The IT Law Wiki


Government Accountability Office, Information Technology: Agencies Need to Develop and Implement Modernization Plans for Critical Legacy Systems (GAO-21-524T) (Apr. 27, 2021) (full-text).


This is testimony before the Subcommittee on Emerging Threats and Spending Oversight, Committee on Homeland Security and Governmental Affairs, U.S. Senate.

Each year, the federal government spends more than $100 billion on IT and cyber-related investments. Of this amount, agencies have typically spent about 80 percent on the operations and maintenance of existing IT investments, including legacy systems. However, federal legacy systems are becoming increasingly obsolete. In May 2016, the GAO reported instances where agencies were using systems that had components that were at least 50 years old or the vendors were no longer providing support for hardware or software. Similarly, in June 2019 the GAO reported that several of the federal government's most critical legacy systems used outdated Languages, had unsupported hardware and software, and were operating with known security vulnerabilities.

The GAO was asked to testify on its June 2019 report on federal agencies' legacy systems. Specifically, the GAO summarized (1) the critical federal legacy systems that we identified as most in need of modernization and (2) its evaluation of agencies' plans for modernizing them. The GAO also provided updated einformation regarding agencies’ implementation of its related recommendations.

What GAO Recommends[]

In a "limited official use only" version of its June 2019 report, the GAO made eight recommendations to eight federal agencies to identify and document modernization plans for their respective legacy systems, including milestones, a description of the work necessary, and details on the disposition of the legacy system. Contract