Our Nation’s security and economic prosperity depend on the stability and integrity of our Federal communications and information infrastructure. Threats to cyberspace pose some of the most serious challenges of the 21st century for the United States. The President has made strengthening the Nation’s cybersecurity a priority from the outset of this Administration.
In May 2017, the President signed Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which concentrates on IT modernization and cybersecurity risk management. Executive Order 13800 reinforces the Federal Information Security Modernization Act by holding agency heads accountable for managing cybersecurity risks to their enterprises. It requires each agency to assess its cybersecurity risks and submit a plan to OMB detailing actions to implement the NIST Cybersecurity Framework.
To address the threats posed on our nation’s cybersecurity defenses, the Federal Government must continue to advance technical and policy protection capabilities for national systems. We must also expand partnerships with the private sector and work with Congress to clarify roles and responsibilities.
The CIO Council, and the Chief Information Security Officers Council, leverage FISMA quarterly reporting and agency cybersecurity budget enhancements to meet the key Federal cybersecurity priorities across the enterprise. These include: Increasing Cyber Threat Awareness, Standardizing Cyber and IT Capabilities, and Driving Agency Accountability. OMB and the Department of Homeland Security continue to improve FISMA oversight and execution to enable better cybersecurity risk management within individual agencies and across the Federal government
FISMA requires that the Office of Management and Budget (OMB) oversee Federal agency information security policies and practices, which includes coordinating with Federal agencies on cybersecurity incidents or operational events that might impact our nation’s security posture. OMB launched an Incident Response Resources Repository to support agencies in defining cybersecurity incident classification, outlining reporting guidance and procedures, and providing general resources for cybersecurity incidents.