UNIDIR Cyber Policy Portal Database

1) Prioritized Identification and Protection of high value information and assets; 2) Timely Detection of and Rapid Response to cyber incidents; 3) Rapid Recovery from incidents when they occur and Accelerated Adoption of lessons learned from the Sprint assessment; 4) Recruitment and Retention of the most highly-qualified Cybersecurity Workforce talent the Federal Government can bring to bear; and 5) Efficient and Effective Acquisition and Deployment of Existing and Emerging Technology. The CSIP is organized in the following manner: x Objectives: “What we need to achieve” x Actions: “How and where we focus our efforts to achieve those objectives” Specifically, the CSIP’s key actions include: x All agencies will continue to identify their high value assets (HVAs) and critical system architecture in order to understand the potential impact to those assets from a cyber incident, and ensure robust physical and cybersecurity protections are in place. The identification of HVAs will be an ongoing activity due to the dynamic nature of cybersecurity risks. x DHS will accelerate the deployment of Continuous Diagnostics and Mitigation (CDM) and EINSTEIN capabilities to all participating Federal agencies to enhance detection of cyber vulnerabilities and protection from cyber threats. x All agencies will improve the identity and access management of user accounts on Federal information systems to drastically reduce vulnerabilities and successful intrusions. x OMB, in coordination with NSC and DHS, will issue incident response best practices for use by Federal agencies, incorporating lessons learned from past cyber incidents to ensure future incidents are mitigated in a consistent and timely manner. The best practices will serve as a living document to be continuously updated. x The National Institute of Standards and Technology (NIST) will provide updated guidance to agencies on how to recover from cyber events. x The Office of Personnel Management (OPM) and OMB will initiate several new efforts to improve Federal cybersecurity workforce recruitment, hiring, and training and ensure a pipeline for future talent is put in place. x The Chief Information Officer (CIO) Council will create an Emerging Technology SubCommittee to facilitate efforts to rapidly deploy emerging technologies at Federal agencies. x The President’s Management Council (PMC) will oversee the implementation of the CSIP in recognition of the key role Deputy Secretaries play in managing cybersecurity within their agencies. x CIOs and Chief Information Security Officers will also have direct responsibility and accountability for implementation of the CSIP, consistent with their role of ensuring the identification and protection of their agency’s critical systems and information. Page 2 of 21