We conducted this audit to determine the extent to which the Transportation Security Administration (TSA) has the policies, processes, and oversight measures to improve security at the National Railroad Passenger Corporation (Amtrak). TSA has limited regulatory oversight processes to strengthen passenger security at Amtrak because the component has not fully implemented all requirements from Public Law 110–53, Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Act). Federal regulations require Amtrak to appoint a rail security coordinator and report significant security concerns to TSA. Although the9/11 Act requires TSA to establish additional passenger rail regulations, the component has not fully implemented those regulations. Specifically, TSA has not issued regulations to assign rail carriers to high-risk tiers; established a rail training program; and conducted security background checks of frontline rail employees. In the absence of formal regulations, TSA relies on outreach programs, voluntary initiatives, and recommended measures to assess and improve rail security for Amtrak.