{"id":5418,"date":"2024-09-20T17:44:36","date_gmt":"2024-09-20T22:44:36","guid":{"rendered":"https:\/\/www.darkreading.com\/cybersecurity-operations\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies"},"modified":"2024-09-20T17:44:36","modified_gmt":"2024-09-20T22:44:36","slug":"cisa-releases-plan-to-align-cybersecurity-across-federal-agencies","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/09\/20\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies\/","title":{"rendered":"CISA Releases Plan to Align Cybersecurity Across Federal Agencies"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/bltdb618786d8da0991\/65859adf89440b040a989e76\/Collaboration_ronstik_Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The US Cybersecurity and Infrastructure Security Agency released a plan to align the \u201ccollective operational defense capabilities\u201d of federal agencies to reduce their cyber-risk. The plan\u2019s focus is to have more synchronized and robust cyber defenses, improved communications, and better agility and resilience in the federal government.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">For the most part, federal agencies built out their own defense capabilities based on the threats they are facing. As a result, the agencies vary widely in how effectively they manage risks, and there is no \u201cno cohesive or consistent baseline security posture,&#8221; CISA said. This discrepancy means despite investing in cybersecurity, the agencies are still vulnerable to threats.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">\u201cCollective operational defense is required to adequately reduce risk posed to more than 100 FCEB agencies and to address dynamic cyber threats to government services and data,\u201d CISA said.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) plan, CISA sets out both \u201cbroad organizing concepts for federal cybersecurity\u201d and tactical guidance agencies should implement. The plan covers daily activities and processes organizations should be using to defend their data and information systems, and spans five areas: asset management, vulnerability management, defensible architecture, cyber supply chain risk management, and incident response. It also sets collective security goals for the enterprise and provides a framework for coordinated support and services.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">It is not intended to provide a comprehensive or exhaustive list of everything that an agency has to accomplish.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">\u201cThe actions in the FOCAL plan orient and guide FCEB agencies toward effective and collaborative operational cybersecurity and will build resilience,\u201d Jeff Greene, CISA\u2019s executive assistant director for cybersecurity,&nbsp;<\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/news-events\/news\/cisa-releases-plan-align-operational-cybersecurity-priorities-federal-agencies\" rel=\"noopener\">said<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;in a statement.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The essential components of FOCAL are \u201csolid,\u201d says John Vecchi, security strategist at Phosphorus Security. There are \u201cvery wide disparities\u201d between agencies from a cyber maturity and culture perspective, but these agencies can achieve a \u201cmore consistent cybersecurity posture and baseline security hygiene\u201d if FOCAL\u2019s basics are implemented, Vecchi says.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">However, accomplish a task of this magnitude can be challenge, Vecchi notes. Agency IT teams still need the staff, knowledge, and skills to actually deploy and implement the technologies and processes. The sheer number of security tools needed to accomplish the various elements in the plan could pose problems for agency security teams. While the focus on patching and vulnerability management is essential, these two areas are difficult to implement at scale.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">It&#8217;s also important to remember that about a third of the assets across these agencies represent smart devices, Internet of Things , operational technology, and embedded devices, Vecchi says. These types of systems are often out of compliance in terms of security hygiene.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">\u201cResource allocation will most certainly be an issue here, but my guess is that the vast number of disparate teams and cultural differences across all of the agencies will present an even bigger and more immediate challenge,\u201d Vecchi says. \u201cIt can be quite challenging for different teams within a single agency to collaborate effectively, let alone across so many unique, independent agencies and networks.\u201d<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The US Cybersecurity and Infrastructure Security Agency released a plan<\/p>\n","protected":false},"author":12,"featured_media":5419,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-5418","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?fit=1800%2C1200&ssl=1",1800,1200,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?fit=300%2C200&ssl=1",300,200,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?fit=640%2C427&ssl=1",640,427,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?fit=640%2C427&ssl=1",640,427,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?fit=1536%2C1024&ssl=1",1536,1024,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?fit=1800%2C1200&ssl=1",1800,1200,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?fit=1024%2C683&ssl=1",1024,683,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies.jpg?fit=1800%2C1200&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5418"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5418\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/5419"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}