The Office of the National Cyber Director needs to develop better performance metrics and cost estimates for implementing the National Cybersecurity Strategy in order to ensure its effectiveness, the Government Accountability Office said.
GAO on Thursday released a new report noting that while ONCD has a good strategic foundation, it needs to describe in detail its plans for outcome-oriented performance measures as well as resources and estimated cost.
The government watchdog noted that ONCD fully addressed four out of six desirable characteristics under the National Cybersecurity Strategy. This includes purpose, scope and methodology; problem identification and risk assessment; integration and implementation and organizational roles, responsibilities and coordination.
However, ONCD only partially met requirements in goals, subordinate objectives and performance measures and investments and risk management.
ONCD disagreed with GAO’s recommendation about estimating implementation costs, but agreed to establish outcome-oriented performance measures.