Cybersecurity Executive Order “Strengthening the ......Cybersecurity Risks, 3rd Quarter FISMA CIO Metrics, and NIST Cybersecurity Framework Implementation Action Plan to OMB on July
Post on 09-Oct-2020
3 Views
Preview:
Transcript
CybersecurityExecutiveOrder“StrengtheningtheCybersecurityof
FederalNetworksandCriticalInfrastructure”
1
Background• May11th WhiteHouseissuedtheExecutiveOrder
“StrengtheningtheCybersecurityofFederalNetworksandCriticalInfrastructure”– Renewedemphasisoncyberriskmanagement– Managecybersecurityriskasanexecutivebranchenterprise
• Riskmanagementdecisionsmadebyagencyheadscanaffecttherisktotheexecutivebranchasawhole
• May19th OfficeofManagementandBudget(OMB)issuedMemorandumM-17-25,“ReportingGuidanceforEOonStrengtheningtheCybersecurityofFederalNetworksandCriticalInfrastructure”– ProvidesadditionalguidancetosupplementtheEO
2
SevenAreasofFocus
3
Focus Area
1.DocumentRiskMitigationandAcceptance Choices
2.DescribeActionPlantoImplementNISTCybersecurityFramework
3.ProvideCurrentITArchitecturetoEvaluateSharedServices
4.IdentifyCapabilitiesSupportingCybersecurityofCriticalInfrastructure
5.AdviseonResilienceAgainstBotnetsandOtherAutomated,DistributedThreats
6.ReportonDeterrenceandProtectionOptions
7.DocumentInternationalCybersecurityPriorities
HighLevelProcessandTimeline
•BureauEnterpriseCybersecurityRiskstoTreasuryonJune16th•BureauFISMACIOMetricstoTreasury(3° Quarter)•DiscussionsonNISTCybersecurityFrameworkImplementation
•WhiteHouseissuesCybersecurityEOonMay11th
•OnepageOMBRiskAssessmentsoneachDepartment(anticipatedonJuly28th)
•ConsolidatedDepartmentalResponseonEnterpriseCybersecurityRisks,3rdQuarterFISMACIOMetrics,andNISTCybersecurityFrameworkImplementationActionPlantoOMBonJuly14th
•OMBissuesM-17-25MemorandumonMay19th
•DepartmentalReviewofRiskAssessmentandwrittenresponse(DueAug9th)
•OMB&DHSprovidereporttotheWhiteHouse(nosoonerthanAug9th)•OMB&DHSwillworkwithagenciestoimprovecybersecurityriskmanagement(Unknown?)
top related