Management of Federal High Value Assets

December 9, 2016

M-17-09

MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

FROM: Shaun Donovan

SUBJECT: Management of Federal High Value Assets

PURPOSE

This Memorandum contains general guidance for the planning, identification, categorization, prioritization, reporting, assessment, and remediation of Federal High Value Assets (HVAs), as well as the handling of information related to HV As by the Federal Government. It also outlines the responsibilities of Executive Branch departments and agencies, including the Office of Management and Budget (OMB), Department of Homeland Security (DRS), and General Services Administration (GSA). The HVA initiative outlined in this memorandum is an ongoing government-wide activity intended to evolve over time.

This memorandum is directed to Federal Executive Branch departments and agencies (hereinafter “agencies”) but does not apply to national security systems. Owners of national security systems should follow relevant Department of Defense (DOD) and Intelligence Community (IC) guidance regarding the protection of sensitive information and systems with respect to national security systems.1


Footnotes

1Recognizing that existing IC and DOD technical controls for sensitive IT assets may not sufficiently address policy and strategic impacts and other enterprise risks, agencies operating national security systems are encouraged to apply the principles of enterprise risk management contained in this memorandum and to familiarize themselves with and, as appropriate, adopt approaches herein to ensure that national security systems are assessed, prioritized, and protected based on a comprehensive assessment of risk that encompasses threat information; system interdependencies; broader impacts to multiple organizations or the whole-of-government; and policy, business, and strategic impacts that go beyond agency-specific IT or operations.