In accordance with law, the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA) are required to take actions to improve the Transportation Worker Identification Credential (TWIC) program, and the Office of Inspector General (OIG) must evaluate the implementation of these actions. The OIG’s objective was to determine DHS’ and TSA’s compliance with the public law’s requirements. However, because TSA is still in the process of implementing changes and enhancements to some internal control and quality control elements of the TWIC program, OIG was unable to evaluate full implementation in its December 14 report.
The goal of the TWIC program is to prevent access to secure areas at ports by known and suspected terrorists or criminals who might pose a security risk to our maritime transportation sector.
On December 16, 2016, Congress passed Public Law 114-278 (public law), Transportation Security Card Program Assessment, to address concerns from the Government Accountability Office about the need to improve the TWIC program. Public law requires TSA to take specific actions to improve the vetting process, including a comprehensive risk analysis of security threat assessment procedures.
OIG found that DHS did not promptly fulfill its first requirement. Specifically, DHS delayed commissioning a comprehensive assessment of the effectiveness of the Transportation Security Card Program in enhancing security and reducing security risks for facilities and vessels. The public law required the assessment to begin no later than 60 days after its enactment. However, DHS did not award a work order for the assessment for more than a year after the deadline. TSA only partially complied with requirements mandated by the public law. Of the six required actions, TSA partially complied with two (additional internal controls, risk analysis) and fully complied with four (fraud detection, applicant vetting, finalize manual, vetting quality controls). For the two partially complied with items, TSA did not identify best practices for quality assurance at every stage of the security threat assessment in its comprehensive risk analysis; or provide sufficient documentation or clearly state how it would address all recommended additional internal controls identified in the risk analysis. Furthermore, OIG expressed concerns with aspects of TSA’s responses to all of the required actions.
OIG will continue to monitor DHS’ and TSA’s progress in the implementation of actions required in the public law through its recommendation follow-up activities and additional oversight activities and notify Congress of any changes.