The Government Accountability Office has urged theÂ Department of Homeland SecurityÂ to establish metrics and methods to assess the performance of theÂ National Cybersecurity and Communications Integration Center.
GAO reported Wednesday NCCIC isÂ required to perform 11 cybersecurity functions and comply with nine principles but the center’s level of adherence is unclear since it has yet to identify the relevance of principles to all functions.
Auditors identified cases where NCCIC implemented functions in line with principles such as efforts to disseminate vulnerability alerts in coordination with industry, academia and national laboratories.
GAO also found instances where NCCIC did not perform functions in accordance with principles such asÂ the requirement toÂ provide technical, risk management and incident response support to federal and nonfederal entities.
NCCIC has yet to develop measures or procedures to assess the timeliness of such efforts, GAO said.
The government watchdog also discoveredÂ performance issues such as NCCIC officials’ inability toÂ completely track and consolidate cyber incident reports as well as the potential lack of access to the updatedÂ contact information of owners and operators ofÂ critical cyber-dependent infrastructures.
GAO called on DHS to determine theÂ applicability of principles; establish metrics to assess performance; and address identified issues,Â as part of nine recommendations.