Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Government

CISA Releases Cyber Defense Alignment Plan for Federal Agencies

CISA has laid out the FOCAL plan, which aligns the collective operational defense capabilities across federal agencies.

The US cybersecurity agency CISA this week released its Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) plan, which aims to align the federal enterprise against cyberthreats.

According to CISA, while federal agencies have built their own cyber defense capabilities, they vary widely in how effectively they manage risks, as there is no cohesive or consistent baseline security posture across the federal enterprise.

“These diverse approaches were not designed to collectively address the dynamic nature of our current cyber threat environment, the complexity of our digital ecosystem, and the pace of technology modernization. As a result, despite concerted efforts to adapt and protect against cyberattacks, the FCEB remains vulnerable,” the cyber defense agency says.

CISA’s FOCAL plan (PDF) seeks to standardize essential components of enterprise operational cybersecurity across agencies, as well as at an interagency level, outlining proven practices that agency components should adopt, along with collective cybersecurity goals that should be identified.

“Collective operational defense is required to adequately reduce risk posed to more than 100 FCEB agencies and to address dynamic cyber threats to government services and data,” CISA says.

The FOCAL plan identifies five priority areas to enable the federal enterprise’s cyber defense apparatus under normal, steady operations, and facilitates rapid response during urgent situations: asset management, vulnerability management, defensible architecture, cyber supply chain risk management, and incident detection and response.

Furthermore, the plan presents alignment goals, which are subsets of these priority areas, created on the operational level with the purpose of standardizing and aligning effort and capabilities.

“The FOCAL plan is not intended to provide a comprehensive or exhaustive list of everything that an agency or CISA must accomplish. It is designed to focus resources on those actions that substantially advance operational cybersecurity improvements and alignment goals,” CISA explains.

Advertisement. Scroll to continue reading.

Increased alignment, the cyber defense agency says, will have a real-world impact and will lead to more synchronized and robust cyber defenses, improved communication, and better agility and resilience for the FCEB.

Related: CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities

Related: FBI, CISA Warn of Fake Voter Data Hacking Claims

Related: US Cybersecurity Agency CISA to Open London Office

Related: Washington Secretary of State Appointed CISA’s Senior Election Security Lead

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.