cybersecurity executive order “strengthening the ......cybersecurity risks, 3rd quarter fisma cio...
TRANSCRIPT
CybersecurityExecutiveOrder“StrengtheningtheCybersecurityof
FederalNetworksandCriticalInfrastructure”
1
Background• May11th WhiteHouseissuedtheExecutiveOrder
“StrengtheningtheCybersecurityofFederalNetworksandCriticalInfrastructure”– Renewedemphasisoncyberriskmanagement– Managecybersecurityriskasanexecutivebranchenterprise
• Riskmanagementdecisionsmadebyagencyheadscanaffecttherisktotheexecutivebranchasawhole
• May19th OfficeofManagementandBudget(OMB)issuedMemorandumM-17-25,“ReportingGuidanceforEOonStrengtheningtheCybersecurityofFederalNetworksandCriticalInfrastructure”– ProvidesadditionalguidancetosupplementtheEO
2
SevenAreasofFocus
3
Focus Area
1.DocumentRiskMitigationandAcceptance Choices
2.DescribeActionPlantoImplementNISTCybersecurityFramework
3.ProvideCurrentITArchitecturetoEvaluateSharedServices
4.IdentifyCapabilitiesSupportingCybersecurityofCriticalInfrastructure
5.AdviseonResilienceAgainstBotnetsandOtherAutomated,DistributedThreats
6.ReportonDeterrenceandProtectionOptions
7.DocumentInternationalCybersecurityPriorities
HighLevelProcessandTimeline
•BureauEnterpriseCybersecurityRiskstoTreasuryonJune16th•BureauFISMACIOMetricstoTreasury(3° Quarter)•DiscussionsonNISTCybersecurityFrameworkImplementation
•WhiteHouseissuesCybersecurityEOonMay11th
•OnepageOMBRiskAssessmentsoneachDepartment(anticipatedonJuly28th)
•ConsolidatedDepartmentalResponseonEnterpriseCybersecurityRisks,3rdQuarterFISMACIOMetrics,andNISTCybersecurityFrameworkImplementationActionPlantoOMBonJuly14th
•OMBissuesM-17-25MemorandumonMay19th
•DepartmentalReviewofRiskAssessmentandwrittenresponse(DueAug9th)
•OMB&DHSprovidereporttotheWhiteHouse(nosoonerthanAug9th)•OMB&DHSwillworkwithagenciestoimprovecybersecurityriskmanagement(Unknown?)