Introduction

Federal Government HVAs enable the government to conduct essential functions and operations, provide services to citizens, generate and disseminate information, and facilitate greater productivity and economic prosperity. Federal agencies have long taken measures to identify, categorize, and secure Information Technology (IT) assets whose confidentiality, integrity, and availability are essential to their ability to operate and execute their missions. In recent years, continued increases in computing power combined with declining computing and storage costs and increased network connectivity have expanded the government’s capacity to store and process data in order to improve service delivery to the public. This rise in technology and interconnectivity also means that the Federal Government’s critical networks, systems, and data are more exposed to cyber risks. The Federal Government must continue to evolve its approach to managing risks to these HV As and instantiating a continuous review of all critical networks, systems, and data.

The Federal Government is committed to identifying and prioritizing HVAs, assessing the HVAs’ security posture, and taking needed protective actions. OMB Memorandum M-16-04, Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government, issued on October 30, 2015, and the President’s Cybersecurity National Action Plan (CNAP), issued on February 9, 2016, recognized that the heightened threat environment and an increasing number of incidents involving Federal IT assets requires such action in order to strengthen our cybersecurity posture.