OMB has released a Cybersecurity Strategy and Implementation Plan for civilian agencies as a follow on to the cybersecurity sprint it initiated last June in response to the OPM data breach.
The strategy is a result of a far-reaching cybersecurity review that was carried out by a “sprint” team. Interim measures started in June included the deployment of threat indicators, software patches, and tighter policies and practices for privileged users as well as stronger authentication practices.
According to OMB memo M-16-04, actions under the CSIP include:
All agencies will continue to identify their high value assets and critical system architecture;
DHS will accelerate the deployment of Continuous Diagnostics and Mitigation and EINSTEIN capabilities to all participating federal agencies;
All agencies will improve the identity and access management of user accounts on federal information systems;
OMB, in coordination with the National Security Council and DHS, will issue incident response best practices for use by federal agencies;
NIST will provide updated guidance to agencies on how to recover from cyber events;
OPM and OMB will initiate several new efforts to improve federal cybersecurity workforce recruitment, hiring, and training and ensure a pipeline for future talent;
The CIO Council will create an Emerging Technology subcommittee to facilitate efforts to rapidly deploy emerging technologies at federal agencies.
The President’s Management Council will oversee the implementation of the CSIP in recognition of the key role deputy secretaries play in managing cybersecurity within their agencies; and,
CIOs and CISOs will also have direct responsibility and accountability for implementation of the CSIP, consistent with their role of ensuring the identification and protection of their agency’s critical systems and information.