From: GAO
Recommendations for Executive Action
To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, we recommend that the Secretary of the Department of Homeland
Security take the following nine actions:
- Determine the extent to which the statutorily required implementing principles apply to NCCIC’s cybersecurity functions.
- Develop metrics for assessing adherence to applicable principles in carrying out statutorily required functions.
- Establish methods for monitoring the implementation of cybersecurity functions against the principles on an ongoing basis.
- Integrate information related to security incidents to provide management with more complete information about NCCIC operations.
- Determine the necessity of reducing, consolidating, or modifying the points of entry used to communicate with NCCIC to better ensure that all incident tickets are logged appropriately.
- Develop and implement procedures to perform regular reviews of customer information to ensure that it is current and reliable.
- Take steps to ensure the full representation of the owners and operators of the nation’s most critical cyber-dependent infrastructure assets.
- Establish plans and time frames for consolidating or integrating the legacy networks used by NCCIC analysts to reduce the need for manual data entry.
- Identify alternative methods to collaborate with international partners, while ensuring the security requirements of high-impact systems.
Leave a Reply