The Government Accountability Office (GAO) said in a new report that the National Science Foundation (NSF) and the Office of Personnel Management (OPM) have plenty more work to do to tighten up the management side of the CyberCorps Scholarship for Service Program.
The program was established in 2000 to increase the supply of new government cybersecurity employees, and since then has awarded $621 million in scholarships to about 4,700 recipients.
GAO reviewed how well NSF and OPM are complying with the legal requirements of the program, and how well NSF has dealt with program risks.
The verdict: GAO found that NSF and OPM had only fully complied with 13 out of the 19 legal requirements in recruiting candidates, and only partially complied with the 6 other requirements.
“NSF did not implement a risk management strategy and process to effectively identify, analyze, mitigate, and report on program risks and challenge,” GAO said. “Absent such a strategy, NSF is not in a position to mitigate the adverse effects of risk events that do occur, which could negatively impact the accomplishment of program goals.”
NSF and OPM agreed with GAO’s recommendations for action to improve the program’s management and recruiting process, including:
- The directors of NSF and OPM should periodically evaluate and make public, information on how long CyberCorps Scholarship for Service Program scholarship recipients stay in the positions they enter upon graduation;
- NSF should provide Congress with all required information in a timely manner for the CyberCorps Scholarship for Service Program so Congress can use this information to make informed decisions regarding the SFS Program;
- NSF should develop and implement a risk management strategy that includes a process to effectively identify, analyze, mitigate, and report CyberCorps Scholarship for Service Program risks and challenges;
- Both agencies should establish a time frame for implementing a process to ensure that all CyberCorps Scholarship for Service Program scholarship recipients provide their institutions of higher education and OPM with annual verifiable documentation of post-award employment and up-to-date contact information for a period of at least through the end of their work service obligation;
- Both agencies should ensure the collection of complete and consistent data that relate to the fulfillment of all post-award obligations or requirements pursuant to the CyberCorps Scholarship for Service Program.