The Government Accountability Office (GAO) has called on the Department of Homeland Security (DHS to fully implement risk management best practices with regard to its Homeland Advanced Recognition Technology (HART) program that seeks to replace its biometric identity management system.
GAO assessed the HART program’s implementation of seven risk management practices and found that the program had fully implemented four of those best practices, according to a report published Tuesday.
Those practices are determining risk sources and categories, defining parameters to analyze and categorize risks, identifying and documenting risks and evaluating and categorizing each identified risk using defined risk categories.
Monitoring the status of each risk and developing a risk mitigation plan in accordance with the risk management strategy was among the practices partially implemented by DHS with regard to the HART program.
“While DHS has plans underway to fully implement two of the partially implemented practices until it fully implements the remaining practice its efforts to effectively monitor the status of risks and mitigation plans may be hampered,” the GAO report reads.
The congressional watchdog has recommended that DHS update its policy to reflect its revised process for assessing information technology programs.
According to the report, DHS plans to field the first increment of the potential $4.3 billion HART program in Dec. to replace the existing platform’s functionality. Succeeding increments are expected to be implemented in 2022 and 2024.