About this step

The Implementation phase is the most important element of the overall National Cybersecurity Strategy lifecycle.  It is good practice for a strategy to be accompanied by an Action Plan and the step of implementing this plan is critical.

The implementation of the Action Plan is usually overseen by a cross-governmental committee, which receives regular progress reports from the ministries and agencies responsible for actions in the plan.  A small central unit may be needed to receive these reports, collect other metrics and information on progress that supplement them and produce progress assessments for the cross-government committee and political leadership.  Reporting is typically expected quarterly or biannually.  Annual reporting may be insufficiently frequent to maintain momentum and correct course if implementation of the Action Plan goes off track.

Some countries have chosen to publish reports on their progress implementing the Strategy and Action Plan.  Where this is done, the publications often come at the mid-way point and/or at the end of the multi-year time period the strategy covers.