U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Audit of NARA's Legacy Systems

Report Information

Date Issued
Report Number
Report Type
Joint Report
Agency Wide
Yes (agency-wide)
Questioned Costs
Funds for Better Use


We recommend the CIO develop a definition of a legacy system.

We recommend the CIO in coordination with the program offices document when the system was put into production and the life expectancy of each system.

We recommend the CIO create a centralized process to track legacy systems.

We recommend the CIO in coordination with System Owners Ensure all seven systems are adequately tracked, monitored, and the proper security controls are in place until they are subsumed within the ERA 2.0 project or other systems as planned.

We recommend the CIO develop and implement an operational analysis policy as required by OMB 10-27.

We recommend the CIO coordinate with each Program Office to conduct and document an operational analysis for IT investments currently in production in accordance with the policy in recommendation 8.

We recommend the CIO Ensure risk assessments and risk assessment reports are completed and/or reviewed annually and updated accordingly for all NARA systems .