1) Prioritized Identification and Protection of high value information and assets;
2) Timely Detection of and Rapid Response to cyber incidents;
3) Rapid Recovery from incidents when they occur and Accelerated Adoption of lessons
learned from the Sprint assessment;
4) Recruitment and Retention of the most highly-qualified Cybersecurity Workforce
talent the Federal Government can bring to bear; and
5) Efficient and Effective Acquisition and Deployment of Existing and Emerging
Technology.
The CSIP is organized in the following manner:
x Objectives: “What we need to achieve”
x Actions: “How and where we focus our efforts to achieve those objectives”
Specifically, the CSIP’s key actions include:
x All agencies will continue to identify their high value assets (HVAs) and critical system
architecture in order to understand the potential impact to those assets from a cyber incident,
and ensure robust physical and cybersecurity protections are in place. The identification of
HVAs will be an ongoing activity due to the dynamic nature of cybersecurity risks.
x DHS will accelerate the deployment of Continuous Diagnostics and Mitigation (CDM) and
EINSTEIN capabilities to all participating Federal agencies to enhance detection of cyber
vulnerabilities and protection from cyber threats.
x All agencies will improve the identity and access management of user accounts on Federal
information systems to drastically reduce vulnerabilities and successful intrusions.
x OMB, in coordination with NSC and DHS, will issue incident response best practices for use
by Federal agencies, incorporating lessons learned from past cyber incidents to ensure future
incidents are mitigated in a consistent and timely manner. The best practices will serve as a
living document to be continuously updated.
x The National Institute of Standards and Technology (NIST) will provide updated guidance to
agencies on how to recover from cyber events.
x The Office of Personnel Management (OPM) and OMB will initiate several new efforts to
improve Federal cybersecurity workforce recruitment, hiring, and training and ensure a
pipeline for future talent is put in place.
x The Chief Information Officer (CIO) Council will create an Emerging Technology SubCommittee to facilitate efforts to rapidly deploy emerging technologies at Federal agencies.
x The President’s Management Council (PMC) will oversee the implementation of the CSIP in
recognition of the key role Deputy Secretaries play in managing cybersecurity within their
agencies.
x CIOs and Chief Information Security Officers will also have direct responsibility and
accountability for implementation of the CSIP, consistent with their role of ensuring the
identification and protection of their agency’s critical systems and information.
Page 2 of 21