The Department of Homeland Security released binding operational directives to direct agencies to implement cybersecurity measures against potential threats, but agencies failed to meet the deadlines outlined in the BoDs, FCW reported Tuesday.
"I think stakeholders were worried about what we would do with the authority," Gabriel Taran, assistant general counsel for cybersecurity law at DHS, said at an event Monday. "They didn't trust DHS necessarily to do this, or didn't think it was the right approach for one entity to direct others."
Jeanette Manfra, assistant director for cybersecurity at DHS’ Cybersecurity and Infrastructure Security Agency, told FCW in an interview that, "One [principle] we tried to stick with religiously was the ability to independently measure compliance. That was very important to us," said Manfra regarding the department’s efforts to ensure agencies’ compliance with cyber requirements.
The Government Accountability Office told the publication it will release a report to assess DHS’ process for BoD development, implementation and the metrics the department uses to evaluate agencies’ compliance with the directives. The GAO report is set for completion by this fall.