GAO-25-108211 DOD CIO Recommendations
441 G St. N.W.
Washington, DC 20548
May 29, 2025
Ms. Katherine Arrington
Performing the Duties of Chief Information Officer
U.S. Department of Defense
1000 Defense Pentagon
Washington, D.C. 20301-1000
Chief Information Officer Open Recommendations: Department of Defense
Dear Ms. Arrington:
I am writing to you with respect to your role performing the duties of the Chief Information
Officer (CIO) of the Department of Defense (DOD). As an independent, non-partisan agency
that works for Congress, GAO’s mission is to support Congress in meeting its constitutional
responsibilities and help improve the performance and ensure the accountability of the federal
government. Our work includes investigating matters related to the use of public funds,
evaluating programs and activities of the U.S. Government at the request of congressional
committees and subcommittees or on the initiative of the Comptroller General, and as required
by public laws or committee reports. Our duties include reporting our findings and
recommending ways to increase economy and efficiency in government spending. The purpose
of this letter is to provide an overview of the open, publicly available GAO recommendations to
DOD that call for the attention of the CIO.
We identified recommendations that relate to the CIO’s roles and responsibilities in effectively
managing IT. They include strategic planning, investment management, and information
security. We have previously reported on the significance of the CIO’s role in improving the
government’s performance in IT and related information management functions.
1
Your attention
to these recommendations will help ensure the secure and effective use of IT at the department.
Currently, DOD has 54 open recommendations that call for the attention of the CIO, including
seven that are directed to component-level CIOs. Each of these recommendations relates to a
GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation, (2) Improving IT Acquisitions
and Management, (3) DOD Business Systems Modernization, and (4) DOD Financial
Management.
2
In addition, GAO has designated four of the 54 as priority recommendations.
3
1
See for example, GAO, Federal Chief Information Officers: Critical Actions Needed to Address Shortcomings and
Challenges in Implementing Responsibilities, GAO-18-93 (Washington, D.C.: Aug. 2, 2018).
2
GAO, High-Risk Series: Heightened Attention Could Save Billions More and Improve Government Efficiency and
Effectiveness, GAO-25-107743 (Washington, D.C.: Feb. 25, 2025).
3
Priority recommendations are those that GAO believes warrant priority attention from heads of key departments or
agencies. They are highlighted because, upon implementation, they may significantly improve government
operations, for example, by realizing large dollar savings; eliminating mismanagement, fraud, and abuse; or making
progress toward addressing a high-risk or duplication issue. Since 2015, GAO has sent letters to selected agencies,
including DOD, to highlight the importance of implementing such recommendations.
