What GAO Found In July 2025, GAO identified 11 open recommendations under the purview of the Environmental Protection Agency (EPA) Chief Information Officer (CIO), from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management. In addition, GAO has designated one of the 11 as a priority recommendation. For example, GAO previously recommended that EPA establish a process for conducting an organization-wide cybersecurity risk assessment. Further, GAO recommended that EPA fully implement all event logging requirements as directed by the Office of Management and Budget. GAO also previously recommended that the agency complete annual reviews of its IT portfolio consistent with federal requirements. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the agency. Why GAO Did This Study CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others. For more information, contact Nick Marinos at marinosn@gao.gov.

What GAO Found In July 2025, GAO identified 43 open recommendations under the purview of the Department of Homeland Security's (DHS) Chief Information Officer (CIO), including 15 that are relevant to component-level CIOs, from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation, (2) Improving IT Acquisitions and Management, or (3) Strengthening DHS IT and Financial Management Functions. In addition, GAO has designated seven of the 43 as priority recommendations. For example, GAO previously recommended that DHS fully implement Federal Risk and Authorization Management Program requirements, to include issuing an authorization for the cloud service used by the department for one of its systems. In addition, GAO recommended that DHS fully implement event logging requirements per federal guidance. GAO also previously recommended that DHS complete annual reviews of the department's IT portfolio per federal requirements. Further, GAO recommended that the department remediate known issues identified from testing, prior to declaring full operational capability for the Coast Guard's ongoing financial systems modernization efforts. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the department. Why GAO Did This Study CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others. For more information, contact Nick Marinos at marinosn@gao.gov.

What GAO Found In July 2025, GAO identified four open recommendations under the purview of the General Services Administration's (GSA) Chief Information Officer (CIO) from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management. For example, GAO previously recommended that GSA take steps to fully implement event logging requirements. Further, GAO recommended that GSA complete annual reviews of its IT portfolio in conjunction with the Federal CIO. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the agency. Why GAO Did This Study CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others. For more information, contact Nick Marinos at marinosn@gao.gov.

Why This Matters The COVID-19 pandemic caused catastrophic loss of life and damage to the economy. The federal government provided about $4.65 trillion in relief funds for response and recovery efforts. Although the federal emergency expired in May2023, public health and economic challenges persist. The CARES Act includes a provision for GAO to report regularly on pandemic impacts and the federal response. GAO Key Takeaways Updates to key COVID-19 indicators as of March 2025 include the following: Public health. COVID-19 deaths and hospitalizations have decreased overall, but public health impacts continued. For example, about 450 deaths were reported in March 2025. Economic conditions. The economy has generally recovered from the downturn, but recovery in some areas has slowed somewhat. For example, inflation remained elevated compared with pre-pandemic levels. Relief spending and fraud. The U.S. spent almost all COVID-19 relief funding. The full extent of fraud will never be known with certainty, but estimates indicate hundreds of billions of dollars in fraudulent payments were made. Fraud-related charges have been brought against at least 3,205 defendants. Of those, 2,331 defendants have been convicted as of March 31, 2025. Extending the statute of limitations for such violations would provide more time to investigate fraud. GAO work on the pandemic has resulted in over 200 products and 484 recommendations to Congress and federal agencies. Over half of these have been closed. This has led to at least $43.9 billion in financial benefits, among other improvements. For example, GAO recommendations helped save over $14.8 billion based on program integrity improvements to small business loans and grants. Examples of Financial and Non-Financial Benefits from GAO Work Related to the COVID-19 Pandemic as of March 2025 How GAO Did This Study To provide key updates on public health, the economy, and pandemic-related spending and fraud, GAO analyzed federal data and public statements and reviewed relevant literature. To provide updates on the status of recommendations, GAO reviewed previously issued CARES Act reports and collected updates from federal agencies.

What GAO Found Product downsizing, or “shrinkflation,” occurs when an item’s quantity decreases without a commensurate price drop. This raises the per-unit price and contributes to inflation. GAO’s analysis of 2019–2024 Bureau of Labor Statistics data found that downsizing accounted for less than 1/10 of a percentage point of the 34.5 percent increase in overall consumer prices during this period. This is because downsized products were a small share of all products tracked in inflation measures. However, in the top five product categories experiencing downsizing, the contribution of size changes to inflation ranged from 1.6 percentage points for cereal to 3.0 percentage points for household paper products (e.g., paper towels). Separately, GAO’s analysis of 2021–2023 consumer purchase data for thousands of items across seven product categories found that while less than 5 percent of items in each category were downsized, those items made up a larger share of total dollar sales. For example, in the cereal category, 1.1 percent of items, representing 8.6 percent of sales, were downsized. Share of Items and Sales Affected by Downsizing for Selected Product Categories, 2021–2023 Research suggests that consumers tend to be less responsive to downsizing than to equivalent price increases and that downsizing has limited effects on purchase behavior. This limited responsiveness could stem from lack of awareness of subtle packaging changes, infrequent purchases, or strong consumer preferences for certain products and brands. Several policy options that aim to increase transparency around downsizing also present implementation challenges. For example, some countries require manufacturers or retailers to disclose downsized items, but regulators may face difficulties defining downsizing and identifying noncompliance. In addition, a federal unit price labeling policy could help consumers compare prices using consistent unit price displays, even when downsizing goes unnoticed. However, enforcement of such a policy may rely on U.S. states and would need to consider states’ potential roles and resources. Why GAO Did This Study In 2021 and 2022, the U.S. experienced its highest inflation rate since 2011. Amid rising prices for everyday goods, policymakers have raised questions about product downsizing and its effects on households. GAO was asked to review issues related to product downsizing. This report examines (1) trends in product downsizing, (2) factors affecting consumer response to product size changes, and (3) advantages and disadvantages of policy options for addressing concerns related to product downsizing. GAO analyzed Bureau of Labor Statistics data on the frequency of product size changes and their impact on inflation. In addition, GAO analyzed retail scanner data—aggregated consumer purchase data—for all products within seven high-spending categories to determine the extent of size changes and their price effects. GAO reviewed studies on how consumers respond to size changes and interviewed or obtained written responses from officials from the Bureau of Labor Statistics, the National Institute of Standards and Technology, the Federal Trade Commission, two state agencies, nine foreign countries, three consumer groups, and three industry groups (representing manufacturers, wholesalers, and retailers), as well as eight academic researchers. For more information, contact Alicia Puente Cackley at cackleya@gao.gov or Michael Hoffman at hoffmanme@gao.gov.

Why This Matters Open-air burning emits toxins that can be harmful. The U.S. military’s use of open-air burning in certain operations since 1990 is well documented. Federal law granted presumptive coverage for specified conditions to veterans of these operations due to their exposures, simplifying the disability claims process. However, little has been reported about open-air burning during the Vietnam War. GAO Key Takeaways Military archives we reviewed and a nongeneralizable sample of 145 veterans we interviewed, who served in Vietnam from 1964 to 1975, indicate that the military commonly used open-air burning to dispose of waste. Nearly all (90 percent) of these veterans cited concerns about their exposure. As of May 2025, the Department of Veterans Affairs’ Veterans Health Administration (VHA) has not specifically researched whether there is any association between veterans’ health effects and exposure to open-air burning in Vietnam. Historically, research on health effects from exposures that occurred in Vietnam has focused on herbicide use (such as Agent Orange). VHA officials said their ongoing reviews of available information have not indicated that exposure to open-air burning was a major contributor to Vietnam veterans’ long-term health. Officials also said additional data that would be needed to inform research, such as data on the extent to which veterans were exposed to open-air burning, are not available. Thus, VHA would need to collect self-reported data from Vietnam veterans on their exposure to inform any future needed research. Officials cautioned that thiswould be limited by recall bias, or veterans’ potentially inaccurate recollection of past events, among other challenges.  Burnout Latrines in Vietnam. Accelerants Were Used to Burn Human Waste in 55-gallon Drums. (1967) How GAO Did This Study We reviewed military archives from the Vietnam War and interviewed a nongeneralizable sample of 145 veterans who reported exposure to open-air burning in Vietnam. We also reviewed relevant VHA documents and spoke with VHA officials and other agencies about researching health effects related to open-air burning. Service Members in Vietnam Burn a Range of Waste in 55-gallon Drums Called Burn Barrels. (Year Unknown) For more information, contact Alyssa M. Hundrup at hundrupa@gao.gov.

What GAO Found Vet Centers play an important role in helping veterans and service members readjust to civilian life or to continued military service. Within the Department of Veterans Affairs (VA), the Veterans Health Administration’s Readjustment Counseling Service (RCS) operated 300 Vet Centers nationwide in fiscal year 2024. Counselors provided nearly 1.3 million counseling sessions across Vet Centers in fiscal year 2024, according to RCS. Each Vet Center has a director, who is responsible for overseeing that Vet Center’s staff, including one or more counselors. RCS has established expectations for counselors’ productivity. (See figure.) Vet Center Counselor Productivity Expectations, as of April 2025 In December 2023, RCS administered its first annual Counselor and Client Engagement Survey to all Vet Center counselors and directors to solicit feedback on how productivity expectations affect client care and counselor welfare. RCS officials said they administered the survey to directors as well because they would have feedback about counselors’ productivity expectations. Directors also provide counseling to clients and have their own productivity expectations. RCS obtained an overall response rate of 37 percent for the survey. Lower survey response rates raise the risk of survey responses being less representative of experiences of all counselors and directors. The degree to which counselors and directors who responded to the survey differ from those who did not on key characteristics (nonresponse bias) undermines the confidence with which RCS can use survey findings to draw conclusions about the experiences of counselors and directors overall. Federal standards for statistical surveys call for agencies to conduct a nonresponse bias analysis for any survey with a response rate of less than 80 percent. RCS officials did not conduct an analysis of potential nonresponse bias for its survey. Thus, RCS does not know the degree to which the feedback is representative of all counselors and directors. Officials said they did not conduct the nonresponse bias analysis because they could not ascertain the exact nonresponse rate given the anonymous web address RCS used to administer the survey. However, there are other ways to address the risk of nonresponse bias, such as by comparing characteristics of respondents to those of the total population eligible to be surveyed. GAO also identified issues with the clarity of the survey, which limit RCS’s ability to use the feedback collected to understand respondents’ perspectives on counselors’ productivity expectations. For example, it was unclear whether respondents were to provide feedback on the time management expectation, the encounters expectation, or both. This has led to RCS collecting information of limited quality for the questions on the positive and negative effects of productivity expectations on client care and counselor welfare. Thus, this information could be prone to misinterpretation, including a lack of understanding of which expectations respondents assessed in their feedback. Why GAO Did This Study The James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 includes a provision requiring VA to evaluate productivity expectations of Vet Center counselors annually by obtaining systematic feedback from counselors and to implement any needed changes to the expectations. In response to this provision, RCS administered a survey in December 2023. The act also includes a provision for GAO to audit the feedback. This report examines the feedback RCS obtained. GAO reviewed documentation and interviewed RCS officials about the design and administration of the survey, analysis of survey responses, and RCS’s plans for administering additional surveys. GAO assessed RCS’s December 2023 survey against federal statistical policies, the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 provision that VA obtain feedback from counselors on productivity expectations, and the federal standard for internal control for information and communication.

What GAO Found The number and length of whistleblower retaliation cases filed by Department of Veterans Affairs (VA) employees have fluctuated since fiscal year 2020 (see figure). GAO analyzed data from the Office of Special Counsel (OSC), an independent agency, and VA’s Office of Accountability and Whistleblower Protection (OAWP), which investigates whistleblower retaliation allegations. GAO found that VA is unable to consistently track corrective actions taken in whistleblower cases. These actions can include restored leave or reassignment. VA’s fiscal year 2022–2028 strategic plan calls for the agency to promote accountability by protecting whistleblowers, but officials said that VA data systems were not designed to track corrective actions. OSC and OAWP have contradictory data about settled cases. For example, according to GAO’s analysis, OSC’s data show 90 whistleblower retaliation settlement agreements from fiscal years 2019 to 2023, whereas OAWP’s data show 30 OSC settlement agreements. Officials at both agencies told GAO that their data do not include information on case outcomes from outside their own investigative processes unless the other agency voluntarily provides it. Without better coordination and comprehensive data on the outcomes of VA whistleblower retaliation cases, both agencies might miss opportunities to promote accountability for and protection of whistleblowers. Number of Whistleblower Retaliation Cases Involving Department of Veterans Affairs (VA) Employees, Fiscal Years 2020—2024 VA settled 71 whistleblower retaliation cases from fiscal years 2019 to 2023. Most settlements agreements provided for payments and personnel actions, according to VA data. VA’s data show that settlement agreements included payments to whistleblowers that ranged between $1,800 and $525,000, and that most involved personnel actions, such as reassigning the whistleblower. While VA reviews copies of settlement agreements, it does not monitor their implementation. VA officials said this is because the Secretary of VA has not delegated the authority for them to do so. However, VA’s current strategic plan states that OAWP is responsible for fostering a safe environment to report wrongdoing. By ensuring that OAWP monitors the implementation of whistleblower retaliation settlement agreements, VA could better support its goal to promote and improve accountability for whistleblower retaliation. Why GAO Did This Study Federal employee whistleblowers—individuals who report allegations of wrongdoing such as a violation of law, abuse of authority, or gross mismanagement—can help protect the government from fraud, waste, and abuse. Whistleblowers may experience retaliation such as reassignment, demotion, or termination. VA has implemented administrative reforms to improve protections for whistleblowers. GAO was asked to review the characteristics of VA whistleblower retaliation investigations, as well as VA’s process for settling whistleblower retaliation claims. This report examines, among other things, 1) the number, length, and outcomes of VA whistleblower retaliation cases; 2) typical components of VA settlement agreements; and 3) whether VA monitors the implementation of settlement agreements. GAO reviewed VA and OSC case management data from fiscal years 2020-2024, the most recent years with reliable data, and data on cases settled from fiscal years 2019-2023. GAO also analyzed responses to non-generalizable surveys GAO administered to 35 whistleblowers and 52 officials VA identified as negotiating settlements.

What GAO Found The U.S. Department of Agriculture's (USDA) Dairy Margin Coverage (DMC) program pays dairy farmers who enroll in the program when the difference (margin) between the national prices of milk and feed falls below certain levels. From 2019 through 2024, this program made net payments to dairy farmers that totaled about $2.7 billion after subtracting fees and premiums collected for enrollment and coverage. About 45 percent of the amount USDA paid went to smaller dairy farms that produced 5 million pounds or less of milk each year—the typical total production of about 207 dairy cows in 2024. In 2024, over 63 percent of the nation's dairy farms participated in the program. Most of these dairy farms were smaller farms. The percentage of farms participating varied by state, as shown in the map below. Most dairy farmer groups GAO interviewed said DMC helps farmers stay in business by reducing price risks. They noted that the program particularly helped small farmers due to the relatively low cost of coverage for the first 5 million pounds of milk. Following GAO's analysis, Congress increased the 5-million-pound cap to 6 million pounds. USDA Dairy Margin Coverage Participation Rates by State, 2024 However, some dairy farmer groups said that certain farmers faced challenges to program participation. For example, according to some dairy farmer groups, underserved farmers such as beginning farmers just starting their operations, sometimes faced issues related to program awareness that made participation challenging. These issues included difficulty obtaining information about enrollment deadlines and benefits. Dairy farmer groups said some farmers may need targeted information about the DMC program. Other challenges identified by farmer groups involve aspects of the program that are set in statute, such as limiting the amount of milk covered by DMC to historic production. USDA officials said they have taken steps to better communicate information about the program—including purchasing ads for dairy farmers on social media. However, they have not assessed the effectiveness of USDA's communication methods in facilitating dairy farmer awareness of and participation in the program. For example, USDA does not measure how these steps affect progress toward agency strategic objectives of providing a safety net to farmers and reducing access barriers for rural economic development. By assessing how effectively it is communicating with farmers about the DMC program, USDA could better ensure it is helping farmers make informed decisions about participation in the program, potentially helping them stay in business. Why GAO Did This Study Dairy farmers may have difficulty staying in business when the price of feed increases, or the price of milk declines too much. The DMC program can help dairy farmers manage these price risks. GAO was asked to review USDA's implementation of the DMC program. This report examines (1) program payments, participation, and benefits and (2) challenges to program participation and steps USDA has taken to address those challenges. GAO reviewed USDA participation and payout data for DMC and data on the number of dairy farms by state from 2019 through 2024. GAO interviewed USDA officials and eight groups representing dairy farmers. GAO selected these groups to ensure geographic dispersion, representation of both smaller and larger dairy farms, and a mix of conventional and organic dairy producers.

To alert the audit community to changes in professional standards, we periodically issue Professional Standards Updates (PSU). These updates highlight the effective dates of recently issued standards and guidance related to engagements conducted in accordance with Government Auditing Standards. PSUs contain summary information only, and those affected by a change should refer to the respective standard or guidance for details.

What GAO Found The Department of Energy's (DOE) strong and sustained commitment is critical to addressing key issues that affect the U.S. government's consolidated financial statements. These include addressing the issues that caused the qualified opinion on DOE's fiscal year 2024 financial statements, providing reliable intragovernmental activity and balances data, accurately preparing budget and accrual reconciliation information, providing more detailed information for Fund Balance with Treasury activity, and effectively implementing new processes related to treaties and other international agreements. For example, according to DOE's auditor, the DOE Office of Environmental Management was unable to adequately support $39.1 billion of its environmental liability balance as of September 30, 2024, with valid cost estimates, schedules, and assumptions. This qualification contributed to GAO being unable to express an opinion on the consolidated financial statements. Why GAO Did This Study GAO is responsible for conducting the annual audit of the U.S. government's consolidated financial statements. On January 16, 2025, GAO issued a disclaimer of opinion on these statements for fiscal years 2024 and 2023. The consolidated financial statements are compiled from federal entity financial statements and other federal entity information. As such, federal entities, including DOE, have a key role in supporting financial reporting at the government-wide level. For more information, contact Dawn Simpson at simpsondb@gao.gov.

What GAO Found The Department of Education's strong and sustained commitment is critical to addressing key issues that affect the U.S. government's consolidated financial statements. These include addressing the issues that caused Education to be unable to obtain an opinion on its fiscal year 2024 financial statements, providing reliable intragovernmental activity and balances data, accurately preparing budget and accrual reconciliation information, providing more detailed information for Fund Balance with Treasury activity, and effectively implementing new processes related to treaties and other international agreements. For example, the disclaimer of opinion on Education's financial statements was based on errors identified in underlying data for assumptions used to estimate the cost of student loan programs. These disclaimers contributed to GAO being unable to express an opinion on the consolidated financial statements. Why GAO Did This Study GAO is responsible for conducting the annual audit of the U.S. government's consolidated financial statements. On January 16, 2025, GAO issued a disclaimer of opinion on these statements for fiscal years 2024 and 2023. The consolidated financial statements are compiled from federal entity financial statements and other federal entity information. As such, federal entities, including Education, have a key role in supporting financial reporting at the government-wide level. For more information, contact Dawn Simpson at simpsondb@gao.gov.

What GAO Found The Small Business Administration's (SBA) strong and sustained commitment is critical to addressing key issues that affect the U.S. government's consolidated financial statements. These include addressing the issues that caused SBA to be unable to obtain an opinion on its fiscal year 2024 financial statements, providing reliable intragovernmental activity and balances data, accurately preparing budget and accrual reconciliation information, providing more detailed information for Fund Balance with Treasury activity, and effectively implementing new processes related to treaties and other international agreements. For example, the disclaimer of opinion on SBA's financial statements was based on SBA's inability to provide sufficient relevant and reliable information to support a significant number of transactions and account balances related to COVID-19 relief programs, such as the Paycheck Protection Program and the COVID-19 Economic Injury Disaster Loan program, because of inadequate processes and controls. This disclaimer contributed to GAO being unable to express an opinion on the consolidated financial statements. Why GAO Did This Study GAO is responsible for conducting the annual audit of the U.S. government's consolidated financial statements. On January 16, 2025, GAO issued a disclaimer of opinion on these statements for fiscal years 2024 and 2023. The consolidated financial statements are compiled from federal entity financial statements and other federal entity information. As such, federal entities, including SBA, have a key role in supporting financial reporting at the government-wide level. For more information, contact Dawn Simpson at simpsondb@gao.gov.

What GAO Found The U.S. Department of Agriculture's (USDA) strong and sustained commitment is critical to addressing key issues that affect the U.S. government's consolidated financial statements. These include addressing the issues that caused the qualified opinion on USDA's fiscal year 2024 financial statements, providing reliable intragovernmental activity and balances data, accurately preparing budget and accrual reconciliation information, providing more detailed information for Fund Balance with Treasury activity, and effectively implementing new processes related to treaties and other international agreements. For example, according to USDA's auditor, USDA was unable to support certain budget obligations for Supplemental Nutrition Assistance Program benefits. This qualification contributed to GAO being unable to express an opinion on the consolidated financial statements. Why GAO Did This Study GAO is responsible for conducting the annual audit of the U.S. government's consolidated financial statements. On January 16, 2025, GAO issued a disclaimer of opinion on these statements for fiscal years 2024 and 2023. The consolidated financial statements are compiled from federal entity financial statements and other federal entity information. As such, federal entities, including USDA, have a key role in supporting financial reporting at the government-wide level. For more information, contact Dawn Simpson at simpsondb@gao.gov.

What GAO Found The Department of Justice's (DOJ) strong and sustained commitment is critical to addressing key issues that affect the U.S. government's consolidated financial statements. These include providing reliable intragovernmental activity and balances data, accurately preparing budget and accrual reconciliation information, providing more detailed information for Fund Balance with Treasury activity, and effectively implementing new processes related to treaties and other international agreements. For example, GAO continued to report on the Department of the Treasury's inability to effectively prepare the reconciliations of the budget deficit to net operating cost and changes in cash balance, which contributed to GAO being unable to express an opinion on the consolidated financial statements. Treasury is developing corrective actions to address these deficiencies, including enhancing the ability for federal entities, such as DOJ, to record reclassifications of Fund Balance with Treasury activity at a sufficiently detailed level. DOJ using the enhanced reclassification process is important to Treasury's efforts to effectively prepare the reconciliation statements. Why GAO Did This Study GAO is responsible for conducting the annual audit of the U.S. government's consolidated financial statements. On January 16, 2025, we issued a disclaimer of opinion on these statements for fiscal years 2024 and 2023. The consolidated financial statements are compiled from federal entity financial statements and other federal entity information. As such, federal entities, including DOJ, have a key role in supporting financial reporting at the government-wide level. For more information, contact Dawn Simpson at simpsondb@gao.gov.

What GAO Found In March 2023, the Environmental Protection Agency (EPA) proposed a drinking water regulation for six types of per- and polyfluoroalkyl substances (PFAS). It also published an accompanying analysis of costs and benefits, as required by the Safe Drinking Water Act (SDWA). EPA’s analysis included the initial cost estimate of compliance with the proposed regulation. EPA then collected public comments and, in April 2024, published its response to the comments along with a revised, higher cost estimate to accompany the final regulation. See figure 1 for a timeline of these events in EPA’s regulatory process. Figure 1: Timeline of Certain Events in the Environmental Protection Agency’s (EPA) Regulatory Process for the Per- and Polyfluoroalkyl Substances (PFAS) National Primary Drinking Water Regulation as of July 2025 Note: On May 14, 2025, EPA announced its intent to rescind and reconsider parts of the regulation. aPFAS National Primary Drinking Water Regulation Rulemaking, 88 Fed. Reg. 18,638 (Mar. 29, 2023). bIn addition to the Safe Drinking Water Act requirement that EPA seek public comment on its Health Risk Reduction and Cost Analysis, the Administrative Procedure Act requires agencies to consider all relevant and timely submitted comments and respond to all significant comments received during the public comment period. 42 U.S.C. § 300g-1(b)(3)(C); 5 U.S.C. § 553(c). cPFAS National Primary Drinking Water Regulation, 89 Fed. Reg. 32,532 (Apr. 26, 2024). dAmerican Water Works Ass’n. v. U.S. Envtl. Prot. Agency, No. 24-1188 (D.C. Cir., filed June 7, 2024). As required by SDWA, EPA published estimates of the quantifiable costs associated with the maximum contaminant levels the agency proposed, as well as three less expensive alternatives. According to EPA, the agency made changes to the initial cost estimate in response to public comments and newly available data. For example, based on the comments, EPA increased the estimated costs public water systems could incur to conduct pilot studies of installed treatment media. EPA also published descriptions of potential nonquantifiable costs. For example, EPA stated that co-occurring PFAS could create additional nonquantifiable costs as public water systems might have to replace treatment media—such as granular activated carbon—more frequently. Finally, EPA published descriptions of sources of uncertainty that could either increase or decrease actual costs relative to EPA’s cost estimate. Why GAO Did This Study Under SDWA, EPA is authorized to set National Primary Drinking Water Regulations. Such regulations are meant to protect public health by limiting levels of contaminants in drinking water. When EPA proposes a drinking water regulation that includes a maximum contaminant level, SDWA requires EPA to also conduct an analysis for the regulation that includes estimates of both costs and benefits. In March 2023, EPA proposed a drinking water regulation for six types of PFAS. EPA finalized the regulation in April 2024. PFAS have been found in drinking water, and certain PFAS have been associated with a variety of negative health effects, including cancer. Some stakeholders have asserted that EPA’s analysis of costs for the PFAS drinking water regulation does not adequately represent the costs that public water systems will incur to comply with the regulation. In June 2024, three lawsuits were filed challenging the regulation. Among other issues, the quality of EPA’s analysis of the costs of the regulation is being challenged. As of July 23, 2025, the litigation is ongoing. On May 14, 2025, EPA announced its intent to make a number of changes to the PFAS drinking water regulation, including rescinding the maximum contaminant levels for three individual PFAS and a mixture of those three PFAS plus one additional PFAS. EPA subsequently repeated this intention as part of a filing in the litigation over the regulation. The joint explanatory statement accompanying the Consolidated Appropriations Act, 2024 (170 CONG. REC. S1105, S1682 (daily ed. March 5, 2024)) includes a provision that GAO review the cost estimates supporting EPA’s PFAS drinking water regulation. Because this issue is the subject of ongoing litigation, GAO’s work focused on whether EPA sought and published public comment on various elements of the analysis of costs, as required by SDWA. For more information, contact J. Alfredo Gómez at gomezj@gao.gov.

What GAO Found The 12 experts in a forum GAO convened said that to develop effective media campaigns and evaluate media campaigns, whether on drug misuse prevention or other topics, campaigns need to consider the following: Identify and understand intended audience. Once a campaign has identified who it wants to reach, it needs to understand the intended audience—including by identifying the underlying causes of the behavior the campaign wants to change. For example, experts noted that campaigns may decide to target the underlying reasons why people misuse drugs rather than developing campaigns to target specific drugs. Create content, select messengers, and decide on delivery methods. Campaigns need to create content to deliver their messages, which need to be credible and relevant for the intended audience. Campaigns also need to select messengers to deliver their messages, such as community leaders. Additionally, campaigns need to decide how to deliver their messages. For example, campaigns may use print and social media, among other options. Test messages. Campaigns need to test their messages with the intended audience to ensure that the messages are relevant and resonate with the intended audience. This testing can include using focus groups, interviews, or surveys, among other methods. Define the intended outcome. Campaigns need to have a clear understanding of what they are trying to achieve. Then, evaluators can decide what data are needed to determine whether a campaign is meeting its goals. Select qualified evaluators. Campaigns need independent evaluators who can speak to campaign managers about a campaign’s effectiveness using evidence from evaluations. Evaluators need expertise in research methods, evaluation, and other disciplines and need to understand the campaign substance. Decide when and how to measure effectiveness. Campaigns need to decide if they will evaluate the campaign while it is ongoing or after the campaign has concluded. They also need to decide what they want to measure and what data collection methods they will use. Why GAO Did This Study Drug misuse—the use of illicit drugs and the misuse of prescription drugs—has been a persistent and long-standing public health issue in the U.S. In recent years, hundreds of thousands of people have died from misusing drugs. The Office of National Drug Control Policy (ONDCP) manages the National Anti-Drug Media Campaign, which aims to change attitudes about drug use and reverse drug use trends through targeted media advertisements. The Substance Use-Disorder Prevention that Promotes Opioid Recovery and Treatment (SUPPORT) for Patients and Communities Act includes a provision for GAO to review various ONDCP activities, including national media campaigns. On February 11, 2025, GAO convened a forum with 12 experts selected for their expertise in public media campaigns, including but not limited to campaigns intended to prevent drug misuse. The experts discussed considerations for developing and evaluating media campaigns. GAO selected experts to represent a range of experiences and viewpoints from academic institutions; nonprofit, communications, and consulting organizations; and federal and state governments. Experts reviewed a draft of our summary of their comments. Their comments were incorporated as appropriate. Views expressed during the proceedings do not necessarily represent the opinions of all experts, their affiliated organizations, or GAO. GAO provided a draft of this report to the Departments of Health and Human Services and Justice and ONDCP for review. They did not have any comments on the report. For more information, contact Triana McNeil at McNeilT@gao.gov.

What GAO Found Our nation depends on computer-based information systems and electronic data to Call fundamental operations and to process, maintain, and report crucial information. Nearly all federal and nonfederal operations, including the nation's critical infrastructures, are supported by these systems and data. The nation's 16 critical infrastructure sectors provide essential services—such as electricity distribution, transportation, and health care—that underpin American society. These include systems and assets so vital to the United States that their incapacity or destruction would have a debilitating impact on security, national economic security, public health or safety, or any combination of these. The safety of these systems and data is critical to public confidence and the nation's security, economy, and welfare. Harmonization refers to the development and adoption of more consistent standards and regulations. Such consistency is important when critical infrastructure sectors are subject to multiple cybersecurity regulations so that these guidelines will not overlap, duplicate, or contradict each other. Because the private sector owns most of the nation's critical infrastructure, it is vital that public and private sectors work together to protect these assets and systems. To this end, various federal agencies are responsible for assisting the private sector in protecting critical infrastructure, including enhancing cybersecurity. GAO has long identified cybersecurity as a government-wide high-risk area. In June 2024, GAO testified on the efforts initiated to harmonize cybersecurity regulations and reported that there could be adverse impacts without harmonization. GAO convened two panel discussions to gather perspectives of 12 industry participants regarding the progress that federal agencies are making to harmonize cybersecurity regulations. This report summarizes the perspectives that selected participants shared on how industry views the impact of federal cybersecurity regulations and federal agencies' progress, challenges, and opportunities in harmonizing them in accordance with national cybersecurity policy and strategy. Participants noted that the Cybersecurity and Infrastructure Security Agency's efforts to collaborate and build trust across sectors through the Cybersecurity Information Sharing Act of 2015 have been successful. They also said cybersecurity regulations have helped drive industry behavioral changes leading to more investments in cybersecurity. However, participants identified negative impacts that their industries experience with multiple and varying cybersecurity regulations and how this can result in overlap, duplication, and conflicts. These include: Number of regulations. Several agencies regulating a sector's cybersecurity could result in overlap and duplicative cybersecurity regulations. Definitions and requirements. Cybersecurity definitions and requirements can be vague or do not account for sector differences. Federal requirements may also conflict with foreign requirements, which can cause conflict for organizations operating in more than one country. Audits and assessments. One participant stated their sector could have up to seven different auditors request the same information. Multiple agencies assessing an organization could indicate overlap and duplication. Participants also noted that federal agencies have made limited progress in harmonizing various cybersecurity regulations. While progress in aligning federal cybersecurity regulations has been made, there are still gaps, such as regulator knowledge of specific industry risks. Industry participants discussed challenges federal agencies face in harmonizing cybersecurity regulations. Specifically, they noted a lack of standard definitions and information requirements. However, near- and long-term opportunities for harmonizing federal cybersecurity regulations were identified. For example, in the near-term, participants identified opportunities to harmonize existing regulations through guidance from the National Institute of Standards and Technology. They also noted that an expected regulation on cyber incident reporting could help streamline various other regulations. Further, participants stated that long-term opportunities include identifying a single entity that has primary authority over various agencies that enforce cybersecurity regulations. Why GAO Did This Study GAO was asked to gather perspectives of industry participants on the progress that federal agencies are making to harmonize cybersecurity regulations. This report summarizes the perspectives that selected industry participants shared on the impact of federal cybersecurity regulations and federal agencies' progress, challenges, and opportunities in harmonizing them. To gather perspectives, GAO convened two panel discussions on May 28 and May 29, 2025. Each panel included six representatives from industry organizations for a total of 12 representatives across the two panels. The representatives included directors of cybersecurity-related functions, chief executive officers, regulatory affairs specialists, and those in similar roles across multiple critical infrastructure sectors. For more information, contact David (Dave) Hinchman at HinchmanD@gao.gov.

What GAO Found Across the 11 selected agencies GAO reviewed with artificial intelligence (AI) inventories, the total number of reported AI use cases nearly doubled from 571 in 2023 to 1,110 in 2024. At the same time, generative AI use cases increased about nine-fold, from 32 to 282. See the figure for the numbers of generative AI use cases agencies submitted to the Office of Management and Budget (OMB). Selected Agencies’ Reported Generative AI Use Cases During 2023 and 2024 Generative AI offers potential benefits. In the mission-support area, the technology could improve written communications, information access efficiency, and program status tracking. Program-specific examples include: The Department of Veterans Affairs started an effort to automate various medical imaging processes to enhance veterans’ diagnostic services. To support containment of the poliovirus, the Department of Health and Human Services initiated an effort to extract information from publications and identify outbreaks in areas previously thought to be polio-free. Agency officials told GAO that they face several challenges to using generative AI, such as: complying with existing federal policies and guidance, having sufficient technical resources and budget, and maintaining up-to-date appropriate use policies. For example, officials at 10 of 12 selected agencies said existing federal policy, such as data privacy policy, could present obstacles to adoption. Furthermore, officials at four agencies told GAO that the technology’s rapid evolution can complicate establishment of generative AI policies and practices. Agencies are beginning to take steps to address challenges by, among other things, (1) leveraging available AI frameworks and guidance to inform their own policies and (2) engaging in collaborative efforts with other agencies. During this time, executive branch AI guidance was significantly revised in early 2025. Accordingly, in conjunction with efforts to address challenges, agencies are incorporating these revisions into their management of generative AI. Why GAO Did This Study Recent growth in AI capabilities has spurred a corresponding rise in public interest. Developments in generative AI—which can create text, images, audio, video, and other content when prompted by a user—have revolutionized how the technology can be used in many industries. However, generative AI has risks such as spreading misinformation and presenting national security and environmental risks. GAO was asked to describe federal agencies’ efforts to pursue generative AI. This report is the fourth in a body of work on generative AI. GAO’s objectives included describing selected agencies’ ongoing and planned uses of generative AI and resulting potential benefits as well as describing agencies’ challenges in using and managing generative AI and efforts to address these challenges. GAO selected 12 agencies that publicly reported having generative AI use cases in 2023 or 2024. GAO reviewed AI use case inventories submitted by 11 agencies (the Department of Defense is exempt from the requirement). GAO also analyzed challenges reported by the 12 agencies and categorized those most frequently mentioned. Additionally, GAO interviewed officials from OMB and the Office of Science and Technology Policy about their government-wide policies and guidance on generative AI. For more information, contact Candice N. Wright at WrightC@gao.gov and Kevin Walsh at WalshK@gao.gov.

What GAO Found The U.S. contributed to key international strategies to address the needs of Ukrainian internally displaced persons (IDPs) and refugees between February 2022 and December 2024. The UN-led Ukraine Humanitarian Needs and Response Plan and Ukraine Regional Refugee Response Plan are the primary international strategies that underpin the humanitarian responses inside Ukraine and in refugee hosting countries, according to State and USAID. The U.S. played a consultative role in developing these strategies, including providing feedback on drafts. GAO found that these strategies contain many characteristics of an effective national strategy identified in GAO's prior work, including a clear purpose, goals, and clear responsibilities. However, donor-provided funding fell short of estimated needs despite significant U.S. contributions. For example, in 2024, the refugee response plan received 21 percent of the estimated funding needed to implement it, with the U.S. providing over half of the funding received. Figure: U.S.-Funded Assistance in Ukraine, Poland, and Moldova USAID and State provided a broad range of humanitarian assistance to IDPs and refugees between February 2022 and December 2024 amidst the ongoing conflict with Russia. USAID and State assistance to IDPs in Ukraine and refugees in surrounding countries included mental health services, shelter, water, sanitation, hygiene kits, and legal services. U.S. and partner officials reported challenges in delivering this assistance, such as security concerns near the front lines in Ukraine and shortages of skilled workers. As of December 2024, USAID and State closely coordinated their humanitarian assistance for Ukrainian IDPs and refugees and had also taken steps to coordinate with international partners. Coordination between USAID and State was guided by a memorandum of understanding between the two agencies. GAO found that the coordination of this humanitarian assistance generally met all eight of GAO-identified leading practices for interagency collaboration, including defining common outcomes and clarifying roles and responsibilities. USAID and State also coordinated their assistance with international partners, primarily through regular meetings of United Nations forums. Why GAO Did This Study Russia's full-scale invasion of Ukraine in February 2022 created a forced migration crisis, with millions of Ukrainians forced to flee and millions more internally displaced within Ukraine. As of September 2024, USAID's Bureau for Humanitarian Assistance and State's Bureau of Population, Refugees, and Migration had provided over $3.75 billion in humanitarian assistance for the Ukraine response. Much of this assistance has benefited IDPs and refugees. GAO initiated this review in response to a provision in Division M of the Consolidated Appropriations Act, 2023. GAO's review examines (1) the extent to which the U.S. and its international partners have strategies for addressing the needs of Ukrainian IDPs and refugees; (2) the types of assistance State and USAID have provided and any associated challenges; and (3) the extent to which State and USAID coordinated the implementation of this assistance with each other and international partners. GAO examined assistance provided between February 2022 and December 2024. GAO analyzed agency documentation; met with USAID and State officials; conducted a site visit to Ukraine, Poland, and Moldova to observe assistance provided and met with officials and beneficiaries from these countries; and reviewed international strategies for humanitarian assistance and supporting documents. For more information, contact Latesha Love-Grayer at lovegrayerl@gao.gov.