to submit an annual report to Congress
Requirements on TSA’s performance record in meeting its published small business
contracting goals.
TSA Policies and TSA continues to address TSARA’s requirements, including those related
Procedures Continue to to acquisition justifications, baseline requirements, managing inventory
and consistency with regulations. In addition, TSA developed an updated
Address TSARA’s
technology investment plan and submitted small business contracting
Requirements goals reports to Congress in accordance with TSARA.
Acquisition Justifications TSARA provides that before TSA implements any SRT acquisition, the
agency must, in accordance with DHS policies and directives, conduct an
analysis to determine whether the acquisition is justified. 16 The analysis
must include elements such as cost effectiveness and confirmation that
there are no significant risks to human health or safety posed by the
proposed acquisition, among others. In February 2016, we reported that
DHS and TSA had policies and procedures that were in place prior to
TSARA addressed each of the elements required in the analysis. 17 For
example, DHS’s acquisition directive includes several of these elements
in its process for establishing a new acquisition program. TSARA also
includes a provision requiring TSA to submit information (i.e. report) to
Congress 30 days prior to the award of a contract for an SRT acquisition
over $30 million. 18 TSA established procedures that address this
provision, as discussed later in this report, by developing a template for
providing justifications under this provision.
We found that, since 2016, TSA continues to have policies in place, such
as DHS’s acquisition directive, to address the analysis-related
requirements. TSA officials stated they would use these policies and
procedures to address TSARA’s requirements.
16
See 6 U.S.C. § 563a(a).
17
GAO-16-285.
18
See 6 U.S.C. § 563a(b).
Page 9 GAO-19-96 TSA Acquisitions
Baseline Requirements TSARA requires that before TSA implements any SRT acquisition, the
appropriate acquisition official from the department shall establish and
document a set of formal baseline requirements and subsequently review
whether acquisitions are meeting these requirements. 19 Additionally,
TSARA provides that TSA must report a breach if results of any
assessment find that (1) actual or planned costs exceed the baseline
costs by more than 10 percent, (2) actual or planned schedule for delivery
has been delayed more than 180 days, or (3) there is a failure to meet
any performance milestone that directly impacts security effectiveness. 20
Pursuant to TSARA, in March 2016, TSA reported two breaches to
Congress for the Passenger Screening Program and Security Technology
Integrated Program (STIP), a data management system that connects
transportation security equipment to a single network. 21 Further, in
February 2016, we reported that TSA had policies in place that require it
to prepare an acquisition program baseline, risk management plan, and
staffing requirements before acquiring SRT, in accordance with TSARA
requirements. 22 We found that since our February 2016 report, TSA
continues to leverage the existing DHS acquisition directive to meet all of
TSARA’s baseline requirements.
Managing Inventory TSARA requires that TSA, among other things:
• to the extent practicable, use existing units in inventory before
procuring more equipment to fulfill a mission need;
• track the location, use, and quantity of security-related equipment in
inventory; and
19
See 6 U.S.C. § 563b(a)-(b)(1).
20
See 6 U.S.C. § 563b(b)(2) (providing further that such breach reports, which are to be
submitted to the Committee on Commerce, Science, and Transportation of the Senate
and the Committee on Homeland Security of the House of Representatives, must also
include the cause for such excessive costs, delay, or failure, and a plan for corrective
action).
21
The primary cause of the breach or delivery delay was the new Information Technology
security requirements for the Credential Authentication Technology and the Security
Technology Integrated Program that occurred after the planned schedule was set. TSA,
Passenger Screening Program (PSP) and the Security Technology Integrated Program
(STIP) Delivery Delay Report (Mar. 14, 2016). TSA’s plan for corrective action was to seek
vendor proposals to develop cybersecurity solutions.
22
GAO-16-285.
Page 10 GAO-19-96 TSA Acquisitions
• implement internal controls to ensure accurate and up-to-date data on
SRT owned, deployed, and in use. 23
In 2016, we reported that TSA’s policies and procedures address TSARA
requirements for managing inventory. 24
We found that since our February 2016 report, TSA continues to use
established policies and procedures to address TSARA’s inventory
management requirements. For example, TSA continues to use the
Security Equipment Management Manual, which describes the policies
and procedures that require TSA to use equipment in its inventory if, for
example, an airport opens a new terminal. Additionally, TSA has
procedures to track the location, use, and quantity of security-related
equipment in inventory, regardless of whether such equipment is in use. 25
Specifically, TSA has procedures to track the entire life cycle of
equipment, including initial possession, any moves, and disposal. Further,
TSA continues to use standard operating procedures developed by its
Internal Control Branch, which describe TSA’s system of internal controls
to conduct reviews, report, and follow-up on corrective actions.
Consistency with Regulations TSARA provides that TSA must execute its acquisition-related
responsibilities in a manner consistent with and not duplicative of the
Federal Acquisition Regulation and DHS policies and directives. 26 In
2016, we reported that TSA’s policy documents state that TSA is required
to ensure that its policies and directives are in accordance with the
Federal Acquisition Regulation and DHS acquisition and inventory
policies and procedures. We also reported that according to TSA’s
TSARA Implementation Strategy Memo (implementation strategy memo),
TSA was able to address this requirement by, among other things,
forming a working group as part of an effort to ensure that TSA
implemented TSARA in a manner consistent with the Federal Acquisition
Regulation and DHS policies and directives. We found that no changes
have been made to the implementation strategy memo since our 2016
report and TSA still has policies in place to execute the responsibilities
23
See 6 U.S.C. § 563c(a)-(b).
24
GAO-16-285.
25
TSA, Security Equipment Management Manual (Oct. 14, 2015).
26
6 U.S.C. § 563e.
Page 11 GAO-19-96 TSA Acquisitions
set forth in TSARA in a manner consistent with and not duplicative of the
Federal Acquisition Regulation and DHS policies and directives.
TSA Developed an TSARA requires TSA to develop and submit to Congress a Strategic
Updated Technology Five-Year Technology Investment Plan (technology investment plan) and
update it on a biennial basis. 27 The technology investment plan is to
Investment Plan in
include, among other things, a set of SRT acquisition needs that includes
Accordance with TSARA planned technology programs and projects with defined objectives, goals,
timelines and measures, and an identification of currently deployed SRTs
that are at or near the end of their life cycles.
In August 2015, TSA developed and submitted to Congress the first
technology investment plan and in 2016 we reported that the 2015 plan
generally addressed TSARA requirements. In December 2017, TSA
developed and submitted to Congress an updated technology investment
plan in accordance with TSARA. The updated plan details the aviation
security efforts TSA initiated, developed, or completed since the initial
plan was released. The updated plan also includes the extent to which
TSA’s acquisitions were consistent with technology programs and
projects identified in the initial plan, as required by TSARA. 28
TSA officials stated that a positive effect of TSARA’s requirement to
develop the technology investment plan has been the establishment of
the Innovation Task Force. The task force, created in the Spring of 2016,
is tasked to identify and demonstrate emerging capabilities and facilitate
other innovative projects at select airports. TSA established the task force
based on feedback from industry representatives provided during
development of the initial plan. 29 A TSA official who manages the task
27
6 U.S.C. § 563(a), (g). The TSA Modernization Act, enacted as part of the FAA
Reauthorization Act of 2018 on October 5, 2018, amends § 563 by, among other things,
requiring TSA, in collaboration with relevant industry and government stakeholders, to
annually submit an update of the plan in an appendix to the budget request and publish it
in an unclassified format in the public domain. See Pub. L. No. 115-254, div. K, tit. I,
subtit. B, § 1917, 132 Stat. 3186 (2018).
28
See 6 U.S.C. § 563(g)(2).
29
The TSA Modernization Act, enacted in October 2018, establishes In a statute a
requirement for TSA to establish an innovation task force to, among other things, cultivate
innovations in transportation security and, in doing so, is to conduct activities to identify
and develop an innovative technology, emerging security capability, or process designed
to enhance transportation security. See Pub. L. No. 115-254, div. K, tit. I, subtit. B, § 1916,
132 Stat. 3186.
Page 12 GAO-19-96 TSA Acquisitions
force said that it led to efficiencies in TSA’s acquisition process. The
official noted, for example, that the task force began demonstrating
Automated Screening Lanes in March 2016 and by October 2016 DHS
approved additional deployments of the technology. For a video of TSA’s
Innovation Task Force demonstration of Automated Screening Lanes, see
the hyperlink in the note for figure 3.
Figure 3: Video of the Transportation Security Administration Innovation Task
Force Demonstration of Automated Screening Lanes
Note: To view the full TSA-produced video, please click on the video hyperlink.
TSA Continues to Submit TSARA requires TSA to submit an annual report to Congress on TSA’s
Required Small Business performance record in meeting its published small business contracting
goals during the preceding fiscal year. 30
Reports to Congress
If the preceding year’s goals were not met or TSA’s performance was
below the published small business contracting goals set for the
department, TSARA requires that TSA’s small business report includes a
30
See 6 U.S.C. § 563d (providing that such report shall be submitted to the Committee on
Commerce, Science, and Transportation of the Senate and the Committee on Homeland
security of the House of Representatives). See also 15 U.S.C. § 644(g)(2) (requiring the
head of each federal agency to, after consultation with the Small Business Administration,
establish goals for the participation by small business concerns in procurement contracts
of the agency).
Page 13 GAO-19-96 TSA Acquisitions
list of challenges that contributed to TSA’s performance and an action
plan, with benchmarks, for addressing each of the challenges identified
that is prepared after consultation with other federal departments and
agencies. 31 Since our last review, TSA has submitted small business
reports for fiscal years 2014 through 2017 and has reported achieving its
small business contracting goals.
Through July 2018, TSA’s narrow application of TSARA’s report and
TSA’s Narrow certification provision resulted in no SRT acquisitions being reported to
Application of TSARA Congress pursuant to TSARA. In August 2018, TSA provided its first
three notifications on SRT acquisitions to Congress under this provision.
Has Resulted in
Limited Reporting to
Congress on SRT-
related Acquisitions
31
See 6 U.S.C. § 563d(2).
Page 14 GAO-19-96 TSA Acquisitions
None of the Over $1 TSA did not provide any information on contract awards or task or
Billion TSA Obligated to delivery orders for the acquisition of SRT and associated services to
Congress under TSARA’s report and certification provision from
Acquire SRT and
enactment through July 2018. Under the provision, TSA is to provide
Associated Services From Congress with a comprehensive justification and a certification that the
December 18, 2014 benefits to transportation security justify the contract cost not later than 30
Through July 2018 days preceding the award of a contract for any SRT acquisition over $30
Resulted in TSA Reporting million. 32
Under TSARA Our analysis of FPDS-NG data on contract obligations from December
18, 2014 through July 2018 found approximately $1.4 billion in obligations
for acquisitions of SRT and for services associated with the operation of
SRT, as shown in table 1. 33 Specifically, TSA obligated $591 million for
SRT. For services associated with an SRT that are necessary to ensure
its continuous and effective operation, such as maintenance and
engineering support services, TSA obligated $772 million during this
timeframe. 34
32
See 6 U.S.C. § 563a(b) (providing further that this information is to be submitted to the
Committee on Commerce, Science, and Transportation of the Senate and the Committee
on Homeland Security of the House of Representatives). For the purposes of this report,
we refer to the submission of information under this provision as a report. In addition to
TSARA’s report and certification provision, TSA is subject to separate statutory reporting
obligations to Congress in accordance with a recurring provision DHS’s annual
appropriations acts, as implemented through the DHS Homeland Security Acquisition
Manual and TSA Internal Guidance and Procedure Memorandum 0500.39 (May 18,
2018). Specifically, TSA must provide notification to the Committees on Appropriations of
the Senate and House of Representatives 5 full business days in advance of new contract
awards and task and delivery orders on DHS multiple award contracts, among other
award types, totaling in excess of $1,000,000. See, e.g., Pub. L. No. 115-141, div. F, §
507, 132 Stat. 348 (2018). Notification under this appropriations provision is to include the
amount of the award, the fiscal year for which the funds for the award were appropriated,
the type of contract, and the account from which the funds are being drawn; it is not
required to contain the more evaluative information, such as the results of the
comprehensive acquisition justification and the cost-benefit certification required under
TSARA.
33
TSA officials identified the following technologies that, as of September 2018, are the
only technologies acquired by TSA that fall within TSARA’s SRT definition: AIT, Advanced
Technology, Bottle Liquid Scanners, Explosives Trace Detection, Walk-through Metal
Detector/Enhanced Metal Detector, Explosives Detection System, Boarding Pass
Scanner, Credential Authentication Technology, Computed Tomography, and Automated
Screening Lane.
34
Engineering support may include addressing changing security needs related to the
operation of SRT, such as software or hardware improvements and threat detection
algorithm development that help meet the security screening requirements.
Page 15 GAO-19-96 TSA Acquisitions
Table 1: Transportation Security Administration Contract Obligations for Security-Related Technology (SRT) and Associated
Services, December 18, 2014 through July 31, 2018
SRT and Description Total Obligations
Associated Services (Dollars in millions)
a
SRT Acquisition of SRT 591
Maintenance Services All types of maintenance services for SRT, including corrective and 581
preventative maintenance
System Integration Installation and deployment of SRT 132
Security Technology Integrated SRT network connectivity 44
Program
Security Technology Support Engineering support, system management, information technology support 15
b
Services for SRT
Total 1,363
Source: GAO analysis of Federal Procurement Data System-Next Generation data. | GAO-19-96
Note: The total obligations for associated services (Maintenance Service, System Integration,
Security Technology Integrated Program, and Security Technology Support Services) is
approximately $772 million.
a
TSA’s contracts for SRT may also include associated services, such as engineering support
services, threat detection algorithm development, installation and deployment of equipment, training
services, maintenance services, and the purchase of equipment warranties.
b
Engineering support may include addressing changing security needs related to the operation of
SRT, such as software or hardware improvements, threat detection algorithm development, and other
system enhancements that help meet the security screening requirements.
TSA’s Policy for TSA officials said that none of the agency’s acquisition activities from
Implementing TSARA’s enactment through July 2018 invoked TSARA’s report and certification
provision because the activities did not align with TSA’s policy that
Report and Certification
identifies SRT acquisitions subject to this provision. TSA’s policy on what
Provision Reflects a constitutes an SRT and the award of a contract for an SRT acquisition
Narrow Application of the ultimately determine what acquisitions are subject to TSARA’s report
Act
Page 16 GAO-19-96 TSA Acquisitions
and certification provision. 35 See table 2 for TSA’s policy.
Table 2: Transportation Security Administration (TSA) Policy for What Constitutes a Security-Related Technology (SRT) and a
Contract Award for an SRT Acquisition Under the Transportation Security Acquisition Reform Act (TSARA)
SRT Equipment or technologies procured by TSA, for the screening and inspection of persons, property, and
credentials, as well as equipment or technologies that the public directly interacts with or is impacted
by.
Contract award for an SRT The TSARA report and certification provision for the award of a contract for an SRT acquisition pertains
acquisition to an initial equipment contract award, including indefinite-quantity contracts or blanket purchase
agreements, where the contract ceiling exceeds the $30 million threshold or any SRT contract award
that will potentially exceed the $30 million threshold when combined with future estimated contract
awards for the same technology type. It does not apply to individual task and delivery order awards
issued under the parent contract.
Source: GAO analysis of TSA documentation and officials’ statements. | GAO-19-96
Note: Indefinite-delivery contracts are awarded to one or more contractors to acquire supplies and/or
services when the exact times and/or exact quantities of future deliveries are not known at the time of
award. See 48 C.F.R. § 16.501-1. Indefinite-quantity contracts provide for an indefinite quantity,
within stated limits, of products or services during a fixed period. § 16.504(a). In general, pursuant to
an indefinite-delivery/indefinite-quantity contract agencies issue orders for the delivery of supplies or
for the performance of tasks during the period of the contract. See § 16.501-1. In general, agencies
may use blanket purchase agreements under FAR part 8.4 to acquires supplies and services through
the Federal Supply Schedule program, which is directed and managed by the General Services
Administration and provides federal agencies with a simplified process for obtaining commercial
supplies and services at prices associated with volume buying, and under FAR part 13.3 as a
simplified method of filling anticipated repetitive needs for supplies or services by establishing “charge
accounts” with qualified sources of supply but subject to a dollar threshold. See 48 C.F.R. §§ 8.402,
13.303-1.
35
As stated above, the TSARA report and certification provision requires TSA to submit
information to congressional committees at least 30 days before the award of a contract
for any SRT acquisition over $30 million. 6 U.S.C. § 563a(b). The Federal Acquisition
Regulation (FAR) defines “acquisition” as the acquiring by contract with appropriated
funds of supplies or services (including construction) by and for the use of the Federal
Government through purchase or lease, whether the supplies or services are already in
existence or must be created, developed, demonstrated, and evaluated. 48 C.F.R.
§ 2.101. The FAR establishes that acquisition begins at the point when agency needs are
established and includes the description of requirements to satisfy agency needs,
solicitation and selection of sources, award of contracts, contract financing, contract
performance, contract administration, and those technical and management functions
directly related to the process of fulfilling agency needs by contract. Id. The FAR defines a
“contract” as a mutually binding legal relationship obligating the seller to furnish the
supplies or services and they buyer to pay for them, and establishes that contracts include
(but are not limited to) awards and notices of awards; job orders or task letters issued
under basic ordering agreements; letter contracts; orders, such as purchase orders, under
which the contract becomes effective by written acceptance or performance; and bilateral
contract modifications. Id.
Page 17 GAO-19-96 TSA Acquisitions
TSA’s TSARA Implementation Strategy Memo states, “[t]o support
[TSARA] and ensure Congress is receiving the necessary information
regarding critical TSA acquisitions, TSA will focus on security screening
related technologies[,]” which will ensure “the necessary actions are
implemented for those technologies the public directly interacts with (i.e.
is impacted by).” 36 According to TSA officials, security screening related
technologies, i.e. SRT, subject to TSARA must (1) be equipment or
technology and (2) interact with (or impact) the public. Specific examples
of SRT subject to TSARA, as identified by TSA officials, are the
equipment typically deployed to airports to assist in the physical
screening of passengers and their property, such as AIT, EDS, and
boarding pass scanners.
TSA officials explained that in accordance with its policy, TSA provided its
first three notifications to Congress under TSARA’s report and
certification provision in August 2018, more than 30 days prior to the
award of three new SRT contracts, each with ceiling values in excess of
$30 million. 37
TSA Does Not Report SRT- Since the enactment of TSARA through July 2018, TSA awarded multiple
Associated Services Under indefinite-delivery/indefinite-quantity (IDIQ) contracts and entered into a
TSARA blanket purchase agreement for services associated with the operation of
SRT, each with values in excess of $30 million, and issued orders under
36
Transportation Security Administration, Transportation Security Acquisition Reform Act
of 2014 Implementation Strategy (June 3, 2015).
37
In September 2018, TSA awarded two contracts related to Reduced Size Explosives
Detection Systems with contract values of $40 million and $58 million, to purchase and
install new units and retrofit deployed units with new hardware and software to improve
threat detection capabilities. TSA also awarded a $500 million indefinite-delivery/indefinite-
quantity contract to purchase and install Medium Speed Explosives Detection Systems.
Page 18 GAO-19-96 TSA Acquisitions
the contracts and agreement that exceeded $30 million. 38 In accordance
with TSA’s implementation policy, which applies to acquisitions of
physical screening equipment, TSA did not report these acquisition
actions under TSARA’s report and certification provision.
TSA officials said, consistent with its implementation policy, that services
associated with the operation of the SRT, such as engineering support,
maintenance services, and other services described in table 1, are not
SRT, as TSARA defines the term, because they are not equipment that
directly interacts with the public. Associated services, however, are
necessary to ensure the effective performance of SRT. For example,
engineering support can assist in addressing changing security needs,
such as through the development of threat detection algorithms and other
software or hardware improvements. Associated services have also been
used to extend the intended lifecycle of SRT already deployed to airport
checkpoints. TSA officials said that research and development
advancements have allowed TSA to upgrade existing equipment that had
reached the end of its initial lifecycle rather than acquire new equipment.
Further, TSA will likely need to increase spending on maintenance
services because the equipment parts may break down when used past
their intended life cycles. Consequently, through maintenance and
hardware improvements, for example, TSA has been able to offset the
need to procure new SRT by upgrading and maintaining existing SRT.
38
Indefinite-delivery contracts are awarded to one or more contractors to acquire supplies
and/or services when the exact times and/or exact quantities of future deliveries are not
known at the time of award. See 48 C.F.R. § 16.501-1. Indefinite-quantity contracts
provide for an indefinite quantity, within stated limits, of products or services during a fixed
period. § 16.504(a). In general, pursuant to an IDIQ contract agencies issue orders for the
delivery of supplies or for the performance of tasks during the period of the contract. See §
16.501-1. In general, agencies may use blanket purchase agreements under FAR part 8.4
to acquires supplies and services through the Federal Supply Schedule program, which is
directed and managed by the General Services Administration and provides federal
agencies with a simplified process for obtaining commercial supplies and services at
prices associated with volume buying, and under FAR part 13.3 as a simplified method of
filling anticipated repetitive needs for supplies or services by establishing “charge
accounts” with qualified sources of supply but subject to a dollar threshold. See 48 C.F.R.
§§ 8.402, 13.303-1.
Page 19 GAO-19-96 TSA Acquisitions
Examples of contract actions for the associated services described in
table 1 include:
• Maintenance Services: TSA awarded three IDIQ contracts in 2015
and 2016, with ceiling values ranging from $76 million to $222 million,
and issued 10 orders under these IDIQ contracts with obligations that
each exceeded $30 million;
• System Integration: TSA awarded three IDIQ contracts in 2015, each
with a ceiling value of $450 million;
• STIP: In November 2017, TSA awarded a blanket purchase
agreement with a ceiling value of $250 million; and
• Security Technology Support Services: TSA awarded three IDIQ
contracts in 2017 with ceiling values ranging from $65 million to $169
million.
The report of the Committee on Homeland Security of the House of
Representatives on TSARA explains that the law introduces greater
transparency and accountability for TSA spending decisions and codifies
acquisition best-practices that the committee believes will result in more
effective and efficient SRT acquisitions at TSA. 39 As explained in the
report, TSARA is, in part, a response to historical examples where TSA
spent significant funds on SRT acquisitions that failed to meet security
performance objectives or wasted federal funds. 40 Consistent with the
purpose of the statute expressed in the committee report, TSARA’s report
and certification provision promotes greater transparency over TSA
acquisition practices.
TSA obligates a significant amount of funds—approximately $772 million
from TSARA’s enactment through July 2018—for services that help
ensure the effective and continuous operation of SRT. Applying TSARA’s
report and certification provision to a broader range of services
associated with the operation of SRT would provide Congress with
39
See H.R. Rep. No. 113-275, at 7. See also S. Rep. No. 113-274.
40
Among other examples, the committee report references the $29.6 million acquisition of
207 explosives trace portal (puffer) machines in 2006, which represented the first
deployment of a checkpoint technology whose development had been initiated by TSA,
and states that the machines had been inadequately tested and failed to work in dirty,
humid airport environments, which ultimately resulted in them being removed from
service. See H.R. Rep. No. 113-275, at 15.
Page 20 GAO-19-96 TSA Acquisitions
increased transparency and improved oversight of TSA’s SRT acquisition
practices.
TSA Does Not Report SRT According to TSA’s TSARA implementation policy, indefinite-quantity
Task and Delivery Orders contracts or blanket purchase agreements for “security screening related
Under TSARA technology equipment”, i.e. SRT, are subject to TSARA’s report and
certification provision when the ceiling value exceeds $30 million. 41 The
implementation policy also explains that the provision does not apply to
individual task and delivery orders placed under these contracts or
agreements. 42 However, IDIQ contracts typically have a lengthy period of
performance—for example one base year followed by four option years.
Specifically, from December 18, 2014 through July 2018, all of TSA’s 14
active contracts for SRT were IDIQ contracts awarded prior to the
enactment of TSARA on December 18, 2014. Further, 8 of the 14
contracts had been in place for 5 or more years, and according to TSA
officials, the agency had extended the original period of performance for 9
of the 14 contracts. Per its implementation policy, TSA did not report to
Congress under TSARA’s report and certification provision on the seven
task orders, ranging from $31 million to $70 million, to purchase and
install EDS, EDS upgrade kits, and explosives trace detection systems
issued under IDIQ contracts in place at the time of TSARA’s enactment. 43
41
Transportation Security Administration, Transportation Security Acquisition Reform Act
of 2014 Implementation Strategy (June 3, 2015).
42
For other contract types, the implementation strategy memo explains that the report and
certification provision applies to any award that exceeds $30 million or any award that will
potentially exceed $30 million when combined with future estimated contract awards for
the same technology type. For an example of how the combination of future estimated
contract awards requires compliance with TSARA’s report and certification provision, the
implementation policy provides, and TSA further explained, that when a contract is
awarded for a particular SRT type (e.g., advance imaging technology) at $20 million in
fiscal year 2015, and it is anticipated that an additional award of $10 million for AIT will be
let in fiscal year 2016 at $10 million, the report and certification provision would apply and
TSA would provide the requisite information 30 days before the first of the two contract
awards. TSA further explained that in the event the cumulative amount of contract awards
for a particular SRT exceeds $30 million (i.e., where such a cumulative amount is not
initially anticipated), the report and certification provision would be applicable and TSA
would submit the requisite information at the time the cumulative amount in excess of the
$30 million threshold becomes known.
43
An EDS upgrade kit addresses the technical obsolescence of EDS deployed in the field
and includes the installation of new hardware and software on to the EDS. In accordance
with the recurring requirement in DHS’s annual appropriations acts, as implemented
through the DHS Homeland Security Acquisition Manual and TSA Internal Guidance and
Procedure Memorandum 0500.39, TSA provided requisite notification to the
appropriations committees with respect to the seven task orders.
Page 21 GAO-19-96 TSA Acquisitions
See figure 4 for an example of an EDS IDIQ contract where TSA issued
orders in excess of $30 million and extended the contract’s original period
of performance.
Figure 4: Example of the Timeline for a Transportation Security Administration (TSA) Explosives Detection Systems Contract
a
Indefinite-Delivery / Indefinite-Quantity contracts provide flexibility in cases where the government
cannot determine the exact quantities and required timing of a product or service. In general, the
government must order, and the contractor must provide, a minimum agreed-upon quantity of
products or services and the contractor must provide any other quantities ordered by the government
up to a stated maximum during the contract’s period of performance.
b
Enacted in December 2014, TSARA introduced legislative reforms to promote greater transparency
and accountability with respect to TSA’s acquisitions of security-related technology. See Pub. L. No.
113-245, 128 Stat. 2871 (2014); see also H.R. Rep. No. 113-275, (Nov. 21, 2013), at 7
(accompanying H.R. 2719, 113th Cong. (1st Sess. 2013)).
One of TSA’s most recent SRT contract awards further illustrates how
TSA’s policy to only report on initial contract awards, and not orders
issued pursuant to the contract, has resulted in limited reporting under
TSARA’s report and certification provision. In September 2018, TSA
awarded a new $500 million IDIQ contract for the acquisition of medium
speed explosives detection systems. TSA reported this contract award to
the requisite committees pursuant to the report and certification provision
and consistent with its implementation policy. 44 However, under TSA’s
policy, this is the only notification that Congress will receive pursuant to
44
TSA also submitted notification of the award of this contract to the appropriations
committees in accordance with the recurring requirement in DHS’s annual appropriations
acts, as implemented through DHS and TSA policies.
Page 22 GAO-19-96 TSA Acquisitions
TSARA over the course of the contract’s period of performance. For
example, TSA also issued a $55 million order to purchase and install
medium speed EDS units under this IDIQ contract, but per its
implementation policy, TSA did not report on this order under the
provision to Congress and per its policy would not do so for any
subsequent orders during the contract’s period of performance. 45
TSA has developed a policy with parameters for determining which
contract actions are subject to TSARA. However, TSA’s policy limits the
application of the report and certification provision only to initial contract
awards for physical security screening equipment. According to TSA
officials, TSA established this policy in order to ensure Congress is
informed as early as possible that there is potential for an award in
excess of $30 million as opposed to the point at which amounts awarded
reach $30 million. However, the implementation policy expressly excludes
orders in excess of $30 million issued under IDIQ contracts or blanket
purchase agreements for SRT.
Due to this narrow application of TSARA to its SRT acquisitions, TSA did
not report any information to Congress pursuant to TSARA’s report and
certification provision through July 2018. In addition, as currently
implemented this policy will continue to result in TSA providing Congress
with limited information in the future. As described earlier, TSARA was
enacted to introduce greater transparency and accountability for TSA
spending decisions. 46 Because TSA’s policy for the report and
certification provision excludes reporting on task and delivery orders, TSA
misses the opportunity to inform Congress of the more routine SRT
obligations that exceed TSARA’s $30 million threshold. 47 In addition,
applying TSARA’s report and certification provision to services that result
45
TSA issued the order simultaneous with the award of the IDIQ contract, but did not
make any mention of this in the notification it provided pursuant to TSARA. TSA did,
however, provide notification to the appropriations committees within 5 days in advance of
issuing the order.
46
See H.R. Rep. No. 113-275, at 7; see also S. Rep. No. 113-274.
47
Such a requirement would be consistent with the broader statutory requirement that
serves as the basis for DHS’s policy to provide 5 day advance notice to the appropriations
committees for the award of contracts, including task or delivery orders, in excess of $1
million. See, e.g., Pub. L. No. 115-141, div. F, § 507, 132 Stat. 348 (2018). However,
unlike the 5-day notice TSA provides to the appropriations committees, TSARA requires
TSA to report to its authorizing committees 30 days prior to the award of an SRT
acquisitions contract that exceeds $30 million.
Page 23 GAO-19-96 TSA Acquisitions
in new capabilities, enhancements, or otherwise upgrade SRTs would
provide Congress with increased transparency and improved oversight of
TSA’s SRT acquisition practices.
TSA has not effectively communicated its implementation decisions
TSA Has Not internally for what constitutes an SRT under TSARA. After the enactment
Effectively of TSARA, TSA formed a working group to evaluate the act and develop
an implementation strategy. The resulting policy is documented in TSA’s
Communicated TSARA Implementation Strategy Memo, published in June 2015.
Internally Its TSARA According to TSA officials, the memo is the only formal document that
describes TSA’s TSARA policy. Among other things, the memo
Implementation designates roles and responsibilities for TSARA’s requirements and
Decisions outlines TSA’s approach to implementing each requirement.
To explain what constitutes an SRT for the purposes of TSARA, TSA
officials described various parameters to us that guide their decision-
making. However, not all of these parameters are documented in the
implementation strategy memo. Specifically, the memo states that, “To
support [TSARA] and ensure Congress is receiving the necessary
information regarding critical TSA acquisitions, TSA will focus on security
screening related technologies. This ensures the necessary actions are
implemented for those technologies the public directly interacts with (i.e.
is impacted by).” TSA officials clarified for us that technologies the public
does not directly interact with or that do not otherwise impact the public in
some physical manner, such as STIP and Secure Flight, are not
considered SRT and thus not subject to TSARA, but this distinction is not
clearly documented. 48 Further, the memo does not explicitly explain which
technologies are considered SRT and which are not. For example, TSA
officials told us that SRT under TSARA excludes software such as
updates to threat detection algorithms, and other associated services
such as STIP, but this is not documented in the memo.
TSA acquisition program staff are responsible for determining if a new
acquisition qualifies as SRT under TSARA and initiating TSA’s
48
According to TSA officials, another reason that STIP is not considered an SRT under
TSARA is that TSA does not procure any equipment for the screening and inspection of
persons, property, and credentials under the program. For reasons similar to STIP, TSA
does not consider Secure Flight—its passenger prescreening program that screens
passenger-supplied information against watchlists maintained by the U.S. government to
identify potential threats to the Nation’s civil aviation system—to be an SRT.
Page 24 GAO-19-96 TSA Acquisitions
congressional notification process. TSA officials stated that program staff
rely upon the TSARA Implementation Strategy Memo to make these
decisions. During our review, TSA’s acquisition program staff were initially
unable to confirm in all instances whether the security-related equipment
they had acquired were subject to TSARA. Over the course of our review,
TSA officials clarified the application of TSARA’s SRT definition to us and
based on our inquiries, confirmed a list of existing technologies that are
considered SRT. However, this information has not been documented in
the TSARA Implementation Strategy Memo. TSA officials explained that
there was a lot of activity after TSARA was initially enacted to determine
how to comply with TSARA, but after the implementation working group
disbanded, activity subsequently faded. Consequently, the
implementation strategy memo has not been updated since its initial
distribution in June 2015. TSA officials stated that they plan to update the
implementation strategy memo by the end of calendar year 2018 to reflect
the new offices responsible for implementing TSARA’s requirements due
to an internal reorganization. 49
Effective information and communication are vital for an entity to achieve
its objectives. Standards for Internal Control in the Federal Government
states that management should document policies in the appropriate level
of detail and internally communicate the necessary quality information to
achieve the entity’s objectives. In the absence of a policy that clearly
states what constitutes an SRT and with several large acquisitions
pending, TSA may be missing an opportunity to ensure effective and
consistent implementation of TSARA. 50
TSA spends hundreds of millions of dollars each year developing,
Conclusion acquiring, deploying, and maintaining technologies in furtherance of its
mission to ensure civil aviation security. Through TSARA, Congress
sought to address challenges faced by TSA in effectively managing its
acquisitions and procurements by specifying measures for TSA to
49
TSA officials also reported in July 2018 that they will clarify the definition of SRT and the
meaning of “impacting the public” within the revised Implementation Strategy Memo;
however, TSA has yet to make such a modification.
50
TSA officials reported that the agency will have several large SRT acquisitions in fiscal
year 2019. For example, TSA continues to prepare for the broader deployment of
Computed Tomography units and will likely finalize a request for vendors to submit
proposals for Computed Tomography acquisition contracts in 2019. TSA also plans on
awarding additional medium speed explosives detection systems contracts in 2019.
Page 25 GAO-19-96 TSA Acquisitions
implement that align with identified acquisition best practices and
increase the transparency and accountability of TSA’s SRT acquisitions.
Overall, TSA has policies and procedures in place to accomplish many of
the reforms sought by TSARA, but more could be done to improve the
transparency of its spending on SRTs. Specifically, reporting on individual
task and delivery orders as well as associated services under TSARA’s
report and certification provision would help TSA ensure that Congress
has timely information it could use to effectively oversee TSA
acquisitions. TSA took a positive step towards greater transparency on
SRT spending with its first notifications to Congress in August 2018—in
accordance with its policy—, but TSA’s existing policy does not require
similar notification for associated services or for individual task and
delivery orders issued that exceed $30 million.
Further, while TSA developed the TSARA Implementation Strategy
Memo, which serves as TSA’s policy for implementing TSARA,
designated roles and responsibilities for TSARA’s requirements, and
outlined TSA’s approach to implement each requirement, TSA has not
clearly documented and internally communicated its parameters on what
constitutes an SRT under TSARA. With several large acquisitions
pending, clear guidance would better assure that staff understand how
TSARA’s reporting requirements apply. In the absence of updated
internal policy to clearly communicate what is or is not an SRT, TSA will
continue to be at risk of inconsistent and incomplete implementation of
TSARA.
We are making the following three recommendations to TSA:
Recommendations for
Executive Action The TSA Administrator should revise TSA’s policy to require that TSA
also submit information under TSARA’s report and certification provision
prior to the award of contracts and blanket purchase agreements for
services associated with the operation of security-related technology,
such as maintenance and engineering services, that exceed $30 million.
(Recommendation 1)
The TSA Administrator should revise TSA’s policy to require that TSA
also submit information under TSARA’s report and certification provision
prior to the issuance of individual task and delivery orders for security-
related technology acquisitions that exceed $30 million.
(Recommendation 2)
Page 26 GAO-19-96 TSA Acquisitions
The TSA Administrator should clarify and document what constitutes an
SRT under TSARA as part of the planned update of TSA’s TSARA
implementation policy. (Recommendation 3)
We provided a draft of this product to DHS for comment. In its comments,
Agency Comments reproduced in appendix II, DHS generally concurred with each of the
and our Evaluation three recommendations and described steps it plans to take to implement
them. TSA also provided technical comments, which we incorporated as
appropriate.
While DHS concurred with our recommendation to revise TSA's policy to
include reporting on contracts over $30 million for services associated
with the operation of security-related technology, in its letter, DHS stated
that not all services associated with an SRT should be subject to
TSARA's reporting requirements. Specifically, it noted that TSA will revise
policy language and instructions to ensure that the justification analysis
and certification analysis required under TSARA is submitted prior to the
award contracts and blanket purchase agreements for services that would
result in new capabilities, enhancements, or otherwise upgrade SRT. It
distinguishes these services from services that are indirectly related to the
SRT or used to keep the SRT operational, such as deployment and
system integration.
We agree with this distinction and do not consider all of the associated
services mentioned in this report as necessary for inclusion in TSA’s
revised policy. Further, we recognize that TSA, in conjunction with
feedback from Congress, is best positioned to determine the services
included in its revised policy for reporting under TSARA, consistent with
its interest in avoiding duplicative or administratively burdensome
reporting and delays in the acquisition process. We are encouraged by
DHS’s plans to implement this recommendation and its recognition that
the additional information will provide Congress with increased
transparency and an opportunity for more effective oversight of TSA’s
acquisitions.
DHS also described planned actions to address our recommendation to
revise TSA’s policy to include reporting on individual task and delivery
orders that exceed $30 million. DHS expects to complete the revisions by
September 30, 2019. If implemented, this action should provide Congress
with greater transparency over TSA’s SRT acquisitions.
Page 27 GAO-19-96 TSA Acquisitions
DHS also noted that, in accordance with our recommendation to update
its implementation guidance, it plans to (1) clarify and document what
constitutes an SRT under TSARA and (2) document all offices
responsible for implementing TSARA’s requirements in its TSARA
implementation strategy memo by September 30, 2019. If implemented,
guidance that is clear and documented will better assure that staff across
all DHS offices will understand how to consistently implement TSARA.
We are sending copies of this report to the appropriate congressional
committees and the Secretary of Homeland Security. In addition, the
report is available at no charge on the GAO website at
http://www.gao.gov.
If you or your staff have any questions concerning this report, please
contact me at (202) 512-8777 or russellw@gao.gov. Contact points for
our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. GAO staff who made significant
contributions to this report are listed in Appendix III.
W. William Russell, Acting Director,
Homeland Security and Justice
Page 28 GAO-19-96 TSA Acquisitions
Appendix I: Transportation Security
Appendix I: Transportation Security
Acquisition Reform Act Requirements
Acquisition Reform Act Requirements
In tables three through eight, we identify the requirements of the
Transportation Security Acquisition Reform Act (TSARA), as enacted on
December 18, 2014. 1
Table 3: The Strategic Five-Year Technology Investment Plan 6 U.S.C. § 563
Statute Requirement
6 U.S.C. The Transportation Security Administrator (TSA) Administrator shall, within 180 days of the Transportation
§563(a) Security Acquisition Reform Act’s (TSARA) enactment (enacted Dec. 18, 2014), develop and submit to
Congress a strategic 5-year technology investment plan (the Plan).
• The Plan may include a classified addendum to report sensitive transportation security risks,
technology vulnerabilities, or other sensitive security information.
• To the extent possible, the plan shall be published in an unclassified format in the public domain.
§ 563(b) The Administrator shall develop the Plan in consultation with (1) the Under Secretary for Management, (2) the
Under Secretary for Science and Technology, (3) the Chief Information Officer, and (4) with the aviation
industry stakeholder advisory committee established by the Administrator.
§ 563(c) The Administrator must obtain approval of the DHS Secretary prior to publishing the unclassified Plan in the
public domain.
§563(d) The Plan shall include—
§ 563(d)(1) An analysis of transportation security risks and the associated capability gaps that would be best addressed by
a
security-related technology, including consideration of the most recent quadrennial homeland security review.
§ 563(d)(2) A set of security-related acquisition technology needs that is prioritized based on risk and associated capability
gaps identified by the analysis completed under § 563(d)(1) and includes planned technology programs and
projects with defined objectives, goals, timelines, and measures.
§ 563(d)(3) An analysis of current and forecast trends in domestic and international passenger travel.
§ 563(d)(4) An identification of currently deployed security-related technologies that are at or near the end of their
lifecycles.
§ 563(d)(5) An identification of test, evaluation, modeling, and simulation capabilities including target methodologies,
rationales, and timelines necessary to support the acquisition of the security-related technologies expected to
meet the needs under § 563(d)(2).
§ 563(d)(6) An identification of opportunities for public-private partnerships, small and disadvantaged company
participation, intra government collaboration, university centers of excellence, and national laboratory
technology transfer.
1
See Pub. L. No. 113-245, 128 Stat. 2871 (2014). Specifically, section 3(a) of TSARA
amends title XVI of the Homeland Security Act of 2002, Pub. L. No. 107-296, 116 Stat.
2312 (2002), as amended, by adding section 1601 and sections 1611 through 1616, which
may also be found at 6 U.S.C. §§ 561, 563-563e. In this report, references to TSARA will
generally be cited to title 6 of the U.S. Code unless otherwise indicated. Section 3(c) of
TSARA further provides that nothing in the section 3 should be construed to affect any
amendment made by title XVI of the Homeland Security Act as in effect before TSARA’s
enactment. This Appendix and the Tables therein, do not reflect amendments to the
statute made through the TSA Modernization Act, which was enacted as part of the FAA
Reauthorization Act of 2018 on October 5, 2018. See Pub. L. No 115-254, div. K, tit. I,
subtit. B § 1917, 132 Stat. 3186 (2018).
Page 29 GAO-19-96 TSA Acquisitions
Appendix I: Transportation Security
Acquisition Reform Act Requirements
Statute Requirement
§ 563(d)(7) An identification of the TSA’s acquisition workforce needs for the management of planned security-related
technology acquisitions, including consideration of leveraging acquisition expertise of other federal agencies.
§ 563(d)(8) An identification of the security resources, including information security resources, that will be required to
protect security-related technology from physical or cyber theft, diversion, sabotage, or attack.
§ 563(d)(9) An identification of initiatives to streamline TSA’s acquisition process and provide greater predictability and
clarity to small, medium, and large businesses, including the timeline for testing and evaluation.
§ 563(d)(10) An assessment of the impact to commercial aviation passengers.
§ 563(d)(11) A strategy for consulting airport management, air carrier representatives, and Federal security directors
whenever an acquisition will lead to the removal of equipment at airports, and how the strategy for consulting
with such officials of the relevant airports will address potential negative impacts on commercial passengers or
airport operations.
§ 563(d)(12) In consultation with the National Institutes of Standards and Technology an identification of security-related
technology interface standards, in existence or if implemented could promote more interoperable passenger,
baggage, and cargo screening systems.
§ 563(e) The Plan shall, to the extent possible and in a manner consistent with fair and equitable practices—
§ 563(e)(1) Leverage emerging technology trends and research and development investment trends within the public and
private sectors.
§ 563(e)(2) Incorporate private sector input, including from the aviation industry advisory committee established by the
Administrator, through requests for information, industry days, and other innovative means consistent with the
Federal Acquisition Regulation.
§ 563(e)(3) In consultation with the Under Secretary for Science and Technology, identify technologies in existence or in
development that, with or without adaptation, are expected to be suitable to meeting mission needs.
§ 563(f) The Administrator shall include with the Plan a list of nongovernment persons that contributed to the writing of
the Plan.
§ 563(g) Beginning 2 years after the date the Plan is submitted to Congress under § 563(a), and biennially thereafter,
the Administrator shall submit to Congress—
• An update of the plan.
• A report on the extent to which each security-related technology acquired by TSA since the last
issuance or update of the Plan is consistent with the planned technology program and projects
identified under § 563(d)(2) for that security-related technology.
Source: GAO Analysis of Transportation Security Acquisition Reform Act I GAO-19-96
a
See 6 U.S.C. § 347 (requiring, in general, that the Secretary of Homeland Security conduct a review
of the homeland security of the nation every 4 years).
Page 30 GAO-19-96 TSA Acquisitions
Appendix I: Transportation Security
Acquisition Reform Act Requirements
Table 4: Acquisition Justification 6 U.S.C. § 563
Statute Requirement
6 U.S.C. Before the Transportation Security Administration (TSA) implements any security-related technology acquisition,
§ 563a(a) the Administrator, in accordance with Department of Homeland Security (DHS) policies and directives, shall
determine whether the acquisition is justified by conducting an analysis that includes—
§ 563a(a)(1) An identification of the scenarios and level of risk to transportation security from those scenarios that would be
addressed by the security-related technology acquisition.
§ 563a(a)(2) An assessment of how the proposed acquisition aligns to the strategic 5-year technology investment plan (the
Plan).
§ 563a(a)(3) A comparison of the total expected lifecycle cost against the total expected quantitative and qualitative benefits
to transportation security.
§ 563a(a)(4) An analysis of alternative security solutions, including policy or procedure solutions, to determine if the
proposed security-related technology acquisition is the most effective and cost-efficient solution based on cost-
benefit considerations.
§ 563a(a)(5) An assessment of the potential privacy and civil liberties implications of the proposed acquisition that includes,
to the extent practicable, consultation with organizations that advocate for the protection of privacy and civil
liberties.
§ 563a(a)(6) A determination that the proposed acquisition is consistent with fair information practice principles issued by the
DHS Privacy Officer.
§ 563a(a)(7) Confirmation that there are no significant risks to human health or safety posed by the proposed acquisition.
§ 563a(a)(8) An estimate of the benefits to commercial aviation passengers.
§ 563a(b)(1) Not later than the end of the 30-day period preceding the award by TSA of a contract for any security-related
technology acquisition exceeding $30 million, the Administrator shall submit to the Committee on Commerce,
Science, and Transportation of the Senate and the Committee on Homeland Security of the House of
Representatives (the Committees) the results of the comprehensive acquisition justification under § 563a(a) and
a certification by the Administrator that the benefits to transportation security justify the contract cost.
§ 563a(b)(2) If there is a known or suspected imminent threat to transportation security, the Administrator may reduce the 30-
day period under § 563a(b)(1) to 5 days to rapidly respond to the threat and shall immediately notify the
Committees of the known or suspected imminent threat.
Source: GAO Analysis of Transportation Security Acquisition Reform Act I GAO-19-96
Page 31 GAO-19-96 TSA Acquisitions
Appendix I: Transportation Security
Acquisition Reform Act Requirements
Table 5: Baseline Requirements 6 U.S.C. § 563b
Statute Requirement
6 U.S.C. Before the Transportation Security Administration (TSA) implements any security-related technology
§ 563b(a)(1) acquisition, the appropriate acquisition official of the Department shall establish and document a set of
formal baseline requirements.
§563b(a)(2) The baseline requirements under § 563b(a)(1) shall—
§ 563b(a)(2)(A) Include the estimated costs (including lifecycle costs), schedule, and performance milestones for the
planned duration of the acquisition.
§ 563b(a)(2)(B) Identify the acquisition risks and a plan for mitigating those risks.
§ 563b(a)(2)(C) Assess the personnel necessary to manage the acquisition process, manage the ongoing program, and
support training and other operations as necessary.
§ 563b(a)(3) In establishing the performance milestones under § 563b(a)(2)(A), the appropriate acquisition official of the
Department, to the extent possible and in consultation with the Under Secretary for Science and
Technology, shall ensure that achieving those milestones is technologically feasible.
§563b(a)(4) The Administrator, in consultation with the Under Secretary for Science and Technology, shall develop a
test and evaluation plan that describes—
§ 563b(a)(4)(A) The activities that are expected to be required to assess acquired technologies against the performance
milestones established under § 563b(a)(2)(A).
§ 563b(a)(4)(B) The necessary and cost-effective combination of laboratory testing, field testing, modeling, simulation, and
supporting analysis to ensure that such technologies meet TSA’s mission needs.
§ 563b(a)(4)(C) An efficient planning schedule to ensure that test and evaluation activities are completed without undue
delay.
§ 563b(a)(4)(D) If commercial aviation passengers are expected to interact with the security-related technology, methods
that could be used to measure passenger acceptance of and familiarization with the security-related
technology.
§ 563b(a)(5) The appropriate acquisition official of the Department—
• Subject to § 563b(a)(5)(B), shall utilize independent reviewers to verify and validate the
performance milestones and cost estimates developed under paragraph § 563b(a)(2) for a
security-related technology that pursuant to § 563(d)(2) has been identified as a high priority need
in the most recent Plan.
• Shall ensure that the use of independent reviewers does not unduly delay the schedule of any
acquisition.
§ 563b(a)(6) The Administrator shall establish a streamlined process for an interested vendor of a security-related
technology to request and receive appropriate access to the baseline requirements and test and evaluation
plans that are necessary for the vendor to participate in the acquisitions process for that technology.
§ 563b(b)(1)(A) The appropriate acquisition official of the Department shall review and assess each implemented
acquisition to determine if the acquisition is meeting the baseline requirements established under §
563b(a).
The review shall include an assessment of whether—
• The planned testing and evaluation activities have been completed.
• The results of that testing and evaluation demonstrate that the performance milestones are
technologically feasible.
Page 32 GAO-19-96 TSA Acquisitions
Appendix I: Transportation Security
Acquisition Reform Act Requirements
Statute Requirement
§ 563b(b)(2) Not later than 30 days after making a finding that the actual or planned costs exceed the baseline costs by
more than 10 percent; the actual or planned schedule for delivery has been delayed by more than 180
days; or there is a failure to meet any performance milestones that directly impacts security effectiveness
(that is, a breach finding), the Administrator shall submit a report to the Committee on Commerce, Science,
and Transportation of the Senate and the Committee on Homeland Security of the House of
Representatives that includes—
• The results of any assessment that finds a breach.
• The cause for such excessive costs, delay, or failure.
• A plan for corrective action.
Source: GAO Analysis of Transportation Security Acquisition Reform Act I GAO-19-96
Page 33 GAO-19-96 TSA Acquisitions
Appendix I: Transportation Security
Acquisition Reform Act Requirements
Table 6: Inventory Management 6 U.S.C. § 563c
Statute Requirement
6 U.S.C. Before the procurement of additional quantities of equipment to fulfill a mission need, the Administrator, to the
§ 563c(a) extent practicable, shall utilize any existing units in the Transportation Security Administration inventory to meet that
need.
§ 563c(b)(1) The Administrator shall establish a process for tracking—
• The location of security-related equipment in the inventory under § 563c(a).
• The utilization status of security-related technology in the inventory under § 563c(a).
• The quantity of security-related equipment in the inventory under § 563c(a).
§ 563c(b)(2) The Administrator shall implement internal controls to ensure up-to-date accurate data on security-related
technology owned, deployed, and in use.
§ 563c(c)(1) The Administrator shall establish logistics principles for managing inventory in an effective and efficient manner.
§ 563c(c)(2) The Administrator may not use just-in-time logistics if doing so (A) would inhibit necessary planning for large-scale
delivery of equipment to airports or other facilities; or (B) would unduly diminish surge capacity for response to a
terrorist threat.
Source: GAO Analysis of Transportation Security Acquisition Reform Act I GAO-19-96
Page 34 GAO-19-96 TSA Acquisitions
Appendix I: Transportation Security
Acquisition Reform Act Requirements
Table 7: Small Business Contracting Goals Report 6 U.S.C. § 563d
Statute Requirement
6 U.S.C. Not later than 90 days after the date of enactment of the Transportation Security Acquisition Reform Act, and
§ 563d annually thereafter, the Transportation Security Administration (TSA) Administrator shall submit a report to the
Committee on Commerce, Science, and Transportation of the Senate and the Committee on Homeland Security of
the House of Representatives that includes—
§ 563d(1) TSA’s performance record with respect to meeting its published small-business contracting goals during the
preceding fiscal year.
§ 563d(2) If the goals described in § 563d(1) were not met or TSA’s performance was below the published small business
contracting goals of the Department of Homeland Security (DHS)—
§ 563d(2)(A) A list of challenges, including deviations from TSA’s subcontracting plans, and factors that contributed to the level of
performance during the preceding fiscal year.
§ 563d(2)(B) An action plan, with benchmarks, for addressing each of the challenges identified in § 563d(2)(A) that—
§ 563d(2)(B)(i) Is prepared after consultation with the Secretary of Defense and the heads of federal departments and agencies that
achieved their published goals for prime contracting with small and minority-owned businesses, including small and
disadvantaged businesses, in prior fiscal years.
§ 563d(2)(B)(ii) Identifies policies and procedures that could be incorporated by TSA in furtherance of achieving TSA’s published
goal for such contracting.
§ 563d(3) A status report on the implementation of the action plan that was developed in the preceding fiscal year in
accordance with § 563d(2)(B), if such a plan was required.
Source: GAO Analysis of Transportation Security Acquisition Reform Act I GAO-19-96
Table 8: Federal Acquisition Regulation Consistency 6 U.S.C. § 563e
Statute Requirement
6 U.S.C. The TSA Administrator shall execute the responsibilities set forth in §§ 563-563d in a manner consistent with,
§ 563e and not duplicative of, the Federal Acquisition Regulation and Department of Homeland Security’s policies and
directives.
Source: GAO Analysis of Transportation Security Acquisition Reform Act I GAO-19-96
Page 35 GAO-19-96 TSA Acquisitions
Appendix II: Comments from the Department
Appendix II: Comments from the Department
of Homeland Security
of Homeland Security
Page 36 GAO-19-96 TSA Acquisitions
Appendix II: Comments from the Department
of Homeland Security
Page 37 GAO-19-96 TSA Acquisitions
Appendix II: Comments from the Department
of Homeland Security
Page 38 GAO-19-96 TSA Acquisitions
Appendix II: Comments from the Department
of Homeland Security
Page 39 GAO-19-96 TSA Acquisitions
Appendix III: GAO Contact and Staff
Appendix III: GAO Contact and Staff
Acknowledgements
Acknowledgements
W. William Russell, 202-512-8777 or russellw@gao.gov
GAO Contact
In addition to the contact named above, Kevin Heinz (Assistant Director),
Staff Amber Edwards (Analyst-in-Charge), Winchee Lin, Cristina Norland,
Acknowledgements Richard Hung, Thomas Lombardi, Amanda Miller, and Richard
Cederholm made key contributions to this report.
(102356)
Page 40 GAO-19-96 TSA Acquisitions
The Government Accountability Office, the audit, evaluation, and investigative
GAO’s Mission arm of Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability of the
federal government for the American people. GAO examines the use of public
funds; evaluates federal programs and policies; and provides analyses,
recommendations, and other assistance to help Congress make informed
oversight, policy, and funding decisions. GAO’s commitment to good government
is reflected in its core values of accountability, integrity, and reliability.
The fastest and easiest way to obtain copies of GAO documents at no cost is
Obtaining Copies of through GAO’s website (https://www.gao.gov). Each weekday afternoon, GAO
GAO Reports and posts on its website newly released reports, testimony, and correspondence. To
have GAO e-mail you a list of newly posted products, go to https://www.gao.gov
Testimony and select “E-mail Updates.”
Order by Phone The price of each GAO publication reflects GAO’s actual cost of production and
distribution and depends on the number of pages in the publication and whether
the publication is printed in color or black and white. Pricing and ordering
information is posted on GAO’s website, https://www.gao.gov/ordering.htm.
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card, MasterCard,
Visa, check, or money order. Call for additional information.
Connect with GAO on Facebook, Flickr, Twitter, and YouTube.
Connect with GAO Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts.
Visit GAO on the web at https://www.gao.gov.
Contact:
To Report Fraud,
Website: https://www.gao.gov/fraudnet/fraudnet.htm
Waste, and Abuse in
Automated answering system: (800) 424-5454 or (202) 512-7700
Federal Programs
Orice Williams Brown, Managing Director, WilliamsO@gao.gov, (202) 512-4400,
Congressional U.S. Government Accountability Office, 441 G Street NW, Room 7125,
Relations Washington, DC 20548
Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
Public Affairs U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, DC 20548
James-Christian Blockwood, Managing Director, spel@gao.gov, (202) 512-4707
Strategic Planning and U.S. Government Accountability Office, 441 G Street NW, Room 7814,
External Liaison Washington, DC 20548
Please Print on Recycled Paper.
Transportation Security Acquisition Reform Act: TSA Generally Addressed Requirements, but Could Improve Reporting on Security-Related Technology
Published by the Government Accountability Office on 2019-01-17.
Below is a raw (and likely hideous) rendition of the original report. (PDF)