The US cybersecurity agency CISA this week released its Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) plan, which aims to align the federal enterprise against cyberthreats.
According to CISA, while federal agencies have built their own cyber defense capabilities, they vary widely in how effectively they manage risks, as there is no cohesive or consistent baseline security posture across the federal enterprise.
“These diverse approaches were not designed to collectively address the dynamic nature of our current cyber threat environment, the complexity of our digital ecosystem, and the pace of technology modernization. As a result, despite concerted efforts to adapt and protect against cyberattacks, the FCEB remains vulnerable,” the cyber defense agency says.
CISA’s FOCAL plan (PDF) seeks to standardize essential components of enterprise operational cybersecurity across agencies, as well as at an interagency level, outlining proven practices that agency components should adopt, along with collective cybersecurity goals that should be identified.
“Collective operational defense is required to adequately reduce risk posed to more than 100 FCEB agencies and to address dynamic cyber threats to government services and data,” CISA says.
The FOCAL plan identifies five priority areas to enable the federal enterprise’s cyber defense apparatus under normal, steady operations, and facilitates rapid response during urgent situations: asset management, vulnerability management, defensible architecture, cyber supply chain risk management, and incident detection and response.
Furthermore, the plan presents alignment goals, which are subsets of these priority areas, created on the operational level with the purpose of standardizing and aligning effort and capabilities.
“The FOCAL plan is not intended to provide a comprehensive or exhaustive list of everything that an agency or CISA must accomplish. It is designed to focus resources on those actions that substantially advance operational cybersecurity improvements and alignment goals,” CISA explains.
Increased alignment, the cyber defense agency says, will have a real-world impact and will lead to more synchronized and robust cyber defenses, improved communication, and better agility and resilience for the FCEB.
Related: CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities
Related: FBI, CISA Warn of Fake Voter Data Hacking Claims
Related: US Cybersecurity Agency CISA to Open London Office
Related: Washington Secretary of State Appointed CISA’s Senior Election Security Lead