Cybersecurity Workforce: Actions Needed to Improve Cybercorps Scholarship for Service Program

What GAO Found

The CyberCorps® Scholarship for Service Program provides participating institutions of higher education with scholarships to students in approved IT and cybersecurity fields of study. As a condition of receiving scholarships, students are required to enter agreements to work in qualifying full-time jobs upon graduation for a period equal in length to their scholarship. See the figure below for how recipients progress through the program.

Scholarship Recipients Progress through Three Phases in the CyberCorps® Program

GAO identified 19 selected legal requirements on how National Science Foundation (NSF) and the Office of Personnel Management (OPM) are to manage the program. GAO found that NSF and OPM fully complied with 13 of the requirements and partially complied with six. The partially complied with requirements include the following:

• Scholarship recipients are required to provide OPM with annual verifiable documentation of post-award employment. OPM officials acknowledge that recipients provide verifiable employment documentation and up-to-date contact information only at the beginning and end of the service commitment period, rather than annually as required by law.
• NSF is required to periodically report on program performance, including how long scholarship recipients stay in the positions they enter after graduation. OPM attempts to answer this by surveying recipients. However, recipient response rates ranging from 32 to 50 percent do not yield reliable and complete results.

NSF did not implement a risk management strategy and process to effectively identify, analyze, mitigate, and report on program risks and challenges. Absent such a strategy, NSF is not in a position to mitigate the adverse effects of risk events that do occur, which could negatively impact the accomplishment of program goals.

Why GAO Did This Study

GAO has previously reported that federal agencies faced challenges in ensuring that they have an effective cybersecurity workforce. What is now known as the CyberCorps® Scholarship for Service Program—operated by NSF in conjunction with OPM and the Department of Homeland Security (DHS)—was established in 2000 to increase the supply of new government cybersecurity employees. Since its inception, NSF reports that the program has awarded about $621 million in scholarships to over 4,707 recipients.

GAO was asked to review the Scholarship for Service Program. GAO determined the extent to which (1) NSF and OPM are complying with program legal requirements, and (2) NSF has identified, analyzed, mitigated, and reported on program risks.

GAO assessed program documentation and processes against legal requirements and industry best practices. Further, GAO interviewed NSF, OPM, and DHS officials as well as personnel from selected institutions of higher education participating in the program.