The 2015 US-PRC cyber agreement created expectations regarding changes in China’s cyber behavior in relation to the theft of commercial IP. Such changes need to be measurable, but the agreement itself lacks a verification mechanism. This paper outlines some requirements for such a mechanism, and offers an approach to evaluating one.