Cybersecurity has become a central focus for the federal government and now agencies have new guidance on where their cybersecurity posture should be and how to get there.
After revealing that the personal information on more than 4 million current, former and prospective federal employees — a number later increased to 21.5 million — had been stolen in a massive breach of networks owned by the Office of Personnel Management, Federal CIO Tony Scott instituted a 30-day Cyber Sprint to increase security across the government.
The results of that work were brought together for the Office of Management and Budget's new cybersecurity strategy, released on Oct. 30.
The Cybersecurity Strategy Implementation Plan focuses on five areas:
- Identification and protection of high-value assets and information;
- Timely detection of and rapid response to cyber incidents;
- Rapid recovery from incidents and accelerated adoption of lessons learned during the cyber sprint;
- Recruitment and retention of a highly-skilled cybersecurity workforce; and
- Efficient and effective acquisition and deployment of existing and emerging technologies.
The strategy includes security objectives — "What we need to achieve" — and actions — "How and where we focus our efforts to achieve those objectives" — for agencies to begin work on immediately. Agency CIOs and CISOs will be directly responsible for implementing most of the strategy.
Along with the broader strokes, CSIP also mentions specific programs, including accelerating the rollout of the Continuous Diagnostics and Mitigation (CDM) program and the sophisticated Einstein firewall.
Along with the new strategy, OMB also issued a memo offering agencies guidance on complying with mandates of the Federal Information Security Modernization Act (FISMA), which was updated late last year.
The guidance includes information on assessing and reporting agency cybersecurity posture and new requirements for reporting on and responding to significant incidents.
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.
