Homeland Security: First Phase of Visitor and Immigration Status
Program Operating, but Improvements Needed (11-MAY-04,
GAO-04-586).
The Department of Homeland Security (DHS) has established a
program--the United States Visitor and Immigrant Status Indicator
Technology (US-VISIT)--to collect, maintain, and share
information, including biometric identifiers, on selected foreign
nationals who travel to the United States. By congressional
mandate, DHS is to develop and submit for approval an expenditure
plan for US-VISIT that satisfies certain conditions, including
being reviewed by GAO. Among other things, GAO was asked to
determine whether the plan satisfied these conditions, and to
provide observations on the plan and DHS's program management.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-04-586
ACCNO: A09996
TITLE: Homeland Security: First Phase of Visitor and Immigration
Status Program Operating, but Improvements Needed
DATE: 05/11/2004
SUBJECT: Deep water ports
Immigration and naturalization law
Immigration or emigration
Program management
Risk management
Cost control
Foreign governments
DHS Visitor and Immigrant Status
Indicator Technology Program
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-04-586
United States General Accounting Office
GAO Report to Congressional Committees
May 2004
HOMELAND SECURITY
First Phase of Visitor and Immigration Status Program Operating, but
Improvements Needed
a
GAO-04-586
Highlights of GAO-04-586, a report to the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations
The Department of Homeland Security (DHS) has established a program-the
United States Visitor and Immigrant Status Indicator Technology
(US-VISIT)-to collect, maintain, and share information, including
biometric identifiers, on selected foreign nationals who travel to the
United States. By congressional mandate, DHS is to develop and submit for
approval an expenditure plan for US-VISIT that satisfies certain
conditions, including being reviewed by GAO. Among other things, GAO was
asked to determine whether the plan satisfied these conditions, and to
provide observations on the plan and DHS's program management.
To better ensure that the US-VISIT program is worthy of investment, GAO is
reiterating its previous recommendations aimed at establishing effective
program management capabilities. Additionally, GAO is making several new
recommendations designed to encourage stronger management of the initial
phases of the US-VISIT program, including implementing effective test
management practices and assessing the full impact of future US-VISIT
deployment on land port of entry workforce levels and facilities. DHS
agreed with all of GAO's recommendations and most of its observations.
www.gao.gov/cgi-bin/getrpt?GAO-04-586.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Randolph C. Hite at (202)
512-3439 or [email protected].
May 2004
HOMELAND SECURITY
First Phase of Visitor and Immigration Status Program Operating, but
Improvements Needed
DHS's fiscal year 2004 US-VISIT expenditure plan and related documentation
at least partially satisfies all conditions imposed by the Congress,
including meeting the capital planning and investment control review
requirements of the Office of Management and Budget (OMB). For example,
DHS developed a draft risk management plan and a process to implement and
manage risks. However, DHS does not have a current life cycle cost
estimate or a cost/benefit analysis for US-VISIT. The US-VISIT program
merges four components into one integrated whole to carry out its mission
(see figure).
US-VISIT Integrates People, Process, Technology, and Facilities
GAO also developed a number of observations about the expenditure plan and
DHS's management of the program. These generally recognize accomplishments
to date and address the need for rigorous and disciplined program
practices. For example, US-VISIT largely met its commitments for
implementing an initial operating capability, known as Increment 1, in
early January 2004, including the deployment of entry capability to 115
air and 14 sea ports of entry. However, DHS has not employed rigorous,
disciplined management controls typically associated with successful
programs, such as test management, and its plans for implementing other
controls, such as independent verification and validation, may not prove
effective. More specifically, testing of the initial phase of the
implemented system was not well managed and was completed after the system
became operational. In addition, multiple test plans were developed during
testing, and only the final test plan, completed after testing, included
all required content, such as describing tests to be performed. Such
controls, while significant for the initial phases of US-VISIT, are even
more critical for the later phases, as the size and complexity of the
program will only increase. Finally, DHS's plans for future US-VISIT
resource needs at the land ports of entry, such as staff and facilities,
are based on questionable assumptions, making future resource needs
uncertain.
Contents
Letter 1
Compliance with Legislative Conditions 2
Status of Open Recommendations 3
Observations on the Expenditure Plan 6
Conclusions 8
Recommendations for Executive Action 9
Agency Comments and Our Evaluation 10
Appendixes
Appendix I: Appendix II: Appendix III:
Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations 13
Comments from the Department of Homeland Security 120
GAO Comments 126
GAO Contact and Staff Acknowledgments 130
GAO Contact 130
Staff Acknowledgments 130
Contents
Abbreviations
ADIS Arrival Departure Information System
APIS Advance Passenger Information System
CBP U.S. Customs and Border Protection
CCD Consular Consolidated Database
CIO Chief Information Officer
CIS U.S. Citizenship and Immigration Services
CLAIMS 3 Computer Linked Application Information Management
System 3 DHS Department of Homeland Security FFRDC Federally Funded
Research and Development Center IBIS Interagency Border Inspection System
ICE U.S. Immigration and Customs Enforcement IDENT Automated Biometric
Identification System INS Immigration and Naturalization Service IRB
Investment Review Board IV&V independent verification and validation OMB
Office of Management and Budget POE port of entry RF radio frequency RFP
request for proposal SA-CMM Software Acquisition Capability
Maturity Model SAT system acceptance test SEI Software
Engineering Institute SER security evaluation report SEVIS Student
Exchange Visitor Information System US-VISIT U.S. Visitor and Immigrant
Status Indicator Technology
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
A
United States General Accounting Office Washington, D.C. 20548
May 11, 2004
The Honorable Thad Cochran
Chairman
The Honorable Robert C. Byrd
Ranking Minority Member
Subcommittee on Homeland Security
Committee on Appropriations
United States Senate
The Honorable Harold Rogers
Chairman
The Honorable Martin Olav Sabo
Ranking Minority Member
Subcommittee on Homeland Security
Committee on Appropriations
House of Representatives
Pursuant to the Department of Homeland Security Appropriations Act,
2004,1 the Department of Homeland Security (DHS) submitted to the
Congress in January 2004 its fiscal year 2004 expenditure plan for the
United States Visitor and Immigrant Status Indicator Technology (US-
VISIT) program. US-VISIT is a governmentwide program to collect,
maintain, and share information on foreign nationals.2 The program's goals
are to enhance national security, facilitate legitimate trade and travel,
contribute to the integrity of the U.S. immigration system, and adhere to
U.S. privacy laws and policies. On January 5, 2004, DHS began operating
the first stage of its planned US-VISIT operational capability, known as
Increment 1, at 115 air and 14 sea ports of entry (POE).
As required by the appropriations act, we reviewed US-VISIT's fiscal year
2004 expenditure plan. Our objectives were to (1) determine whether the
1Pub. L. 108-90 (Oct. 1, 2003).
2The US-VISIT program has a large number of government stakeholders,
including the Departments of State, Transportation, Commerce, Justice, and
the General Services Administration. State will play a significant role in
creating a coordinated and interlocking network of border security by
gathering biographic and biometric data during the application process for
visas, grants of visa status, and the issuance of travel documentation.
DHS inspectors will use this information at ports of entry to verify the
identity of the foreign national.
expenditure plan satisfies the legislative conditions specified in the
act,3 (2) determine the status of our US-VISIT open recommendations,4 and
(3) provide any other observations about the expenditure plan and DHS's
management of US-VISIT.
On March 2, 2004, we provided your offices with a written briefing
detailing the results of our review. This report summarizes and transmits
this briefing; the full briefing, including our scope and methodology, is
reprinted as appendix I. The purpose of this report is to provide the
published briefing slides to you and to officially transmit our
recommendations to the Secretary of Homeland Security.
Compliance with Legislative Conditions
DHS satisfied or partially satisfied each of the applicable legislative
conditions specified in the act. In particular, the plan, including
related program documentation and program officials' statements, satisfied
or provided for satisfying all key aspects of (1) compliance with the DHS
enterprise architecture;5 (2) federal acquisition rules, requirements,
guidelines, and systems acquisition management practices; and (3) review
and approval by DHS and the Office of Management and Budget (OMB).
Additionally, the plan, including program documentation and program
officials' statements, satisfied or provided for satisfying many, but not
all, key aspects of OMB's capital planning and investment review
requirements. For example, DHS fulfilled the OMB requirement that it
justify and describe its acquisition strategy. However, DHS does not have
current life cycle costs or a current cost/benefit analysis for US-VISIT.
3The legislative conditions are that the plan (1) meet the capital
planning and investment control review requirements established by the
Office of Management and Budget (OMB), including those in OMB Circular
A-11, part 3 (capital investment and control requirements are now found in
part 7, rather than part 3); (2) comply with DHS's enterprise
architecture; (3) comply with the acquisition rules, requirements,
guidelines, and systems acquisition management practices of the federal
government; (4) be reviewed and approved by DHS and OMB; and (5) be
reviewed by GAO.
4Our previous recommendations regarding US-VISIT's expenditure plans were
published in U.S. General Accounting Office, Information Technology:
Homeland Security Needs to Improve Entry Exit System Expenditure Planning,
GAO-03-563 (Washington, D.C.: June 9, 2003) and Homeland Security: Risks
Facing Key Border and Transportation Security Program Need to Be
Addressed, GAO-03-1083 (Washington, D.C.: Sept. 19, 2003).
5Enterprise architectures are blueprints, or models, simplifying the
complexity of how agencies operate today, how they want to operate in the
future, and how they will get there.
Status of Open Recommendations
DHS has implemented one, and either partially implemented or has initiated
action to implement most of the remaining recommendations contained in our
reports on the fiscal year 2002 and fiscal year 2003 expenditure plans.
Each recommendation, along with its current status, is summarized below:
o Develop a system security plan and privacy impact assessment.
The department has partially implemented this recommendation. As to the
first part of this recommendation, the program office does not have a
system security plan for US-VISIT. However, the US-VISIT Chief Information
Officer (CIO) accredited Increment 1 based upon security certifications6
for each of Increment 1's component systems and a review of each
component's security-related documentation. Second, although the program
office has conducted a privacy impact assessment for Increment 1, the
assessment does not satisfy all aspects of OMB guidance for conducting an
assessment. For example, the assessment does not discuss alternatives to
the methods of information collection, and the system documentation does
not address privacy issues.
o Develop and implement a plan for satisfying key acquisition management
controls, including acquisition planning, solicitation, requirements
management, program management, contract tracking and oversight,
evaluation, and transition to support, and implement the controls in
accordance with the Software Engineering Institute's (SEI) guidance.7
The department plans to implement this recommendation. The US-VISIT
program office has assigned responsibility for implementing the
recommended controls. However, it has not yet developed explicit plans or
time frames for defining and implementing them.
6Accreditation is the authorization and approval granted to a system to
process sensitive data in an operational environment; this is made on the
basis of a compliance certification by designated technical personnel of
the extent to which design and implementation of the system meet defined
technical requirements for achieving data security. Certification is the
evaluation of the extent to which a system meets a set of security
requirements.
7Carnegie Mellon University Software Engineering Institute, Software
Acquisition Capability Maturity Model , Version 1.03 (March 2002)
defines acquisition process management controls for planning, managing,
and controlling software-intensive system acquisitions.
o Ensure that future expenditure plans are provided to the department's
House and Senate Appropriations Subcommittees in advance of US-VISIT funds
being obligated.
With respect to the fiscal year 2004 expenditure plan, DHS implemented
this recommendation by providing the plan to the Senate and House
subcommittees on January 27, 2004. According to the program director, as
of February 2004 no funds had been obligated to US-VISIT.
o Ensure that future expenditure plans fully disclose US-VISIT
capabilities, schedule, cost, and benefits.
The department has partially implemented this recommendation.
Specifically, the plan describes high-level capabilities, high-level
schedule estimates, categories of expenditures by increment, and general
benefits. However, the plan does not describe planned capabilities by
increment and provides only general information on how money will be spent
in each increment. Moreover, the plan does not identify all expected
benefits in tangible, measurable, and meaningful terms, nor does it
associate any benefits with increments.
o Establish and charter an executive body composed of senior-level
representatives from DHS and each US-VISIT stakeholder organization to
guide and direct the program.
The department has implemented this recommendation by establishing a
three-entity governance structure. The entities are (1) the Homeland
Security Council, (2) the DHS Investment Review Board, and (3) the
US-VISIT Federal Stakeholders Advisory Board. The purpose of the Homeland
Security Council is to ensure the coordination of all homeland
securityrelated activities among executive departments and agencies, and
the Investment Review Board is expected to monitor US-VISIT's achievement
of cost, schedule, and performance goals. The advisory board is chartered
to provide recommendations for overseeing program management and
performance activities, including providing advice on the overarching
US-VISIT vision; recommending changes to the vision and strategic
direction; and providing a communications link for aligning strategic
direction, priorities, and resources with stakeholder operations.
o Ensure that human capital and financial resources are provided to
establish a fully functional and effective program office.
The department is in the process of implementing this recommendation. DHS
has determined that US-VISIT will require 115 government personnel and has
filled 41 of these, including 12 key management positions. However, 74
positions have yet to be filled, and all filled positions are staffed by
detailees from other organizational units within the department.
o Clarify the operational context in which US-VISIT is to operate.
The department is in the process of implementing this recommendation. DHS
released Version 1 of its enterprise architecture in October 2003,8 and it
plans to issue Version 2 in September 2004.
o Determine whether proposed US-VISIT increments will produce mission
value commensurate with cost and risks.
The department plans to implement this recommendation. The fiscal year
2004 expenditure plan identifies high-level benefits to be delivered, but
the benefits are not associated with specific increments. Additionally,
the plan does not identify the total cost of Increment 2. Program
officials expected to finalize a cost-benefit analysis this past March and
a US-VISIT life cycle cost estimate this past April.
o Define program office positions, roles, and responsibilities.
The department is in the process of implementing this recommendation.
Program officials are currently working with the Office of Personnel
Management to define program position descriptions, including roles and
responsibilities. The program office has partially completed defining the
competencies for all 12 key management areas. These competencies are to be
used in defining the position descriptions.
o Develop and implement a human capital strategy for the program office.
The department plans to implement this recommendation in conjunction with
DHS's ongoing workforce planning, but stated that they have yet to develop
a human capital strategy. According to these officials, DHS's
8Department of Homeland Security Enterprise Architecture Compendium
Version 1.0 and Transitional Strategy.
departmental workforce plan is scheduled for completion during fiscal year
2004.
o Develop a risk management plan and report all high risks areas and
their status to the program's governing body on a regular basis.
The department has partially implemented this recommendation. The program
has completed a draft risk management plan, and is currently defining risk
management processes. The program is creating a risk management team to
operate in lieu of formal processes until these are completed, and also
maintains a risk-tracking database that is used to manage risks.
o Define performance standards for each program increment that are
measurable and reflect the limitations imposed by relying on existing
systems.
The department is in the process of implementing this recommendation. The
program office has defined limited performance standards, but not all
standards are being defined in a way that reflects the performance
limitations of existing systems.
Observations on the Expenditure Plan
Our observations recognize accomplishments to date and address the need
for rigorous and disciplined program management practices relating to
system testing, independent verification and validation, and system change
control. An overview of specific observations follows:
o Increment 1 commitments were largely met. An initial operating
capability for entry (including biographic and biometric data collection)
was deployed to 115 air and 14 sea ports of entry on January 5, 2004, with
additional capabilities deployed on February 11, 2004. Exit capability
(including biometric capture) was deployed to one air and one sea port of
entry.
o Increment 1 testing was not managed effectively and was completed after
the system became operational. The Increment 1 system acceptance test
plan9 was developed largely during and after test
9The purpose of system acceptance testing is to verify that the complete
system satisfies functional, performance, and security requirements and is
acceptable to end users.
execution. The department developed multiple plans, and only the final
plan, which was done after testing was completed, included all required
content, such as tests to be performed and test procedures. None of the
test plan versions, including the final version, were concurred with by
the system owner or approved by the IT project manager, as required. By
not having a complete test plan before testing began, the US-VISIT program
office unnecessarily increased the risk that the testing performed would
not adequately address Increment 1 requirements and failed to have
adequate assurance that the system was being fully tested. Further, by not
fully testing Increment 1 before the system became operational, the
program office assumed the risk of introducing errors into the deployed
system. In fact, post-deployment problems surfaced with the Student and
Exchange Visitor Information System (SEVIS) interface as a result of this
approach, and manual work-arounds had to be implemented.
o The independent verification and validation contractor's roles may be
in conflict. 10 The US-VISIT program plans to use its contractor to review
some of the processes and products that the contractor may be responsible
for defining or executing. Depending on the products and processes in
question, this approach potentially impedes the contractor's independence,
and thus its effectiveness.
o A program-level change control board has not been established.11
Changes related to Increment 1 were controlled primarily through daily
coordination meetings (i.e., oral discussions) among representatives from
Increment 1 component systems teams and program officials, and the various
boards already in place for the component systems. Without a structured
and disciplined approach to change control, program officials do not have
adequate assurance that changes made to the component systems for
non-US-VISIT purposes do not interfere with US-VISIT functionality.
10The purpose of independent verification and validation (IV&V) is to
provide an independent review of system processes and products. To be
effective, the IV&V function must be performed by an entity that is
independent of the processes and products that are being reviewed.
11The purpose of configuration management is to establish and maintain the
integrity of work products (e.g., hardware, software, and documentation).
A key ingredient to effectively controlling configuration change is the
functioning of a change control board.
o The fiscal year 2004 expenditure plan does not disclose management
reserve funding.12 Program officials, including the program director,
stated that reserve funding is embedded within the expenditure plan's
various areas of proposed spending. However, the plan does not
specifically disclose these embedded reserve amounts. By not creating,
earmarking, and disclosing a specific management reserve fund in the plan,
DHS is limiting its flexibility in addressing unexpected problems that
could arise in the program's various areas of proposed spending, and it is
limiting the ability of the Congress to exercise effective oversight of
this funding.
o Plans for future US-VISIT increments do not call for additional staff
or facilities at land ports of entry. However, these plans are based on
various assumptions that potential policy changes could invalidate. These
changes could significantly increase the number of foreign nationals who
would require processing through US-VISIT. Additionally, the Data
Management Improvement Act Task Force's 2003 Second Annual Report to
Congress13 has noted that existing land port of entry facilities do not
adequately support even the current entry and exit processes. Thus, future
US-VISIT staffing and facility needs are uncertain.
Conclusions The fiscal year 2004 US-VISIT expenditure plan (with related
program office documentation and representations) at least partially
satisfies the legislative conditions imposed by the Congress. Further,
steps are planned, under way, or completed to address most of our open
recommendations. However, overall progress on all of our recommendations
has been slow, and considerable work remains to fully address them. The
majority of these recommendations are aimed at correcting fundamental
limitations in the program office's ability to manage US-VISIT in a way
that reasonably ensures the delivery of mission value commensurate with
costs and provides for the delivery of promised capabilities on time and
within budget. Given this background, it is important for DHS to implement
the
12The creation and use of a management reserve fund to earmark resources
for addressing the many uncertainties that are inherent in large-scale
systems acquisition programs is an established practice and a prudent
management approach.
13Data Management Improvement Act Task Force, Second Annual Report to
Congress (Washington, D.C., December 2003).
recommendations quickly and completely through active planning and
continuous monitoring and reporting. Until this occurs, the program will
continue to be at high risk of not meeting expectations.
To the US-VISIT program office's credit, the first phase of the program
has been deployed and is operating, and the commitments that DHS made
regarding this initial operating capability were largely met. However,
this was not accomplished in a manner that warrants repeating. In
particular, the program office did not employ the kind of rigorous and
disciplined management controls that are typically associated with
successful programs, such as effective test management and configuration
management practices. Moreover, the second phase of US-VISIT is already
under way, and these controls are still not established. These controls,
while significant for the initial phases of US-VISIT, are even more
critical for the later phases, because the size and complexity of the
program will only increase, and the later that problems are found, the
harder and more costly they are to fix.
Also important at this juncture in the program's life are the still open
questions surrounding whether the initial phases of US-VISIT will return
value to the nation commensurate with their costs. Such questions warrant
answers sooner rather than later, because of the program's size,
complexity, cost, and mission significance. It is imperative that DHS move
swiftly to address the US-VISIT program management weaknesses that we
previously identified, by implementing our remaining open recommendations.
It is equally essential that the department quickly corrects the
additional weaknesses that we have identified. Doing less will only
increase the risk associated with US-VISIT.
Recommendations for Executive Action
To better ensure that the US-VISIT program is worthy of investment and is
managed effectively, we are reiterating our prior recommendations, and we
further recommend that the Secretary of Homeland Security direct the Under
Secretary for Border and Transportation Security to ensure that the
US-VISIT program director takes the following actions:
o Develop and approve complete test plans before testing begins. These
plans, at a minimum, should (1) specify the test environment, including
test equipment, software, material, and necessary training; (2) describe
each test to be performed, including test controls, inputs, and expected
outputs; (3) define the test procedures to be followed in conducting the
tests; and (4) provide traceability between test cases and the
requirements to be verified by the testing.
o Establish processes for ensuring the independence of the IV&V
contractor.
o Implement effective configuration management practices, including
establishing a US-VISIT change control board to manage and oversee system
changes.
o Identify and disclose to the Appropriations Committees management
reserve funding embedded in the fiscal year 2004 expenditure plan.
o Ensure that all future US-VISIT expenditure plans identify and disclose
management reserve funding.
o Assess the full impact of a key future US-VISIT increment on land port
of entry workforce levels and facilities, including performing appropriate
modeling exercises.
To ensure that our recommendations addressing fundamental program
management weaknesses are addressed quickly and completely, we further
recommend that the Secretary direct the Under Secretary to have the
program director develop a plan, including explicit tasks and milestones,
for implementing all of our open recommendations, including those provided
in this report. We further recommend that this plan provide for periodic
reporting to the Secretary and Under Secretary on progress in implementing
this plan. Lastly, we recommend that the Secretary report this progress,
including reasons for delays, in all future US-VISIT expenditure plans.
Agency Comments and Our Evaluation
In written comments on a draft of this report signed by the US-VISIT
Director (reprinted in app. II, along with our responses), DHS agreed with
our recommendations and most of our observations. It also stated that it
appreciated the guidance that the report provided and described actions
that it is taking or plans to take in response to our recommendations.
However, DHS stated that it did not fully agree with all of our findings,
specifically offering comments on our characterization of the status of
one open recommendation and two observations. First, it did not agree with
our position that it had not developed a security plan and completed a
privacy impact assessment. According to DHS, it has completed both. We
acknowledge DHS's activity on both of these issues, but disagree that
completion of an adequate security plan and privacy impact assessment has
occurred. As we state in the report, the department's security plan for
US-VISIT, titled Security and Privacy: Requirements & Guidelines Version
1.0, is a draft document, and it does not include information consistent
with relevant guidance for a security plan, such as a risk assessment
methodology and specific controls for meeting security requirements.14
Moreover, much of the document discusses guidelines for developing a
security plan, rather than specific contents of a plan. Also, as we state
in the report, the Privacy Impact Assessment was published but is not
complete because it does not satisfy important parts of OMB guidance
governing the content of these assessments, such as discussing
alternatives to the designed methods of information collection and
handling.
Second, DHS stated that it did not fully agree with our observation that
the Increment 1 system test plan was developed largely during and after
testing, citing several steps that it took as part of Increment 1
requirements definition, test preparation, and test execution. However,
none of the steps cited address our observations that DHS did not have a
system acceptance test plan developed, approved, and available in time to
use as the basis for conducting system acceptance testing and that only
the version of the test plan modified on January 16, 2004 (after testing
was completed) contained all of the required test plan content. Moreover,
DHS's comments acknowledge that the four versions of its Increment 1 test
plan were developed during the course of test execution, and that the test
schedule did not permit sufficient time for all stakeholders to review,
and thus approve, the plans.
Third, DHS commented on the roles and responsibilities of its various
support contractors, and stated that we cited the wrong operative
documentation governing the role of its independent verification and
validation contractor. While we do not question the information provided
in DHS's comments concerning contractor roles, we would add that its
comments omitted certain roles and responsibilities contained in the
statement of work for one of its contractors. This omitted information is
14Office of Management and Budget Circular Number A-130, Revised
(Transmittal Memorandum No. 4), Appendix III, "Security of Federal
Automated Information Resources" (Nov. 28, 2000) and National Institute of
Standards and Technology, Guide for Developing Security Plans for
Information Systems, NIST Special Publication 800-18 (December 1998).
important because it is the basis for our observation that the program
office planned to task the same contractor that was responsible for
program management activities with performing independent verification and
validation activities. Under these circumstances, the contractor could not
be independent. In addition, we disagree with DHS's comment that we cited
the wrong operative documentation, and note that the document DHS said we
should have used relates to a different support contractor than the one
tasked with both performing program activities and performing independent
verification and validation activities.
The department also provided additional technical comments, which we have
incorporated as appropriate into the report.
We are sending copies of this report to the Chairmen and Ranking Minority
Members of other Senate and House committees and subcommittees that have
authorization and oversight responsibilities for homeland security. We are
also sending copies to the Secretary of State and the Director of OMB.
Copies of this report will also be available at no charge on our Web site
at www.gao.gov.
Should you or your offices have any questions on matters discussed in this
report, please contact me at (202) 512-3439 or at [email protected]. Another
contact and key contributors to this report are listed in appendix III.
Randolph C. Hite Director, Information Technology Architecture
and Systems Issues
Appendix I
Briefing to the Staffs of the Subcommittees on Homeland Security, Senate
and House Committees on Appropriations
Homeland Security: First Phase of Visitor and Immigration Status Program
Operating, but Improvements Needed
Briefing to the Staffs of the
Subcommittees on Homeland Security
Senate and House Committees on Appropriations
March 2, 2004
1
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
o Introduction
o Objectives
o Results in Brief
o Background
o Results
o Legislative Conditions
o Status of Open Recommendations
o Observations
o Conclusions
o Recommendations for Executive Action
o Agency Comments
o Attachment 1. Scope and Methodology
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The United States Visitor and Immigrant Status Indicator Technology
(US-VISIT) program of the Department of Homeland Security (DHS) is a
governmentwide program to collect, maintain, and share information on
foreign nationals. The goals of the US-VISIT program are to
o enhance national security,
o facilitate legitimate trade and travel,
o contribute to the integrity of the U.S. immigration system,1 and
o adhere to U.S. privacy laws and polices.
US-VISIT capability is planned to be implemented in four increments.
Increment 1 began operating on January 5, 2004, at major air and sea ports
of entry (POEs).
1 This goal has been added since the last expenditure plan.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The US-VISIT program involves the interdependent application of people,
processes, technology, and facilities.
Note: GAO analysis based on DHS data.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The Department of Homeland Security Appropriations Act, 2004,1 prohibits
DHS from obligating any funds appropriated in the act for the US-VISIT
program until it submits a plan for expenditure that satisfies the
following legislative conditions.
o Meets the capital planning and investment control review requirements
established by the Office of Management and Budget (OMB), including OMB
Circular A-11, part 3.2
o Complies with DHS's enterprise architecture.
o Complies with the acquisition rules, requirements, guidelines, and
systems acquisition management practices of the federal government.
o Is reviewed and approved by DHS and OMB.
o Is reviewed by GAO.
1 Pub. L. 108-90 (Oct. 1, 2003).
2 OMB Circular A-11 establishes policy for planning, budgeting,
acquisition, and management of federal capital assets.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
In the Department of Homeland Security Appropriations Act, 2004, the
Congress appropriated $330 million in fiscal year 2004 funds for the
US-VISIT program.1
DHS submitted its fiscal year 2004 expenditure plan for $330 million on
January 27, 2004, to the House and Senate Appropriations Subcommittees on
Homeland Security.
1 Pub. L. 108-90 (Oct. 1, 2003).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
As agreed, our objectives were to
1. determine whether the US-VISIT fiscal year 2004 expenditure plan
satisfies the legislative conditions,
2. determine the status of our US-VISIT open recommendations, and
3. provide any other observations about the expenditure plan and DHS's
management of US-VISIT.
We conducted our work at DHS's headquarters in Washington, D.C., and at
its Atlanta Field Operations Office (Atlanta's William B. Hartsfield
International Airport) from October 2003 through February 2004 in
accordance with generally accepted government auditing standards. Details
of our scope and methodology are given in attachment 1.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Summary of Observations
Increment 1
Commitments were largely met; the system is deployed and operating.
Testing was not managed effectively; if continued, the current approach to
testing would increase risks.
o The system acceptance test (SAT) plan was developed largely during and
after test execution.
o The SAT plan available during testing was not complete.
o SAT was not completed before the system became operational. Future
increments Key program issues exist that increase risks if not resolved.
o Independent verification and validation (IV&V) contractor's roles may
be conflicting.
o Program-level change control board has not been established.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
o Expenditure plan does not disclose management reserve funding.
o Land POE workforce and facility needs are uncertain.
To assist DHS in managing US-VISIT, we are making eight recommendations to
the Secretary of DHS.
In their comments on a draft of this briefing, US-VISIT program officials
stated that they generally agreed with the briefing and that it was fair
and balanced.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The US-VISIT program is a governmentwide endeavor intended to enhance
national security, facilitate legitimate trade and travel, contribute to
the integrity of the U.S. immigration system, and adhere to U.S. privacy
laws and policies by
o collecting, maintaining, and sharing information on certain foreign
nationals who enter and exit the United States;
o identifying foreign nationals who (1) have overstayed or violated the
terms of their visit; (2) can receive, extend, or adjust their immigration
status; or (3) should be apprehended or detained by law enforcement
officials;
o detecting fraudulent travel documents, verifying traveler identity, and
determining traveler admissibility through the use of biometrics; and
o facilitating information sharing and coordination within the border
management community.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Within DHS, organizational responsibility for the US-VISIT program lies
with the Border and Transportation Security Directorate.
In July 2003, DHS established a US-VISIT program office with
responsibility for managing the acquisition, deployment, operation, and
sustainment of the US-VISIT system and supporting people (e.g.,
inspectors), processes (e.g., entry exit policies and procedures), and
facilities (e.g., inspection booths).
For the initial increments, DHS is using existing system contractors and
additional program support contractors.
The following graphic shows the organizational placement for the US-VISIT
program.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Organizational Placement of US-VISIT Program (Partial DHS Organization
Chart)
Note: GAO analysis based on DHS data.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Acquisition Strategy
DHS plans to deliver US-VISIT capability incrementally. Currently, DHS has
defined four increments, with Increments 1 through 3 being interim, or
temporary, solutions, and Increment 4 being the yet-to-be-defined end
vision for US-VISIT. Increments 1 through 3 include the interfacing and
enhancement of existing system capabilities and the deployment of these
capabilities to air, sea, and land POEs.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Background
Increment 1 Status
Increment 1 includes the electronic collection and matching of biographic
and biometric information at all major air and some sea POEs for selected
foreign travelers with visas.1
Increment 1 entry capability was deployed to 115 airports and 14 seaports
on January 5, 2004. Increment 1 exit capability was deployed as a pilot to
two POEs on January 5, 2004.2 According to the Program Director, US-VISIT
is developing other exit alternatives and criteria for evaluating and
selecting the alternatives. According to the Director, US-VISIT expects to
select one or more of the alternatives by December 31, 2004.
1 Classes of travelers that are not subject to US-VISIT are foreign
nationals admitted on A-1, A-2, C-3 (except for attendants, servants, or
personal employees of accredited officials), G-1, G-2, G-3, G-4, NATO-1,
NATO-2, NATO-3, NATO-4, NATO-5, or NATO-6 visas, unless the Secretary of
State and the Secretary of Homeland Security jointly determine that a
class of such aliens should be subject to the rule; children under the age
of 14; and persons over the age of 79.
2 The Miami Royal Caribbean seaport and the Baltimore/Washington
International Airport.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Background
Increment 1
o included the development of policies, procedures, and associated
training for implementing US-VISIT at the air and sea POEs;
o included outreach efforts, such as brochures, demonstration videos, and
signage at air and sea POEs;
o did not include additional inspector staff at air and sea POEs; and
o did not include the acquisition of additional entry facilities. For
exit, DHS is in the process of assessing facilities space and installing
conduit, electrical supply, and signage.
Increment 2 Plans
Increment 2 is divided into two Increments-2A and 2B.
o Increment 2A is to include at all POEs the capability to process
machinereadable visas and other travel and entry documents that use
biometric identifiers. This increment is to be implemented by October 26,
2004.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
o Increment 2B is to expand the Increment 1 solution for entry to
secondary inspection1 at the 50 highest volume land POEs by December 31,
2004. According to the expenditure plan, 2B is also to include the
capability to read radio frequency (RF)2 enabled documents at the 50
busiest land POEs for both entry and exit processes.
o According to the US-VISIT Deputy Director:
o Each of the 745 entry and exit traffic lanes at these 50 land POEs is
to have the infrastructure, such as underground conduit, necessary to
install the RF technology.
1 Secondary inspection is used for more detailed inspections that may
include checking more databases, conducting more intensive interviews of
the individual, or both.
2 RF technology would require proximity cards and card readers. RF readers
read the information contained on the card when the card is passed near
the reader, and could be used to verify the identity of the card holder.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
o RF technology is to be installed and operating at an undetermined
number of lanes to collect biographic information. The US-VISIT program
plans to install the technology, at a minimum, to one entry and one exit
lane for each of the 50 land POEs. Collecting the biographic information
for exit would require that some form of RF-enabled documentation be
provided to the foreign national upon entry into the country.
o For exit lanes without RF, US-VISIT will continue to rely upon the
collection of manually completed I-94 forms1 from exiting travelers.
Increment 3 Plans
Increment 3 is to expand Increment 2B system capability to the remaining
115 land POEs. It is to be implemented by December 31, 2005.
1 I-94 forms have been used for years to track foreign nationals' arrivals
and departures. Each form is divided into two parts: an entry portion and
an exit portion. Each form contains a unique number printed on both
portions of the form for the purposes of subsequent recording and matching
the arrival and departure records on nonimmigrants.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Background
Acquisition Strategy
Increment 4 Plans
Increment 4 is the yet-to-be-defined end vision of US-VISIT program
capability, which will likely consist of a series of releases.
DHS plans to award a single, indefinite-delivery/indefinite-quantity1
contract to a prime contractor capable of integrating existing and new
business processes and technologies. DHS issued a request for proposal
(RFP) for the prime contractor in November 2003, as planned. DHS plans to
award a contract by the end of May 2004. According to the RFP, the prime
contractor's scope of work is to include, but is not limited to,
Increments 2B, 3, and 4.
According to the expenditure plan, the prime contractor will support the
integration and consolidation of processes, functionality, and data, and
will develop a strategy to build on the technology and capabilities
already available to fully support the US-VISIT vision. Meanwhile, the
US-VISIT program will continue deploying the interim solution as planned
and use the prime contractor to assist in the planning and deployment of
the system, as appropriate.
1 An indefinite-delivery/indefinite-quantity contract provides for an
indefinite quantity, within stated limits, of supplies or services during
a fixed period of time. The government schedules deliveries or performance
by placing orders with the contractor.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
For facilities, DHS is working with the General Services Administration to
install the infrastructure, such as underground conduit, to support the RF
technology at primary vehicle inspection lanes. US-VISIT is installing the
infrastructure for the collection of biometric and biographical
information in secondary inspection areas.
For human capital, DHS does not plan to acquire any additional inspection
staff for Increment 2.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Background
Component Systems
US-VISIT (Increments 1 through 4) will potentially include the interfacing
of over 16 existing systems. Examples of systems included in Increment 1
are
o Arrival Departure Information System (ADIS), a database that stores
traveler arrival and departure data received from air and sea carrier
manifests and that provides query and reporting functions;
o Advance Passenger Information System (APIS), a system that captures
arrival and departure manifest information provided by air and sea
carriers;
o Interagency Border Inspection System (IBIS), a system that maintains
lookout (i.e., watchlist) data,1 interfaces with other agencies'
databases, and is currently used by inspectors at POEs to verify traveler
information and modify data;
1 IBIS lookout sources include: DHS's Customs and Border Protection and
Immigration and Customs Enforcement; the Federal Bureau of Investigation;
legacy Immigration and Naturalization Service and Customs information; the
U.S. Secret Service; the U.S. Coast Guard; the Internal Revenue Service;
the Drug Enforcement Agency; the Bureau of Alcohol, Tobacco & Firearms;
the U.S. Marshals Service; the U.S. Office of Foreign Asset Control; the
National Guard; the Treasury Inspector General; the U.S. Department of
Agriculture; the Department of Defense Inspector General; the Royal
Canadian Mounted Police; the U.S. State Department; Interpol; the Food and
Drug Administration; the Financial Crimes Enforcement Network; the Bureau
of Engraving and Printing; and the Department of Justice Office of Special
Investigations. This footnote has been modified to include additional
information obtained since the briefing's delivery to the Committees.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Background
o Automated Biometric Identification System (IDENT), a system that
collects and stores biometric data about foreign visitors;1
o Student Exchange Visitor Information System (SEVIS), a system that
contains information on foreign students;
o Computer Linked Application Information Management System (CLAIMS 3), a
system that contains information on foreign nationals who request
benefits, such as change of status or extension of stay; and
o Consular Consolidated Database (CCD), a system that includes
information on whether a visa applicant has previously applied for a visa
or currently has a valid U.S. visa.
1 Includes data such as: Federal Bureau of Investigation information on
all known and suspected terrorists, selected wanted persons (foreign-born,
unknown place of birth, previously arrested by DHS), and previous criminal
histories for high-risk countries; DHS Immigration and Customs Enforcement
information on deported felons and sexual registrants; DHS information on
previous criminal histories and previous IDENT enrollments. Information
from the bureau includes fingerprints from the Integrated Automated
Fingerprint Identification System. This footnote has been modified to
include additional information obtained since the briefing's delivery to
the Committees.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Background
Increment 1 Process
According to DHS, Increment 1 includes the following four processes and
capabilities:
Pre-Entry Process:
Pre-entry processing begins with initial petitions for visas, grants of
visa status, or the issuance of travel documentation. When the Department
of State issues the travel documentation, biographic (and in some cases
biometric) data are collected and made available to border management
agencies. The biometric data are transmitted from State to DHS, where the
prints are run against the US-VISIT biometric database to verify identity
and to check the biometric watchlist. The results of the biometric check
are transmitted back to State.
Commercial air and sea carriers are required by law to transmit crew and
passenger manifests before arriving in the United States. These manifests
are transmitted through APIS. The APIS lists are run against the
biographic lookout system and identify those arrivals who have biometric
data available.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
In addition, POEs review the APIS list for a variety of factors that would
target certain arriving crew and passengers for additional processing.
Entry Process:
When the foreign national arrives at a primary POE inspection booth, the
inspector, using a document reader, scans the machine-readable travel
documents. IBIS/APIS returns any existing records on the foreign national,
including manifest data matches and biographic lookout hits. When a match
is found in the manifest data, the foreign national's name is highlighted
and outlined on the manifest data portion of the screen.
Biographic information, such as name and date of birth, is displayed on
the bottom half of the screen, as well as the photograph from State's CCD.
IBIS also returns information about whether there are, within IDENT,
existing fingerprints for the foreign national.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The inspector switches to the IDENT screen and scans the foreign
national's fingerprints (left and right index fingers) and photograph. The
system accepts the best fingerprints available within the 5-second
scanning period. This information is forwarded to the IDENT database,
where it is checked against stored fingerprints in the IDENT lookout
database. If no prints are currently in the IDENT database, the foreign
national is enrolled in US-VISIT (i.e., biographic and biometric data are
entered). If the foreign national's fingerprints are already in IDENT, the
system performs a 1:1 match (a comparison of the fingerprint taken during
the primary inspection to the one on file) to confirm that the person
submitting the fingerprints is the person on file. If the system finds a
mismatch of fingerprints or a watchlist hit, the foreign national is sent
to secondary inspection for further screening or processing.
While the system is checking the fingerprints, the inspector questions the
foreign national about the purpose of his or her travel and length of
stay. The inspector adds the class of admission and duration of stay
information into the IBIS system, and stamps the "admit until" date on the
I-94 form.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
If the foreign national is ultimately determined to be inadmissible, the
person is detained, the appropriate lookouts are posted in the databases,
and appropriate actions are taken.
Two hours after a flight lands and all passengers have been processed,
IBIS sends the records showing the class of admission and the admit until
date that had been modified by the inspector to ADIS.
Status Management Process:
The status management process manages the foreign national's temporary
presence in the United States, including the adjudication of benefits
applications and investigations into possible violations of immigration
regulations. ADIS matches entry and exit manifest data to ensure that each
record showing a foreign national entering the United States is matched
with a record showing the foreign national exiting the United States. ADIS
receives status information from CLAIMS 3 and SEVIS on foreign nationals.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Background
Exit Process:
The exit process includes the carriers' submission of electronic manifest
data to IBIS/APIS. This biographic information is passed to ADIS, where it
is matched against entry information. At the two POEs where the exit pilot
is being conducted, foreign nationals use a self-serve kiosk where they
are prompted to scan their travel documentation and provide their
fingerprints (right and left index fingers). On a daily basis, the
information collected on departed passengers is downloaded to a CD-ROM.1
The CD is then express mailed to a DHS contractor facility to be uploaded
into IDENT, where a 1:1 match is performed (i.e., the fingerprint captured
during entry is compared with the fingerprint captured at exit). ADIS
provides the ability to run queries on foreign nationals who have entry
information but no corresponding exit information.
The following graphic shows Increment 1, as deployed on January 5, 2004.2
1 A CD-ROM is a digital storage device that is capable of being read, but
not overwritten. 2 CLAIMS 3's interface with ADIS was deployed and
implemented on February 11, 2004.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Simplified Diagram of US-VISIT Increment 1 System Components and Process
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
GAO's Review of Fiscal Year 2003 Expenditure Plan
In our report on the fiscal year 2003 expenditure plan,1 we reported on 10
risk factors associated with the US-VISIT program, and we made
recommendations, as appropriate, to address them.
o Mission is critical.
o Scope is large and complex.
o Milestones are challenging.
o Potential cost is significant.
o Existing systems have known problems.
o Governance structure is not established.
o Program management capability is not implemented.
1 U.S. General Accounting Office, Homeland Security: Risks Facing Key
Border and Transportation Security Program Need to Be Addressed,
GAO-03-1083 (Washington, D.C.: Sept. 19, 2003).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Background
o Operational context is unsettled.
o Near-term facilities solutions pose challenges.
o Mission value of first increment is currently unknown.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
GAO's Review of Fiscal Year 2002 Expenditure Plan
In our report on the fiscal year 2002 expenditure plan,1 we reported that
o INS intended to acquire and deploy a system with functional and
performance capabilities consistent with the general scope of capabilities
under various laws;
o the plan did not provide sufficient information to allow Congress to
oversee the program;
o INS had not developed a security plan and privacy impact assessment;
and
o INS had not implemented acquisition management controls in the area of
acquisition planning, solicitation, requirements development and
management, project management, contract tracking and oversight, and
evaluation consistent with SEI guidance.
We made recommendations to address these areas.
1 U.S. General Accounting Office, Information Technology: Homeland
Security Needs to Improve Entry Exit System Expenditure Planning,
GAO-03-563 (Washington, D.C.: June 9, 2003).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Description of How Funds Are to Be Used
Increment 1-Air and Sea: This expenditure area includes costs to develop,
field test, and initiate deployment of an initial exit solution (e.g.,
self-service kiosks), while evaluating additional alternative approaches,
such as hand-held devices.
Increment 2A-Air, Sea, and Land: This area includes costs to deploy the
capability to all POEs to read biometrically enabled travel documents at
secondary inspection facilities.
Increment 2B-Land: This area includes costs required for the development
of land infrastructure upgrades, system development and testing, and RF
technology to the 50 busiest land POEs.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Increment 3-Land: This expenditure area includes costs to begin technical
infrastructure planning and development for the remaining 115 land POEs.
Program Management: This area includes costs incurred to maintain the
program management structure and baseline operations.
Operations and Maintenance: This area includes operations and maintenance
of existing information systems. After deployment, this cost is to be
transferred to the organizations that are responsible for the individual
systems. This transfer of costs is expected by fiscal year 2006.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The US-VISIT expenditure plan satisfies or partially satisfies each of the
legislative conditions.
Condition 1. The plan, including related program documentation and program
officials' statements, partially satisfies the capital planning and
investment control review requirements established by OMB, including OMB
Circular A-11, part 7, which establishes policy for planning, budgeting,
acquisition, and management of federal capital assets.
The table that follows provides examples of the results of our analysis.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Condition 2. The plan, including related program documentation and program
officials' statements, satisfies this condition by providing for
compliance with DHS's enterprise architecture.
DHS released version 1 of the architecture in October 2003.1 It plans to
issue version 2 in September 2004.
According to the DHS Chief Information Officer (CIO), DHS is developing a
process to align its systems modernization efforts, such as US-VISIT, to
its enterprise architecture. Alignment of US-VISIT to the enterprise
architecture has not yet been addressed, but DHS CIO and US-VISIT
officials stated that they plan to do so.
1 Department of Homeland Security Enterprise Architecture Compendium
Version 1.0 and Transitional Strategy.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Condition 3. The plan, including related program documentation and program
officials' statements, satisfies the condition that it comply with the
acquisition rules, requirements, guidelines, and systems acquisition
management practices of the federal government. These criteria provide a
management framework based on the use of rigorous and disciplined
processes for planning, managing, and controlling the acquisition of IT
resources, including acquisition planning, solicitation, requirements
development and management, project management, contract tracking and
oversight, and evaluation.
The table that follows provides examples of the results of our analysis.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Examples of process Results of our analysis
Acquisition planning. The US-VISIT program has developed and documented an
acquisition strategy and Ensures that reasonable plan for a prime
contractor to perform activities for modernizing US-VISIT business
preparation for the processes and systems, calling for, among other
things, these activities to meet all acquisition is conducted, relevant
legislative requirements. Activities identified include U.S. border
managementincluding, among other related work and support; other
DHS-related strategic planning, and any associated things, developing an
systems development and integration, business process reengineering,
organizational acquisition strategy and change management, information
technology support, and program management work plan, estimating life
cycle and support; and other business, technical, and management
capabilities to meet the cost and schedule, and legislative mandates,
operational needs, and government business requirements.
defining roles and The strategy defines a set of acquisition objectives,
identifies key roles and responsibilities. responsibilities, sets general
evaluation criteria, and establishes a high-level acquisition schedule.
The plan describes initial tasking, identifies existing systems with which
to interoperate/interface, defines a set of high-level risks, and lists
applicable legislation.
Solicitation. Prepares a The RFP for the prime contractor acquisition was
issued on November 28, 2003. A
solicitation package that selecting official has been assigned
responsibility, and a team, including contract
identifies the needs of a specialists, has been formed and has received
training related to this acquisition. A set
particular acquisition and of high-level evaluation factors have been
defined for selecting the prime integrator,
selects a supplier who can and the team plans to define more detailed
criteria.
best satisfy the require
ments of the contract.
Source: GAO.
Note: GAO analysis based on DHS data.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Condition 4 met. The plan, including related program documentation and
program officials' statements, satisfies the requirement that it be
reviewed and approved by DHS and OMB.
DHS and OMB reviewed and approved the US-VISIT fiscal year 2004
expenditure plan. Specifically, the DHS IRB1 approved the plan on December
17, 2003, and OMB approved the plan on January 27, 2004.
1 The IRB is the executive review board that provides acquisition
oversight of DHS level 1 investments and conducts portfolio management.
Level 1 investment criteria are contract costs exceeding $50 million;
importance to DHS strategic and performance plans; high development,
operating, or maintenance costs; high risk; high return; significant
resource administration; and life cycle costs exceeding $200 million.
According to the DHS CIO, US-VISIT is a level 1 investment.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Condition 5 met. The plan satisfies the requirement that it be reviewed by
GAO. Our review was completed on March 2, 2004.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 1: Develop a system security plan and privacy impact
assessment.
Status: Partially complete
Security Plan. DHS does not have a security plan for US-VISIT. Although
program officials provided us with a draft document entitled Security &
Privacy: Requirements & Guidelines Version 1.0,1 this document does not
include information consistent with relevant guidance for a security plan.
The OMB and the National Institute of Standards and Technology have issued
security planning guidance.2 In general, this guidance requires the
development of
system security plans that (1) provide an overview of the system security
requirements, (2) include a description of the controls in place or
planned for
meeting the security requirements, (3) delineate roles and
responsibilities of all
individuals who access the system, (4) discuss a risk assessment
methodology,
and (5) address security awareness and training.
1Security & Privacy: Requirements & Guidelines Version 1.0 Working Draft,
US-VISIT Program (May 15, 2003).
2 Office Management and Budget Circular Number A-130, Revised (Transmittal
Memorandum No. 4), Appendix III, "Security of Federal Automated
Information Resources" (Nov. 28, 2000) and National Institute of Standards
and Technology, Guide for Developing Security Plans for Information
Systems, NIST Special Publication 800-18 (December 1998).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The draft document identifies security requirements for the US-VISIT
program and addresses the need for training and awareness. However, the
document does not include (1) specific controls for meeting the security
requirements, (2) a risk assessment methodology, and (3) roles and
responsibilities of individuals with system access. Moreover, with the
exception of the US-VISIT security requirements, much of the document
discusses guidelines for developing a security plan, rather than specific
contents of US-VISIT security plan.
Despite the absence of a security plan, the US-VISIT CIO accredited
Increment 1 based upon updated security certifications1 for each of
Increment 1's component systems (e.g., ADIS, IDENT, and IBIS) and a review
of the documentation, including component security plans, associated with
these updates. According to the security evaluation report (SER), the
risks associated with each component system were evaluated, component
system vulnerabilities were identified, and component system
certifications were granted.
1Certification is the evaluation of the extent to which a system meets a
set of security requirements. Accreditation is the authorization and
approval granted to a system to process sensitive data in an operational
environment; this is made on the basis of a compliance certification by
designated technical personnel of the extent to which design and
implementation of the system meet defined technical requirements for
achieving data security.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Based on the SER, the US-VISIT security officer certified Increment 1, and
Increment 1 was accredited and granted an interim authority to operate for
6 months. This authority will expire on June 18, 2004.
Additionally, this authority would not extend to a modified version of
Increment 1. For example, the SER states that US-VISIT exit functionality
was not part of the Increment 1 certification and accreditation, and that
it was to be certified and accredited separately from Increment 1. The SER
also notes that the Increment 1 certification will require updating upon
the completion of security documentation for the exit functionality.
Privacy Impact Assessment. The US-VISIT program has conducted a privacy
impact assessment for Increment 1. According to OMB guidance,1 the depth
and content of such an assessment should be appropriate for the nature of
the information to be collected and the size and complexity of the system
involved.
1OMB Guidance for Implementing the Privacy Provisions of the E-Government
Act of 2002, OMB M-03-22 (Sept. 26, 2003).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The assessment should also, among other things, (1) identify appropriate
measures for mitigating identified risks, (2) discuss the rationale for
the final design or business process choice, (3) discuss alternatives to
the designed information collection and handling, and (4) address whether
privacy is provided for in system development documentation.
The OMB guidance also notes that an assessment may need to be updated
before deploying a system in order to, among other things, address choices
made in designing the system or in information collection and handling.
The Increment 1 assessment satisfies some, but not all, of the above four
OMB guidance areas. Specifically, it identifies Increment 1 privacy risks,
discusses mitigation strategies for each risk, and briefly discusses the
rationale for design choices. However, the assessment does not discuss
alternatives to the designed methods of information collection and
handling. Additionally, the Increment 1 systems documentation does not
address privacy issues.
According to the Program Director, the assessment will be updated for
future increments.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 2: Develop and implement a plan for satisfying key
acquisition management controls, including acquisition planning,
solicitation, requirements development and management, project management,
contract tracking and oversight, evaluation, and transition to support,
and implement the controls in accordance with SEI guidance.
Status: Planned
According to the US-VISIT Program Director, the program office has
established a goal of achieving SEI Software Acquisition Capability
Maturity Model (SA-CMM(R)) level 2, and the office's Acquisition and
Program Management Lead has responsibility for achieving this status. To
facilitate attaining this goal, the Acquisition and Program Management
Lead's organization includes functions consistent with the management
controls defined by the SA-CMM(R), such as acquisition planning and
requirements development and management.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
According to the Acquisition and Program Management Lead, an approach for
achieving level 2 will be defined as part of a strategy that has yet to be
developed. However, the lead could not provide a date for when the
strategy would be developed. The expenditure plan indicates that the
US-VISIT program office will solicit SEI's participation in achieving
level 2.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 3: Ensure that future expenditure plans are provided
to the Department's House and Senate Appropriations Subcommittees on
Homeland Security in advance of US-VISIT funds being obligated.
Status: Complete
The Congress appropriated $330 million in fiscal year 2004 funds for the
US-VISIT program.1
On January 27, 2004, DHS provided its fiscal year 2004 expenditure plan to
the Senate and House Appropriations Subcommittees on Homeland Security.
On January 26, 2004, DHS submitted to the Senate and House Appropriations
Subcommittees on Homeland Security a request for the release of $25
million from the fiscal year 2004 appropriations.
1 Department of Homeland Security Appropriations Act, 2004, Pub. L. 108-90
(Oct. 1, 2003).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 4: Ensure that future expenditure plans fully disclose
US-VISIT system capabilities, schedule, cost, and benefits to be
delivered.
Status: Partially complete
Capabilities
The expenditure plan identifies high-level capabilities, such as
o record arrival of foreign nationals,
o identify foreign nationals who have stayed beyond the authorized
period, and
o use biometrics to verify identity of foreign nationals. The plan does
not associate these capabilities with specific increments. Schedule The
plan identifies a high-level schedule for implementing the system. For
example, Increment 2A is to be implemented by October 26, 2004; Increment
2B by December 31, 2004; and Increment 3 by December 31, 2005.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Objective 2 Results
Costs
The plan identifies total fiscal year 2004 costs by each increment. For
example, DHS plans to obligate $73 million in fiscal year 2004 funds for
Increment 2A. However, the plan does not break out how the $73 million
will be used to support Increment 2A, beyond indicating that the funds
will be used to read biometric information in travel documents, including
fingerprints and photos, at all ports of entry. Also, the plan does not
identify any nongovernment costs.
Benefits
The plan identifies seven general benefits and planned performance metrics
for measuring three of the seven benefits. The plan does not associate the
benefits with increments.
The following table shows US-VISIT benefits and whether associated metrics
have been defined.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Extent to Which Planned Performance Metrics Are Defined for Each Benefit
Planned performance Benefits metric defined?
Yes No
Prevention of entry of high-threat or inadmissible individuals through
improved Xand/or advanced access to data before the foreign national's
arrival
Improved enforcement of immigration laws through improved data accuracy
Xand completeness
Reduction in foreign nationals remaining in the country under unauthorized
Xcircumstances
Improved facilitation of legitimate travel and commerce through improved
Xtimeliness and accuracy of determination of traveler status
Reduced threat of terrorist attack and illegal immigration through
improved Xidentification of national security threats and inadmissible
individuals
Improved accuracy and timeliness of the determination of foreign national
Xadmissibility
Improved cooperation across federal, state, and local agencies through
Ximproved access to foreign national data
Source: GAO.
Note: GAO analysis based on DHS data.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 5: Establish and charter an executive body composed of
senior-level representatives from DHS and each stakeholder organization to
guide and direct the US-VISIT program.
Status: Complete
DHS has established a three-entity governance structure. The entities are
(1) the Homeland Security Council (HSC), (2) the DHS Investment Review
Board (IRB), and (3) the US-VISIT Federal Stakeholders Advisory Board.
o The HSC is tasked with ensuring the coordination of all homeland
securityrelated activities among executive departments and agencies and is
composed of senior-level executives from across the federal government.
According to the expenditure plan, the HSC helps to set policy boundaries
for the US-VISIT program.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Objective 2 Results
o According to DHS's investment management guidance,1 the IRB is the
executive review board that provides acquisition oversight of DHS level 1
investments2 and conducts portfolio management. The primary function of
the IRB is to review level 1 investments for formal entry into the budget
process and at key decision points. The plan states that the IRB is to
monitor the US-VISIT program's achievement of cost, schedule, and
performance goals.
1DHS Management Directive 1400, Investment Review Process (undated).
2 Level 1 investment criteria are contract costs exceeding $50 million;
importance to DHS strategic and performance plans; high development,
operating, or maintenance costs; high risk; high return; significant
resource administration; and life cycle costs exceeding $200 million.
According to the DHS CIO, US-VISIT is a level 1 investment.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Objective 2 Results
o According to its charter, the Advisory Board provides recommendations
for overseeing US-VISIT management and performance activities, including
o providing advice on the overarching US-VISIT vision;
o recommending the overall US-VISIT strategy and its responsiveness to
all operational missions, both within DHS and with its participating
government agencies;
o recommending changes to the US-VISIT vision and strategic direction;
o providing a communication link for aligning strategic direction,
priorities, and resources with stakeholder operations;
o reviewing and assessing US-VISIT programwide institutional processes to
ensure that business, fiscal, and technical priorities are integrated and
carried out in accordance with established priorities; and
o reviewing and recommending new US-VISIT program initiatives, including
the scope, funding, and programmatic resources required.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The Advisory Board is chaired by the Under Secretary for Border and
Transportation Security and held its first meeting on January 26, 2004.
The board is composed of representatives from key US-VISIT stakeholder
organizations, including the following members:
o Chief Information Officer, Chief Financial Officer, Chief Privacy
Officer, DHS
o Chief Information Officer, U.S. Department of Justice
o Office of International Affairs, DHS
o Assistant Secretary for Transportation Policy, U.S. Department of
Transportation
o Assistant Commandant Marine Safety, Security and Environmental
Protection, U.S. Coast Guard
o Assistant Secretary for Policy and Planning, Border and Transportation
Security Directorate
o Assistant Secretary, Science and Technology Directorate, DHS
o Administrator, Transportation Security Administration
o Assistant Director, Investigations, Immigrations and Customs
Enforcement
o Director, Office of International Enforcement, Border and
Transportation Security Directorate
o Deputy Assistant Secretary, Service Industries, Tourism and Finance,
U.S. Department of Commerce
o Deputy Assistant Secretary, Passport Services, U.S. Department of State
o Associate Director of Operations, Citizenship and Immigration Services1
o Advisory Board Counsel
1 Title changed to reflect agency comments.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 6: Ensure that human capital and financial resources
are provided to establish a fully functional and effective program office.
Status: In progress
DHS established the US-VISIT program office in July 2003 and determined
the office's staffing needs to be 115 government and 117 contractor
personnel.
As of February 2004, DHS had filled all the program office's 12 key
management and 29 other positions, leaving 74 positions to be filled. All
filled positions are currently staffed by detailees from other
organizational units within DHS, such as Immigration and Customs
Enforcement.
The graphic on the next page shows the US-VISIT program office
organization structure and functions, the number of positions needed by
each office, and the number of positions filled by detailees.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Positions
Note: GAO analysis based on DHS data.
1A geographic information system (GIS) is a system of computer software,
hardware, and data used to manipulate, analyze, and graphically present a
potentially wide array of information associated with geographic
locations.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
In addition to the 115 government staff anticipated, the program
anticipated 117 contractor support staff. As of February 2004, program
officials told us they had filled 97.5 of these 117.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 7: Clarify the operational context in which US-VISIT
is to operate.
Status: In progress
DHS is in the process of defining the operational context in which
US-VISIT is to operate. In October 2003, DHS released version 1 of its
enterprise architecture, and it plans to issue version 2 in September
2004.1 We are currently reviewing DHS's latest version of its architecture
at the request of the House Committee on Government Reform's Subcommittee
on Technology, Information Policy, Intergovernmental Relations, and the
Census.
1 Department of Homeland Security Enterprise Architecture Compendium
Version 1.0 and Transitional Strategy.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 8: Determine whether proposed US-VISIT increments will
produce mission value commensurate with cost and risks.
Status: Planned
The expenditure plan identifies high-level benefits to be provided by the
US-VISIT program, such as the ability to prevent the entry of high-threat
or inadmissible individuals through improved and/or advanced access to
data before the foreign national's arrival. However, the plan does not
associate these benefits with specific increments. Further, the plan does
not identify the total estimated cost of Increment
2. Instead, the plan identifies only fiscal year 2004 funds to be
obligated for Increments 2A and 2B, which are $73 million and $81 million,
respectively. In addition, the plan does not include any nongovernmental
costs associated with US-VISIT. The RFP indicates that the total solution
for Increment 2 has not been determined and will not be finalized until
the prime contractor is on board. Until that time, DHS is not in a
position to determine the total cost of Increments 2A and 2B, and thus
whether they will produce mission value commensurate with costs.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
According to program officials, they have developed a life cycle cost
estimate and cost-benefit analysis that are currently being reviewed and
are to be completed in March 2004. According to these officials, the
cost-benefit analysis will be for Increment 2B.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 9: Define US-VISIT program office positions, roles,
and responsibilities.
Status: In progress
The US-VISIT program is working with the Office of Personnel Management
(OPM) through an interagency agreement to, among other things, assist the
program office in defining its position descriptions (including position
roles and responsibilities), issuing vacancy announcements, and recruiting
persons to fill the positions.
The US-VISIT program is also working with OPM to define the competencies
that are to be used in defining the position descriptions. As of February
2004, the program office reported that it has partially completed defining
the competencies for its 12 offices and has partially competed position
descriptions for 4 of the 12 offices.
The following slide shows the competencies defined and position
descriptions written.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Program Office Written Position Descriptions and Core Competencies
Developed
Note: GAO analysis based on DHS data.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 10: Develop and implement a human capital strategy for
the US-VISIT program office that provides for staffing positions with
individuals who have the appropriate knowledge, skills, and abilities.
Status: Planned
The US-VISIT program office has not yet defined a human capital strategy,
although program officials stated that they plan to develop one in concert
with the department's ongoing workforce planning. As part of its effort,
DHS is drafting a departmental workforce plan that, according to agency
officials, will likely be completed during fiscal year 2004.
According to the Program Director, the Director of Administration and
Management is responsible for developing the program's strategic human
capital plan. However, descriptions of the Administration and Management
office functions, including those provided by the program office and those
in the expenditure plan, do not include strategic human capital planning.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 11: Develop a risk management plan and report all high
risks and their status to the executive body on a regular basis.
Status: Partially complete
The program office has developed a draft risk management plan, dated June
2003. The draft defines plans to develop, implement, and institutionalize
a risk management program. The program's primary function is to identify
and mitigate US-VISIT risks.
The expenditure plan states that the program office is currently defining
risk management processes. In the interim, the program office is creating
a risk management team to assist the program office in proactively
identifying and managing risks while formal processes and procedures are
being developed.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The expenditure plan also states that the US-VISIT program office
currently maintains a risk and issue tracking database and conducts weekly
risk and schedule meetings. Within the risk database, each risk is
assigned a risk impact rating and an owner. The database also gives the
date when the risk is considered closed. In addition, the US-VISIT program
office has staff dedicated to tracking these items and meeting weekly with
the various integrated project teams to mitigate potential risks.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Open Recommendation 12: Define performance standards for each US-VISIT
increment that are measurable and reflect the limitations imposed by
relying on existing systems.
Status: In progress
US-VISIT has defined limited, measurable performance standards. For
example:
o System availability1-the system shall be available 99.5 percent of the
time.
o Data currency-(1) US-VISIT Increment 1 Doc Key2 data shall be made
available to any interfacing US-VISIT system within 24 hours of the event
(enrollment, biometric encounter, departure, inspector modified data); (2)
IBIS/APIS arrival manifests, departure manifests, and inspector-modified
data shall be made available to ADIS within 24 hours of each stated event;
and (3) IDENT shall reconcile a biometric encounter within 24 hours of the
event.
1 System availability is defined as the time the system is operating
satisfactorily, expressed as a percentage of time that the system is
required to be operational.
2 DocKey includes such information as biographical data and the
fingerprint identification number, and is used to track a foreign
national's identity as the information is shared between systems.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
However, not all performance standards are being defined in a way that
reflects the performance limitations of existing systems.
In particular, US-VISIT documentation states that the system performance
standard for Increment 1 is 99.5 percent. However, Increment 1
availability is the product of its component system availabilities. Given
that US-VISIT system documentation also states that the system
availability performance standard for IDENT and ADIS is 99.5 percent,
Increment 1 system availability would have to be something less than 99.5
percent (99.5 x 99.5 x other component systems' availability).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Observation 1: Increment 1 commitments were largely met; the system is
deployed and operating.
According to DHS, Increment 1 was to deliver an initial operating
capability to all air and sea POEs by December 31, 2003, that included
o recording the arrival and departure of foreign nationals using
passenger and crew manifest data,
o verifying foreign nationals' identity upon entry into the United States
through the use of biometrics and checks against watchlists at air POEs
and 13 of 42 sea POEs,
o interfacing with seven existing systems that contain data about foreign
nationals,
o identifying foreign nationals who have overstayed their visits or
changed their visitor status, and
o potentially including an exit capability beyond the capture of the
manifest data.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Generally, an initial operating capability was delivered to air and sea
POEs on January 5, 2004. In particular, Increment 1 entry capability
(including biographic and biometric data collection) was deployed to 115
airports and 14 seaports on January 5, 2004. Further, while the
expenditure plan states that an Increment 1 exit capability was deployed
to 80 air and 14 sea POEs on January 5, 2004, exit capability (including
biometric capture) was deployed to only one air POE (Baltimore/Washington
International Airport) and one sea POE (Miami Royal Caribbean seaport).
DHS's specific satisfaction of each commitment is described on the
following slides.
1INS Data Management Improvement Act of 2000, Pub. L. 106-215 (June 15,
2000).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Recording the arrival and departure of foreign nationals using passenger
and crew manifest data:
o Satisfied: Carriers submit electronic arrival and departure manifest
data to IBIS/APIS.
Verifying foreign nationals' identity upon entry into the United States
through the use of biometrics and checks against watchlists at air POEs
and 13 sea POEs:
o Satisfied: After carriers submit electronic manifest data to IBIS/APIS,
IBIS/APIS is queried to determine whether there is any biographic lookout
or visa information for the foreign national. Once the foreign national
arrives at a primary POE inspection booth, the inspector, using a document
reader, scans the machine-readable travel documents. IBIS/APIS returns any
existing records on the foreign national, including manifest data matches
and biographic lookout hits. When a match is found in the manifest data,
the foreign national's name is highlighted and outlined on the manifest
data portion of the screen.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
(Verifying foreign nationals' identity, cont'd)
o Biographic information, such as name and date of birth, is displayed on
the bottom half of the screen, as well as the picture from the scanned
visa. IBIS also returns information about whether there are, within IDENT,
existing fingerprints for the foreign national.
o The inspector switches to the IDENT screen and scans the foreign
national's fingerprints (left and right index fingers) and photograph. The
system accepts the best fingerprints available within the 5-second
scanning period. This information is forwarded to the IDENT database,
where it is checked against stored fingerprints in the IDENT lookout
database. If no prints are currently in the IDENT database, the foreign
national is enrolled in US-VISIT (i.e., biographic and biometric data are
entered). If the foreign national's fingerprints are already in IDENT, the
system performs a 1:1 match (a comparison of the fingerprint taken during
the primary inspection to the one on file) to confirm that the person
submitting the fingerprints is the person on file. If the system finds a
mismatch of fingerprints or a watchlist hit, the foreign national is sent
to secondary inspection for further screening or processing.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Interfacing seven existing systems that contain data about foreign
nationals:
o Largely satisfied: As of January 5, 2004, US-VISIT interfaced six of
seven existing systems. The CLAIMS 3 to ADIS interface was not operational
on January 5, 2004, but program officials told us that it was subsequently
placed into production on February 11, 2004.
Identifying foreign nationals who have overstayed their visits or changed
their visitor status:
o Largely satisfied: ADIS matches entry and exit manifest data provided
by air and sea carriers. The exit process includes the carriers'
submission of electronic manifest data to IBIS/APIS. This biographic
information is passed to ADIS, where it is matched against entry
information.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
(Verifying foreign nationals who overstay or change status, cont'd)
o US-VISIT was to rely on interfaces with CLAIMS 3 and SEVIS to obtain
information regarding changes in visitor status. However, as of January 5,
2004, the CLAIMS 3 interface was not operational; it was subsequently
placed into production on February 11, 2004. Further, although the SEVIS
to ADIS interface was implemented on January 5, 2004, after January 5,
problems surfaced, and manual workarounds had to be implemented. According
to the program officials, the problems are still being addressed.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Potentially include an exit capability beyond the capture of the manifest
data:
o Not satisfied: Biometric exit capability was not deployed to the 80
air1 and 14 sea POEs that received Increment 1 capability. Instead,
biometric exit capability was provided to two POEs for pilot testing.
Under this testing, foreign nationals use a self-serve kiosk where they
are prompted to scan their travel documentation and provide their
fingerprints (right and left index fingers). On a daily basis, the
information collected on departed passengers is downloaded to a CD-ROM.2
The CD is then express mailed to a DHS contractor facility to be uploaded
into IDENT, where a 1:1 match is performed (i.e., the fingerprint captured
during entry is compared with the one captured at exit).
o According to program officials, biometric capture for exit was deployed
at two POEs on January 5, 2004, as a pilot. According to these officials,
this exit capability was deployed to only two POEs because US-VISIT
decided to evaluate other exit alternatives.
1 Only 80 of the 115 air POEs are departure airports for international
flights. 2 A CD-ROM is a digital storage device that is capable of being
read, but not overwritten.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Observation 2: The system acceptance test (SAT) plan was developed largely
during and after test execution.
The purpose of SAT is to identify and correct system defects (i.e., unmet
system
functional, performance, and interface requirements) and thereby obtain
reasonable assurance that the system performs as specified before it is
deployed
and operationally used. To be effective, testing activities should be
planned and
implemented in a structured and disciplined fashion. Among other things,
this
includes developing effective test plans to guide the testing activities.
According to
relevant systems development guidance,1 SAT plans are to be developed
before
test execution.
However, this was not the case for Increment 1. Specifically, the US-VISIT
program
provided us with four versions of a test plan, each containing more
information than
the previous version. While the initial version was dated September 18,
2003,
which is before testing began, the three subsequent versions (all dated
November
17, 2003) were modified on November 25, 2003, December 18, 2003, and
January
16, 2004, respectively.
1 According to US-VISIT officials, in the absence of a DHS Systems
Development Life Cycle (SDLC), they followed the former Immigration and
Naturalization Service's SDLC, version 6.0, to manage US-VISIT
development.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
According to the program office, the version modified on January 16, 2004,
is the final plan. According to the SAT Test Analysis Report (dated
January 23, 2004), testing began on September 29, 2003, and was completed
on January 7, 2004, meaning that the plans governing the execution of
testing were not sufficiently developed before test execution.1
The following timeline compares test plan development and execution.
1According to an IT management program official, although the Test
Analysis Report was marked "Final," it is still being reviewed.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Timeline Comparing Test Plan Development and Test Execution
Note: GAO analysis based on DHS data.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
According to US-VISIT officials, SAT test plans were not completed before
testing began because of the compressed schedule for testing. According to
these officials, a draft test plan was developed and periodically updated
to reflect documentation provided by the component contractors.
In the absence of a complete test plan before testing began, the US-VISIT
program office unnecessarily increased the risk that the testing performed
would not adequately address Increment 1 requirements, which increased the
chances of either having to redo already executed tests or deploy a system
that would not perform as intended. In fact, postdeployment problems
surfaced with the SEVIS interface, and manual workarounds had to be
implemented. According to the program officials, the problems are still
being addressed.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Observation 3: SAT plan available during testing was not complete.
To be effective, testing activities should be planned and implemented in a
structured and disciplined fashion. Among other things, this includes
developing effective test plans to guide the testing activities. According
to relevant systems development guidance, a complete test plan (1)
specifies the test environment, including test equipment, software,
material, and necessary training; (2) describes each test to be performed,
including test controls, inputs, and expected outputs; (3) defines the
test procedures to be followed in conducting the tests; and (4) provides
traceability between test cases and the requirements to be verified by the
testing.1 This guidance also requires that the system owner concur with,
and the IT project manager approve, the test plan before SAT testing.
1 According to US-VISIT officials, in the absence of a DHS Systems
Development Life Cycle (SDLC), they followed the former Immigration and
Naturalization Service's SDLC, version 6.0, to manage US-VISIT
development.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
As previously noted, the US-VISIT program office provided us with four
versions of the SAT test plan. The first three versions of the plan were
not complete. The final plan largely satisfied the above criteria.
o The September 18, 2003, test plan included a description of the test
environment and a brief description of tests to be performed, but the
description of the tests did not include controls, inputs, and expected
outputs. Further, the plan did not include specific test procedures for
implementing the test cases and provide traceability between the test
cases and the requirements that they were designed to test.
o Similarly, the November 25, 2003, test plan included a description of
the test environment and a brief description of tests to be performed, but
the description of the tests did not include controls, inputs, and
expected outputs. Further, the plan did not include specific test
procedures for implementing the test cases or provide traceability between
the test cases and the requirements they were designed to test.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Objective 3 Results
o The December 18, 2003, test plan included a description of the test
environment and a brief description of 55 tests to be performed. The plan
also described actual test procedures and controls, inputs, and expected
outputs for 24 of the 55 test cases. The plan included traceability
between the test cases and requirements.
o The January 16, 2004, test plan included a description of the test
environment; the tests to be performed, including inputs, controls, and
expected outputs; the actual test procedures for each test case; and
traceability between the test cases and requirements.
None of the test plan versions, including the final version, indicated
concurrence by the system owner or approval by the IT project manager.
The following graphic shows the SAT plans' satisfaction of relevant
criteria.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
SAT Plans' Satisfaction of Relevant Criteria
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
According to US-VISIT officials, SAT test plans were not completed before
testing began because the compressed schedule necessitated continuously
updating the plan as documentation was provided by the component
contractors. According to an IT management official, test cases were
nevertheless available for ADIS and IDENT in these systems' regression
test plans or in a test case repository.
Without a complete test plan for Increment 1, DHS did not have adequate
assurance that the system was being fully tested, and it unnecessarily
assumed the risk that errors detected would not be addressed before the
system was deployed, and that the system would not perform as intended
when deployed. In fact, postdeployment problems surfaced with the SEVIS
interface, and manual workarounds had to be implemented. According to the
program officials, the problems are still being addressed.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Observation 4: SAT was not completed before the system became operational.
The purpose of SAT is to identify and correct system defects (i.e., unmet
system functional, performance, and interface requirements) and thereby
obtain reasonable assurance that the system performs as specified before
it is deployed and operationally used. SAT is accomplished in part by (1)
executing a predefined set of test cases, each traceable to one or more
system requirements, (2) determining if test case outcomes produce
expected results, and (3) correcting identified problems. To the extent
that test cases are not executed, the scope of system testing can be
impaired, and thus the level of assurance that the system will perform
satisfactorily is reduced.
Increment 1 began operating on January 5, 2004. However, according to the
SAT Test Analysis Report, testing was completed 2 days after Increment 1
began operating (January 7, 2004). Moreover, the Test Analysis Report
shows that important test cases were not executed. For example, none of
the test cases designed to test the CLAIMS 3 and SEVIS interfaces were
executed.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
According to agency officials, the CLAIMS 3 to ADIS interface was not
ready for acceptance testing before January 5, 2004. Accordingly,
deployment of this capability and the associated testing were deferred;
they were completed on February 11, 2004.
Similarly, the SEVIS to ADIS interface was not ready for testing before
January 5, 2004. However, this interface was implemented on January 5,
2004, without acceptance testing. According to program officials, the
program owner and technical project managers were aware of the risks
associated with this approach.
By not fully testing Increment 1 before the system became operational, the
program office assumed the risk of introducing errors into the deployed
system and potentially jeopardizing its ability to effectively perform its
core functions. In fact, postdeployment problems surfaced with the SEVIS
interface as a result of this approach, and manual workarounds had to be
implemented. According to the program officials, the problems are still
being addressed.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Observation 5: Independent verification and validation (IV&V) contractor's
roles may be conflicting.
As we have previously reported,1 the purpose of independent verification
and validation (IV&V) is to provide an independent review of system
processes and products. The use of IV&V is a recognized best practice for
large and complex system development and acquisition projects like
US-VISIT. To be effective, the IV&V function must be performed by an
entity that is independent of the processes and products that are being
reviewed.
The US-VISIT program plans to use its IV&V contractor to review some of
the processes and products that the contractor may be responsible for. For
example, the contractor statement of work, dated July 18, 2003, states
that it shall provide program and project management support, including
providing guidance and direction and creating some of the strategic
program and project level products. At the same time, the statement of
work states that the contractor will assess contractor and agency
performance and technical documents.
1 U.S. General Accounting Office, Customs Service Modernization: Results
of Review of First Automated Commercial Environment Expenditure Plan,
GAO-01-696 (Washington, D.C.: June 5, 2001).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Depending on the products and processes in question, this approach
potentially does not satisfy the independence requirements of effective
IV&V, because the reviews conducted could lack independence from program
cost and schedule pressures. Without effective IV&V, DHS is unnecessarily
exposing itself to the risk that US-VISIT increments will not perform as
intended or be delivered on time and within budget.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Observation 6: Program-level change control board has not been
established.
The purpose of configuration management is to establish and maintain the
integrity of work products (e.g., hardware,software, and documentation).
According to relevant guidance,1 system configuration management includes
four management tasks: (1) identification of hardware and software parts
(items/components/ subcomponents) to be formally managed, (2) control of
changes to the parts, (3) periodic reporting on configuration status, and
(4) periodic auditing of configuration status. A key ingredient to
effectively controlling configuration change is the functioning of a
change control board (CCB); using such a board is a structured and
disciplined approach for evaluating and approving proposed configuration
changes.
1SEI's Capability Maturity Model (R) Integration (CMMISM) for Systems
Engineering, Software Engineering, Integrated Product and Process
Development, and Supplier Sourcing, Version 1.1 (Pittsburgh: March 2002).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
According to the US-VISIT CIO, the program does not yet have a change
control board. In the absence of one, program officials told us that
changes related to Increment 1 were controlled primarily through daily
coordination meetings (i.e., oral discussions) among representatives from
Increment 1 component systems (e.g., IDENT, ADIS, and IBIS) teams and
program officials, and the CCBs already in place for the component
systems.
The following graphic depicts the US-VISIT program's interim change
control board approach compared to a structured and disciplined
program-level change control approach. In particular, the interim approach
requires individuals from each system component to interface with as many
as six other stakeholders on system changes. Moreover, these interactions
are via human-to-human communication. In contrast, the alternative
approach reduces the number of interfaces to one for each component system
and relies on electronic interactions with a single control point and an
authoritative configuration data store.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Simplified Diagram Comparing US-VISIT and Alternative Approach
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Without a structured and disciplined approach to change control, the
US-VISIT program does not have adequate assurance that approved system
changes are actually made; that approved changes are based, in part, on
US-VISIT impact and value rather than solely on system component needs;
and most importantly, that changes made to the component systems for
non-US-VISIT purposes do not interfere with US-VISIT functionality.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Observation 7: Expenditure plan does not disclose management reserve
funding.
The creation and use of a management reserve fund to earmark resources for
addressing the many uncertainties that are inherent in large-scale systems
acquisition programs is an established practice and a prudent management
approach. The appropriations committees have historically supported an
explicitly designated management reserve fund in expenditure plans
submitted for such programs as the Internal Revenue Service's Business
Systems Modernization and DHS's Automated Commercial Environment. Such
explicit designation provides the agency with a flexible resource source
for addressing unexpected contingencies that can inevitably arise in any
area of proposed spending on the program, and it provides the Congress
with sufficient understanding about management reserve funding needs and
plans to exercise oversight over the amount of funding and its use.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The fiscal year 2004 US-VISIT expenditure plan does not contain an
explicitly designated management reserve fund. According to US-VISIT
officials, including the program director, reserve funding is instead
embedded within the expenditure plan's various areas of proposed spending.
However, the plan does not specifically disclose these embedded reserve
amounts. We requested but have yet to receive information on the location
and amounts of reserve funding embedded in the plan.1
By not creating, earmarking, and disclosing a specific management reserve
fund in its fiscal year 2004 US-VISIT expenditure plan, DHS is limiting
its flexibility in addressing unexpected problems that could arise in the
program's various areas of proposed spending, and it is limiting the
ability of the Congress to exercise effective oversight of this funding.
1 In agency comments on a draft of this report, US-VISIT stated that it
supported establishing a management reserve and would be revising its
fiscal year 2004 expenditure plan to identify a discrete management
reserve amount.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Observation 8: Land POE workforce and facility needs are uncertain.
Effectively planning for program resource needs, such as staffing levels
and facility additions or improvements, depends on a number of factors,
including the assumptions being made about the scope of the program and
the sufficiency of existing staffing levels and facilities. Without
reliable assumptions, the resulting projections of resource needs are at
best uncertain.
For entry at land POEs, DHS plans for Increment 2B do not call for
additional staff or facilities. The plans do not call for acquiring and
deploying any additional staff to collect biometrics while processing
foreign nationals through secondary inspection areas. Similarly, these
plans provide for using existing facilities, augmented only by such
infrastructure improvements as conduits, electrical supply, and signage.
For exit at land POEs, DHS's plans for Increment 2B also do not call for
additional staff or facilities, although they do provide for installation
of RF technology at yet-to-bedefined locations in the facility area to
record exit information.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
US-VISIT Increment 2B workforce and facility plans are based on various
assumptions, including (1) no additional foreign nationals will need to go
to secondary inspection and (2) the average time needed to capture the
biometric information will be 15 seconds, based on the Increment 1
experience at air POEs. However, these assumptions raise questions for
several reasons.
o According to DHS program officials, including the Acting Increment 2B
Program Manager, the Director of Facilities and Engineering, and the
Program Director, any policy changes that could significantly increase the
number of foreign nationals who would require processing through US-VISIT
could impact these assumptions and thus staffing and facilities needs.
o According to the Increment 1 pilot test results, the average time
needed to capture biometric information is 19 seconds. Moreover, DHS
facilities told us that they have yet to model the impact of even the
additional 15 seconds for secondary inspections.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
Moreover, according to a report from the Data Management Improvement Act
Task Force,1 existing land POE facilities do not adequately support even
the current entry and exit processes. In particular, more than 100 land
POEs have less than 50 percent of the required capacity (workforce and
facilities) to support current inspection processes and traffic workloads.
To assist in its planning, the US-VISIT program office has begun facility
feasibility assessments and space utilization studies at each land POE.
Until such analysis is completed, the assumptions being used to support
Increment 2B workforce and facility planning will be questionable, and the
projected workforce and facility resource needs will be uncertain.
1 Data Management Improvement Act Task Force, Second Annual Report to the
Congress (Washington, D.C., December 2003).
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
The fiscal year 2004 US-VISIT expenditure plan (with related program
office documentation and representations) either partially satisfies or
satisfies the legislative conditions imposed by the Congress. Further,
steps are planned, under way, or completed to address most of our open
recommendations. However, overall progress on all our recommendations has
been slow, and considerable work remains to fully address them. The
majority of these recommendations are aimed at correcting fundamental
limitations in the program office's ability to manage US-VISIT in a way
that reasonably ensures the delivery of mission value commensurate with
costs and provides for the delivery of promised capabilities on time and
within budget. Given this background, it is important for DHS to implement
the recommendations quickly and completely through active planning and
continuous monitoring and reporting. Until this occurs, the program will
continue to be at high risk of not meeting expectations.
To the US-VISIT program office's credit, the first phase of the program
has been deployed and is operating, and the commitments that DHS made
regarding this initial operating capability were largely met. However,
this was not accomplished in a manner that warrants repeating.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
In particular, the program office did not employ the kind of rigorous and
disciplined management controls that are typically associated with
successful programs, such as effective test management and configuration
management practices. Moreover, the second phase of US-VISIT is already
under way, and these controls are still not established. These controls,
while significant for the initial phases of US-VISIT, are even more
critical for the later phases, because the size and complexity of the
program will only increase, and the later problems are found, the harder
and more costly they are to fix.
Also important at this juncture in the program's life are the still open
questions surrounding whether the initial phases of US-VISIT will return
value to the nation in line with their costs. Such questions warrant
answers sooner rather than later, because of the program's size,
complexity, cost, and mission significance.
It is imperative that DHS move swiftly to address the US-VISIT program
management weaknesses that we previously identified by implementing our
remaining open recommendations. It is equally paramount that the
department quickly correct the additional weaknesses that we have
identified. To do less increases the risk associated with US-VISIT.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
To better ensure that the US-VISIT program is worthy of investment and is
managed effectively, we are reiterating our prior recommendations, and we
further recommend that the Secretary of DHS direct the Under Secretary for
Border and Transportation Security to ensure that the US-VISIT program
director takes the following actions:
o Develop and approve complete test plans before testing begins. These
plans, at a minimum, should (1) specify the test environment, including
test equipment, software, material, and necessary training; (2) describe
each test to be performed, including test controls, inputs, and expected
outputs; (3) define the test procedures to be followed in conducting the
tests; and (4) provide traceability between test cases and the
requirements to be verified by the testing.
o Establish processes for ensuring the independence of the IV&V
contractor.
o Implement effective configuration management practices, including
establishing a US-VISIT change control board to manage and oversee system
changes.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
o Identify and disclose management reserve funding embedded in the fiscal
year 2004 expenditure plan to the Appropriations Committees.
o Ensure that all future US-VISIT expenditure plans identify and disclose
management reserve funding.
o Assess the full impact of Increment 2B on land POE workforce levels and
facilities, including performing appropriate modeling exercises.
To ensure that our recommendations addressing fundamental program
management weaknesses are addressed quickly and completely, we further
recommend that the Secretary direct the Under Secretary to have the
program director develop a plan, including explicit tasks and milestones,
for implementing all our open recommendations, including those provided in
this report. We further recommend that this plan provide for periodic
reporting to the Secretary and Under Secretary on progress in implementing
this plan. Last, we recommend that the Secretary report this progress,
including reasons for delays, in all future US-VISIT expenditure plans.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
We provided this briefing to and discussed its contents with the US-VISIT
program officials, including the Program Director. These officials stated
that they generally agreed with our findings, conclusions, and
recommendations, and stated that the briefing was fair and balanced. The
department also provided some technical comments, which we have
incorporated into the briefing, as appropriate.
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
To accomplish our objectives, we
o analyzed the expenditure plan against legislative conditions and other
relevant federal requirements, guidance, and best practices to determine
the extent to which the conditions were met;
o analyzed key acquisition management controls documentation and
interviewed program officials to determine the status of our open
recommendations;
o analyzed supporting documentation and interviewed program officials to
determine capabilities in key program management areas, such as
acquisition planning, enterprise architecture, and project management;
o analyzed Increment 1 systems and software testing documentation and
compared them to relevant guidance to determine completeness;
o observed the Increment 1 pilot test in Atlanta;
o attended program working group meetings; and
Appendix I
Briefing to the Staffs of the Subcommittees
on Homeland Security, Senate and House
Committees on Appropriations
o assessed DHS's plans and ongoing and completed actions to establish and
implement the US-VISIT program (including acquiring the US-VISIT system,
expanding and modifying existing port of entry facilities, and developing
and implementing policies and procedures) and compared them to existing
guidance to assess risks.
For DHS-provided data that we did not substantiate, we have made
appropriate attribution indicating the data's source.
We conducted our work at DHS's headquarters in Washington, D.C., and at
its Atlanta Field Operations Office (Atlanta's William B. Hartsfield
International Airport) from October 2003 through February 2004 in
accordance with generally accepted government auditing standards.
Appendix II
Comments from the Department of Homeland Security
Note: GAO comments supplementing those in the report text appear at the
end of this appendix.
Appendix II Comments from the Department of Homeland Security
Appendix II Comments from the Department of Homeland Security
See comment 1. See comment 2.
Appendix II Comments from the Department of Homeland Security
See comment 3.
See comment 4.
See comment 5.
Appendix II Comments from the Department of Homeland Security
See comment 6.
See comment 7.
Appendix II Comments from the Department of Homeland Security
See comment 8.
Appendix II Comments from the Department of Homeland Security
The following are GAO's comments on the Department of Homeland Security's
letter dated April 27, 2004.
GAO Comments 1.
2.
We do not agree that the US-VISIT program has a security plan. In response
to our request for the US-VISIT security plan, DHS provided a draft
document entitled Security and Privacy: Requirements & Guidelines Version
1.0. However, as we state in the report, this document does not include
information consistent with relevant guidance for a security plan.1 For
example, this guidance states that a system security plan should (1)
provide an overview of the system security requirements, (2) include a
description of the controls in place or planned for meeting the
requirements, (3) delineate roles and responsibilities of all individuals
who have access to the system, (4) describe the risk assessment
methodology to be used, and (5) address security awareness and training.
The document provided by DHS addressed two of these requirements-security
requirements and training and awareness. As we state in the report, the
document does not (1) describe specific controls to satisfy the security
requirements, (2) describe the risk assessment methodology, and (3)
identify roles and responsibilities of individuals with system access.
Further, much of the document discusses guidelines for developing a
security plan, rather than providing the specific content expected of a
plan.
Although DHS has completed a Privacy Impact Assessment for Increment 1,
the assessment is not consistent with the Office of Management and Budget
guidance.2 This guidance says that a Privacy Impact Assessment should,
among other things, (1) identify appropriate measures for mitigating
identified risks, (2) discuss the rationale for the final design or
business process choice, (3) discuss alternatives to the designed
information collection and handling, and (4) address whether privacy is
provided for in system development and documentation. While the Privacy
Impact Assessment for US-VISIT
1Office of Management and Budget Circular Number A-130, Revised
(Transmittal Memorandum No. 4), Appendix III, "Security of Federal
Automated Information Resources" (Nov. 28, 2000) and National Institute of
Standards and Technology, Guide for Developing Security Plans for
Information Systems, NIST Special Publication 800-18 (December 1998).
2OMB Guidance for Implementing the Privacy Provisions of the E-Government
Act of 2002, OMB M-03-22 (Sept. 26, 2003).
Appendix II Comments from the Department of Homeland Security
Increment 1 discusses mitigation strategies for identified risks and
briefly discusses the rationale for design choices, it does not discuss
alternatives to the designed information collection and handling. Further,
Increment 1 system documentation does not address privacy.
3. DHS's comments did not include a copy of its revised fiscal year 2004
expenditure plan because, according to an agency official, OMB has not yet
approved the revised plan for release, and thus we cannot substantiate its
comments concerning either the amount or the disclosure of management
reserve funding. Further, we are not aware of any unduly burdensome
restrictions and/or approval processes for using such a reserve. We have
modified our report to reflect DHS's statement that it supports
establishing a management reserve and the status of revisions to its
expenditure plan.
4. We have modified the report as appropriate to reflect these comments
and subsequent oral comments concerning the membership of the US-VISIT
Advisory Board.
5. We do not believe that DHS's comments provide any evidence to counter
our observation that the system acceptance test plan was developed largely
during and after testing. In general, these comments concern the Increment
1 test strategy, test contractor and component system development team
coordination, Increment 1 use cases, and pre-existing component system
test cases, none of which are related to our point about the completeness
of the four versions of the test plan. More specifically, our observation
does not address whether or not an Increment 1 test strategy was developed
and approved, although we would note that the version of the strategy that
the program office provided to us was incomplete, was undated, and did not
indicate any level of approval. Further, our observation does not address
whether some unspecified level of coordination occurred between the test
contractor and the component system development teams; it does not concern
the development, modification, and use of Increment 1 "overarching" use
cases, although we acknowledge that such use cases are important in
developing test cases; and it does not address the preexistence of
component system test cases and their residence in a test case repository,
although we note that when we previously asked for additional information
on this repository, none was provided.
Rather, our observation concerns whether a sufficiently defined US-VISIT
Increment 1 system acceptance test plan was developed,
Appendix II Comments from the Department of Homeland Security
approved, and available in time to be used as the basis for conducting
system acceptance testing. As we state in the report, to be sufficient
such a plan should, among other things, define the full complement of test
cases, including inputs and outputs, and the procedures for executing
these test cases. Moreover, these test cases should be traceable to system
requirements. However, as we state in our report, this content was added
to the Increment 1 test plan during the course of testing, and only the
version of the test plan modified January 16, 2004, contained all of this
content. Moreover, DHS's comments recognize that these test plan versions
were developed during the course of test execution and that the test
schedule did not permit sufficient time for all stakeholders to review the
versions.
6. We do not disagree with DHS's comments describing the roles and
responsibilities of its program office support contractor and its
Federally Funded Research and Development Center (FFRDC) contractor.
However, DHS's description of the FFRDC contractor's roles and
responsibilities do not cover all of the taskings envisioned for this
contractor. Specifically, DHS's comments state that the FFRDC contractor
is to execute such program and project management activities as strategic
planning, contractor source selection, acquisition management, risk
management, and performance management. These roles and responsibilities
are consistent with the FFRDC contractor's statement of work that was
provided by DHS. However, DHS's comments omit other roles and
responsibilities specified in this statement of work. In particular, the
comments do not cite that this contractor is also to conduct audits and
evaluations in the form of independent verification and validation
activities. It is this audit and evaluation role, particularly the
independence element, which is the basis for our concern and observation.
As we note above and state in the report, US-VISIT program plans and the
contractor's statement of work provide for using the same contractor both
to perform program and project management activities, including creation
of related products, and to assess those activities and products. Under
these circumstances, the contractor could not be sufficiently independent
to effectively discharge the audit and evaluation tasks.
7. We do not agree with DHS's comment that we cited the wrong operative
documentation pertaining to US-VISIT independent verification and
validation plans. As discussed in our comment No. 6, the statement of work
that we cite in the report relates to DHS plans to use the FFRDC
contractor to both perform program and project management activities
Appendix II Comments from the Department of Homeland Security
and develop related products and to audit and evaluate those activities
and products. The testing contractor and testing activities discussed in
DHS comments are separate and distinct from our observation about DHS
plans for using the FFRDC contractor. Accordingly, our report does not
make any observation regarding the independence of the testing contractor.
8. We agree that US-VISIT lacks a change control board and support DHS's
stated commitment to establish a structured and disciplined change control
process that would include such a board.
Appendix III
GAO Contact and Staff Acknowledgments
GAO Contact Deborah Davis, (202) 512-6261
Staff In addition to the individual named above, Barbara Collier, Gary
Delaney, Neil Doherty, Tamra Goldstein, David Hinchman, Thomas Keightley,
John
Acknowledgments Mortin, Debra Picozzi, Karl Seifert, and Jessica Waselkow
made key contributions to this report.
GAO's Mission
Obtaining Copies of GAO Reports and Testimony
The General Accounting Office, the audit, evaluation and investigative arm
of Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability of
the federal government for the American people. GAO examines the use of
public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
The fastest and easiest way to obtain copies of GAO documents at no cost
is through the Internet. GAO's Web site (www.gao.gov) contains abstracts
and fulltext files of current reports and testimony and an expanding
archive of older products. The Web site features a search engine to help
you locate documents using key words and phrases. You can print these
documents in their entirety, including charts and other graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document files.
To have GAO e-mail this list to you every afternoon, go to www.gao.gov and
select "Subscribe to e-mail alerts" under the "Order GAO Products"
heading.
Order by Mail or Phone The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:
U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C.
20548
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061
To Report Fraud, Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm
Waste, and Abuse in E-mail: [email protected]
Federal Programs Automated answering system: (800) 424-5454 or (202)
512-7470
Jeff Nelligan, Managing Director, [email protected] (202) 512-4800
Public Affairs U.S. General Accounting Office, 441 G Street NW, Room 7149
Washington, D.C. 20548
Presorted Standard
Postage & Fees Paid
GAO
Permit No. GI00
United States General Accounting Office Washington, D.C. 20548-0001
Official Business Penalty for Private Use $300
Address Service Requested
*** End of document. ***