Federal laws and policy have assigned important roles and responsibilities to the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) for securing computer networks and systems. DHS is charged with coordinating the protection of computer-reliant critical infrastructure--much of which is owned by the private sector--and securing its own computer systems, while NIST is responsible for developing standards and guidelines for implementing security controls over information and information systems. GAO was asked to describe cybersecurity efforts at DHS and NIST--including partnership activities with the private sector--and the use of cybersecurity performance metrics in the federal government. To do so, GAO relied on its reports on federal information security and federal efforts to fulfill national cybersecurity responsibilities.
Skip to Highlights