What GAO Found In fiscal year 2025, the Defense Counterintelligence and Security Agency (DCSA) conducted over 4,600 security reviews. The agency also documented over 800 security violations (see figure) and over 1,000 open security vulnerabilities associated with cleared contractor facilities. To conduct its industrial security mission, DCSA relied on over 470 industrial security mission personnel and spent over $160 million in fiscal year 2025. Defense Counterintelligence and Security Agency (DCSA) Documented 815 Security Violations by Category Type, Fiscal Year 2025 Note: Security violations are incidents where a contractor fails to comply with the National Industrial Security Program Operating Manual’s policies and procedures that could reasonably result in the loss or compromise of classified information. For example, data spills are when classified information appears, or “spills,” onto an unclassified system. Security vulnerabilities are identified weaknesses in a contractor’s industrial security program that could be exploited to gain unauthorized access to classified information or information systems accredited to process classified information. DCSA has taken steps to manage risk with the industrial security mission. These include efforts to identify, assess, and respond to risk. However, DCSA has not addressed gaps to fully assess and respond to risks to its operational activities in line with DOD guidance on risk management. For example, DCSA has not identified and developed analytic capabilities to better support field operators’ assessments of risk at the regional level. With such capabilities, the agency could identify the most significant regional trends affecting its overall performance objectives. Further, DCSA began an initiative in 2019—the National Access Elsewhere Security Oversight Center (NAESOC)—aimed at mitigating risk partly through the reduction of workload on regional officials. However, participants in all 12 of the focus groups GAO conducted reported on the center’s insufficient staffing, limited risk mitigation, and industry dissatisfaction. According to DCSA officials, the agency has not comprehensively assessed the NAESOC risk response effort, including identifying its resourcing needs and outcome-oriented performance goals. Doing so would be in line with DOD risk guidance to conduct regular assessments on risk responses. Finally, DCSA identified challenges with its current industrial security data system of record and has begun developing a replacement. However, DCSA has not continuously engaged its end-users—DCSA regional and military department officials—throughout the development process, to include requirements development and other stages prior to testing. Without doing this, DCSA risks developing a replacement system with ongoing challenges. Why GAO Did This Study Foreign entities continue to attempt to illicitly obtain classified information and technology from industry thousands of times a year. DCSA, a Department of Defense (DOD) component, administers the DOD portion of the National Industrial Security Program (NISP), with the purpose of protecting classified information released to federal contractors, among others. DCSA has responsibility for ensuring that contractors properly access and store classified content for an estimated 90 to 95 percent of U.S. classified contracts across the federal government. House Report 118-125 includes a provision for GAO to review DOD’s administration of the NISP. This report addresses (1) the funding, personnel, and training DCSA dedicates to perform its industrial security mission, and the extent to which DCSA (2) has managed risks within the NISP’s core operational activities and (3) is addressing challenges with the National Industrial Security System. GAO reviewed documents and interviewed officials from DCSA, the military service components, and the National Archives and Records Administration. GAO also conducted a series of focus groups with 80 selected DCSA regional personnel who conduct industrial security operations.

What GAO Found During GAO’s audits of the Federal Housing Finance Agency’s (FHFA) fiscal year 2025 financial statements, GAO identified a deficiency in FHFA’s controls over its review of its financial statements for conformity with U.S. generally accepted accounting principles that represents a new significant deficiency in FHFA’s internal control over financial reporting. GAO also found that FHFA completed corrective actions to address seven of the nine recommendations from prior reports that remained open as of September 30, 2024. In conjunction with the recommendations it addressed, FHFA resolved the significant deficiency in controls over its review of accounts payable accruals that GAO reported as a result of its 2024 audits. Why GAO Did This Study In January 2026, GAO reported on the results of its audits of FHFA’s fiscal year 2025 financial statements and the deficiency in FHFA’s internal controls. This report presents (1) the deficiency GAO identified during its fiscal year 2025 audit, along with the related recommendation to address this deficiency, and (2) the status of FHFA’s corrective actions to address recommendations related to internal control over financial reporting deficiencies identified in prior reports that remained open as of September 30, 2024. As part of its fiscal year 2025 audits, GAO reviewed FHFA policies and procedures; interviewed FHFA management and staff; observed controls in operation; and tested controls to determine whether FHFA effectively designed, implemented, and operated these controls. GAO also followed up on the status of FHFA’s corrective actions to address open recommendations related to internal control over financial reporting deficiencies that GAO identified in prior reports.

What GAO Found Operating and support (O&S) costs are comprised of costs for repair parts, maintenance activities, contract services, and personnel. The Department of Defense (DOD) identified 14 systems with critical O&S cost growth out of 36 weapon system sustainment reviews it conducted for fiscal years 2023 and 2024. This critical O&S cost growth represents at least a 25 percent increase in the cost estimate for the remainder of a system’s life cycle compared with its most recent independent cost estimate, or at least a 50 percent increase compared with the original baseline cost estimate. GAO identified common causes DOD reported for the critical O&S cost growth for the 14 systems, such as extensions to operational life. Weapon System Sustainment Reviews with Reported Critical Operating and Support Cost Growth and Causes, Fiscal Years 2023 and 20224 Note: Weapon systems experienced critical O&S cost growth in either Category A (growth is at least 25 percent more than the estimate documented in the most recent independent cost estimate for the system) or Category B (growth is at least 50 percent more than the original baseline cost estimate for the system). DOD has taken some actions to address critical O&S cost growth identified in fiscal year 2021 and fiscal year 2022. However, GAO found the Army has not fully completed a software update that it reported would remediate a top maintenance issue for its Common Remotely Operated Weapons Station (CROWS). Doing so would yield cost savings that GAO estimates would be more than $130 million over the program’s remaining approximately 30 years of life. Without ensuring that its units implement the software update identified in the CROWS remediation plan on a timely basis, the Army is missing an opportunity to address a top maintenance issue affecting this weapon system and to achieve a cost savings of more than $130 million over the remaining life of the program. DOD identified challenges in conducting sustainment reviews and determining O&S cost growth. GAO found that DOD has taken steps to address challenges, such as revising guidance to correct cost estimating data deficiencies. Why GAO Did This Study DOD spends tens of billions of dollars to sustain its weapon systems. O&S costs are about 70 percent of a system’s total life-cycle cost. In response to a statutory provision, DOD has been required to annually submit sustainment reviews that include O&S cost estimates and the reasons for any critical cost growth, although the National Defense Authorization Act for Fiscal Year 2026 eliminated the requirement for DOD to include the O&S cost growth information in its sustainment reports. The National Defense Authorization Act for Fiscal Year 2021 included a provision for GAO to review DOD’s annual sustainment reviews and O&S cost estimates through 2025. This report, the final one to be submitted under this statutory requirement, evaluates the extent to which DOD (1) identified critical O&S cost growth in its fiscal years 2023 and 2024 weapon system sustainment reviews and the causes of that growth, (2) has taken actions to address the critical O&S cost growth identified in the fiscal years 2021 and 2022 sustainment reviews, and (3) has taken steps to identify challenges and improve the sustainment review process. GAO analyzed DOD guidance and weapon system sustainment reviews DOD conducted in fiscal years 2023 and 2024 and cost savings initiatives identified in the fiscal years 2021 and 2022 reviews and interviewed DOD officials who conducted the reviews.

What GAO Found Navy and Coast Guard shipbuilding programs have consistently fallen short of expectations over the last 2 decades. Collectively, they are billions of dollars over cost and years behind schedule. For example, the Navy’s Constellation class frigate program was overcome by issues. As a result, the Navy announced a strategic shift away from the program in 2025—having previously exercised contract options valued at over $3 billion dollars. Similarly, the Coast Guard paused work on two ships and terminated two other ships in its Offshore Patrol Cutter program after a more than 5-year delay in delivering the lead ship. Constellation Class Frigate and Offshore Patrol Cutter Proposed solutions by federal officials have included reorganizing how shipbuilding programs are managed, increasing shipbuilder workforce wages, and finalizing ship designs before beginning construction, among others. While there is no singular solution, implementing leading practices and GAO’s prior recommendations could help ensure smoother sailing. For example, ensuring that new ship design efforts, such as the Navy’s planned new attack submarine program, fully leverage ship design practices used by leading companies will be critical to long-term success. This would include practices like iterative design based on user feedback, completing ship design before beginning construction, and using digital tools. (See GAO-24-105503.) Additionally, the shipbuilding industrial base—the private companies that build or supply the parts for ships—has not met the government’s submarine construction goals in recent years. GAO’s analysis of the Department of Defense’s (DOD) efforts to invest in the submarine industrial base to improve its capacity found shortcomings. For example, DOD does not know how much funding it expects to need—beyond the more than $10 billion DOD already invested—to solve submarine industrial base challenges such as ensuring needed parts get delivered on time. Without this understanding, decision-makers may not have the information needed to balance funding for the submarine industrial base with other shipbuilding priorities. Further, DOD has not taken key steps to ensure oversight for some of its costliest submarine industrial base investments. Without improvements, such as documented project monitoring, DOD cannot ensure those taxpayer dollars are helping achieve its goals as cost effectively as possible. These findings can provide lessons learned for the Navy, Coast Guard, and other federal agencies in their efforts to build up the maritime industrial base. Why GAO Did This Study The U.S. is in a period of heightened emphasis on improving shipbuilding to tackle pressing national security demands. The Navy and Coast Guard spend billions to procure ships each year and have ambitious plans to build new ships. GAO has reported for decades on the persistent issues that plague these shipbuilding programs and has made more than 100 recommendations to address them. This statement addresses (1) the state of Navy and Coast Guard shipbuilding; (2) key challenges the Navy and Coast Guard need to address to achieve their ambitious shipbuilding goals; and (3) DOD’s efforts to support the submarine industrial base and the lessons that can be derived for future maritime industrial base investments. This statement is based on prior and ongoing GAO work. In addition, GAO is issuing the results of its analysis of DOD’s management of submarine industrial base investments in this testimony statement. To perform this work, GAO analyzed relevant Navy and Coast Guard documentation and interviewed knowledgeable officials.

What GAO Found The Federal Emergency Management Agency's (FEMA's) Individual Assistance helps survivors of major disasters cover necessary expenses and serious needs that insurance or low-interest loans do not cover. This may include reimbursing survivors for temporary lodging or providing assistance with rental housing and home repairs. In response to Hurricanes Helene and Milton, the 2025 Los Angeles (LA) wildfires, and the 2025 Texas floods, FEMA provided over $3 billion to 1.2 million individuals and households, according to agency data. FEMA has made changes to improve the implementation of its assistance to survivors. For example, FEMA has simplified application requirements and increased eligibility for certain assistance. However, GAO found that survivors continued to face challenges communicating with FEMA and securing post-disaster housing. For example: Reaching FEMA's helpline. FEMA data show that most survivors affected by Hurricanes Helene and Milton and the Texas floods faced long wait times and could not reach a representative when trying to apply for assistance through FEMA's helpline. Understanding FEMA's letters. Some survivors faced challenges interpreting letters from FEMA regarding their eligibility for assistance. For example, some survivors thought letters requesting more information were denial letters, according to FEMA and state officials. FEMA revised its letters in 2024 and 2025 to incorporate more plain language and clearer instructions. Securing post-disaster housing. Survivors of recent disasters and officials from all levels of government experienced long-standing housing challenges. For example, FEMA officials said that it was challenging for the agency to support post-disaster housing for survivors after Hurricane Helene destroyed many of the housing resources that were already constrained before the storm hit. Additionally, FEMA officials reported issues that delayed the agency's ability to provide direct housing—such as needing to set up septic tanks and energy meters before making manufactured housing units available. At the direction of the current administration, FEMA made recent changes that affect its delivery of assistance to survivors. This includes focusing on providing support at state or local centers, thereby reducing the need for FEMA to establish its own Disaster Recovery Centers where applicants can obtain information and apply for benefits. In addition, FEMA has discontinued its door-to-door canvassing efforts. However, some FEMA and state officials expressed concerns about how this could affect their ability to support survivors who may not be able to access an in-person recovery center, including those who are older, have disabilities, live in rural areas, or lack phone or internet access. State and local capacity to provide assistance to survivors will significantly impact the implementation of these and other potential changes to FEMA's delivery of assistance. For example, officials from four states affected by Hurricanes Helene and Milton told GAO they do not have their own individual assistance programs for survivors after a disaster. In addition, federal and state officials emphasized the need for adequate time for state and local governments to prepare for any changes in disaster response roles since they currently rely on significant federal support. Why GAO Did This Study The extensive damage caused by recent natural disasters, including Hurricanes Helene and Milton in 2024, the LA wildfires in 2025, and the July 2025 floods in Texas, demonstrates the need for government-wide action to deliver assistance efficiently and effectively. GAO has previously reported that disaster survivors have faced numerous challenges receiving aid from FEMA—the lead agency for federal disaster response. This includes challenges understanding and navigating the assistance process that may have prevented survivors from receiving assistance for which they may have otherwise been eligible. Further, improving processes for assisting survivors is one of the key challenges identified in GAO's High-Risk List on Improving the Delivery of Federal Disaster Assistance. Congress and the President have signaled an interest in enacting reforms to FEMA. For example, in January 2025, the President established a FEMA Review Council to assess FEMA's disaster response efforts, recommend improvements to the agency, and review existing reform proposals. GAO was asked to review long-standing challenges and emerging issues in federal response efforts for recent disasters. This report, the third in a series, provides information on FEMA's assistance to disaster survivors and related challenges. GAO reviewed FEMA information on Individual Assistance—including data on the amount of assistance provided and the number of calls to FEMA's helpline, and eligibility letters to survivors. GAO also analyzed information from 56 interviews and written responses from FEMA and state and local governments impacted by disasters in recent years. For more information, contact Chris Currie at CurrieC@gao.gov.

What GAO Found Every year, Congress appropriates funds to support federal activities and address national priorities. Congress generally appropriates funding, or budget authority, to an agency for use during a specific period, known as the period of availability. The Consolidated Appropriations Act, 2023 authorized trillions of dollars to federal agencies to obligate, or commit to pay for goods and services, during fiscal year 2023 and beyond. GAO found that 156 of the 258 appropriation accounts in GAO’s review of the Consolidated Appropriations Act, 2023 had budget authority available for obligation in fiscal year 2026 or later, as of September 30, 2025. These accounts had approximately $20.9 billion in unobligated budget authority, or about 1.97 percent of the approximately $1 trillion initially appropriated that had a period of availability of fiscal year 2026 or later. The unobligated budget authority is unexpired, and is comprised of multiple periods of availability (see table). Table: Unobligated Budget Authority from the Consolidated Appropriations Act, 2023 by Period of Availability, for Selected Agencies Period of availability Budget authority provided in the Consolidated Appropriations Act, 2023 (in USD) Unobligated budget authority, as of September 30, 2025 (in USD) Unobligated budget authority as a proportion of budget authority provided in the Consolidated Appropriations Act, 2023 (percentage) 2026 $25,370,407,254 $1,705,579,606 6.72% 2027 $60,291,452,000 $9,033,188,722 14.98% Indefinite $980,222,929,895 $10,208,442,784 1.04% Total $1,065,884,789,149 $20,947,211,112 1.97% Source: GAO analysis of the Consolidated Appropriations Act, 2023 and data from the Departments of Agriculture, Defense, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, Justice, Transportation, and Veterans Affairs, and the Social Security Administration. | GAO-26-108476 Detailed information about the amount of unobligated budget authority by appropriation account is in a downloadable dataset, which can be accessed via a link on this page. Why GAO Did This Study GAO was asked to identify any remaining budget authority provided in the Consolidated Appropriations Act, 2023 that is unexpired and still available for obligation. This report provides information on these amounts still available to selected agencies to obligate in fiscal year 2026 or later, and key characteristics, such as the appropriation account name; type of budget authority; and the associated programs, projects, or activities. To conduct this work, GAO reviewed the Consolidated Appropriations Act, 2023 to select the 10 federal agencies with the largest amount of budget authority potentially available for obligation in fiscal year 2026 or later. These agencies are the Departments of Agriculture, Defense, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, Justice, Transportation, and Veterans Affairs, and the Social Security Administration, and represent 258 appropriation accounts that included budget authority available for obligation in fiscal year 2026 or later. GAO used a data collection instrument to collect the amount of unobligated budget authority from the Consolidated Appropriations Act, 2023 in each appropriation account and related information from the 10 selected agencies. In some cases, GAO conducted follow-up interviews with agency officials to gain additional clarity on the data and information they provided. GAO analyzed the data to calculate summary statistics and to populate a downloadable dataset. For more information, contact Jeff Arkin at ArkinJ@gao.gov.

What GAO Found GAO has designated Medicare a high-risk program due, in part, to its complexity and potential for fraud. Fraud schemes in traditional Medicare often focus on certain services, such as durable medical equipment. Fraudsters may use stolen or inappropriately obtained Medicare beneficiary identifiers to submit fraudulent claims for unneeded or never provided services. The Centers for Medicare & Medicaid Services (CMS), which oversees Medicare, uses data analytics on claims in traditional Medicare to identify anomalous patterns indicative of emerging fraud schemes and potentially fraudulent behaviors, such as billing spikes. CMS uses these analytics to develop leads for investigations and to inform administrative actions that can prevent potentially fraudulent payments, such as suspending provider payments. For example, in 2023 and 2024, CMS suspended payments to, and later revoked the enrollment of, 15 providers involved in a scheme that allegedly billed Medicare for more than $4 billion in urinary catheters that were never supplied. Selected private payers GAO spoke with reported using data analytics in ways similar to CMS—namely, to identify anomalous provider billing patterns to generate leads for investigations and to inform actions like payment suspensions. CMS estimates that from fiscal years 2022 through 2024, it prevented a total of $11.9 billion in potentially fraudulent Medicare payments by taking administrative actions on providers engaged in potential fraud. Administrative Actions and Estimates of Potentially Fraudulent Payments Prevented by CMS, Fiscal Years 2022 through 2024 Administrative action Prevented payments (in millions) Prepayment claims reviews $27 Automated prepayment denials $132 Overpayment recoveries $652 Payment suspensions $2,579a Revocations and deactivations $7,962a Law enforcement referrals $554b Total $11,906 Source: GAO analysis of Centers for Medicare & Medicaid Services (CMS) data. | GAO-26-107799 Note: For more details, see Table 3 in GAO-26-107799. aProjected amount of potentially fraudulent payments prevented based on estimated cost avoidance. bEstimated amount in financial judgments that courts may order on behalf of Medicare. In December 2025, CMS began sharing information about Medicare provider payment suspensions with supplemental payers—private plans and state Medicaid agencies that cover certain Medicare beneficiaries’ out-of-pocket expenses. CMS did not share such information previously. This lack of information sharing led some supplemental payers to pay beneficiary cost sharing on potentially fraudulent claims. Representatives of private payers estimated that private plans may have paid tens of millions of dollars in beneficiary cost-sharing for the urinary catheter scheme. GAO’s analysis found that state Medicaid agencies paid at least $196,000 in state and federal funds for cost-sharing payments for the urinary catheter scheme in 2023 and 2024. Why GAO Did This Study CMS is responsible for ensuring the integrity of the Medicare program and preventing and mitigating potential fraud. GAO was asked to review CMS’s use of data analytics to prevent and reduce fraud in traditional Medicare. This report describes characteristics of common Medicare fraud schemes, CMS’s use of data analytics to identify Medicare fraud, and CMS’s estimates of potentially fraudulent payments it prevented; and examines the extent to which CMS shares information on payment suspensions with relevant entities. GAO reviewed CMS documentation on its activities to prevent fraud and interviewed CMS officials and program integrity contractors that investigate Medicare fraud about common Medicare fraud schemes and their use of data analytics. GAO also analyzed CMS data on administrative actions and the extent of potentially fraudulent payments prevented for fiscal years 2022 through 2024. Data from 2024 were the most recent data available at the time of GAO’s review. For additional context on CMS’s use of data analytics, GAO interviewed representatives of selected private health insurers and two organizations representing private payers about their use of data analytics. GAO also interviewed CMS officials and private payers about the sharing of information on payment suspensions with supplemental payers. The Department of Health and Human Services provided technical comments, which GAO incorporated as appropriate. For more information, contact Leslie V. Gordon, GordonLV@gao.gov, or Seto J. Bagdoyan, BagdoyanS@gao.gov.

What GAO Found The Infrastructure Investment and Jobs Act of 2021 (IIJA) required the U.S. Department of Transportation (DOT) to establish the Office of Multimodal Freight Infrastructure and Policy (Multimodal Freight Office, or Office). Its responsibilities include coordinating with other agencies, states, and the private sector; assisting cities and states to improve freight mobility; and carrying out the goals of the national multimodal freight policy. The IIJA directs the Multimodal Freight Office to administer certain policies and programs, such as developing and managing the National Freight Strategic Plan and the National Multimodal Freight Network, which connects highways, railroads, and maritime routes. DOT has taken steps toward meeting almost all of its statutory requirements. For example, DOT plans to release an updated National Freight Strategic Plan in 2026 and is updating the National Multimodal Freight Network. U.S. National Multimodal Freight Network DOT has not completed one of the office’s statutory requirements–periodically reporting to Congress on the activities of the Multimodal Freight Office. Officials stated that the Office had not done so because it had limited staff and was focused on other activities. While the Office briefed congressional staff in 2023, without periodic reporting, Congress has limited visibility into the activities the Office has conducted since then. Having recent information is important as Congress considers how the Office could support federal surface transportation programs, and any potential legislation related to the upcoming reauthorization. To prevent potential duplication when forming the Multimodal Freight Office, DOT formed a task force in 2023 to review multimodal freight responsibilities across the department. The task force established complementary roles between the office and other DOT administrations, according to DOT officials. DOT officials and transportation industry associations GAO met with said they found the Office helpful as a single point of contact able to respond to freight-related incidents and could help address freight issues, such as the nationwide shortage of truck parking for commercial drivers. Why GAO Did This Study The U.S. freight transportation network is vital to the nation, moving over 20 billion tons of freight in 2024 over an extensive, interconnected network. DOT is responsible for ensuring the safe, efficient, and reliable movement of freight over this network. The IIJA included a provision for GAO to review the activities of the Multimodal Freight Office. This report examines (1) the progress DOT has made in meeting its statutory requirements related to the Multimodal Freight Office and (2) how DOT identified and managed any areas of duplication and improved efficiency for freight issues across the department when establishing the Multimodal Freight Office. GAO interviewed DOT officials on steps taken toward meeting the statutory requirements. GAO analyzed internal DOT documents on the agency’s activities to manage any duplication and improve efficiency in multimodal freight efforts when establishing the Multimodal Freight Office. GAO also interviewed DOT operating administration officials; four stakeholders from the trucking, railroad, air, and maritime freight transportation industries; and one state transportation association on their views on activities of the office. GAO selected these stakeholders, as they represent the major modes of freight transportation in the U.S., per DOT’s draft National Multimodal Freight Network.