Appendix A- OMB, DHS, and GSA Roles and Responsibilities
This Appendix describes third party responsibilities for implementing OMB Memorandum M 17-XX, Management of Federal High Value Assets.
DHS or Independent Third Party Assessor:
- Work with the agency to ensure appropriate ROE documentation and other relevant legal agreements are in place.
- Ensure all access rights and entrance-on-duty requirements have been clearly established and communicated to the agency in order to ensure an efficient assessment.
- Conduct assessment(s) of HV As in accordance with the signed ROE or other relevant legal agreement(s).
- Provide the assessed agency with a report outlining findings and recommendations.
- Recommend to the assessed agency a prioritization of activities to appropriately remediate the findings o f the assessment.
- In the case of DHS assessments, coordinate with OMB on the tracking of agency progress against the remediation plan.
- Develop future phases of the Continuous Diagnostics and Mitigation Program to address common capability and tool gaps discovered during the HVA assessment process.
- Assist DHS with metrics and measurements for the HVA program as a government-wide initiative.
- Coordinate with DHS, the CIO Council, the CISO Council, the Cyber Interagency Policy Committee (Cyber-IPC), and other stakeholders as necessary to develop appropriate assessment tiers to ensure assessment teams are not delayed in focusing on the highest priority assessments.
- Monitor progress against the remediation plan through existing methods such as the CyberStat process and governance bodies such as the President’s Management Council.
- Incorporate lessons learned from agency HVA assessments into future policy development.
- Work with agencies on budget formulation and execution related to HVA remediation.
- Finalize and ensure the HACS SINs are kept up-to-date with multiple options for agencies to procure assessment services in a timely fashion.
- Provide agencies with options to procure remediation assistance.