Cybersecurity Workforce: Actions Needed to Improve the Cybercorps for Service Scholarship Program

What the GAO found

The CyberCorps® Scholarship for Service Program provides participating institutions of higher education with scholarships to students in approved fields of study in computer science and cybersecurity. As a condition of receiving scholarships, students are required to enter into agreements to work in eligible full-time jobs after graduation for a period equal to the duration of their scholarship. See the figure below for how beneficiaries progress through the program.

Fellows progress through three phases in the CyberCorps® program

Fellows progress through three phases in the CyberCorps® program

The GAO has identified 19 select legal requirements for how the National Science Foundation (NSF) and the Office of Personnel Management (OPM) must manage the program. GAO found NSF and OPM fully compliant with 13 of the requirements and partially compliant with six. Partially met requirements include the following:

  • Fellows are required to provide OPM with annual verifiable post-fellowship employment documentation. OPM officials acknowledge that recipients provide verifiable employment documents and up-to-date contact information only at the beginning and end of the service commitment period, rather than once a year, as the requires the law.
  • The NSF is required to report periodically on program performance, including how long fellows remain in the positions they hold after graduation. OPM attempts to answer this question by surveying beneficiaries. However, beneficiary response rates ranging from 32% to 50% do not provide reliable and complete results.

NSF has not implemented a risk management strategy and process to effectively identify, analyze, mitigate, and report on program risks and challenges. Without such a strategy, NSF is unable to mitigate the adverse effects of risk events that occur, which could negatively impact the achievement of program objectives.

Why GAO Did This Study

The GAO has previously reported that federal agencies are struggling to ensure they have an effective cybersecurity workforce. What is now known as the CyberCorps® Fellowship Program for Service – run by NSF in conjunction with OPM and the Department of Homeland Security (DHS) – was established in 2000 to increase the supply of new government employees in cybersecurity. Since its inception, NSF reports that the program has awarded approximately $621 million in scholarships to more than 4,707 recipients.

The GAO has been asked to review the scholarship program for service. GAO determined the extent to which (1) NSF and OPM are complying with program legal requirements, and (2) NSF has identified, analyzed, mitigated, and reported program risks.

GAO has assessed program documentation and processes against legal requirements and industry best practices. In addition, GAO interviewed officials from the NSF, OPM, and DHS as well as staff from selected higher education institutions participating in the program.

Leave a Reply